Troubleshooting Patch Management Infrastructure

Posted on
Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

These questions are derived from the Self Test Software Practice Test for Microsoft exam #70-299 – Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Objective: Implementing, Managing, and Troubleshooting Patch Management Infrastructure
SubObjective: Plan the deployment of service packs and hotfixes

 

Multiple Answer, Multiple Choice

 

You are a network administrator for a company named 4Soft. The company’s network has a single Active Directory domain. All domain controllers and member servers run Windows Server 2003. You create an integrated installation of Windows Server 2003 and all available updates and deploy it on a server named Server14. After the installation, you notice that the operating system is generating memory dump errors. You discover that the error is occurring due to a security update that is incompatible with the Explorer service. You want to resolve this issue immediately.

 

What should you do? (Choose two. Each correct answer presents part of the solution.)

 

 

  1. Re-install the operating system.
  2. Uninstall the updates by using the Add/Remove Programs Wizard in Control Panel.
  3. Uninstall the security update by using Update.exe, and specify the update in a Svcpack.inf file.
  4. Uninstall the security update by using Qchain.exe .
  5. Create a new integrated installation that does not include the security update.

 

Answer:

 

A. Re-install the operating system.

 

E. Create a new integrated installation that does not include the security update.

 

Tutorial:

 

Integrated installations enable you to simultaneously install the Windows operating system and specified updates, such as service packs. Updates that have been installed by using the integrated installation method cannot be uninstalled. Therefore, you must create a new integrated installation that does not include the conflicting update, and you must reinstall the operating system.

 

The Add/Remove Programs wizard in Control Panel cannot be used to remove the updates. Even though the updates are listed in the Add/Remove Programs wizard, the Remove button for each update is disabled. Because the updates are installed with the operating system files, the updates cannot be uninstalled.

 

To create an integrated operating system installation, you use Update.exe and specify the updates in a Svcpack.inf file. Integrated installations can be created only for those updates that use Update.exe. There are some updates, such as Internet Explorer updates that use .inf file based installation. The updates that use .inf file based installation cannot, by themselves, be used for integrated installation.

 

 

 

Qchain.exe can only be used to installing updates without restarting the computer after each installation. This tool cannot be used to uninstall updates from a computer.

 

Reference :

 

TechNet, Search, “Svcpack.inf,” “How to integrate software updates into your Windows installation source files.”

 

Implementing and Administering Security in a Microsoft Windows Server 2003 Network (Exam 70-299) — Self-Paced Training Kit, Chapter 6 – Assessing and Deploying a Patch Management Infrastructure, Lesson 2: Deploying Updates on New Clients, pp. 6-19 – 6-24.

 

These questions are derived from the Self Test Software Practice Test for Microsoft exam #70-299 – Implementing and Administering Security in a Microsoft Windows Server 2003 Network

 

Objective: Implementing, Managing, and Troubleshooting Security for Network Communications

 

SubObjective: Plan and implement security for wireless networks

 

Multiple Answer, Multiple Choice

 

You are a network administrator for a company named TXGlobal Electronics. The network consists of a single Active Directory forest with three domains: txglobal.com, east.txglobal.com, and west.txglobal.com. All servers run Windows Server 2003, and all client computers run Windows XP Professional with Service Pack 1.

 

A wireless LAN (WLAN) that complies with 802.11 industry standards will be deployed at each company location. Multiple access points (APs) will be deployed at each location. Only authorized users should be able to gain access to the wireless network. All data transmissions between wireless clients and the APs must be protected by using the highest possible security.

 

To meet these requirements, you install Microsoft Internet Authentication Service (IAS) on a domain controller in each domain. You also modify the company’s public key infrastructure (PKI) by deploying an enterprise root certification authority (CA).

 

Which of the following actions should you perform next? (Choose all that apply.)

 

 

  1. Deploy computer certificates to all wireless client computers.
  2. Deploy user certificates and smart cards to all wireless users.
  3. Configure all APs as RADIUS servers.
  4. Configure all APs as RADIUS clients.
  5. Configure all client computers as RADIUS clients.
  6. Enable IEEE 802.1X authentication for the WLAN.
  7. Enable static WEP authentication for the WLAN.

 

Answer:

 

A. Deploy computer certificates to all wireless client computers.

 

B. Deploy user certificates and smart cards to all wireless users.

 

D. Configure all APs as RADIUS clients.

 

F. Enable IEEE 802.1X authentication for the WLAN.

 

Tutorial:

 

Among the presented choices, you should deploy computer certificates to all wireless computers, deploy user certificates and smart cards to all wireless users, configure all APs as Remote Authentication Dial-In User Service (RADIUS) clients and enable IEEE 802.1X authentication.

 

Two-factor authentication can be implemented on a network through the use of smart cards. Users must insert a smart card into a smart card reader and then enter a personal identification number (PIN) to authenticate to the computer. Smart cards protect against most forms of tampering because the user’s credentials are flashed into a memory chip on the card. When smart cards are used for authentication, a user’s private key is never exposed over the network. Before a smart card is used, the user’s logon certificate, public key, and private key must be programmed on the smart card. You can program the smart card by using a Smart Card Enrollment station, which is integrated with Certificate Services. The EAP-TLS protocol is used for certificate and smart card authentication.

 

IAS is Microsoft’s implementation of the RADIUS protocol. When IAS is deployed on a network, a central RADIUS server is configured as the single point for authenticating all for remote access requests. This server should be a domain controller, but it can also be another network access server. The wireless network APs are configured as RADIUS clients for one or more RADIUS servers. When a wireless client attempts to connect to the network through the AP, the RADIUS client routes the access requests to the RADIUS server for authentication. The RADIUS server verifies the user’s access permissions and returns a response to the RADIUS client, which will then enforce the response to the access request. IAS provides the ability to create a centralized set of access permissions. You can also monitor and track usage of the wireless network by using IAS. These features support the centralized approach to network management and security.

 

IEEE 802.1X authentication supports certificate-based authenticated network access to wired Ethernet networks and wireless 802.11 networks. This authentication method provides centralized user identification, authentication, dynam

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: