You perform a security audit of a server named DC1. You install the Microsoft Network Monitor 3.0 application on DC1.You plan to capture all the LDAP traffic that comes to and goes from the server between 20:00 and 07:00 the next day and save it to the E

题目

You perform a security audit of a server named DC1. You install the Microsoft Network Monitor 3.0 application on DC1.You plan to capture all the LDAP traffic that comes to and goes from the server between 20:00 and 07:00 the next day and save it to the E:/data.cap file. You create a scheduled task. You add a new Start a program action to the task.You need to add the application name and the application arguments to the new action. What should you do?()

  • A、Add nmcap.exe as the application name. Add the /networks * /capture LDAP /file e:/data.cap /stopwhen /timeafter 11hours line as arguments.
  • B、Add netmon.exe as the application name. Add the /networks */capture LDAP /file e:/data.cap /stopwhen /timeafter 11hours line as arguments.
  • C、Add nmcap.exe as the application name. Add the /networks * /capture !LDAP /file e:/data.cap /stopwhen /timeafter 11hours line as arguments.
  • D、Add nmconfig.exe as the application name. Add the /networks * /capture &LDAP /file e:/data.cap /stopwhen /timeafter 11hours line as arguments.
相似考题

1.(c) Describe the audit procedures you should perform. to determine the validity of the amortisation rate of fiveyears being applied to development costs in relation to Plummet. (5 marks)

2.You are a network administrator for You manage a Windows Server2003 computer named Testking1. Folder Redirection is enabled for the users‘ MyDocuments folders.A user named Peter deletes all the files and folders in his My Documents folderbefore he leaves TestKing. Peter‘s manager asks you to recover documents. You donot know if Peter made modifications to the permissions on the files.You need to restore Peter‘s My Documents folder so that his manager can access thefiles. You want to achieve this goal by using the minimum amount of administrativeeffort.What should you do?()A. Perform a default restoration.B. Run the Automated System Recover (ASR) wizard.C. Perform a restoration, and enable the Restore security option.D. Perform a restoration, and disable the Restore security option

3. You have a computer that runs Windows 7. You need to record when an incoming connection is allowedthrough Windows firewall. What should you do?()A、In Local Group Policy, modify the audit policy.B、In Local Group Policy, modify the system audit policy.C、From the Windows Firewall with Advanced Security properties, set the logging settings to Log successfulconnections.D、From the Windows Firewall with Advanced Security properties, set the Data Protection (Quick Mode)IPSec settings to Advanced.

4.You are developing a Windows Communication Foundation (WCF) service. The service configuration file has a element defined. You need to ensure that all security audit information, trace logging, and message logging failures are recorded.Which configuration segment should you add to the element?()A.B.C.D.

更多“You perform a security audit of”相关问题

  • 第1题:

    You installed Oracle Database 11g afresh. Which statements are true regarding the default audit settings in this database?() 

    • A、 The audit trail is stored in an operating system file.
    • B、 Auditing is disabled for all privileges.
    • C、 The audit trail is stored in the database.
    • D、 Auditing is enabled for all privileges.
    • E、 Auditing is enabled for certain privileges related to database security.

    正确答案:C,E

  • 第2题:

    You need to design a method to log changes that are made to servers and domain controllers. You also need to track when administrators modify local security account manager objects on servers. What should you do?()

    • A、Enable failure audit for privilege user and object access on all servers and domain controllers
    • B、Enable success audit for policy change and account management on all servers and domain controllers
    • C、Enable success audit for process tracking and logon events on all servers and domain controllers
    • D、Enable failure audit for system events and directory service access on all servers and domain controllers

    正确答案:B

  • 第3题:

    You have a computer that runs Windows 7. Multiple users log on to your computer. You enable auditing ona folder stored on your computer. You need to ensure that each access to the folder is logged.  What should you do?()

    • A、Start the Problem Steps Recorder.
    • B、From Event Viewer, modify the properties of the Security log.
    • C、From the local Group Policy, configure the Audit object access setting.
    • D、From the local Group Policy, configure the Audit directory service Access setting.

    正确答案:C

  • 第4题:

    Your company has a server that runs Windows Server 2008. Certification Services is configured as a stand-alone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform()

    • A、Configure auditing in the Certification Services snap-in.
    • B、Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32% /CertSrv directory.
    • C、Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.
    • D、Enable the Audit object access setting in the Local Security Policy for the Certification Services server.

    正确答案:A,D

  • 第5题:

    You need to identify each help desk user who bypasses the new corporate security policy. What should you do?()

    • A、Configure Audit Special Logon and define Special Groups.
    • B、Configure Audit Other Privilege Use Events and define Special Groups.
    • C、Configure Audit Sensitive Privilege Use and configure auditing for the HelpDesk group.
    • D、Configure Audit Object Access and modify the auditing settings for the HelpDesk group.

    正确答案:A

  • 第6题:

    Your network consists of a single Active Directory domain. You have a member server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).You need to record all attempts by domain users and local users to log on to Server1. What should you do?()

    • A、In the Default Domain Controller Policy, enable success and failure for the Audit logon events policy setting.
    • B、In the Default Domain Controller Policy, enable success and failure for the Audit account logon events policy setting.
    • C、In the Local Security Policy on Server1, enable success and failure for the Audit logon events policy.
    • D、In the Local Security Policy on Server1, enable success and failure for the Audit account logon events policy setting.

    正确答案:C

  • 第7题:

    单选题
    Your network consists of a single Active Directory domain. You have a member server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).You need to record all attempts by domain users and local users to log on to Server1. What should you do?()
    A

    In the Default Domain Controller Policy, enable success and failure for the Audit logon events policy setting.

    B

    In the Default Domain Controller Policy, enable success and failure for the Audit account logon events policy setting.

    C

    In the Local Security Policy on Server1, enable success and failure for the Audit logon events policy.

    D

    In the Local Security Policy on Server1, enable success and failure for the Audit account logon events policy setting.


    正确答案: D
    解析: 暂无解析

  • 第8题:

    单选题
    You are tasked with designing a security solution for your network.  What information should be gathered prior to designing the solution?()
    A

    IP addressing design plans so that the network can be appropriately segmented to mitigate potential network threats

    B

    detailed security device specifications

    C

    results from pilot network testing

    D

    results from a network audit


    正确答案: C
    解析: 暂无解析

  • 第9题:

    单选题
    Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You are developing a security monitoring plan. You must monitor the files that are stored in a specific directory on a member server. You have the following requirements. Log all attempts to access the files.Retain log information until the full weekly backup occurs. You need to ensure that the security monitoring plan meets the requirements.  What should your plan include?()
    A

     Configure a directory service access audit policy. Increase the maximum size of the security log.

    B

     Configure a directory service access audit policy. Set the system log to overwrite events older than 7 days.

    C

     Configure an object access audit policy for the directory. Increase the maximum size of the system log.

    D

     Configure an object access audit policy for the directory. Set the security log to overwrite events older than 7 days.


    正确答案: A
    解析: 暂无解析

  • 第10题:

    单选题
    You are an administrator at Certkiller .com. Certkiller has a network of 5 member servers acting as file servers. It has an Active Directory domain. You have installed a software application on the servers. As soon as the application is installed, one of the member servers shuts down itself. To trace and rectify the problem, you create a Group Policy Object (GPO). You need to change the domain security settings to trace the shutdowns and identify the cause of it. What should you do to perform this task()
    A

    Link the GPO to the domain and enable System Events option

    B

    Link the GPO to the domain and enable Audit Object Access option

    C

    Link the GPO to the Domain Controllers and enable Audit Object Access option

    D

    Link the GPO to the Domain Controllers and enable Audit Process tracking option

    E

    Perform all of the above actions


    正确答案: D
    解析: 暂无解析

  • 第11题:

    单选题
    You have a computer that runs Windows 7. You need to record when an incoming connection is allowedthrough Windows firewall. What should you do?()
    A

    In Local Group Policy, modify the audit policy.

    B

    In Local Group Policy, modify the system audit policy.

    C

    From the Windows Firewall with Advanced Security properties, set the logging settings to Log successfulconnections.

    D

    From the Windows Firewall with Advanced Security properties, set the Data Protection (Quick Mode)IPSec settings to Advanced.


    正确答案: B
    解析: 暂无解析

  • 第12题:

    You need to design an audit strategy for Southbridge Video. Your solution must meet business requirements.What should you do?()

    • A、Create a new security template that enables the Audit account logon events policy for successful and failed attempts. Create a new GPO, and link it to the domain. Import the new security template into the new GPO
    • B、Create a new security template that enables the Audit account logon events policy for successful and failed attempts. Create a new GPO, and link it to the Domain Controllers OU. Import the new security template into the new GPO
    • C、Create a new security template that enables the Audit logon events policy for successful and failed attempts. Create a new GPO, and link it to the Domain Controllers OU. Import the new security template into the new GPO
    • D、Create a new security template that enables the Audit logon events policy for successful and failed attempts. Create a new GPO, and link it to the domain. Import the new security template into the new GPO

    正确答案:D

  • 第13题:

    Certkiller .com has organizational units in the Active Directory domain. There are 10 servers in the organizational unit called Security. As an administrator at Certkiller .com, you generate a Group Policy Object (GPO) and link it to the Security organizational unit. What should you do to monitor the network connections to the servers in Security organizational unit()

    • A、Start the Audit Object Access option
    • B、Start the Audit System Events option
    • C、Start the Audit Logon Events option
    • D、Start the Audit process tracking option
    • E、All of the above

    正确答案:C

  • 第14题:

    You have an Exchange Server 2010 organization.  You have a global security group named Legal that contains all the members of your companys legaldepartment.  The companys security policy states that the Legal group must be able to search all mailboxes for e-mailmessages that contain specific keywords.  You need to recommend a solution for the organization that complies with the security policy.  What should you include in the solution?()

    • A、a Discovery Management role group
    • B、a legal hold
    • C、administrator audit logging
    • D、Mailbox journaling

    正确答案:A

  • 第15题:

    You are an administrator at Certkiller .com. Certkiller has a network of 5 member servers acting as file servers. It has an Active Directory domain. You have installed a software application on the servers. As soon as the application is installed, one of the member servers shuts down itself. To trace and rectify the problem, you create a Group Policy Object (GPO). You need to change the domain security settings to trace the shutdowns and identify the cause of it. What should you do to perform this task()

    • A、Link the GPO to the domain and enable System Events option
    • B、Link the GPO to the domain and enable Audit Object Access option
    • C、Link the GPO to the Domain Controllers and enable Audit Object Access option
    • D、Link the GPO to the Domain Controllers and enable Audit Process tracking option
    • E、Perform all of the above actions

    正确答案:A

  • 第16题:

    You are the administrator of a SQL Server 2005 computer named SQL1. SQL1 is a member of a Microsoft Active Directory domain. You do not have any rights or privileges to perform domain administration. However, you have been granted membership in the local Administrators group on SQL1. You perform most of the management of SQL1 from your administrative workstation. However, for security reasons, you want to track all attempts for interactive logons and network connections to SQL1. What should you do?()

    • A、Create a Group Policy object (GPO) that is configured for success and failure auditing of the Audit account logon events setting. Ask the domain administrator to link the GPO to the object containing SQL1.
    • B、Configure the SQL Server service on SQL1 to audit all successful and failed logon attempts.
    • C、Edit the local security policy of SQL1. Then, configure success and failure auditing on the Audit logon events setting.
    • D、Run the SQL Server Profiler and use a standard default template.

    正确答案:C

  • 第17题:

    多选题
    Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services  (AD CS) is configured as a standalone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform()
    A

    Configure auditing in the Certification Authority snap-in.

    B

    Enable  auditing  of  successful  and  failed  attempts  to  change  permissions  on  files  in  the %SYSTEM32%/CertSrv directory.

    C

    Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.

    D

    Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate  Services (AD CS) server.


    正确答案: C,A
    解析: 暂无解析

  • 第18题:

    多选题
    You installed Oracle Database 11g afresh. Which statements are true regarding the default audit settings in this database?()
    A

    The audit trail is stored in an operating system file.

    B

    Auditing is disabled for all privileges.

    C

    The audit trail is stored in the database.

    D

    Auditing is enabled for all privileges.

    E

    Auditing is enabled for certain privileges related to database security.


    正确答案: B,D
    解析: 暂无解析

  • 第19题:

    单选题
    You perform a security audit on a server named server1. You install the Microsoft network monitor 3.0 application on server1. You find that only some of the captured frames dsplay host mnemonic names in the source column and the destination column. All other frames display ip addresses. You need to display mnemonic host names instead of ip addresses for all the frames what should you do?()
    A

    Create a new display filter and apply the filter to the capture.

    B

    Create a new capture filter and apply the filter to the capture.

    C

    Populate the aliases table and apply the aliases to the capture.

    D

    Configure the network monitor application to enable the enable converstations option, recapture the data to a new file.


    正确答案: A
    解析: 暂无解析

  • 第20题:

    单选题
    You have an Exchange Server 2010 organization.  You plan to delegate Exchange administrative rights to some users in the organization.  You need to recommend a solution that tracks all changes made to the Exchange organization.  What should you include in the solution?()
    A

    administrator audit logging

    B

    circular logging

    C

    diagnostic logging

    D

    Windows Security Auditing


    正确答案: B
    解析: 暂无解析

  • 第21题:

    单选题
    You need to recommend a solution that enables User1 to perform the required actions on the Hyper-V server.What should you include in the recommendation?()
    A

    Active Directory delegation

    B

    Authorization Manager role assignment

    C

    local security groups on the Hyper-V server

    D

    local security groups on the VMs


    正确答案: D
    解析: 暂无解析

相关内容