70-214 Set 1
Terms
undefined, object
copy deck
- What are the three basic-level security templates?
- basicwk.inf; basicsv.inf; basicdc.inf
- What template allows legacy applications to run under less-restrictive security?
- compatws.inf
- What is the compatible-level security template used for?
- running legacy applications without giving users Power User rights
- What two templates provide a medium level of security?
- securews.inf; securedc.inf
- What are the two highest-security templates available?
- hisecws.inf; hisecdc.inf
- What security requirement do the two highly-secure templates enforce?
- use of IPSec in network communications
- What template contains out-of-the-box settings for a 2000 domain controller?
- DCSecurity.inf
- What template contains out-of-the-box settings for workstations and member servers?
- setup security.inf
- What template removes the terminal server SID from registry and file system objects?
- notssid.inf
- What two MMC snap-ins can be used to apply security templates?
- Group Policy Editor; Security Configuration and Analysis (for a specific computer)
- What assumption do the security templates make?
- that 2000 has been installed cleanly (not upgraded) and has the default 2000 security settings
- Why is the fact that security templates apply settings incrementally important?
- the templates do not contain default security settings, only changes from them
- What two areas do the basic templates NOT specify settings for?
- user rights and group membership
- What environment are the high-security templates intended for? Why?
- native 2000 environments only- legacy OS's do not support IPSec
- In what order are group policies applied?
- Local; Site; Domain; OU
- What does Restricted Groups do?
- allows listing of what users and groups may be members of specified groups
- How are Restricted Groups applied?
- at each Group Policy refresh, listed users are removed from the groups
- What does the System Services node do?
- allows configuration of security and starup options for services
- What MMC snap-in is used to apply a security template via Group Policy?
- Active Directory Users and Computers
- What command will force Group Policy propagation throughout the domain?
- gpupdate (or secedit /refreshpolicy machine_policy)
- What command is used to deploy security templates from the command line?
- secedit /configure
- What does the secedit switch /db do?
- specifies the database containing the security template that should be used
- What does the secedit switch /cfg do?
- specifies the security template to import into a database and apply (used with /db)
- What does the secedit /overwrite switch do?
- specifies whether the selected template overwrites the template in the database, or is appended to it
- What does the secedit /areas switch do?
- specifies which areas of a security template should be applied
- What are the six valid areas for secedit?
- securitypolicy; group_mgmt; user_rights; regkeys; filestore; services
- What are the four primary switches for secedit?
- /analyze; /configure; /export; /validate
- What clients can natively receive Group Policy settings across the network?
- Windows 2000 clients and above
- What can be done to allow legacy clients some Active Directory functionality?
- install Directory Services Client
- What OS does not have Active Directory provided?
- Windows ME
- What account can be used to export a data recovery agent certificate?
- the built-in Administrator account
- What command will open the Local Security Policy console?
- secpol.msc
- What command will start the Microsoft Baseline Security Analyzer?
- msbacli.exe
- What file would be used to deploy a service pack to computers via Group Policy?
- update.msi
- What is qchain.exe used for?
- installing multiple hotfixes seqentially without rebooting in-between
- What two methods can be used to deploy hotfixes at the same time as the operating system?
- cmdline.txt, and by placing hotfixes in the Run Once section of the Setup Manager Wizard
- If a hotfix being deployed at the same time as the OS requires a reboot, which method must be used?
- cmdline.txt
- What is slipstreaming?
- installing service packs at the same time the OS is installed
- What command would slipstream SP3 files, located in a folder called SP3, into the OS directory, called W2K?
- sp3\i386\update\update.exe -s:c:\w2k
- What are the four requirements for a RIS server?
- DHCP Server service; Active Directory; DNS Server service; 2Gb free space
- What are the three valid authentication methods for IPSec?
- Kerberos (default); certificate; pre-shared key
- How do you enforce a given IPSec policy?
- right-click the policy and choose "Assign"
- How many IPSec policies may be in force at once?
- only one
- What two encryption algorithms does IPSec use?
- DES and 3DES
- What two algorithms does IPSec use to verify integrity?
- MD5 and SHA1
- What is an IPSec Security Association (SA) also known as?
- a hard SA