Exam Prep Questions
You enable Auditing for Object Access, Success, and Failure in a GPO and link it to the Production OU. After you configure the System Access Control List of the targets of interest, which of the following is NOT logged as a result of this audit policy?
- File access
- Printer access
- Registry changes
- AD object access
You have just created a new Group Policy Object. You are considering the proper location to link the GPO to achieve your desired results. Place the following in the proper order that matches how GPOs get processed.
- Organizational Unit
- Local Computer Policy
As a security measure, you configure and link a GPO that disallows the installation of USB thumb drives for computers in the Secretary's OU. One of your administrators is implementing a new wireless configuration in the secretaries department. The administrator's automated deployment strategy includes the use of the Wireless Network Setup Wizard. The administrator's deployment fails on 100% of the computers. You need to get the secretaries' computers running on the wireless network. You must not diminish security for the enterprise. What should you do?
- Disable the Computer Configuration half of the Device Installation Restriction GPO.
- Configure a GPO to allow administrators to override Device Installation Restriction policies.
- Disable SSID broadcasts on the wireless access point.
- Implement the MAC address filtering on the wireless access point.
You have a domainwide Path Rule configured to disallow the use of an application set to *\BadApp\badapp.exe. The application installs in the C:\Program Files\BadApp\ folder. Users in the R&D OU need to test a system with the badapp.exe program, and they report that they receive an error whenever they launch badapp.exe. You must allow the use of badapp.exe in the R&D OU and not diminish the security of the company. What should you do? Choose two. Each correct answer presents a complete solution.
- Create a Software Restriction policy and link it to the R&D OU. Set the Default Rule to Allow.
- Create a Software Restriction policy and link it to the R&D OU. Set the Hash Rule to allow the hash of badapp.exe.
- Create a Software Restriction policy and link it to the R&D OU. Set the Path Rule to Allow*\badapp.exe.
- Create a Software Restriction policy and link it to the R&D OU. Set the Path Rule to Allow *\Program Files\BadApp\badapp.exe.
Your R&D users access highly confidential data on your HiSec Servers. All R&D users run Windows Vista on their computers. All HiSec Servers run Windows Server 2003 Standard Edition. You are concerned about sniffers on the network and must secure all data transmissions to and from the HiSec Servers. What should you do?
- Implement a Secure Server IPSec Policy on the HiSec Servers.
- Implement a Secure Server IPSec Policy on the R&D computers.
- Implement a Server Request IPSec Policy on the R&D computers.
- Implement a Client Respond IPSec Policy on the HiSec Servers.
Your company rotates the employees between departments (OUs) regularly for security and cross-training purposes. You have deployed an application to users in your department (OU) by GPO. Because your cost center has paid for the licenses, you need to ensure that this software is not installed on computers used by users outside your OU. What should you do?
- Require that all users log off their computers each night so that software deployment GPOs will reapply when they log in each morning.
- Disable the Software Deployment GPO setting to install the application by file extension activation.
- Implement a Software Restriction Policy with a Default Rule set to Disallowed and a Certificate Rule set to allow the application in your OU.
- Configure the Software Deployment package to uninstall the application automatically if it falls out of the scope of the GPO.
You convinced one of your vendors to provide you with a personal calendar application that some users might find useful. The regular price of the application is $300 per user, but you got it for $50 per user. You want to make it available to users in your OU that would like to use it. What should you do?
- Publish the software package to the computer.
- Assign the software package to the user.
- Publish the software package to the user.
- Assign the software package to the computer.
You plan to deploy a software package to computers in your OU. You must configure the permissions required for you to upload the package to the Software Distribution Point (SDP) and for computers to receive the package. You want the security level to remain as high as possible. What should you do? Choose two. Each correct answer presents a partial answer.
- Grant the Authenticated Users group the Allow—Read permission.
- Grant the Everyone group the Allow—Change permission.
- Grant the Administrators group the Allow—Change permission.
- Add the computer names to the Trusted Sites list in Internet Explorer.
You have two weekly scheduled tasks that are currently running. You need to terminate them both. GoodApp.exe needs to run again at its next scheduled time. OldApp.exe never needs to run again. What should you do? Choose two. Each correct answer presents a partial solution.
- Run the command SchTasks /end for the GoodApp.exe task.
- Run the command SchTasks /delete for the GoodApp.exe task.
- Run the command SchTasks /end for the OldApp.exe task.
- Run the command SchTasks /delete for the OldApp.exe task.
You need to configure Event Forwarding from 10 Windows Vista computers to your Windows Vista computer. What should you do? Choose two. Each correct answer presents a partial answer.
- Run the winrm.exe utility on your computer.
- Run the winrm.exe utility on the 10 computers.
- Run the wecutil.exe utility on your computer.
- Run the wecutil.exe utility on the 10 computers.
You work with nine other administrators in your enterprise. They all seem to create and implement GPOs at their own discretion, without any coordination. You implement a new GPO, and users report that they are not seeing the effect of the new GPO. What three tools could you use to troubleshoot this GPO problem? Choose three. Each correct answer presents a partial answer.
- Group Policy Management Console—Group Policy Modeling
- Computer Management
- Resultant Set of Policies
- Active Directory domains and trusts
- Local Computer Policy
- Remote Desktop Connection
You are preparing a report to management on the performance of several of the computers that you are responsible for in your company. You are deciding the best method of extracting information for analysis in a third-party program. Which of the following are available export formats for the Reliability and Performance Monitor (RPM) tool? Choose two. Each correct answer presents a partial answer.
You have created a scheduled task to run every night at midnight on a server using the credentials of the Administrator account. You check the logs and discover that the task has failed to run any night over the past week. You test the executable and it works just fine. You need the task to run every night. What should you do?
- Run the SchTasks /Run command-line utility on the server.
- Delete and re-create the Scheduled Task using the same parameters.
- Configure the task to run using your credentials.
- Configure the firewall on the server to allow inbound UDP port 500.