What should you do?

You are the network administrator for your company.The network consists of a single Active Directory domain.The functional level of the domain is Windows Server 2003. All client computers in the domain run Windows XP Professional.
An application named Inventory.exe is installed on all computers in the domain to remotely gather software inventory information.The application runs as a service in the security context of the Local System.The startup type of the service is set to Automatic.
In the Default Domain Policy Group Policy object (GPO), the security administrator has configured a software restriction policy that is applied to all computers in the domain.The policy contains a hash rule for the Inventory.exe application, and the hash rule is configured with a security level of Unrestricted.
The client computers on the network are attacked by a worm that is distributed by e-mail messages received over the Internet.The worm detects the presence of Inventory.exe on a computer, then starts a new instance of the application in the security context of the logged-on user.The worm exploits a bug in the application to cause the computer to fail.
You need to ensure that Inventory.exe cannot be started by the worm, while still allowing the application to run as a service.
What should you do?

You are the network administrator for your company.The network consists of a single Active Directory domain.The functional level of the domain is Windows Server 2003. All client computers in the domain run Windows XP Professional.
An application named Inventory.exe is installed on all computers in the domain to remotely gather software inventory information.The application runs as a service in the security context of the Local System.The startup type of the service is set to Automatic.
In the Default Domain Policy Group Policy object (GPO), the security administrator has configured a software restriction policy that is applied to all computers in the domain.The policy contains a hash rule for the Inventory.exe application, and the hash rule is configured with a security level of Unrestricted.
The client computers on the network are attacked by a worm that is distributed by e-mail messages received over the Internet.The worm detects the presence of Inventory.exe on a computer, then starts a new instance of the application in the security context of the logged-on user.The worm exploits a bug in the application to cause the computer to fail.
You need to ensure that Inventory.exe cannot be started by the worm, while still allowing the application to run as a service.
What should you do?

A.
In the computer settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a zone rule for the Internet zone.Configure the zone rule with a security level of Disallowed.

B.
In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a zone rule for the Internet zone.Configure the zone rule with a security level of Disallowed.

C.
In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a hash rule for the Inventory.exe application.Configure the hash rule with a security level of Disallowed.

D.
In the computer settings section of the Default Domain Policy GPO, modify the existing software restriction policy hash rule for the Inventory.exe application so that the hash rule has a security level of Disallowed.



Leave a Reply 0

Your email address will not be published. Required fields are marked *