Mark works as a Network Administrator fot Blue Well Inc. The company has a Windows-based
network. Mark is facing a series of problems with email spam and identifying theft via phishing
scams. He wants to implement the various security measures and to provide some education
because it is related to the best practices while using email. Which of the following can Mark do
after enabling reverse DNS lookups to minimize the amount of spam?
A.
Permit User Account Control
B.
Add Sender Policy Framework
C.
Use Read-only Domain Controller
D.
Windows Server Update Services
Explanation:
To minimize the amount of spam that is hitting the Microsoft Exchange server, it is required to
enable reverse DNS lookup on the SMTP virtual server. It forces a system to crosscheck the domain
name with a PTR record (IP address associated with the domain name) and if the IP address is not
matched the record associated with that domain name, it will not delivered. SPF is used to permit
the administrator to configure the server to establish who is acceptable to send email from their
domain.Answer D is incorrect. Windows Server Update Services (WSUS) is an add-on component of
Windows Server 2008. It provides functionality to a server to run as a Windows Update server in a
Windows network environment. Administrators can configure a WSUS server as the only server to
download updates from Windows site, and configure other computers on the network to use the
server as the source of update files. This will save lots of bandwidth as each computer will not
download updates individually. WSUS 3.0 SP1 is the only version of WSUS that can be installed onWindows Server 2008. Earlier versions of WSUS cannot be installed on a server running Windows
Server 2008.Answer A is incorrect. User Account Control (UAC) is a technology and security infrastructure
introduced with Microsoft’s Windows Vista and Windows Server 2008 operating systems, with a
more relaxed version also present in Windows 7 and Windows Server 2008 R2. It aims to improve
the security of Microsoft Windows by limiting application software to standard user privileges until
an administrator authorizes an increase or elevation.Answer C is incorrect. Read-only Domain Controller (RODC) is a domain controller that hosts the
read-only partition of the Active Directory database. RODC was developed by Microsoft typically to
be deployed in a branch office environment. RODC is a good option to enhance security by placing it
in a location where physical security is poor. RODC can also be placed at locations having relatively
few users and a poor network bandwidth to the main site. As only the read-only partition of the
Active Directory database is hosted by RODC, a little local IT knowledge is required to maintain it.