70-293 Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Practice Exam

Demo Question 1.

You work as the network administrator at EliteCertify.com. The EliteCertify.com network consists of a single Active Directory domain named EliteCertify.com. All servers on the EliteCertify.com network run Windows Server 2003. Half the client computers run Windows XP Professional and the rest run Windows 2000 Professional or Windows 98. Active Directory software is installed on all Windows 98 client computers. The two main departments in the EliteCertify.com business structure is the Sales department and Finance department. All servers in the Sales department reside in an organizational unit (OU) named SalesServers, and all servers in the Finance department reside in an organizational unit named FinanceServers. All client computers reside in a single organizational unit named Workstations. The client computers in the Sales department run Windows XP Professional or Windows 98. The new EliteCertify.com written security policy requires that all communication with servers in the Finance department be encrypted. All communications with other servers should be encrypted when possible. The written security policy also requires users in each of the two departments to access servers located in their respective department. To enforce these requirements, you plan to configure IPSec policy. You want to use the default IPSec policies to enforce these requirements immediately. You plan to configure custom IPSec policies at a later date. You assign the Client (Respond Only) IPSec policy to client computers in the Workstations OU. What else should you do? (Each correct answer presents part of the solution. Choose TWO.)

A. Assign the Secure Server (Require Security) IPSec policy to the servers in the SalesServers OU.
B. Assign the Secure Server (Request Security) IPSec policy to the servers in the SalesServers OU.
C. Assign the Secure Server (Require Security) IPSec policy to the servers in the FinanceServers OU.
D. Assign the Secure Server (Request Security) IPSec policy to the servers in the FinanceServers OU.


Display Answer

Answer: B, C

Explanation: You have to assign the Secure Server (Require Security) IPSec policy to the servers in the FinanceServers OU because the security policy specifies that all communications with these servers be secured. Only specific reference is made to the Sales department having Windows 98 computers. You can therefore conclude that all client computers in the Finance department run Windows XP Professional or Windows 2000 Professional, of which both support IPSec. Because you currently have Windows 98 operating system client computers on the network which are used in Sales department, you can only assign the Server (Request Security) IPSec policy for servers in the SalesServers OU. Windows 98 client computers do not support IPSec. Assigning the Server (Request Security) IPSec policy for servers in the SalesServers OU will result in these servers requesting IPSec to be used for data communications. If the other computer supports IPSec, secure data communication will take place. If the other computer does not support IPSec, the servers will still allow unsecured communication with that computer. Incorrect answers: A. If you assign the Secure Server (Require Security) IPSec policy to the servers in the SalesServers OU, no users that have Windows 98 client computers will be able to access servers in their department. D. If you assign the Secure Server (Request Security) IPSec policy to the servers in the FinanceServers OU, the servers will allow connections from clients that do not support IPSec. The question states that all communication with servers in the Finance department be encrypted.