Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
49 Cards in this Set
- Front
- Back
|
What are the three basic-level security templates?
|
basicwk.inf; basicsv.inf; basicdc.inf
|
|
|
What template allows legacy applications to run under less-restrictive security?
|
compatws.inf
|
|
|
What is the compatible-level security template used for?
|
running legacy applications without giving users Power User rights
|
|
|
What two templates provide a medium level of security?
|
securews.inf; securedc.inf
|
|
|
What are the two highest-security templates available?
|
hisecws.inf; hisecdc.inf
|
|
|
What security requirement do the two highly-secure templates enforce?
|
use of IPSec in network communications
|
|
|
What template contains out-of-the-box settings for a 2000 domain controller?
|
DCSecurity.inf
|
|
|
What template contains out-of-the-box settings for workstations and member servers?
|
setup security.inf
|
|
|
What template removes the terminal server SID from registry and file system objects?
|
notssid.inf
|
|
|
What two MMC snap-ins can be used to apply security templates?
|
Group Policy Editor; Security Configuration and Analysis (for a specific computer)
|
|
|
What assumption do the security templates make?
|
that 2000 has been installed cleanly (not upgraded) and has the default 2000 security settings
|
|
|
Why is the fact that security templates apply settings incrementally important?
|
the templates do not contain default security settings, only changes from them
|
|
|
What two areas do the basic templates NOT specify settings for?
|
user rights and group membership
|
|
|
What environment are the high-security templates intended for? Why?
|
native 2000 environments only- legacy OS's do not support IPSec
|
|
|
In what order are group policies applied?
|
Local; Site; Domain; OU
|
|
|
What does Restricted Groups do?
|
allows listing of what users and groups may be members of specified groups
|
|
|
How are Restricted Groups applied?
|
at each Group Policy refresh, listed users are removed from the groups
|
|
|
What does the System Services node do?
|
allows configuration of security and starup options for services
|
|
|
What MMC snap-in is used to apply a security template via Group Policy?
|
Active Directory Users and Computers
|
|
|
What command will force Group Policy propagation throughout the domain?
|
gpupdate (or secedit /refreshpolicy machine_policy)
|
|
|
What command is used to deploy security templates from the command line?
|
secedit /configure
|
|
|
What does the secedit switch /db do?
|
specifies the database containing the security template that should be used
|
|
|
What does the secedit switch /cfg do?
|
specifies the security template to import into a database and apply (used with /db)
|
|
|
What does the secedit /overwrite switch do?
|
specifies whether the selected template overwrites the template in the database, or is appended to it
|
|
|
What does the secedit /areas switch do?
|
specifies which areas of a security template should be applied
|
|
|
What are the six valid areas for secedit?
|
securitypolicy; group_mgmt; user_rights; regkeys; filestore; services
|
|
|
What are the four primary switches for secedit?
|
/analyze; /configure; /export; /validate
|
|
|
What clients can natively receive Group Policy settings across the network?
|
Windows 2000 clients and above
|
|
|
What can be done to allow legacy clients some Active Directory functionality?
|
install Directory Services Client
|
|
|
What OS does not have Active Directory provided?
|
Windows ME
|
|
|
What account can be used to export a data recovery agent certificate?
|
the built-in Administrator account
|
|
|
What command will open the Local Security Policy console?
|
secpol.msc
|
|
|
What command will start the Microsoft Baseline Security Analyzer?
|
msbacli.exe
|
|
|
What file would be used to deploy a service pack to computers via Group Policy?
|
update.msi
|
|
|
What is qchain.exe used for?
|
installing multiple hotfixes seqentially without rebooting in-between
|
|
|
What two methods can be used to deploy hotfixes at the same time as the operating system?
|
cmdline.txt, and by placing hotfixes in the Run Once section of the Setup Manager Wizard
|
|
|
If a hotfix being deployed at the same time as the OS requires a reboot, which method must be used?
|
cmdline.txt
|
|
|
If a hotfix being deployed at the same time as the OS requires a reboot, which method must be used?
|
cmdline.txt
|
|
|
What is slipstreaming?
|
installing service packs at the same time the OS is installed
|
|
|
What command would slipstream SP3 files, located in a folder called SP3, into the OS directory, called W2K?
|
sp3\i386\update\update.exe -s:c:\w2k
|
|
|
What command would slipstream SP3 files, located in a folder called SP3, into the OS directory, called W2K?
|
sp3\i386\update\update.exe -s:c:\w2k
|
|
|
What command would slipstream SP3 files, located in a folder called SP3, into the OS directory, called W2K?
|
sp3\i386\update\update.exe -s:c:\w2k
|
|
|
What are the four requirements for a RIS server?
|
DHCP Server service; Active Directory; DNS Server service; 2Gb free space
|
|
|
What are the three valid authentication methods for IPSec?
|
Kerberos (default); certificate; pre-shared key
|
|
|
How do you enforce a given IPSec policy?
|
right-click the policy and choose "Assign"
|
|
|
How many IPSec policies may be in force at once?
|
only one
|
|
|
What two encryption algorithms does IPSec use?
|
DES and 3DES
|
|
|
What two algorithms does IPSec use to verify integrity?
|
MD5 and SHA1
|
|
|
What is an IPSec Security Association (SA) also known as?
|
a hard SA
|
