Pass4sure Microsoft mcsa 70-214 v2.93

MCSA Implementing and Administering Security in a Microsoft Windows 2000 Network : 70-214 Exam
Product DescriptionExam Number/Code: 70-214
Exam Name: MCSA Implementing and Administering Security in a Microsoft Windows 2000 Network

“MCSA Implementing and Administering Security in a Microsoft Windows 2000 Network”, also known as 70-214 exam, is a Microsoft certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 150 questions to your 70-214 Exam preparation. In the 70-214 exam resources, you will cover every field and category in MCSA helping to ready you for your successful Microsoft Certification.

1.The written security policy of your company requires that ServerA must use IPSec to encrypt data to ServerB. You

configure a custom IPSec policy in the Local Security Policy on ServerA and on ServerB. The custom IPSec policy implements Encapsulating Security Payload (ESP) for all data that is transmitted between ServerA and ServerB. You also configure the IPSec security association to use Kerberos authentication.
After the IPSec security policies are assigned to ServerA and ServerB, you discover that IP traffic between ServerA and

ServerB is not encrypted. What should you do?
A: Create a one-way external trust relationship in which factory.contoso.com trusts office.contoso.com.

B: Enable the Trust Computer for delegation option in the computer account properties on ServerA and on ServerB.

C: Modify the custom IPSec policies to use certificate-based authentication, and acquire IPSec certificates for ServerA

and ServerB from a common root Certification Authority (CA).

D: Create a computer account for ServerA in factory.contoso.com and a computer account for ServerB in office.contoso.com. Configure the new accounts to use Kerberos name mapping to map the new account name to the existing computer account in the other forest.
Correct Answers: C

2.You are the network administrator for your company. The network consists of a Windows 2000 Active Directory forest.

A Windows 2000 Server computer named ServerA runs Internet Information Services (IIS) and hosts a Web site that allows customers to purchase your company’s goods. To protect the transactions, ServerA requires a Web server certificate and must implement SSL encryption.
The written security policy for your company requires that all customers use certificate-based authentication when they connect to a secured Web site. The application running on the Web server requires the existence of a custom Object Identifier (OID) in the presented certificate. You need to map the digital certificates to Active Directory user accounts by using one-to-one certificate mapping.
You need to acquire a Web server certificate and user certificates that comply with the written policy. What should you do?

A: Obtain the certificates from a commercial Certification Authority (CA).

B: Obtain the certificates from a private Certification Authority (CA) that is hosted on the company network.

C: Obtain the Web Server certificate from a commercial Certification Authority (CA) and the user certificates from a private

CA that is hosted on the company network.

D: Obtain the user certificates from a commercial Certification Authority (CA) and the Web server certificate from a private

CA that is hosted on the company network.

Correct Answers: C

3.You are the network administrator for your company. The network consists of a Windows 2000 Active Directory domain. All client computers run Windows 2000 Professional.
Each department in the company is in a separate organizational unit (OU) in the domain. Each departmental OU contains user, group, and computer accounts for that department.
The human resources (HR) department has one Windows 2000 Server computer named ServerA. The written security policy for the HR department requires all network communications with ServerA to be encrypted. Client computers in the HR department must also be able to communicate with servers in other departments.
The administrator for ServerA creates a Group Policy object (GPO) named HRLockdown and links the GPO to the HR OU. HRLockdown is configured with the No Override check box selected. The administrators configure and assign a new
IPSec policy named HRSec in the HRLockdown GPO with the parameters shown in the following table.

The administrator reports that communications are secure within the department but that users in the department cannot access resources located on other network servers.
You need to ensure that client computers in the HR department can communicate with other network servers, while

maintaining the HR department’s written policy. What should you do?

A: Unassign the HRSec policy in the HRLockdown GPO. Create child OUs named Servers and Clients in the HR OU.

Move the computer accounts for the client computers and for ServerA to the appropriate OUs. Create a GPO and link it to the Clients OU. Assign the Client (Respond Only) IPSec policy to that GPO. Create a GPO and link it to the Servers OU. Assign the Secure Server (Require Security) IPSec policy to that GPO.
B: Unassign the HRSec policy in the HRLockdown GPO. Create child OUs named Servers and Clients in the HR OU.

Move the computer accounts for the client computers and for ServerA to the appropriate OUs. Create a GPO and link it to the Clients OU. Assign the Client (Respond Only) IPSec policy to that GPO. Create a GPO and link it to the Servers OU. Assign the Server (Request Security) IPSec policy to that GPO.
C: Create a child OU named Clients in the HR OU and move the client computer accounts to the OU. Create a GPO and link it to the Clients OU. Assign the Client (Respond Only) IPSec policy to the GPO. In the HRSec policy, specify the IP subnet address used by computers in the HR department as the source and destination addresses. In the HRSec policy,
set the filter action property to Request security .

D: Create a child OU named Servers in the HR OU and move the computer account for ServerA to the OU. Create a GPO and link it to the Servers OU. Assign the Secure Server (Require Security) IPSec policy to the GPO. In the HRSec policy, specify the IP subnet address used by computers in the HR department as the source and destination addresses. In the HRSec policy, set the filter action property to Request security .
Correct Answers: A

4.You are the administrator of a Windows 2000 Active Directory domain. The domain consists of Windows 2000

Professional client computers and Windows 2000 Server computers. You plan to deploy a new multitiered database application. The application consists of a client part that is run by users on the client computers, a service that runs on a Windows 2000 member server named ServerA, and the database service that runs on multiple other Windows 2000 member servers. The client application connects to the service on ServerA. The service on ServerA connects to the database service. The services for the new database application run on ServerA, and the database servers run under LocalSystem. The documentation for the new application states that it supports Kerberos proxy tickets to authenticate
users to the database servers. You want to configure the network so that users can use this new application. What should you do?
A: Change the properties of the user accounts to enable the Account is trusted for delegation option.

Donwload Free PassGuide Braindumps-The Most Realistic Practice Questions and Answers,Help You Pass any Exams

B: Change the properties of the ServerA computer account to enable the Trust computer for delegation option.

C: Add the computer accounts of the database servers to the Pre-Windows 2000 Compatible Access group.

D: Change the Kerberos policy in the Default Domain Policy to disable the Enforce user logon restrictions option.

Correct Answers: B

5.You are the network administrator for your company. The network consists of a Windows 2000 Active Directory domain.

The domain contains three member servers that run Windows 2000 Server. All three servers use Routing and Remote Access to accept dial-up connections from remote company employees. You will soon add four more dial-up servers to handle the demand for dial-up services.
The written security policy for your company requires the start and end time of all dial-up connections to be logged. The logs must be maintained for at least six months.
You need to configure the existing dial-up servers to comply with the written policy. You need to ensure that the

configuration can support additional dial-up servers. You also want to minimize the amount of time you spend maintaining dial-up logs.
What should you do?

A: Enable auditing on each dial-up server. Configure the Security log on each dial-up server to be 20 MB in size and to never overwrite events. Save each Security log to an archived location every day.
B: Use the Eventcomb utility to collect the security events from each dial-up server every day. Export the Security log from each dial-up server to a file every day.
C: Install Internet Authentication Service (IAS) on a new Windows 2000 Server computer. Configure each dial-up server to use IAS for authentication and accounting. Configure IAS to log authentication and accounting. Use Task Scheduler to archive the IAS log files every day.
D: Move the dial-up servers to a new organizational unit (OU). Create a Group Policy object (GPO) and link the GPO to the new OU. Configure the GPO to enable auditing for logon and logoff events.
Correct Answers: C

6.You are the network administrator for your company. The network consists of a Windows 2000 Active Directory domain named contoso.com. You have deployed a new Windows 2000 Server computer as a Web server in the perimeter network
(also known as the DMZ). The Web server is not a member of contoso.com. A firewall between the private network and the DMZ is configured to allow only HTTP traffic to be sent from the DMZ to the private network. Your Web server
administrator creates a security template named Webserver.inf that defines the default security settings required for the Web server. The security template settings must be enforced at the Web server and applied at regular intervals. What should you do?
A: Make the Web server a member of the contoso.com domain and place the Web server computer account into a new organizational unit (OU). Import the Webserver.inf security template to the Default Domain Policy.
B: Create a batch file that applies the security template by using the secedit /configure /cfg Webserver.inf /db web.sdb command. In Scheduled Tasks, create a new task to run the batch file daily.
C: Apply the security template using the Security Configuration and Analysis console on the Web server. Create a batch file that updates the security policy of the Web server by using the secedit /refreshpolicy machine_policy /enforce command. In Scheduled Tasks, create a new task to run the batch file daily.
D: Import the Webserver.inf security template to the Local Computer policy of the Web server. Create a batch file that updates the security policy of the Web server by using the secedit /refreshpolicy machine_policy /enforce command. In Scheduled Tasks, create a new task to run the batch file daily.
Correct Answers: B

7.You are the network administrator for your company. The network consists of a Windows 2000 Active Directory domain and a Windows 2000 Server computer named ServerA. ServerA is not a member of the domain. ServerA contains two network adapters. One network adapter is connected to your company’s network, and the other is connected to the
Internet. ServerA runs Routing and Remote Access and accepts virtual private network (VPN) connections from the Internet. ServerA is configured to audit all logon events and all account logon events. The Security log on ServerA is configured with the default settings. You review the Security log on ServerA and discover that a former employee named

Bruno establishes a VPN connection with ServerA every evening. The log reveals that Bruno uses his old user account to

authenticate to ServerA. You need to secure the network against further access by Bruno’s user account and retain evidence of Bruno’s activity for the company’s legal department. You also need to ensure that ServerA continues to function normally. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.) A:On ServerA, disable Bruno’s local user account.
B:On ServerA, increase the size of the Security log to 1,024 KB. C:On a domain controller, disable Bruno’s domain user account.
D:On ServerA, save the contents of the Security log to a file named ServerALog.evt.

E:On ServerA, stop Routing and Remote Access and set the startup mode to Disabled .

Correct Answers: A, D

8.You are the network administrator for your company. The network consists of a Windows 2000 Active Directory domain that contains 5,000 Windows 2000 Professional client computers. All client computer accounts are located in an
organizational unit (OU) named ClientComputers. All company employees log on to their computers by using domain user accounts. All client computers are installed by using a standard Windows 2000 Professional image, which includes
Internet Information Services (IIS). However, only three software developers use IIS on their client computers. These developers report that their client computers are infected with a virus. You discover that the virus infects computers by attacking IIS. You estimate that one-third of the client computers are infected with the virus, and the virus is slowly spreading to other computers. Your anti-virus software does not currently detect this virus, although an update will be available in three business days. The developers can work normally without IIS for several days, if necessary. Until the anti-virus update is available, you need to prevent the virus from spreading to additional client computers. What should you do?
A: On each developer’s client computer, configure the World Wide Web Publishing service to have a startup type of

Disabled .

B: On each computer infected by the virus, configure the properties of the LAN connection so that IP filters prevent inbound network traffic on TCP port 80.
C: On each computer not infected by the virus, configure the properties of the default Web site so that only Integrated

Windows authentication is enabled. Then, stop the default Web site.

D: On a domain controller, create a Group Policy object (GPO) and link it to the ClientComputers OU. Configure the GPO

to disable the World Wide Web Publishing service. In the GPO, select the No Override check box. Restart all client computers.
Correct Answers: D

Pass4sure 70-214
Questions and Answers : 150 questions Expected Date: October 24th , 2008 Price: $129.99 $89.99 Pre-Buy price: $62.99 Save $27

Free download:pass4sure Microsoft mcsa 70-214 v2.93
Free download:testking Microsoft mcsa 70-214 v2.93

High quality IT Certification Training Exam Questions, Study Guides and Practice Tests are in Downloadable PassGuide Testing Engine,Successful for IT Certification or Full Refund for you.Contact Us:Sales@PassGuide.com

Type	Exam Bible	New Questions & Answers	Latest Updated	Download link
PDF	All Certbible 's Exam Dumps	597	1 days ago	Available

PassGuide Training Materials & Practice Tests

• Microsoft Certified Systems Administrator (MCSA)
• testking Microsoft MCSA 2003 Exams
• Testking microsoft MCSA
• Pass4sure Microsoft mcsa 70-086 v2.93
• Pass4sure Microsoft mcsa 70-270 v2.93
• Pass4sure Microsoft 70-244 v2.93
• Pass4sure Microsoft MCSA 70-224 v2.93
• Testking microsoft MCSA EXAMS
• 70-290/70-291 VCE & Sims
• 70-291 syngress ebook