The following excerpt is from Chapter 6 of the MCSE Exam Cram 2 book "Designing security for a Microsoft Windows Server 2003 network" written by Ed Tittel, courtesy of Sams Publishing. Click to purchase, check out the complete book excerpt series.
Answer the questions for the following case study based on the information provided. Let us know how you did when you're done, and become eligible to win a free copy of the book!
Case: HACA Inc.
HACA Inc. is a large retail outlet with 75 chain stores located throughout the United States. HACA has recent concerns over the local security of the networks in each of its stores. Currently, the only administration performed on any of the computers is remote administration from the corporate offices in Birmingham, Ala. HACA is considering allowing some managers to perform some administration because they are closer to the situation and know more about the local needs of the store. As part of this change, the company wants to review all policies in regard to permissions and auditing of all network resources. The managers might also be asked to review the security logs on a set schedule. HACA has hired you as an independent consultant.
Which delegation tool should HACA use to focus on the task to be delegated and let the system set the DACLs?
- A. Active Directory Users and Computers
- B. regedit.exe
- C. Delegation of Control Wizard
- D. Advanced permissions
Which tools can you use to control the audit policy on computers on your network? (Choose two.)
- A. Local Security
- B. Group Policy
- C. Advanced permission settings
- D. Event Viewer
Which audit setting tracks local logons on a computer?
- A. Logon events
- B. Directory service access
- C. Account logon events
- D. Privilege use
Which of the following are Microsoft recommendations for directory service access permissions? (Choose two.)
- A. Remove the default permissions when assigning specific permissions.
- B. Use the settings with the broadest permissions possible without overassigning.
- C. When possible, assign the same set of permissions to multiple objects.
- D. Assign Full Control permissions whenever possible.
Which type of group is named for the resource and must be contained in the same domain as the resource?
- A. Global
- B. Domain Local
- C. Universal
- D. Nested
Which permission are only NTFS permissions and not share permissions? (Choose two.)
- A. List Folder Contents
- B. Change
- C. Read & Execute
- D. Full Control
Which NTFS permissions allow a user to change a file or folder but do not allow a user to delete the file or folder?
- A. Modify
- B. Write
- C. Change
- D. Read & Execute
Which two of the following are part of the three steps to determine effective permissions?
- A. Determine the most restrictive of all permissions.
- B. Combine the NTFS permissions.
- C. Determine the least restrictive of all permissions.
- D. Combine the share permissions.
Which of the following is true about volume shadow copies?
- A. They are full copies of a file that are stored multiple times.
- B. They are automatically copied every 5 minutes.
- C. They replace the need to back up your servers.
- D. They can only be created on NTFS volumes.
Which of the following are true regarding the Registry? (Choose two.)
- A. The only way to change the Registry is with the Registry Editor tool.
- B. Users cannot usually make any changes to the Registry.
- C. You should audit the Registry only when you feel that it has been attacked.
- D. By default, only the administrator of a computer has the right to make changes directly to the Registry settings of that computer.
How did you do? Let us know and become eligible to win a free copy of the book!
Click for the book excerpt series or purchase the book here.