单项选择题
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional.
You are planning a security update infrastructure.
You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically.
What should you do? ()
A. Schedule the secedit command to run every night.
B. Schedule the mbsacli.exe command to run every night.
C. Install Microsoft Baseline Security Analyzer (MBSA) on one of the servers. Configure Automatic Updates on all other computers to use that server.
D. Install Software Update Services (SUS) on one of the servers. Configure the SUS server to update every night.
相关考题
-
单项选择题
You are a network administrator for your company. The network contains a perimeter network. The perimeter network contains four Windows Server 2003, Web Edition computers that are configured as a Network Load Balancing cluster. The cluster hosts an e-commerce Web site that must be available 24 hours per day. The cluster is located in a physically secure data center and uses an Internet-addressable virtual IP address. All servers in the cluster are configured with the Hisecws.inf template. You need to implement protective measures against the cluster’s most significant security vulnerability. What should you do? ()
A. Use Encrypting File System (EFS) for all files that contain confidential data stored on the cluster.
B. Use packet filtering on all inbound traffic to the cluster.
C. Use Security Configuration and Analysis regularly to compare the security settings on all servers in the cluster with the baseline settings.
D. Use intrusion detection on the perimeter network. -
单项选择题
You are the network administrator for your company. The network contains a single Active Directory domain. All computers on the network are members of the domain. All domain controllers run Windows Server 2003. You are planning a public key infrastructure (PKI). The PKI design documents for your company specify that certificates that users request to encrypt files must have a validity period of two years. The validity period of a Basic EFS certificate is one year. In the Certificates Templates console, you attempt to change the validity period for the Basic EFS certificate template. However, the console does not allow you to change the value. You need to ensure that you can change the value of the validity period of the certificate that users request to encrypt files. What should you do? ()
A. Install an enterprise certification authority (CA) in each domain.
B. Assign the Domain Admins group the Allow - Full Control permission for the Basic EFS certificate template.
C. Create a duplicate of the Basic EFS certificate template. Enable the new template for issuing certificate authorities.
D. Instruct users to connect to the certification authority (CA) Web enrollment pages to request a Basic EFS certificate. -
单项选择题
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company. You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group. What should you do?()
A. Add the Cert Administrators group to the Cert Publishers group in the domain.
B. Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow - Write permission.
C. Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow - Modify permission.
D. Assign the Certificate Managers role to the Cert Administrators group.
