You are a security administrator for certifyme.com. The network consists of a single
Active Directory domain named certifyme.com. The network contains Windows XP
Professional, Windows 2000 Professional, and Windows Server 2003 computers.
Leading the way in IT testing and certification tools, www.certifyme.com
- 105 -
You discover that users in one domain can obtain a list of account names for users
in the other domain. This capability allows unauthorized users to guess password
and to access confidential data. 350-001
You need to ensure that account names can be obtained only by users of the domain
in which the accounts reside.
Which two actions should you perform on the domain controllers? (Each correct
answer presents part of the solution. Choose TWO.)
A. Apply a security template that disables the Network access: Allow anonymous
SID/Name translation setting. 640-802
B. Apply a security template that disables the Network access: Do not allow anonymous
enumeration of SAM accounts setting.
C. Apply a security template that disables the Network security: Do not store LAN
Manager hash value on next password change setting.
D. Apply a security template that sets the Domain controller:LDAP server signing
requirements setting to Require signing.
VCP-310
Answer: A, B
C: Deploy security templates by using command-line tools and scripting (3 Questions)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment