Top 16 Windows Server 2003 Server Roles & Server Security Questions

  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |

Here are top 16 Windows Server 2003 Server Roles & Server Security Questions and answers with detail review.

Server Roles & Server SecurityReview Questions
1. What would result from moving a GPO to the top of the list in a security template?
*A. It would be applied last
*B. It would not be overridden
C. It would be applied first
D. It would be overridden

2. You are the administrator of a Windows 2003 domain that contains Windows 2000 Professional computers. Which of the following security templates is used on Windows 2000 Professional computers and contains default settings for NTFS permissions, registry permissions, and default user rights?
*A. The Defltwk.inf security template
B. The Basicwk.inf security template
C. The Def.inf security template
D. The Bas.inf security template

3. You have a Windows 2003 domain with OUs for your domain controllers (the DC OU), your other servers (the SRV OU), and workstations (the WSOU. The SRV OU contain child OUs for each specific server role in the domain. What should you do to apply a security template to the servers that aren't domain controllers with specific roles?
*A. Create a GPO and link it the SRV OU
*B. Import the security template to the GPO.
*C. Import the role specific security template to each role specific OU.
D. Create a GPO and link it the domain
E. Create a GPO and link it the DC OU 

4. How can you make sure that the WWW publishing service on your web servers has an automatic startup type, and that the FTP service has adisabled startup type, allowing the Domain Admins to start or stop these services?
*A. Create a GPO and link it to the OU that contains the Web servers.
*B. Create and import a security template to comply with the startup specification listed by the policy. Ensure that Domain Admins are the only ones allowed to stop or start these services.
*C. Ensure that Domain Admins are the only ones allowed to stop or start these services.
D. Create a GPO and link it to the domain.

5. If you are using the Securews.inf security template with a GPO, how can you prevent security configurations from causing client problems?
*A. Create a customized security template that reconfigures the appropriate security settings and add it to the GPO.
B. Run the secedit /refreshpolicy machine_policy command on the clients
C. Run the secedit /refreshpolicy user_policy command on the clients
D. Run the secedit /refreshpolicy command on the clients 

6. What steps would secure a SQL Server 2003 machine from use by unauthorized users on the Internet while allowing authorized users on an external web server to access the SQL Server through the internal firewall?
*A. Move any network adapter that directly connects the SQL Server to the Internet.
*B. Move the SQL Server to the company's intranet.
*C. Allow the users on the web server to access the SQL server through the Internet firewall.
D. Leave any network adapter that directly connects the SQL Server to the Internet alone.

7. How can you ensure that only domain members can connect to a domain controller?
*A. Use ESP and Kerberos for authentication
B. Use AH
C. Use ESP only
*D. Enable the "Digitally sign client communications (always)" security policy to a linked GPO to the domain
E. Use AH and ESP only

 8. You have two separate Windows 2003 forests with three domains in the first forest (Domain A, Domain B, and Domain C) and three domains in the second forest (Domain D, Domain E, and Domain F. You want users in the C domain to be able to access resources in the D and E domains. What trusts need to be set up?
*A. A trust from Domain D to Domain C
*B. A trust from Domain E to Domain C
C. A trust from Domain D to Domain B
D. A trust from Domain A to Domain B
E. A trust from Domain E to Domain A

9. Which of the following methods should you employ if you have users that have certificates or passwords who want to authenticate to a web site?
*A. Enable the Accept client certificate option
B. Enable the Require client certificate option
*C. Disable anonymous access on the web site
D. Enable anonymous access on the web site 

10. You want your IIS and your ISA server, which are accessible from the Internet, to require L2TP/IPSec connections. You distribute the required certificates for the connections. You are using a RootCA and a PolicyCA, which are stand-alone and removed from the network. IssuingCA issues the IPSec certificates. When remote users attempt to connect the ISA server, they receive the error message, 'The client was unable to verify the identity of the server.' What should you do?
*A. Manually publish the CRL to the referenced CDP URLs at the IIS server
B. Modify the CDP extension on RootCA and PolicyCA to include an HTTP URL that references the IIS server
*C. Modify the CDP extension on IssuingCA to include an HTTP URL that references the IIS server
*D. Renew the IssuingCA certificate

11. Which of the following would make an IIS server more resistant to Denial of Service attacks?
*A. Install URLScan on the server
B. Uninstall the SMTP service on the server
C. Uninstall the NNTP service on the server
D. Uninstall the FTP service on the server

 12. What steps can you take to make your IIS server less susceptible to Denial of Service attacks?
*A. Increase the SYN_ACK timeout on the IIS server's registry
B. Decrease the SYN_ACK timeout on the IIS server's registry
C. Install another IIS server and set up load balancing
D. Block port 443

13. Which of the following security templates is the most restrictive?
*A. An Account lockout duration of 60 minutes, an Account lockout threshold of 3 invalid logon attempts, and a Reset account lockout counter policy of 30 minutes.
B. An Account lockout duration of 45 minutes, an Account lockout threshold of 3 invalid logon attempts, and a Reset account lockout counter policy of 30 minutes.
C. An Account lockout duration of 30 minutes, an Account lockout threshold of 2 invalid logon attempts, and a Reset account lockout counter policy of 30 minutes.
D. An Account lockout duration of 30 minutes, an Account lockout threshold of 2 invalid logon attempts, and a Reset account lockout counterpolicy of 0 minutes. 

14. Which of the following statements are true regarding Integrated Windows Authentication?
*A. It won't prompt domain users for logon credentials
B. It will prompt domain users for logon credentials
*C. It can be used whenever access to a Web server is confined to a Windows intranet
*D. It helps track access

15. Which of the following actions are required when forcing users to authenticate through a newly created user account?
A. Disable the FTP service
B. Disable the NNTP service
*C. Disable the local default anonymous user account on the IIS server
D. Disable the SMTP service

 16. You have a Windows 2003 server that has the SQL service running on it. How can you prohibit the use of SQL Server login accounts on this server and stop any user from accessing the Windows 2003 server by using the SQL system administrator account?
*A. Configure the Windows 2003 server to use Windows authentication.
*B. Use the local Administrative account with MSSQL Server service.
C. Configure the Windows 2003 server to use Mixed authentication.
D. Use the local non-administrative accounts with MSSQL Server service.

Rate this Article:
  • Article Word Count: 1231
  • |
  • Total Views: 424
  • |
  • permalink
  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |
>