Exam A
QUESTION 1
You work as a network administrator for TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. There are currently 80 Web servers that are configured with Windows 2000 Server and are contained in an Organizational Unit (OU) named TK_WebServers. All Web servers were configured to run IIS Lockdown Wizard as they were deployed.
TestKing.com management took a decision to upgrade all Web servers to Windows Server 2003. Part of the upgrade also involves a baseline security configuration for the Web servers. The TestKing.com written security policy states that all unnecessary services on servers must be disabled. Results of the post-upgrade testing revealed that unnecessary services such as SMTP and Telnet were enabled on the Web server. You must ensure that the baseline security configuration for the Web servers is in compliance with the written security policy. Therefore the unnecessary services should always be disabled on these Web servers.
What should you do?
A. Create a Group Policy object (GPO) to apply a logon script that disables the unnecessary services.
Link the GPO to the TK_WebServers OU.
B. Create a Group Policy object (GPO) and import the Hisecws.inf security template.
Link the GPO to the TK_WebServers OU.
C. Create a Group Policy object (GPO) to set the startup type of the unnecessary services to Disabled.
Link the GPO to the TK_WebServers OU.
D. Create a Group Policy object (GPO) to apply a startup script to stop the unnecessary services.
Link the GPO to the TK_WebServers OU.
Answer: C
Section: Planning and Implementing Server Roles and Server Security (58 Questions)
Explanation/Reference:
Explanation:
Windows Server 2003 installs a great many services with the operating system, and configures quite a few with the Automatic startup type, so that these services load automatically when the system starts. Many of these services are not needed in a typical member server configuration, and it is a good idea to disable the ones that the computer does not need. Services are programs that run continuously in the background, waiting for another application to call on them. Instead of controlling the services manually, using the Services console, you can configure service parameters as part of a GPO. Applying the GPO to a container object causes the services on all the computers in that container to be reconfigured. To configure service parameters in the Group Policy Object Editor console, you browse to the Computer Configuration\Windows Settings\Security Settings\System Services container and select the policies corresponding to the services you want to control.
Incorrect Answers:
A: The logon script would only run when someone logs on to the web servers. It's likely that the web servers will be running with no one logged in.
B: The Hisecws.inf security template is designed for workstations, not servers.
D: The startup script would only run when the servers are restarted. A group policy would be refreshed at regular intervals.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 13:1-6
…………