Pass4sure 70-284 demo dumps

1.You are the network administrator 70-284 for your company. Your network consists of a single Active Directory domain. All network servers run Windows Server 2003, and all client computers run Windows 2000 Professional. You install Windows Server 2003 with default settings on a new computer named Server1. You install and share several printers on Server1. You instruct all users to connect to these printers by using the address . However, users report that they cannot connect to this address. You need to ensure that all users can connect to the printers by using HTTP. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A:Publish all shared printers that are installed on Server1.
B:Create a virtual directory named Printers on Server1.
C:Install IIS with default settings on Server1.
D:Reshare all printers on Server1. 70-284
E:Install the Internet Printing component of IIS.
F:Type Net Start W3SVC at a command prompt.
Correct Answers: C, E

2.You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003.A member server named Server1 is located in an organizational unit (OU) named Servers. Server1 contains a folder named Contracts, which is configured to audit all file activity.You are directed to review the audit log on Contracts. You want to identify any files that were modifed during the past week by a user named Andrew. However, the audit log contains thousands of entries for the past week. You need to view entries for Andrew�s user account only. What should you do?

A: In Active Directory Users and Computers, open the properties for Andrew�s user account. View the Auditing tab of the Advanced Security Setting dialog box for his account.
B: In Windows Explorer, open Contracts. Add the Owner column to the file pane. Search for files that list Andrew as the owner.
C: On Server1, use WordPad to open C:\windows\system32\config\SecEvent.evt. Search for entries that contain Andrew�s user account.
D: Edit the Group Policy object (GPO) for the Servers OU. Add Andrew�s user account to the Generate security audits Group Policy option.
E: In Event Viewer, apply a filter to display 70-284 only events that contain Andrew�s user account in the User field.
Correct Answers: E

3.You are the network administrator for Tailspin Toys. The network consists of a single Active Directory domain in its own forest. All domain controllers run Windows Server 2003. Your company merges with Wingtip Toys, which also has a single Active Directory domain in its own forest. A cross-forest trust from Tailspin Toys to Wingtip Toys is created. You need to ensure that all users have access to personal payroll tools located in the Tailspin Toys domain. The built-in Users group for Tailspin Toys has the appropriate permissions on the payroll tools. What should you do?

A: Create a new universal group in the Wingtip Toys domain. Add all Wingtip Toys users to the group. Place the new group in the built-in Users group for Wingtip Toys.
B: Create a new universal group in the Tailspin Toys domain. Add all Tailspin Toys users to the group. Place the new group in the built-in Users group for Tailspin Toys.
C: Create a new global group in the Wingtip Toys domain. Add all Wingtip Toys users to the group. Place the new group in the built-in Users group for Tailspin Toys.
D: Create a new global group in the Tailspin Toys domain. Add all Tailspin Toys users to the group. Place the new group in the built-in Users group for Wingtip Toys.
Correct Answers: C 70-284

4.You are the domain administrator for your company�s Active Directory domain. All servers run Windows Server 2003.

The information technology (IT) department recently installed Software Update Services (SUS) to manage security updates. The server that runs SUS is configured to synchronize automatically every day at 7:00 A.M. New critical security updates were released today at 9:00 A.M.

You need to manually update the SUS server.

What should you do?

A: Log on to the SUS server. Download the new security updates from Windows Update.
B: Download the new security updates from Windows Update to your local computer. Copy and paste the updates on the SUS server.
C: On the SUS home page, synchronize the server.
D: Log on to the SUS server. Run Wupdmgr.exe by using 70-284 the appropriate command to manually synchronize the server.
Correct Answers: C

5.You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003, and all client computers run Windows XP Professional. Terminal Services is installed on a member server named Terminal1 with default settings. Users in the editing department are members of a group named Editors. When these users try to make a Terminal Services connection to Terminal1, they receive the following error message: �The local policy of this system does not permit you to logon interactively.� You need to enable members of the Editors group to establish Terminal Services sessions on Terminal1. What should you do?

A: Enable the Allow users to connect remotely to this computer option on Terminal1.
B: Add the Editors group to the Remote Desktop Users group on Terminal1.
C: Configure the RDP-Tcp connection properties on Terminal1 to assign the Allow – Full Control permission to the Editors group.
D: Add the Editors group to the Remote Desktop 70-284 Users group in Active Directory.
Correct Answers: B

6.You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Your company hosts Web applications for customers. Each customer is a company that has multiple employees who require access to the Web applications. Each customer has one Web application. Each Web application is configured as a virtual directory. You configure a user account for each customer. You assign this account permission to read the virtual directory that contains the customer�s Web application. You need to ensure that employees can access only their company�s Web application. You must accomplish this task without requiring customers to disclose passwords. What should you do?

A: Configure anonymous access for each virtual directory. Configure each virtual directory to use the customer�s assigned user account. Leave the password assigned to the user account blank.
B: Configure Microsoft .NET Passport authentication for each virtual directory. Instruct each employee of each customer that requires access to the Web site to enroll for a new .NET Passport.
C: Configure a certification authority (CA). Issue 70-284 certificates to each employee of each customer that requires access to the Web site. Configure many-to-one certificate mapping.
D: Acquire a Server Authentication digital certificate from a public certification authority (CA). Configure the Web server to use this certificate and to require SSL. Distribute a copy of the Server Authentication certificate to each employee of each customer that requires access to the Web site.
Correct Answers: C

7.You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. All computers are members of the domain. The network contains 10 Active Directory sites. Each site represents one of the company�s offices. The offices are located around the world. Each office has a connection to the Internet. The company maintains dedicated leased lines between the offices. You are planning a security patch management infrastructure for Microsoft security patches. You install Software Update Services (SUS) on a server named Server1. You need to ensure that Automatic Updates on the client computers and servers installs only security patches that are company approved.70-284 You want to limit the use of the leased lines between the offices by allowing each computer to download the security patches from the Internet. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A:Configure Automatic Updates on all computers to use the Microsoft Windows Update servers.
B:Configure Automatic Updates on all computers to use SUS on Server1.
C:Copy the Approveditems.txt file from Server1 to the Windows folder on each computer.
D:Configure Server1 to maintain updates on the Microsoft Windows Update servers.
E:Use Group Policy to configure the SUS server location as the URL of the Microsoft Windows Update Web site on all computers.
F:On all computers, configure the value 70-284 of the Run key in the registry as the URL of the Microsoft Windows Update Web site.
Correct Answers: B, D

8.You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Users are in the marketing, sales, or production department. A high-performance color print device named ColorPrinter1 is attached to a server named Server1. ColorPrinter1 is shared by the users in the marketing department. Only users in the marketing department are permitted to print documents on ColorPrinter1. Melanie is a user in the marketing department. Melanie is responsible for ensuring that print jobs on ColorPrinter1 print properly. She is also responsible for replacing paper and for general print device maintenance. Melanie is not permitted to modify the printer itself. You need to configure permissions for ColorPrinter1. You create a global group named Marketing. You add all marketing users to the Marketing global group. What else should you do?

A: Assign the global group the Allow – Manage Documents permission for ColorPrinter1. Assign Melanie the Allow – Manage Printers permission for ColorPrinter1.
B: Assign the global group the Allow – Print permission for ColorPrinter1. Create a local group on Server1. Add Melanie to the local group. Assign the local group the Allow – Manage Printers permission for ColorPrinter1.
C: Add the global group to a local group on 70-284 Server1. Assign the local group the Allow – Manage Documents permission for ColorPrinter1. Assign Melanie the Allow – Manage Printers permission for ColorPrinter1.
D: Add the global group to a local group on Server1. Assign the local group the Allow – Print permission for ColorPrinter1. Create another local group on Server1. Add Melanie to the second local group. Assign the second local group the Allow – Manage Documents permission for ColorPrinter1.
Correct Answers: D

9.You are a security administrator for your company. The company has one main office and five branch offices. Network administrators work in the main office and each branch office. Network administrators in the main office frequently create scripts that automate common administrative tasks. You review each script to ensure it does not introduce security vulnerabilities. Scripts that do not introduce security vulnerabilities are considered approved. Occasionally, branch office administrators modify these scripts and distribute the modified scripts to other branch office administrators. Branch office administrators often report that they accidentally run a modified version of a script. You need to ensure that branch office administrators can verify which scripts are 70-284 approved scripts. What should you do?

A: Maintain a list of the dates that the approved scripts were last modified. Instruct branch office administrators to verify the file modification date.
B: Digitally sign all approved scripts. Instruct branch office administrators to verify the signature before using a script.
C: Distribute all approved scripts to branch office administrators in an e-mail message.
D: Place all approved scripts on a file server in the main office. Assign all branch office administrators only the Allow – Read permission for the folder that contains the approved scripts. Instruct administrators to copy scripts from this file server.
Correct Answers: B

10.You are a security administrator for Contoso, Ltd. The network consists of two Active Directory forests named contoso.com and public.contoso.com. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network consists of an IEEE 802.11b wireless LAN (WLAN). Employees and external users use the WLAN. User accounts for employees are located in the contoso.com forest. User accounts for external users are located in the public.contoso.com forest. External users� computers do not have computer accounts in the public.contoso.com forest. To increase security, you upgrade the network hardware to 70-284 support IEEE 802.1x. You configure a public key infrastructure (PKI). You issue Client Authentication certificates to employees, to client computers used by employees, and to external users. You need to configure the WLAN to authenticate employees and external users. What should you do?

A: Configure each wireless access point to forward RADIUS requests to a server running Internet Authentication Service (IAS). Configure the IAS server to use a connection request policy to forward the requests to the appropriate forest.
B: Configure each wireless access point to forward requests to an Internet Authentication Service (IAS) server in the contoso.com forest. Configure the IAS server in the contoso.com forest to use the Tunnel-Server-Endpt attribute.
C: Use the Connection Manager Administration Kit (CMAK). Configure one connection profile for external users. Configure a second connection profile for employees.
D: Establish a forest trust relationship between the contoso.com forest and the public.contoso.com forest.
Correct Answers: A

11.You are a security administrator for your company. The network consists of two Active Directory domains. These domains each belong to separate Active Directory forests. The domain named graphicdesigninstitute.com is used primarily to support company employees. The domain named fineartschool.net is used to support company customers. The functional level of all domains is Windows Server 2003 interim mode. A one-way external trust relationship exists in which the graphicdesigninstitute.com domain trusts the fineartschool.net domain. A Windows Server 2003 computer named Server1 is a member of the fineartschool.net domain. Server1 provides customers access to a Microsoft SQL Server 2000 database. The user accounts used by customers reside in the local account database 70-284 on Server1. All of the customer user accounts belong to a local computer group named Customers. SQL Server is configured to use Windows Integrated authentication. Your company has additional SQL Server 2000 databases that reside on three Windows Server 2003 computers. These computers are member servers in the graphicdesigninstitute.com domain. The company�s written security policy states that customer user accounts must reside on computers in the fineartschool.net domain. You need to plan a strategy for providing customers with access to the additional databases. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A: Create a new user account in the fineartschool.net Active Directory domain for each customer. Create a universal group in the fineartschool.net domain. Add the new customer domain user accounts as members of the new universal group. Assign this group permissions to access the databases.
B: Create a new user account in the fineartschool.net Active Directory domain for each customer. Create a global group in the fineartschool.net domain. Add the new customer domain user accounts 70-284 as members of the new global group. Assign this group permissions to access the databases.
C: Create a new user account in the graphicdesigninstitute.com Active Directory domain for each customer. Create a global group in the fineartschool.net Active Directory domain. Assign the new global group permissions to access the databases.
D: Create a new user account in the graphicdesigninstitute.com Active Directory domain for each customer. Create a universal group in the fineartschool.net Active Directory domain. Assign the new universal group permissions to access the databases.
Correct Answers: B

12.You are a security administrator for your company. Your company uses an accounting and payroll application. Twenty payroll clerks use the application to input data from their client computers to a database running on a Microsoft SQL Server 2000 computer named Server1. You need to prevent unauthorized interception of the data as it travels over the company network. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A:Configure SQL Server 2000 on Server1 to use SSL.
B:Configure an IPSec policy to require Authentication Headers (AHs) between the payroll client computers and Server1.
C:Configure an IPSec policy to require 70-284 Encapsulating Security Payload (ESP) between the payroll client computers and Server1.
D:Configure Server1 to require Server Message Block (SMB) signing.
Correct Answers: A, C

13.You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. One hundred users in your company are currently using an application named App1. App1 is stored in a folder on the hard disk of each user's client computer. To secure App1, you create a new Group Policy object (GPO) named App1 Policy. The App1 Policy GPO contains a file system security policy that applies a custom DACL to App1. You configure the DACL to assign all users only the Allow – Read permission. You filter the App1 Policy GPO to apply only to computers that have App1 installed. After you apply the App1 GPO, users immediately report that they receive an error message when they attempt to use App1. You delete the entry for App1 in the file system security policy. Users continue to report that they receive the same 70-284 error message when they attempt to use App1. You need to configure the network so that users can use App1. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A: Delete the App1 Policy GPO. Restart all client computers.
B: Create a new file system security policy in the App1 Policy GPO that assigns default permissions to App1.
C: Import the Setup security.inf security template into the App1 Policy GPO.
D: Disable the App1 Policy GPO.70-284
Correct Answers: B