|
Home > Archive > 70-217 > March 2002 > Thu 70-217 Question of the Day
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Thu 70-217 Question of the Day
|
|
| wbafrank 2002-03-21, 7:59 am |
|  And today's poser is ....
Q38. You are on the IT security team for your company and the network is a native Windows 2000 network in a single site design, divided into three domain. During a recent team meeting, many new principles were discussed. One area of the discussion was the procedure to use when dealing with new employees. The following criteria were agreed upon to be implemented:
1. The Day-shift employees work from 7 am through 4pm, and the night shift employees work from 4 pm through 1 am, and their user accounts must only allow access at these times.
2. The Management team requires 24 hour access to the network.
3. The shift workers must be allowed to logon only from their computers.
4. Use only TCP/IP as the network protocol.
5. The Security Domain Administrator shall maintain control over the passwords of all temporary employees.
6. Disable general network browsing.
In order to meet these requirements you carried out the following actions:
1. Created 3 OUs, Management, Day and Night.
2. Created a policy to control hours of logon for the 3 OUs.
3. Assigned temporary passwords for the temporary employees.
4. Disabled NetBIOS over TCP/IP.
Now it seems that there is a new problem on the network. What problem was created due to this new implementation?
A. By creating 3 OUs instead of 3 groups, you have lost the control over the logon hours.
B. Having the Security Domain Administrator controlling the temporary passwords is a security risk, since the employees might share that information.
C. By disabling NetBIOS over TCP/IP you have removed the option of controlling the computer used to logon to the network.
D. By disabling NetBIOS over TCP/IP you have removed the option of full network browsing.
E. Having the Day shift end at the same minute the Night shift begins causes a one minute crossover that will corrupt the security policies.
Good Luck .... see you tomorrow for the answer!! | |
| jeff_j_black 2002-03-21, 9:02 am |
| Toughy! Don't even know where to begin looking for the answer?
'C' | |
| ScoobySnacks 2002-03-21, 12:06 pm |
| i agree jeff this is a though one!
but the only logical answer seems to be 'C'
but then again im probably wrong! >.<
Mike | |
| KScheler 2002-03-21, 7:10 pm |
| I'll go with D.
This one's about as tough as any I saw on 217 Frank. | |
| unreal 2002-03-21, 9:08 pm |
| My pick are:
B. Having the Security Domain Administrator controlling the temporary passwords is a security risk, since the employees might share that information.
D. By disabling NetBIOS over TCP/IP you have removed the option of full network browsing.
E. Having the Day shift end at the same minute the Night shift begins causes a one minute crossover that will corrupt the security policies. | |
| merav21 2002-03-22, 12:51 am |
| I think the answer is definitely C.
I would not choose A because if you had made three groups, it would not make a difference because policy cannot be applied to groups, only OU's(in the case), Domains, Sites, or the local computer.
I don't agree with B, because it is common practice for administrators to control the passwords for temporary employees..yes, it may be a security risk, but there is a security risk even when employees control their own passwords.
D would not make sense because one of the goals was to disable general network browsing.
E I'll admit I really don't know about, I would not think that it would corrupt the security policies...
But C is the best answer, since one of the goals was to only allow the shift workers to log on to their own workstation, and if you disable netbios over tcp/ip, it will not work. | |
| robertmillar 2002-03-22, 10:34 am |
| C | |
| wbafrank 2002-03-22, 11:41 am |
| quote:
Originally posted by wbafrank
And today's poser is ....
Q38. You are on the IT security team for your company and the network is a native Windows 2000 network in a single site design, divided into three domain. During a recent team meeting, many new principles were discussed. One area of the discussion was the procedure to use when dealing with new employees. The following criteria were agreed upon to be implemented:
1. The Day-shift employees work from 7 am through 4pm, and the night shift employees work from 4 pm through 1 am, and their user accounts must only allow access at these times.
2. The Management team requires 24 hour access to the network.
3. The shift workers must be allowed to logon only from their computers.
4. Use only TCP/IP as the network protocol.
5. The Security Domain Administrator shall maintain control over the passwords of all temporary employees.
6. Disable general network browsing.
In order to meet these requirements you carried out the following actions:
1. Created 3 OUs, Management, Day and Night.
2. Created a policy to control hours of logon for the 3 OUs.
3. Assigned temporary passwords for the temporary employees.
4. Disabled NetBIOS over TCP/IP.
Now it seems that there is a new problem on the network. What problem was created due to this new implementation?
A. By creating 3 OUs instead of 3 groups, you have lost the control over the logon hours.
B. Having the Security Domain Administrator controlling the temporary passwords is a security risk, since the employees might share that information.
C. By disabling NetBIOS over TCP/IP you have removed the option of controlling the computer used to logon to the network.
D. By disabling NetBIOS over TCP/IP you have removed the option of full network browsing.
E. Having the Day shift end at the same minute the Night shift begins causes a one minute crossover that will corrupt the security policies.
Good Luck .... see you tomorrow for the answer!!
And the answer is ....
Correct Answers: C
In this question, there have been several criteria that need to be followed. These criteria are not uncommon, however there is a conflicting issue with these requirements. The two criteria that are in conflict are the ability to control the computers that users logon from, and to disable network browsing. By disabling NetBIOS over TCP/IP you will have successfully removed the option of network browsing. This will keep users from random network usage. On the other hand, you are trying to control the individual computers that users can logon from. This is controlled using the NetBIOS name of the computers. When NetBIOS over TCP/IP was removed, and TCP/IP is the only protocol used in the network there is no longer any criteria that can be used to control the computer used during logon. |
|
|
|
|