|
Question 1.
If you use the Event DB integration to send OVIS alarms to NNM, then .
A. NNM must be installed on the same machine as the OVIS measurement server
B. NNM may be installed on a different machine but must be installed on MS Windows
C. You cannot configure OVIS to also send alarms as SNMP TrapsD. You cannot configure OVIS
to also send alarms as SNMP Traps
D. Multiple NNM servers on different machines can receive alarms
Answer: D
Question 2.
Which of the following statements is correct regarding OVIS probe systems?
A. Due to performance requirements, Probe Systems must be a dedicated machine serving no
other purpose.
B. Probe Systems can only be Microsoft Operating Systems based, (Win2K, Win2003, WinXP).
C. Probe Systems can be either Windows, Solaris, or HP-UX based.
D. OVIS probes can run on AIX systems.
Answer: C
Question 3.
Why could JDBC sub-component measurements be missing in the Application Infrastructure View of the OVTA Console? Select THREE.
A. The J2EE Application was not restarted after installing the OVTA managed node components
and running the post-install configuration command.
B. SQL Trace Sampling has not been enabled for the managed node being monitored.
C. No transactions that contain JDBC method calls have been measured by OVTA due to custom
classification rules.
D. At least 5 minutes has not passed to allow the measurements to appear at the OVTA
Measurement Server.
E. The Transaction Tracing sampling factor for the particular top-level transaction has been set to
zero.
Answer: A, C, D
Question 4.
What are two reasons for classifying OVTA transactions? Select TWO.
A. Group transactions by user
B. Group transaction types that represent key activities of the web application
C. Reduce the number of distinct top-level transaction types
D. Group transactions by client time zone
E. Increase the number of transaction types
Answer: B, C
Question 5.
What are the factors to consider when calculating the number of required probe systems?
A. Number of targets, polling interval, concurrency, number of service groups
B. Number of targets, polling interval, concurrency, target timeout
C. Number of targets, polling interval, probe type, network bandwidth
D. Number of targets, polling interval, number of users, network bandwidth
Answer: B
Question 6.
How would you reduce the number of records kept in the OVTA database? Select TWO.
A. Minimize the use of multi-level tracing on OVTA transaction agents
B. Use multiple measurement servers in a primary/secondary configuration
C. Make use of consumers for transaction classification
D. Upgrade to an Oracle database
E. Adjust the archiving interval
Answer: A, E
Question 7.
How is OVTA client monitoring data displayed?
A. In the User Experience window and click the Client Monitors check box
B. In the Application Infrastructure view
C. In the Trace view and display the call graph
D. In the Summary view and click on a response violation
Answer: A
Question 8.
In the Resource pane of the Health Workspace, data in the tree view is grouped into a service hierarchy.
Which of the following is not part of this grouping?
A. Location
B. Customer
C. Service Group
D. Service Target
Answer: A
Question 9.
ITCertKeys.com is using the Mozilla web browser and wants OVTA to monitor end-user HTTPS transactions to their in-house application server.
What configuration is required to post end-to-end measurements directly to the OVTA Measurement Server? Select TWO.
A. Configure the JavaScript client monitor.
B. Configure either the ActiveX or JavaScript client monitor.
C. Configure HTTPS communications in addition to the default HTTP on the OVTA measurement
server.
D. Configure HTTPS communications on the OVTA measurement server and all OVTA managed
nodes.
E. Configure either HTTP or HTTPS communications on the OVTA measurement server and
managed nodes.
Answer: A, C
Question 10.
When installing OVTA, which of the following are correct statements? Select TWO.
A. Once a permanent license is installed on the primary Measurement Server, the information is
propagated to the secondary Measurement Server(s).
B. On Unix-based platforms, only a "root" user can configure and control OVTA.
C. OVTA supports a silent install option for Unix-based installations only.
D. Clock skew among the Measurement Servers and managed nodes can create data
presentation issues
Answer: A, D
Question 11.
Which of the following statements regarding OVTA are correct? Select FOUR.
A. OVTA will automatically baseline transactions and their sub-components so that out-of-the-
ordinary behavior can be detected.
B. SOLID databases are recommended for production environments.
C. OVTA is designed to trace all transactions all of the time and is the only technology in the
market which can do this today.
D. OVTA has great value both to development teams in pre-deployment and operational teams.
E. With proper configuration, OVTA can collect large volumes of transactional data with relatively
low impact on application and system resources.
F. In most cases, OVTA recognizes the difference between synthetically generated data such as
that coming from OVIS and partner technologies like Keynote and traffic generated by actual
user interaction
Answer: A, D, E, F
|
Question 1.
You need to start configuring the data stored on the file servers. You are required to reconfigure the NTFS permissions on the shared folders located on the file servers to restrict access to the data.
What should you do? (Choose all that apply.)
A. You should remove the Everyone group and add the BUsers group and assign the group Full
Control NTFS permission
B. You should remove the Everyone group and add the ATUsers group and assign the group Full
Control permission
C. You should remove the Everyone group and add the ATUsers group and assign the group
Modify permission
D. You should remove the Everyone group and add the BUsers group and assign the group
Modify permission
E. You should remove the Everyone group and add the AUsers group and assign the group
Modify permission
Answer: C, D, E
Explanation:
You should consider taking the actions in the answers in the scenario because currently the effective permissions allow users to connect from all locations remotely and modify the contents of the shared folders.
1. The IT administrator of the City Central Utilities network wants access to the shared folders in each location to be secure. This requires non-administrative users only to be granted access to the files located on their local file server. The users in their respective locations should be able to edit files in the local shared folder but should not be able to take ownership or change permission of user files
Incorrect Answers:
A, B: You should not consider the actions used in these options in the scenario as you would be granting the users the ability to take ownership of the files giving them to much administrative privileges.
Question 2.
You need to design the security solution for the internal Web site. You are required to ensure that only authorized network users in the domain are able to access the internal Web site. You are also required to select how to configure access to the site.
What should you do? (Each correct answer presents part of the solution. Choose TWO.)
A. You should enable Digest authentication
B. You should enable Web site connection limits
C. You should enable Integrated Windows authentication
D. You should disable Anonymous authentication
Answer: C, D
Explanation:
In the scenario you should disable the Anonymous authentication and enable the Integrated Windows authentication because the Anonymous authentication allows the users to establish connections to the Web site using an Anonymous account or guest account.
1. City Central Utilities wants all the attempts by unauthorized users to access the data folders on the file server to be monitored. City Central Utilities Also wants the users to be required to authenticate using their Active Directory user account credentials when accessing the intranet Web site. The authentication will be required to be automatic requiring no user intervention during the authentication process
Incorrect Answers:
A: This option should not be used in the scenario because it requires a realm to be configured ad is more suited for authentication passing through a firewall.
B: This option should not be used in the scenario as this will not stop unauthorized access to the internal Web site.
Question 3.
You need to modify the Default Domain Policy GPO. You should stop the ability of the network users to install any application which is not approved. Your solution is required to prevent the network users of the City Central Utilities network from being able to install unauthorized software.
What should you do?
A. You should enable the Disable Windows Installer policy with a setting of For non-managed
apps only
B. You should add a Software Installation Policy which assigns approved applications to domain
users
C. You should Enable the Disable Windows Installer policy with a setting of Always
D. You should Disable the Windows Installer policy
Answer: A
Explanation:
In the scenario you should consider making these configuration changes as this will allow you to control the applications that the users are capable of installing thereby stopping unauthorized applications from being installed.
1. The Chief Security Officer also wants to have a consistent set of programs and applications to be defined and deployed. The City Central Utilities Domain users should not be able to update or install any software components other than those approved by members of the CCUAdmin group.
Incorrect Answers:
B: In the scenario you should not use this option because this will not prevent the users from installing unauthorized application but will simply assign or publish the applications to the users.
C, D: You should not take this action in the scenario because this allows the users to install Windows Installer-based applications at will be it unauthorized or not.
Question 4.
You need to design a solution for the client computers in the Brisbane office. The solution you are designing should configure the client computers to meet the requirements of the network Chief Security Officer.
What should you do?
A. The users connecting to CCU-SR05 should be required to use smart card-authenticated
terminal services connections
B. Secure Sockets Layer (SSL) should be required for connections between the Brisbane clients
and CCU-SR05
C. The Brisbane network uses should be required to connect to CCU-SR05 using Integrated
Windows authentication
D. IPSec-encrypted connections should be required between the Brisbane clients and CCU-SR05
Answer: A
Explanation:
In the scenario you are required to provide two-factor authentication on the network for communicating with CCU-SR05. The configuration used in the answer successfully implements the required configuration and meets the requirements.
1. Another concern of the Chief Security Officer is that user access to the inventory tracking application on CCU-SR05 be secured by using certificate-based authentication.
The Chief Security Officer also wants auditing enabled on CCU-SR05 to monitor all users accessing this application. You should then be able to verify who is logged on to the application and who the owner of the user account is
Incorrect Answers:
B: You should not consider using SSL in the scenario because SSL requires machine certificates in order to establish a secure channel.
C: In the scenario the users shared there credentials so making this configuration will not adhere to the requirements of the Chief Security Officer.
D: You should not consider using IPSec in the scenario because IPSec will identify the two computers and you are required to identify the users.
Question 5.
You need to design an authentication method for the portable computer used on the network.
The solution you are designing should be employed to provide for the desired level of security the remote portable computer?
A. MS-CHAP v2.
B. Two-factor authentication.
C. IPSec authentication.
D. 802.1x authentication.
Answer: B
Explanation:
When two-factor authentication is implemented, users will be required to swipe smart card into a smart card reader and then enter a PIN to authenticate to the computer. Before a smart card is used, the user's logon certificate, public key, and private key must be programmed on the smart card. You can program the smart card using a Smart Card Enrollment station, which is integrated with certificate services. You can use the EAP-TLS protocol for certificate and smart card authentication.
1. The management of City Central Utilities has decided to continue issuing portable computers to the Brisbane users but the authentication to the wireless portion of the City Central Utilities network should be strictly controlled. City Central Utilities should ensure that user credentials for portable computers and desktop computers are tightly controlled using two-factor authentication
Incorrect Answers:
A: MS-CHAP v2 does not support smart cards and does not provide the required two-factor authentication.
C: IPSec is used to generate keys for encrypting data during PPTP and L2TP tunneling transmissions. It is not a user authentication protocol.
D: IEEE 802.1x authentication is a certificate-based standard that supports authenticated network access to wired Ethernet networks from 802.11 networks which is wireless. This method will provide support for centralized user identification, authentication, dynamic key management and accounting. This is ideal for wireless LAN implementations.
Question 6.
You need to design an authentication strategy that will be used to strengthen the current network security. The solution you are designing must ensure you meet the requirements of City Central Utilities.
What should you do? (Each correct answer represents a part of the solution. Choose TWO.)
A. Configure all computers in the Finance department to use PEAP authentication.
B. Issue smart cards and smart card readers to all users and computers.
C. Install user certificates on all computers.
D. Configure the domain to require smart cards during logon for all users.
E. Configure the domain to respond to requests for IPSec encryption.
F. Configure the domain to require NTLMv2 authentication.
Answer: B, D
Explanation:
Following are the relevant information regarding an authentication strategy for the tightening of network security as described in the case study:
1. In response to this City Central Utilities wants the network design to be modified to increase the security and resolve the issues specified in the audit. City Central Utilities also wants any configurations to be centrally defined and applied to the network domain controllers and network server as well as client computers when possible. Smart cards provide a secure method of logging on to a Windows Server 2003 domain. It is a credit-card-sized device that is used to securely store public and private keys, passwords, and other types of personal information. To use a smart card, you need a smart card reader attached to the computer and a personal identification number (PIN) for the smart card. In Windows Server 2003, you can use smart cards to enable certificate-based authentication and SSO to the enterprise. The smart cards "force" the employee to use the asymmetric key and a PIN to authenticate. Making use of smart cards and smart card readers and configuring the domain to require smart cards during logon implementing two-factor authentication as is required in the case study.
Incorrect Answers:
A: Protected EAP authentication doesn't provide any authentication itself. Instead, it relies on external third-party authentication methods that you can retrofit to your existing servers. This is not what is required.
C: Making use of user certificates is not going to enforce two-factor authentication.
E: Configuring all computers to respond to requests for IPSec encryption is not going to enforce two-factor authentication.
F: Depending on the operating system in use, the clients might not be able to use the NTLM v2 authentication protocol. If they cannot and there is an account on the secured server that the down-level client needs to access, it will be unable to do so.
Reference:
Elias N. Khnaser, Susan Snedak, Chris Peiris and Rob Amini, MCSE Designing Security for a Windows Server 2003 Network Exam 70-298 Study Guide, Chapter 2, p. 74 Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Laura E. Hunter & Will Schmied, MCSA/MCSE: Exam 70-290: Managing and Maintaining a Windows Server 2003 Environment Study Guide & DVD Training System, pp. 283
Question 7.
You need to design an authentication solution for the wireless network. The solution you are designing should adhere to the security requirements of City Central Utilities. You are required to select which protocol is suitable for use on the portable computers with wireless technology.
What should you do?
A. The wireless network should be configured to use Wired Equivalent Privacy (WEP).
B. An Internet Authentication Service (IAS) server should be installed and configured
C. IEEE 802.1x authentication should be configured with smart cards.
D. Wireless VPNs using L2TP/IPSec should be created between the client computers to the
wireless access point.
Answer: A
Explanation:
You should consider making use of the WEP protocol in the scenario because using this protocol ensures that you adhere to the security policy of City Central Utilities.
1. The City Central Utilities network CIO has recently said that their network is not a high-security industry but an inconsistent revenue cycle requires City Central Utilities to increase and decrease staffing levels on a regular basis. These actions have caused City Central Utilities to be more vigilant protecting network access.
Question 8.
You need to design a solution for network users using the Web content security zones. The solution you are designing should be used to prevent the network users from making changes to the settings for Web content security zones.
What should you do? (Each correct answer presents part of the solution. Choose TWO.)
A. A new GPO should be created and enable the Security Zones: Do not allow users to
add/delete sites policy
B. The new GPO should be linked to each CCUCA OU
C. The new GPO should be linked to the Atlanta, Brisbane and Auckland OU
D. The new GPO should be linked to the domain level
Answer: A, B
Explanation:
In the scenario you are required to configure the settings to allow the network users only to view approved sites. By making these configurations you completely adhere to the requirements in the scenario.
1. The Chief Security Officer wants the users to be allowed to only view approved Internet Web sites. The Chief Security Officer also wants only the administrators to be allowed to add and remove sites from the list of approved Web sites. The City Central Utilities network users should not be allowed to override these restrictions by modifying the Internet security settings in Control Panel.
Incorrect Answers:
C: The GPO should not be linked to the parent OU as the OUs contain the client computer accounts in each location.
D: You should not take this action on the domain as this will affect all the network users and that is not required in the scenario.
Question 9.
You need to design an auditing solution. The auditing solution you are designing should meet the requirements for the file server of the City Central Utilities network.
You are required to select which of the following to audit?
A. Audit success and failures events for logon events.
B. Audit success and failure events for object access.
C. Audit failures events for privilege use.
D. Audit success and failures events for privilege use.
Answer: B
Explanation:
Auditing object access audits user access to objects such as files, folders, registry keys, and so forth. As with the other audit policies, you can either monitor the success or failure of these actions.
1. City Central Utilities wants all the attempts by unauthorized users to access the data folders on the file server to be monitored. City Central Utilities Also wants the users to be required to authenticate using their Active Directory user account credentials when accessing the intranet Web site. The authentication will be required to be automatic requiring no user intervention during the authentication process
Incorrect Answers:
A: In the scenario you should not audit logon events because each instance of a user logging onto or off from the network. The policy will audit events where the logon occurs.
C, D: Auditing privilege use tracks events when a user exercises a right.
Question 10.
You need to design a solution for the desktop computers. The solution you are designing should ensure that the user's desktop is protected when they leave their computers unattended. Your solution should require the least amount of administrative effort.
What should you do?
A. A security template should be used that configures all computers to automatically log off users
when their logon time expires. The new template should be imported into the local security
policy on all domain controllers
B. An administrative template should be created and enable and password protect a screen
saver. You should then import thee new template into the Default Domain Policy GPO
C. All computers should be configured to automatically log off users when their logon time expires
in the Default Domain Controller Policy GPO
D. You should enable a screen saver and password protect it in the Default Domain Policy GPO
Answer: D
Explanation:
In the scenario you should consider enabling a screen saver and protect it with a password. By making this configuration you ensure that all the computers on the domain require a password to log on if the computer is left unattended for a period of time defined.
1. City Central Utilities does not apply security patches consistently to the network computers. Because of this some network computers were recently infected by a virus which could have been avoided if the security patches were up-to-date. Most of the City Central Utilities network users do not lock their computers when leaving it unattended over extended periods of time. This action has recently caused contents of a sensitive document to me made public because it was left open on the user portable computer. An unauthorized user has viewed the documents while delivering files to the office
Incorrect Answers:
A, C: These options should not be used in the scenario because the option is used to have users disconnected from the local computer when logging on outside their valid logon hours.
B: This option should not be used in the scenario because you are required to use the least administrative effort. This option involves to much administrative effort.
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.