Microsoft MCSE 2003 Security 70-298 Exam

After you purchase,you can download this product yourself.Have any questions,please click live chat.

Free 70-298 Demo Download

just4exam offers free demo for MCSE 2003 Security 70-298 exam (Designing Security for a MS Windows Server 2003 Network). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

Download 70-298 PDF

Exam 70-298 Preparation from just4exam braindumps include:

After you purchase our product, we will offer free update in time for 90 days.
100% Pass Guaranteed at First Attempt Or Full Refund
Immediate Download After Purchase
Comprehensive questions with complete details
Questions accompanied by exhibits
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the just4exam
Questions updated on regular basis
These questions and answers are backed by our GUARANTEE
Like actual certification exams our product is in multiple-choice questions (MCQs)

Passing the Microsoft 70-298 Exam:Passing the 70-298 exam has never been faster or easier, now with actual questions and answers, without the messy 70-298 braindumps that are frequently incorrect. just4exam Unlimited Access Exams are not only the cheaper way to pass without resorting to 70-298 dumps, but at only $ 45.00 you get access to the exam from every certification vendor.

Our 70-298 practice exams and study questions are composed by current and active Information Technology experts, who use their experience in preparing you for your future in IT.

Microsoft 70-298 Search Help Feel free to use search terms below while searching the Net for 70-298 exam:

70-298 brain dump simulations
70-298 brain dumps question
70-298 braindump work
70-298 master braindumps
70-298 braindump model
70-298 latest braindumps

Commitment to Your Success:

At just4exam we are committed to you ongoing success. Our braindumps are constantly being updated and compared to industry standards.

You are not about to purchase a disposable product. 70-298 braindumps updates are supplied free of charge. Regardless of how soon you decide to take the actual 70-298 examination certification, you will be able to walk into the testing room as confident as the Certification Administrator.

Skip all the worthless 70-298 exam tutorials and download 70-298 exam materials with real questions and answers and a price too unbelievable to pass up. Act now and download your Actual Tests today!

http://www.just4exam.net The safer.easier way to get MCSE 2003 Security Certification.
　
　
Exam : Microsoft 70-298
Title : Designing Security for a MS Windows Server 2003 Network
Case 1, Lucerne Publishing
Overview
Lucerne Publishing is an industry leader in publishing technology textbooks, e-books, and magazines.
Physical Locations
The company has three offices, as shown in the Physical Locations and Connectivity exhibit.
The company's main office is in New York, and it has branch offices in Denver and Dallas. The company's employees and departments are distributed as shown in the following table
Business Processes
The IT staff in the New York office uses client computers to remotely administer all Lucerne Publishing servers and domain controllers.
Employees use their company client computers to access archived published books and archived accounting information through an internal Web site that runs IIS 6.0.
Directory Services
The company's network consists of a single Active Directory domain named lucernepublishing.com. All servers run Windows Server 2003, Enterprise Edition. Administration of Active Directory is centralized in New York.
Denver and Dallas user and computer accounts are located in their respective child OUs, as shown in the Organizational Unit Hierarchy exhibit.
The NYAdmins, ProductionAdmins, EditorialAdmins, and DevelopmentAdmins global user groups have full control of their respective organizational units (OUs). These global groups are located in their respective OUs.
Network Infrastructure
All client computers run Windows XP Professional.
The domain contains a public key infrastructure (PKI). The company uses an internal subordinate enterprise certification authority (CA) to issue certificates to users and computers.
Each branch office has a wireless network that supports desktop and portable client computers. The wireless network infrastructure in each branch office contains an Internet Authentication Service (IAS) server and wireless access points that support IEEE 802.1x, RADIUS, and Wired Equivalent Privacy (WEP).
Problem Statements
The following business problems must be considered:
Members of the EditorialAdmins group and unauthorized users as members to this group. Members of this group must be restricted to only authorized users.
Editors connect to a shared folder named Edits on a member server named Server5. When they attempt to encrypt data located in Edits, they receive an error message stating that they cannot encrypt data.
Editors need to encrypt data remotely on Server5.
Some users in the Dallas office changed the location of their My Documents folders to shared folders on servers that do not back up their My Documents data. As a result, data was lost. The Dallas My Documents folders need to be moved to a server that backs up user data. Users in the Dallas office must be prevented from changing the location of their My Documents folder in the future.
Chief Information Officer
Security is Lucerne Publishing's primary concern. We must improve security on client computers, servers, and domain controllers by implementing a secure password policy. For legal reasons, we need a logon message that tells users that access to servers in the development department is restricted to only authorized users.
System Administrator
Each department needs different security patches. We need to test security patches prior to deploying them. After they are tested, the patches need to be deployed automatically to servers in each department. As we deploy the patches, we need to limit the network bandwidth used to obtain security patches.
Chief Security Officer
We need to automatically track when administrators modify user rights on a server or on a domain controller and when they modify local security account manager objects on servers.
We must implement the most secure method for authenticating Denver and Dallas users that access the wireless networks.
We need to protect data as it is sent between the wireless client computers and the wireless access points. Client computers need to automatically obtain wireless network access security settings.
Written Security Policy
The Lucerne Publishing written security policy includes the following requirements.
Passwords must contain at least seven characters and must not contain all or part of the user's account name. Passwords must contain uppercase and lowercase letters and numbers. The minimum password age must be 10 days, and the maximum password age must be 45 days.
Access to data on servers in the production department must be logged.
A standard set of security settings must be deployed to all servers in the development, editorial, and production departments. These settings must be configured and managed from a central location.
Servers in the domain must be routinely examined for missing security patches and service packs and to ascertain if any unnecessary services are running.
Services on domain controllers must be controlled from a central location. Which services start automatically and which administrators have permission to stop and start services must be centrally managed.
The IIS server must be routinely examined for missing IIS Security patches.
Users of the Web site and the files they download must be tracked. This data must be stored in a Microsoft SQL Server database.
Vendors and consultants who use Windows 95 or Windows 98 client computers must have the Active Directory Client Extensions software installed to be able to authenticate to domain controllers on the company's network.
Questions


1. You need to design a method to log changes that are made to servers and domain controllers. You also need to track when administrators modify local security account manager objects on servers. What should you do?
A. Enable failure audit for privilege use and object access on all servers and domain controllers.
B. Enable success audit for policy change and account management on all servers and domain controllers.
C. Enable success audit for process tracking and logon events on all servers and domain controllers.
D. Enable failure audit for system events and directory service access on all servers and domain controllers.
Answer: B

2. You need to design a strategy to ensure that all servers are in compliance with the business requirements for maintaining security patches. What should you do?
A. Log on to a domain controller and run the Resultant Set of Policy wizard in planning mode on the domain.
B. Log on to each server and run Security Configuration and Analysis to analyze the security settings by using a custom security template.
C. Create a logon script to run the secedit command to analyze all servers in the domain.
D. Run the Microsoft Baseline Security Analyzer (MBSA) on a server to scan for Windows vulnerabilities on all servers in the domain.
Answer: D

3. You need to design a certificate distribution method that meets the requirements of the chief security officer. Your solution must require the minimum amount of user effort. What should you do?
To answer, move the appropriate actions from the list of actions to the answer area, and arrange them in the appropriate order.
Answer:

4. You need to design a method to monitor the security configuration of the IIS server to meet the requirements in the written security policy. What should you do?
A. Log on to a domain controller and run the Resultant Set of Policy wizard in planning mode on the IIS server computer account.
B. Run the Microsoft Baseline Security Analyzer (MBSA) on the IIS server and scan for vulnerabilities in Windows and IIS checks.
C. Run Security Configuration and Analysis to analyze the IIS server's security settings by using a custom security template.
D. On the IIS server, run the gpresult command from a command prompt and analyze the output.
Answer: B

5. You need to design a method to configure the servers in the development department to meet the requirements of the chief information officer. What should you do?
A. Use error reporting on all servers in the development department to report errors for a custom application.
B. Configure all servers in the development department so that they do not require the CTRL+ALT+DELETE keys be pressed in order to log on interactively to the server.
C. Create a Group Policy object (GPO) and link it to the development department's Servers OU. Configure the GPO with an interactive logon policy to display a message for users who attempt to log on.
D. Configure the screen saver on all servers in the development department to require a password.
Answer: C