Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Microsoft 70-299 Exam - Cheat-Test.com

Free 70-299 Sample Questions:

1. You are a security administrator for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. All client computers run Windows XP Professional.
Eight Windows Server 2003 computers are members of the domain. These computers are used to store confidential files. They reside in a data center that only IT administration personnel have physical access to.
You need to restrict members of a group named Contractors from connecting to the file server computers. Allother employees require access to these computers.
What should you do?
A. Apply a security template to the file server computers that assigns the Access this computer from the network right to the Domain Users group.
B. Apply a security template to the file server computers that assigns the Deny access to this computer from the net work right to the Contractors group.
C. Apply a security template to the file server computers that assigns the Allow log on locally right to the
Domain Users group.
D. Apply a security template to the file server computers that assigns the Deny log on locally right to the Contractors group.
Answer: B

2. You are a security administrator for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. All client computers run Windows XP Professional.
One hundred users in your company are currently using an application named App1. App1 is stored in a folder onthe hard disk of each user's client computer. To secure App1, you create a new Group Policy
object (GPO) named App1 Policy. The App1 Policy GPO contains a file system security policy that applies a custom DACL to App1.
You configure the DACL to assign all users only the Allow ­ Read permission. You filter the App1 Policy GPO to apply only to computers that have App1 installed.
After you apply the App1 GPO, users immediately report that they receive an error message when they attempt to use App1. You delete the entry for App1 in the file system security policy. Users continue to report that they receive the same error message when they attempt to use App1.
You need to configure the network so that users can use App1. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Delete the App1 Policy GPO. Restart all client computers.
B. Create a new file system security policy in the App1 Policy GPO that assigns default permissions to App1.
C. Import the Setup security.inf security template into the App1 Policy GPO.
D. Disable the App1 Policy GPO.
Answer: B

3. You are a security administrator for your company. The network consists of a single Active Directory domain.
Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows 2000 Professional. The latest operating system service pack is installed on each computer.
Thirty Windows Server 2003 computers are members of the domain and function as file servers. Client computers access files on these file servers over the network by using the Server Message Block (SMB) protocol. You are concerned about the possible occurrence of man­in­the­middle attacks during SMB communications.
You need to ensure that SMB communications between the Windows Server 2003 file servers and the client computers are cryptographically signed. The file servers must not communicate with client computers if the client computers cannot sign SMB communications. Client computers must be able to use unsigned SMB communications with all other computers in the domain. What should you do to configure the file servers?
A. Apply a security template that enables the Microsoft network server: Digitally sign communications (always) setting.
B. Apply a security template that enables the Microsoft network server: Digitally sign communications (if client agrees) setting.
C. Apply a security template that enables the Domain member: Digitally sign secure channel data (when possible)setting.
D. Apply a security template that enables the Domain member: Digitally encrypt or sign secure channel data(always) setting.
Answer: A

4. You are a security administrator for your company. The network consists of two Active Directory domains that are in separate Active Directory forests. No Active Directory trust relationships exist between the domains. All servers run Windows Server 2003. Client computers run either Windows XP Professional or Windows 2000Professional. All domain controllers run Windows Server 2003.
You discover that users in one domain can obtain a list of account names for users in the other domain. This capability allows unauthorized users to guess passwords and to access confidential data.
You need to ensure that account names can be obtained only by users of the domain in which the accounts reside.
Which two actions should you perform on the domain controllers? (Each correct answer presents part of the solution. Choose two.)
A. Apply a security template that disables the Network access: Allow anonymous SID/Name translation setting.
B. Apply a security template that enables the Network access: Do not allow anonymous enumeration of SAM accounts setting.
C. Apply a security template that enables the Network security: Do not store LAN Manager hash value on next password change setting.
D. Apply a security template that sets the Domain controller: LDAP server signing requirements setting to Require signing.
Answer: A, B

5. You are a security administrator for your company. The network consists of a single Active Directory domain.
All client computers run Windows XP Professional. All servers run Windows Server 2003. All computers on the network are members of the domain.
Traffic on the network is encrypted by IPSec. The domain contains a custom IPSec policy named Lan Security that applies to all computers in the domain. The Lan Security policy does not allow unsecured communication with non­IPSec­aware computers.
The company's written security policy states that the configuration of the domain and the configuration of the Lan Security policy must not be changed.
The domain contains a multihomed server named Server1. Server1 is connected to the company network, and Server1 is also connected to a test network. Currently, the Lan Security IPSec policy applies to network traffic on both network adapters in Server1.
You need to configure Server1 so that it communicates on the test network without IPSec security. Server1 must still use the Lan Security policy when it communicates on the company network.
How should you configure Server1?
A. Configure a packet filter for the network adapter on the test network to block the Internet Key Exchange (IKE) port.
B. Configure the network adapter on the test network to disable IEEE 802.1x authentication.
C. Configure the network adapter on the test network to enable TCP/IP filtering, and then permit all traffic.
D. Use the netsh command to assign a persistent IPSec policy that permits all traffic on the network adapter on the test network.
E. Assign an IPSec policy in the local computer policy that permits all traffic on the network adapter on the test network.
Answer: D

6. You are a security administrator for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. All client computers run Windows XP Professional. A server named Server1 is not a member of the domain. All other computers are members of the domain.
The network contains an enterprise certification authority (CA). All computers on the network trust the CA. The company's written security policy states that all network traffic from the computers in the domain to Server1 must be encrypted. Server1 must not be added to the domain.
You configure a Group Policy object (GPO) that assigns the predefined IPSec policy named Client (Respond Only). You link the GPO to the domain. You configure Server1 to use the predefined IPSec policy named Secure Server (Require Security).
When you test this configuration, you cannot connect to Server1 from the computers in the domain.You need to implement the written security policy.
What should you do?
A. Disable the default exemptions to IPSec filtering on all computers in the domain.
B. Disable the default response rule in the Client (Respond Only) IPSec policy in the domain.
C. Configure Server1 so that it uses the predefined IPSec policy named Server (Request Security).
D. Configure the security options of the local computer policy on Server1 to always digitally sign communications.
E. Configure the assigned IPSec policies on Server1 and in the domain to use certificate­based authentication.
Answer: E

7. You are a security administrator for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. All client computers run Windows 2000 Professional. The company's written security policy states the following requirements:
All access to files must be audited.
File servers must be able to record all security events.
You create a new Group Policy object (GPO) and filter it to apply to only file servers. You configure an audit policy to audit files and folders on file servers. You configure a system access control list (SACL) to audit the appropriate files.
You need to ensure that the GPO enforces the written security policy.
Which two additional actions should you perform to configure the GPO? (Each correct answer presents part of the solution. Choose two.)
A. Set a manual retention method for the security log.
B. Set the security log to retain entries for 7 days.
C. Set the maximum security log size to the maximum allowed size.
D. Configure the GPO to shut down the computer if it is unable to log security audits.
E. Ensure that users who are responsible for reviewing audit log data are granted the right to manage the securitylog.
Answer: A, D

8. You are a security administrator for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. All client computers run Windows XP Professional. Administrators in your company use scripts to perform administrative tasks when they troubleshoot problems on client computers. They connect to the Telnet service on client computers when they run these scripts. For security reasons, all Telnet traffic is encrypted by using an IPSec policy. In addition, the Telnet service is configured for manual startup on all client computers. Administrators manually start and stop the Telnet service when they perform administrative tasks.
Administrators report that they sometimes cannot start the Telnet service on client computers. You examine several client computers and discover that the Telnet service is disabled.
You need to ensure that administrators can troubleshoot problems on client computers at all times. What should you do?
A. Use a Restricted Groups policy in a new Group Policy object (GPO) to add the Domain Admins group to the Power Users group on each client computer.
B. Use a Restricted Groups policy in a new Group Policy object (GPO) to ensure that the Power Users group on each client computer contains no members.
C. Use a System Services policy in a new Group Policy object (GPO) to ensure that only Domain Admins can manage the Telnet service.
D. Use an Administrative Template setting to prevent local users from starting the Services snap­in.
Answer: C

9. You are a security administrator for your company. The company consists of two divisions. One division is named Coho Winery and is located in San Francisco. The other division is named Coho Vineyard and is located in Paris. Each division is connected to the Internet by a 1.544 Mbps WAN connection.
Coho Winery consists of a single Active Directory forest named cohowinery.com. All servers run Windows Server 2003. All client computers run Windows XP Professional. Coho Winery has a Microsoft SQL Server 2000 database that contains customer information. The SQL Server 2000 database is hosted on a Windows Server 2003 computer named Server1.
Coho Vineyard consists of a single Active Directory forest named cohovineyard.com. All servers run Windows 2000 Server. All client computers run Windows 2000 Professional or Windows NT Workstation.
All computers run the latest service packs.
To enable data replication, you configure a new Windows Server 2003 computer named Server2 in the cohovineyard.com forest. You install SQL Server 2000 on Server2. Your database administrator configures the database on Server1 to replicate to Server2 every night.
Management reports that a competitor acquired confidential customer data. You determine that the competitor intercepted customer data as it replicated from Server1 to Server2. You decide to use IPSec to protect customer data as it replicates.
You need to configure an IPSec policy to protect customer data as it replicates. What should you do?
A. Configure the IPSec policy to use Authentication Header (AH) in transport mode with Kerberos authentication.
B. Configure the IPSec policy to use Encapsulating Security Payload (ESP) with certificate­based authentication in tunnel mode.
C. Configure the IPSec policy to use Authentication Header (AH) with certificate­based authentication in transport mode.
D. Configure the IPSec policy to use Encapsulating Security Payload (ESP) with Kerberos authentication in tunnel mode.
Answer: B

10. You are a security administrator for your company. The network consists of a single Active Directory domain.
All domain controllers and servers run Windows Server 2003. All computers are members of the domain. The domain contains 12 database servers. The database servers are in an organizational unit (OU)
named DBServers. The domain controllers and the database servers are in the same Active Directory site.
You receive a security report that requires you to apply a security template named Lockdown.inf to all database servers as quickly as possible. You import Lockdown.inf into a Group Policy object (GPO) that is linked to the DBServers OU.
You need to ensure that the settings in the Lockdown.inf security template are applied to all database servers as quickly as possible.
What should you do?
A. On each database server, run the repadmin /replicate command.
B. On each database server, run the gpupdate command.
C. On each database server, run the secedit /refreshpolicy command.
D. On each database server, open Local Computer Policy, select Security Settings, and then use the Reload command.
E. On each database server, open Resultant Set of Policy, and then use the Refresh Query command.
Answer: B

11. You are a security administrator for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. All computers are members of the domain.
The company's written security policy states that all servers must have the security settings that are specified in a security template named Verify.inf. TheVerify.inf security template is copied to the Systemroot\Security\Templates folder on each server.
You need to verify that the servers on the network meet the requirements in the written security policy. What should you do?
A. On each server, run the gpresult command and save the results.
B. On each server, run the secedit.exe /analyze command for the Verify.inf security template and save the results.
C. On each server, run Microsoft Baseline Security Analyzer (MBSA) and save the results.
D. On a domain controller, import the Verify.inf security template into Security Configuration and Analysis, and then start the Resultant Set of Policy Provider service.
E. On a domain controller, import the Verify.inf security template into the Default Domain Policy Group Policy object (GPO), and then run the gpupdate command.
Answer: B

12. You are a security administrator for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. All servers are members of the domain.
The company plans to deploy a new application named App1. The application runs on servers. To test the compatibility between App1 and other applications that run on the servers, you need to change several file and registry permissions in the Windows folder on the servers. A security template named TestPerms contains the file and registry permissions that need to be set for the application testing.
You create a new Group Policy object (GPO) named TestApp. You import the TestPerms security template into the TestApp GPO. You link the TestApp GPO to an organizational unit (OU) that contains only the servers that are used for the test.
You need to ensure that the file and registry permissions are set to the permissions in the TestPerms security template only during application testing.
What should you do when the application testing ends?
A. Disable the computer configuration settings in the TestApp GPO.
B. Disable the TestApp GPO link to the OU.
C. Unlink the TestApp GPO from the OU.
D. Delete the TestApp GPO, and then run the gpupdate.exe /sync command.
E. Delete the TestApp GPO, and then apply a security template that contains the original permissions.
Answer: E


© 2014 Cheat-Test.com, All Rights Reserved