You need to comply with the design requirements

You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet.

You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in the perimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers.

These custom security settings must be automatically refreshed every day to ensure compliance with the design. You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements.

What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet.

You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in the perimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers.

These custom security settings must be automatically refreshed every day to ensure compliance with the design. You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements.

What should you do?

A.
Create a task on each application server that runs Security and Configuration Analysis with Baseline1.inf every day.

B.
Create a startup script in the Default Domain Policy Group Policy object (GPO) that runs the secedit command with Baseline1.inf.

C.
Import Baseline1.inf into the Default Domain Policy Group Policy object (GPO).

D.
Create a task on each application server that runs the secedit command with Baseline1.inf every day.

Explanation:
Secedit.exe is a command line tool that performs the same functions as the Security Configuration And Analysis snap-in, and can also apply specific parts of templates to the computer. You can use Secedit.exe in scripts and batch files to automate security template deployments.

Reference:

Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, 2004, Chapter 10.



Leave a Reply 0

Your email address will not be published. Required fields are marked *