Microsoft Pass4Sure 70-350 v2 73 by Mohan 132q.vce

Microsoft Pass4Sure 70-350 v2 73 by Mohan 132q.vce

70-350

23-Jun-2008

QUESTION 1
DRAG DROP
You work as the network administrator at Certkiller .com. The Certkiller .com
network consists of a single Active Directory domain named Certkiller .com. All
servers on the Certkiller .com network run Windows Server 2003 and all client
computers run Windows XP Professional.
You have created an OU for each of the Certkiller .com departments, named Sales,
Marketing, Finance, and IT. The following Exhibit displays The Certkiller .com
Active Directory structure is illustrated in the following Exhibit:
Exhibit:
Certkiller .com, who handles classified financial data, requires you to secure all
critical financial data on the local computers in the Finance department and
whenever finance data is transmitted over the network. You plan to employ IP
Security (IPSec) to ensure the confidentiality of the finance data.

Actualtests.org – The Power of Knowing
You need to ensure that data is encrypted whenever it is transmitted by computers
in the Finance department to computers within the network, and that all other
computers within the network only use IPSec to communicate with computers in the
Finance department. You should also ensure that all IPSec policies assigned to
computers will be applied regardless of the network speed.
After a great deal of consideration, you find that Group Policy is the best method of
achieving your objectives. You need to ensure that Group Policy is applied
correctly.
What should you do? To answer, select the appropriate option or options and place
then in the appropriate location in the work area.
Answer:
Explanation:
By linking a Group Policy object (GPO) to the Finance OU that configures an IPSec
policy to require security, you will force all of the Finance computers to only

Actualtests.org – The Power of Knowing
communicate using IPSec encryption. To allow the other computers in the network to
communicate with the computers in the Finance department, they must also use IPSec.
Since the computers outside the Finance department do not need to use IPSec to
communicate with each other, you can configure a GPO at the domain level that will
enable the IPSec Respond Only Policy.
To ensure that all IPSec policies configured with a GPO are applied no matter what the
network speed is, you must configure a GPO that forces IPSec policies to process
regardless of a slow link. By linking the GPO to the domain, it will apply to all OUs that
have GPOs with IPSec policies.
QUESTION 2
You work as the security administrator at Certkiller .com. The Certkiller .com
network consists of a single Active Directory domain named Certkiller .com. All
servers on the Certkiller .com network run Windows Server 2003 and all client
computers run Windows XP Professional. All computers on the Certkiller .com
network are joined to the domain and all client computers reside in an
organizational unit (OU) named Client_Computers.
A server named Certkiller -SR01 has been configured to function as an
application server. Certkiller -SR01 supports multiple applications. One of the
applications hosted on Certkiller -SR01 is a conferencing application named
MeetingHost. When client computers are participating in a conference session,
MeetingHost makes use of multicast transmissions to broadcast the conference data.
You have been instructed to secure communications to and from Certkiller -SR01.
To this end you configured an IPSec policy on Certkiller -SR01.
Immediately after the configuration of the IPSec policy on Certkiller -SR01, you
received complaints from some of the Certkiller .com users who need to participate in
a conference session that they are unable to make use of MeetingHost. Now you
need to modify the registry on Certkiller -SR01 to enable these users to participate
in conferences using MeetingHost. All multicast transmissions to and from
Certkiller -SR01 should thus be exempted from the IPSec policy application.
What should you do?
A. Create a new entry named NoDefaultExempt with a DWORD value of 0 under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\IPSEC registry key.
B. Create a new entry named NoDefaultExempt with a DWORD value of 1 under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\IPSEC registry key.
C. Create a new entry named NoDefaultExempt with a DWORD value of 2 under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\IPSEC registry key.
D. Create a new entry named NoDefaultExempt with a DWORD value of 3 under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\IPSEC registry key.
Answer: Btoo
Explanation: In Windows Server 2003, the default filtering exemptions will allow
ISAKMP traffic, inbound multicast traffic and broadcast traffic, whereas Windows 2000

Donwload Free PassGuide Braindumps-The Most Realistic Practice Questions and Answers,Help You Pass any Exams

Actualtests.org – The Power of Knowing
Server-based default filtering exemptions allows broadcast, multicast, Kerberos, RSVP,
and ISAKMP traffic. You can manually configure filtering exemptions in Windows
Server 2003 for the traffic types that were previously available by configuring the
DefaultNoExempt entry with a 0, 1, 2, or 3 value. In this case you should use a value of 1
to exempt, or allow outbound multicast traffic. A value of 1 exempts all multicast traffic
from IPSec filtering.
Incorrect answers:
A: A 0 value will result in applying the Windows 2000 default setting to computers that
are running Windows Server 2003. This means that multicast, broadcast, SVP, Kerberos,
and ISAKMP traffic will be exempted from IPSec filtering.
C: A 2 value would exempt RSVP, Kerberos, and ISAKMP traffic.
D: A 3 value will exempt only ISAKMP traffic from IPSec filtering which is the default
setting in Windows Server 2003.
QUESTION 3
You work as the network administrator at Certkiller .com. The Certkiller .com
network consists of a single Active Directory domain named Certkiller .com. All
servers on the Certkiller .com network run Windows Server 2003 and all client
computers runs Windows XP Professional.
The Certkiller .com written security policy dictates that there should not be any
unsecure data communication between client computers and serves. Thus IPSec is
used to secure all data transmissions between client computers and servers.
While monitoring network traffic, you notice that no secure data communications
are occurring between client computers and a few file server computers. You
suspect that the recently configured and applied IPSec policies have configuration
errors, which resulted in the Certkiller .com written security policy not being
enforced.
You must immediately ensure that the requirements stipulated in the Certkiller .com
written security policy are enforced. To this end you need to reconfigure any
misconfigured IPSec policy and re-apply the re-configured IPSec policies with
immediate effect.
What should you do?
A. Configure the IPSec policy as Dynamic using the netsh command.
B. Configure the IPSec policy as Static using the netsh command.
C. Assign the IPSec policy in the Default Domain Policy GPO.
D. Change the startup type of the IPSec service to Manual.
Answer: A
Explanation: In Windows Server 2003, the netsh command-line utility replaces the
previously used Ipsecpol.exe command-line utility. You can use the netsh
command-line utility to view information on IPSec policies, configure startup
security for computers, configure default traffic exemptions, enable IPSec driver
event logging, and troubleshoot IPSec configuration. The current (active) IPSec

Actualtests.org – The Power of Knowing
policy configuration is affected by the netsh ipsec dynamic mode commands, which
means that the IPSec dynamic mode commands directly change security policy
settings in the security policy database.
Incorrect answers:
B: The netsh ipsec static mode commands are used to perform the same
management tasks as is available in the IP Security Policy Management snap-in. You
can create IPSec policies, edit existing IPSec policies, and assign IPSec policies.
However, the active IPSec policy configuration remains unchanged, which means that
your changes are not immediately updated in the security policy database.
C: If you apply the IPSec policy in the Default Domain GPO, then the security policy
settings will be applied to all computers that belong to the Certkiller .com domain. The
question states that you want to apply any reconfigured IPSec policies immediately to the
misconfigured server computers.
D: If you change the startup type of the IPSec service to Manual, you would have to
manually start the IPSec service whenever you restart a member server that has IPSec
policies applied.

New tesking mcse 70-350 exam

password:www.certbible.org

Free download:pass4sure Microsoft 70-350
Free download:testking Microsoft 70-350

password:www.certbible.org

High quality IT Certification Training Exam Questions, Study Guides and Practice Tests are in Downloadable PassGuide Testing Engine,Successful for IT Certification or Full Refund for you.Contact Us:Sales@PassGuide.com

Type	Exam Bible	New Questions & Answers	Latest Updated	Download link
PDF	All Certbible 's Exam Dumps	597	1 days ago	Available

PassGuide Training Materials & Practice Tests

• download pass4sure microsoft MCSE 2003 70-293 Value Pack
• pass4sure MCSE 2003 Security 70-294 Value Pack braindumps
• Pass4sure mcse 70-291 Value Pack
• mcse testking pass4sure microsoft press book
• Pass4sure Microsoft 70-271 v2.93
• Pass4sure For Many Cisco Exams
• pass4sure MCSE 2003 Security Certification Exams
• free pass4sure MCSE 2003 Certification Exams Boot camp & Braindump
• (offer) Pass4sure Microsoft 70-270 Ver 2.93
• Pass4sure Microsoft MCSE Exam 70-294 v2008-18-05 by Ali Starian 108q vce