Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Microsoft 70-214 Exam - Cheat-Test.com

Free 70-214 Sample Questions:

1. The written security policy of your company requires that ServerA must use IPSec to encrypt data to ServerB. You configure a custom IPSec policy in the Local Security Policy on ServerA and on ServerB. The custom IPSec policy implements Encapsulating Security Payload (ESP) for all data that is transmitted between ServerA and ServerB. You also configure the IPSec security association to use Kerberos authentication.
After the IPSec security policies are assigned to ServerA and ServerB, you discover that IP traffic between ServerA and ServerB is not encrypted. What should you do?
A: Create a one-way external trust relationship in which factory.contoso.com trusts office.contoso.com.
B: Enable the Trust Computer for delegation option in the computer account properties on ServerA and on ServerB.
C: Modify the custom IPSec policies to use certificate-based authentication, and acquire IPSec certificates for ServerA and ServerB from a common root Certification Authority (CA).
D: Create a computer account for ServerA in factory.contoso.com and a computer account for ServerB in office.contoso.com. Configure the new accounts to use Kerberos name mapping to map the new account name to the existing computer account in the other forest.
Answer: C

2. You are the network administrator for your company. The network consists of a Windows 2000 Active Directory forest.
A Windows 2000 Server computer named ServerA runs Internet Information Services (IIS) and hosts a Web site that allows customers to purchase your company's goods. To protect the transactions, ServerA requires a Web server certificate and must implement SSL encryption.
The written security policy for your company requires that all customers use certificate-based authentication when they connect to a secured Web site. The application running on the Web server requires the existence of a custom Object Identifier (OID) in the presented certificate. You need to map the digital certificates to Active Directory user accounts by using one-to-one certificate mapping.
You need to acquire a Web server certificate and user certificates that comply with the written policy. What should you do?
A: Obtain the certificates from a commercial Certification Authority (CA).
B: Obtain the certificates from a private Certification Authority (CA) that is hosted on the company network.
C: Obtain the Web Server certificate from a commercial Certification Authority (CA) and the user certificates from a private CA that is hosted on the company network.
D: Obtain the user certificates from a commercial Certification Authority (CA) and the Web server certificate from a private CA that is hosted on the company network.
Answer: C

3. You are the network administrator for your company. The network consists of a Windows 2000 Active Directory domain that has three domain controllers. All computer accounts are in the Computers container. The network has 900 Windows 2000 Professional client computers. The written security policy requires that logons from domain accounts be audited.
The Domain Controller Security Policy audit settings are in their default state. You do not want to audit logon attempts that use local user accounts on client computers or member servers. You need to configure audit settings to comply with the written security policy. What should you do?
A: Run the secedit command to apply the Defaultdc.inf template to the domain controllers.
B: Run the secedit command to apply the Basicdc.inf template to the domain controllers.
C: Configure the Audit logon events policy for success and failure in the Local Security Policy of each domain controller.
D: Configure the Audit account logon events policy for success and failure in the Domain Controller Security Policy.
Answer: D

4. You are the administrator of a Windows 2000 Active Directory domain. The domain consists of Windows 2000 Professional client computers and Windows 2000 Server computers. You plan to deploy a new multitiered database application. The application consists of a client part that is run by users on the client computers, a service that runs on a Windows 2000 member server named ServerA, and the database service that runs on multiple other Windows 2000 member servers. The client application connects to the service on ServerA. The service on ServerA connects to the database service. The services for the new database application run on ServerA, and the database servers run under LocalSystem. The documentation for the new application states that it supports Kerberos proxy tickets to authenticate users to the database servers. You want to configure the network so that users can use this new application. What should you do?
A: Change the properties of the user accounts to enable the Account is trusted for delegation option.
B: Change the properties of the ServerA computer account to enable the Trust computer for delegation option.
C: Add the computer accounts of the database servers to the Pre-Windows 2000 Compatible Access group.
D: Change the Kerberos policy in the Default Domain Policy to disable the Enforce user logon restrictions option.
Answer: B

5. You are the network administrator for your company. The network consists of a Windows 2000 Active Directory domain.
The domain contains three member servers that run Windows 2000 Server. All three servers use Routing and Remote Access to accept dial-up connections from remote company employees. You will soon add four more dial-up servers to handle the demand for dial-up services.
The written security policy for your company requires the start and end time of all dial-up connections to be logged. The logs must be maintained for at least six months.
You need to configure the existing dial-up servers to comply with the written policy. You need to ensure that the configuration can support additional dial-up servers. You also want to minimize the amount of time you spend maintaining dial-up logs.
What should you do?
A: Enable auditing on each dial-up server. Configure the Security log on each dial-up server to be 20 MB in size and to never overwrite events. Save each Security log to an archived location every day.
B: Use the Eventcomb utility to collect the security events from each dial-up server every day. Export the Security log from each dial-up server to a file every day.
C: Install Internet Authentication Service (IAS) on a new Windows 2000 Server computer. Configure each dial-up server to use IAS for authentication and accounting. Configure IAS to log authentication and accounting. Use Task Scheduler to archive the IAS log files every day.
D: Move the dial-up servers to a new organizational unit (OU). Create a Group Policy object (GPO) and link the GPO to the new OU. Configure the GPO to enable auditing for logon and logoff events.
Answer: C

6. You are the network administrator for your company. The network consists of a Windows 2000 Active Directory domain named contoso.com. You have deployed a new Windows 2000 Server computer as a Web server in the perimeter network (also known as the DMZ). The Web server is not a member of contoso.com. A firewall between the private network and
the DMZ is configured to allow only HTTP traffic to be sent from the DMZ to the private network. Your Web server administrator creates a security template named Webserver.inf that defines the default security settings required for the Web server. The security template settings must be enforced at the Web server and applied at regular intervals. What should you do?
A: Make the Web server a member of the contoso.com domain and place the Web server computer account into a new organizational unit (OU). Import the Webserver.inf security template to the Default Domain Policy.
B: Create a batch file that applies the security template by using the secedit /configure /cfg Webserver.inf /db web.sdb command. In Scheduled Tasks, create a new task to run the batch file daily.
C: Apply the security template using the Security Configuration and Analysis console on the Web server. Create a batch file that updates the security policy of the Web server by using the secedit /refreshpolicy machine_policy /enforce command. In Scheduled Tasks, create a new task to run the batch file daily.
D: Import the Webserver.inf security template to the Local Computer policy of the Web server. Create a batch file that updates the security policy of the Web server by using the secedit /refreshpolicy machine_policy /enforce command. In Scheduled Tasks, create a new task to run the batch file daily.
Answer: B

7. You are the network administrator for your company. The network consists of a Windows 2000 Active Directory domain and a Windows 2000 Server computer named ServerA. ServerA is not a member of the domain. ServerA contains two network adapters. One network adapter is connected to your company's network, and the other is connected to the Internet. ServerA runs Routing and Remote Access and accepts virtual private network (VPN) connections from the Internet. ServerA is configured to audit all logon events and all account logon events. The Security log on ServerA is configured with the default settings. You review the Security log on ServerA and discover that a former employee named Bruno establishes a VPN connection with ServerA every evening. The log reveals that Bruno uses his old user account to authenticate to ServerA. You need to secure the network against further access by Bruno's user account and retain evidence of Bruno's activity for the company's legal department. You also need to ensure that ServerA continues to function normally. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A: On ServerA, disable Bruno's local user account.
B: On ServerA, increase the size of the Security log to 1,024 KB.
C: On a domain controller, disable Bruno's domain user account.
D: On ServerA, save the contents of the Security log to a file named ServerALog.evt.
E: On ServerA, stop Routing and Remote Access and set the startup mode to Disabled.
Answer: A, D

8. You are the network administrator for your company. The network consists of a Windows 2000 Active Directory domain that contains 5,000 Windows 2000 Professional client computers. All client computer accounts are located in an
organizational unit (OU) named ClientComputers. All company employees log on to their computers by using domain user accounts. All client computers are installed by using a standard Windows 2000 Professional image, which includes
Internet Information Services (IIS). However, only three software developers use IIS on their client computers. These developers report that their client computers are infected with a virus. You discover that the virus infects computers by attacking IIS. You estimate that one-third of the client computers are infected with the virus, and the virus is slowly spreading to other computers. Your anti-virus software does not currently detect this virus, although an update will be available in three business days. The developers can work normally without IIS for several days, if necessary. Until the anti-virus update is available, you need to prevent the virus from spreading to additional client computers. What should you do?
A: On each developer's client computer, configure the World Wide Web Publishing service to have a startup type of Disabled .
B: On each computer infected by the virus, configure the properties of the LAN connection so that IP filters prevent inbound network traffic on TCP port 80.
C: On each computer not infected by the virus, configure the properties of the default Web site so that only Integrated Windows authentication is enabled. Then, stop the default Web site.
D: On a domain controller, create a Group Policy object (GPO) and link it to the ClientComputers OU. Configure the GPO to disable the World Wide Web Publishing service. In the GPO, select the No Override check box. Restart all client computers.
Answer: D

9. You are the network administrator for your company. You are working at one of your company's branch offices. The branch office has a Windows 2000 Server computer configured as file server named ServerA. ServerA contains a distribution share named Files1. Files1 contains the contents of the Windows 2000 Professional installation CD-ROM. You start to install 25 new Windows 2000 Professional client computers by using the distribution share on ServerA. You finish installing the first client computer and then learn that a new service pack is available. You install Windows 2000 Professional on a test computer from the distribution share. You install and test the service pack on the test client computer. You want to install the service pack on the remaining client computers as quickly as possible with the least amount of administrative effort. What should you do?
A: Run the service pack's update -s:\\ServerA\Files1 command. Install the client computers from the distribution share on ServerA.
B: Copy the service pack files to the distribution share on ServerA. Install the client computers from the distribution share on ServerA.
C: Configure a separate Windows 2000 Active Directory domain for the branch office. Create a new Group Policy object (GPO) and link it to the new domain. Configure the GPO with a software installation package for the new service pack.
D: Use Setup Manager to create an answer file and a uniqueness database file. Specify the appropriate service pack executable as a program to run after installation in Setup Manager. Copy the answer file to the distribution share. Run the winnt.exe command with the appropriate unattended installation switches.
Answer: A


© 2014 Cheat-Test.com, All Rights Reserved