عندى اختبار 297 ينفع؟
الأخوة الأعضاء الكرام
برجاء وضع رابط لاختبار 70-298 تست كنج آخر إصدار 12 حالة إذا أمكن
ولكم جزيل الشكر
عندى اختبار 297 ينفع؟
مشكور أخي العزيز هواوي
الرجاء ارساله لي على sali1111@hotmail.com
شكراً
السلام عليكم هذا هو الفرق بين الاصدار الاخير وقبل الاخير
Case Study #12, Trey Research
Background
Overview
Trey Research is a medical research company that develops and improves technologies that are used in the
health care industry.
Physical locations
The company's main office is located in Atlanta. The company has branch offices in San Francisco and New
York.
Planned Changes
Trey Research is entering into a partnership with Contoso, Ltd., to collaborate on research projects. Trey
Research needs to enable encrypted communications with Contoso.
The company also plans to implement a new wireless network and upgrade all client computers to Windows XP
Professional.
70 - 298
Leading the way in IT testing and certification tools, www.testking.com
- 144 -
Existing Environment
Business Processes
Users in the marketing department access marketing data by using a Web-based application that is installed on a
server running IIS 6.0.
Research intellectual property is stored on database servers. Researches access research intellectual property
data on the database servers by using a Web-based application that resides on the company intranet. The
researchers' level of access to the data is dependent upon their position in the department and their project
involvement.
Some intellectual property information is also stored in a shared folder name Research Stats on a server named
ATLFP1.l The information in the Research Stats folder is the only intellectual property information that is
shared with partners. The Research stats folders contains a folder for each research project and the following
folders:
?M&S
?Reports
?Partner
Permission set on all research intellectual property ensures that unauthorized users do not have access to the
information.
The following table lists a subset of the groups, group members, and associated levels of access used at Trey
Research for the Research Stats folder.
Group Members Access
Contoso Contoso, Ltd, employees,
information technology (IT)
department users
Allowed access to the Partner
folder only
HR Human Resources (HR) department
users
Allowed access to employee data
IT IT department users Allowed access to the network
except HR servers and data
Marketing_Sales Marketing, sales, and IT
department users
Allowed access to marketing and
Sales related information including
the M&S folder
Research Research and IT department users Allowed access to research data
70 - 298
Leading the way in IT testing and certification tools, www.testking.com
- 145 -
Directory Services
The company Windows Server 2003 Active Directory environment is shown in the Existing Active Directory
exhibit.
The root.treyresearch.com domain is an empty root domain.
Network Infrastructure
The network for Trey Research is shown in the Existing network exhibit.
70 - 298
Leading the way in IT testing and certification tools, www.testking.com
- 146 -
The following table lists the servers on the network and their respective location, function, and operating
system.
Firewalls allow all DNS name resolution.
A public key infrastructure (PKI) was deployed on ATLCA1. The PKI is integrated with Active Directory and
uses Certificate Services. Trey Research plans to use smart cards.
Encrypted files and folders reside on ATLFP2.
70 - 298
Leading the way in IT testing and certification tools, www.testking.com
- 147 -
Problem Statements
The following business problems must be considered:
?Users need to remember up to five passwords and to access data and applications.
?Administrators do not have adequate time to maintain servers and client computers with the latest
security patches because they are too busy addressing other issues.
?Some researchers have stored encrypted confidential data on their client computers.
70 - 298
Leading the way in IT testing and certification tools, www.testking.com
- 148 -
Interviews
Chief Executive Officer
To improve the effectiveness of our research efforts, we need to foster collaboration both within Trey Research
and with Contoso, Ltd., by increasing the efficiency of our data sharing. Though we will share some
information, it is still critical to keep research information confidential.
Scientist and other users in the research department often work long hours in the office and from home, so they
need a secure method of accessing the network and using shared resources.
Contoso, Ltd., also shares confidential data with us, so some Contoso, Ltd., users will need secure methods, to
access our company's network and shared resources.
Chief Information Officer
Information shared between Trey Research and other companies must use the strongest encryption and
authentication possible in order to keep the information confidential.
Internally, identify management is a problem. I want to address this problem by physically issuing smart cards.
Also, we need to strengthen our current password policy, which is shown in the Current Password Policy
Configuration exhibit.
Minimizing IT expenses is important but we need to implement a cost-effective solution that addresses
accessing multiple resources, including the new wireless LAN, the intranet Web server, and the terminal server,
Our solution must require two-factor authentication.
70 - 298
Leading the way in IT testing and certification tools, www.testking.com
- 149 -
System Administrator
Because other companies have different network environments and business processes, sharing research data
with partner company might be technically challenging.
We need to create a better security patch management process. Currently, client computers are not updated with
security updates until the security patches are incorporated into service packs.
70 - 298
Leading the way in IT testing and certification tools, www.testking.com
- 150 -
Business Requirements
Security Requirements
The following security requirements must be considered:
?All communications to the research database servers must be encrypted.
?Security patches must be tested before they are deployed
?Security must not interfere with application functionality.
?The HR segments needs additional protection to prevent non-HR internal users from gaining
unauthorized access.
?All traffic to the Web-based marketing and research applications must be encrypted.
?Company intellectual property cannot be stored on client computers; it must be stored in the database
containing intellectual property or in the appropriate folder on a file server. Confidentiality of this data
must be enforced.
?Only authorized users and computers can connect to the wireless network.
?DNS records must not be transferred to external sources.
?Administrators must be responsible for enrolling users.
70 - 298
Leading the way in IT testing and certification tools, www.testking.com
وهذه هي الاسئلة
QUESTION NO: 1
You need to design an authentication solution for Terminal Services that meets the business
requirements.
What should you do?
A. Configure the terminal server to use smart cards.
B. Configure IPSec to permit only Remote Desktop Protocol (RDP) connections to the terminal server.
C. Deny the Remote Desktop Users group access to the terminal server.
D. Restrict treyresearch.com users from logging on locally to the terminal server.
Answer: B
QUESTION NO: 2
You need to design an authentication solution for the wireless network. Your solution must meet the
security requirements.
What should you do?
A. Create wireless VPNs using L2TP/IPSec between the client computers to the wireless access point.
B. Configure IEEE 802.1x authentication with smart cards
C. Configure the wireless network to use Wired Equivalent Privacy (WEP).
D. Install and configure an Internet Authentication Service (IAS) server.
Answer: C
QUESTION NO: 3
You need to design a strategy to move confidential data from research users' client computers to
ATLFP2. Your solution must meet the business requirements. What should you instruct the research
users to do?
A. Move the encrypted data to a folder on ATLFP2 over an IPSec connection.
70 - 298
Leading the way in IT testing and certification tools, www.testking.com
- 152 -
B. Move the encrypted data to an Encrypting File System (EFS) folder on ATLFP2 over an IPSec
connection.
C. Move the encrypted data to a new server that is not a member of the domain, and then move it to
ATLFP2.
D. Move the encrypted data to a compressed folder on ATLFP2 by using Web Distributed Authoring and
Versioning (WebDAV) over SSL.
Answer: B
QUESTION NO: 4
You need to design an access control strategy for the marketing application. You solution must minimize
impact on server and network performance. What should you do?
A. Require client computers to connect to the marketing application by using a VPN connection.
B. Use IPSec to encrypt communications between the servers in the New York and Atlanta offices.
C. Require the high security setting on Terminal Services connections to the marketing application.
D. Configure all marketing application Web pages to require SSL.
Answer: D
QUESTION NO: 5
You need to design a PKI that meets business requirements. What should you do?
A. Move ATLCA1 offline and create an enterprise subordinate CA to issue certificates.
B. Create a stand-alone subordinate CA to issue certificates.
C. Use a qualified subordinate CA.
D. Configure certificate template access control lists (ACLs) on ATLCA1.
Answer: A
QUESTION NO: 6
You need to design a method to ensure that research intellectual property remains confidential. You
solution must meet security requirements. What should you do?
70 - 298
Leading the way in IT testing and certification tools, www.testking.com
- 153 -
A. Require client computers to connect to research intellectual property through a SSL VPN.
B. Place SFSQL1 and ATLSQL1 on a separate virtual LAN from the internal network. Grant access to
these virtual LAN segments to only the client computers that are used by authorized users.
C. Require that communications between SFSQL1, SFFP1, ATLSQL1, and ATLFP1 use IPSec.
D. Create a separate subnet for all servers that contain research intellectual property.
Answer: C
QUESTION NO: 7
You need to provide users in the research department access to different functions of the Web-based
research application based on individual user roles. What should you do?
A. Use Windows directory service mapper and enable Microsoft .NET Passport authentication.
B. Create authorization rules and scopes by using Authorization Manager.
C. Use one-to-many client certificate mapping.
D. Define permissions by using access control lists (ACLs).
Answer: B
QUESTION NO: 8
You need to design a password policy that meets business requirements. What should you do? Select all
that apply.
A. Increase the number of passwords that are remembered.
B. Disable reversible encryption.
C. Set the minimum password age to zero days.
D. Increase the maximum password age.
Answer: A, C
QUESTION NO: 9
You need to design a certificate management process for internal users. What should you do?
A. Establish a Web enrollment service for internal users to request access to resources.
70 - 298
Leading the way in IT testing and certification tools, www.testking.com
- 154 -
B. Grant Enrollment Agent rights to users.
C. Establish enrollment stations and store user certificates in a smart card.
D. Create Connection Manager scripts to identify the client computer operating system, and configure Web
proxy settings to specify the appropriate Web enrollment service.
Answer: C
QUESTION NO: 10
You need to design a method to standardize and deploy a baseline security configuration for servers. You
solution must meet business requirements. What should you do?
A. Create a script that installs the Hisecdc.inf security template.
B. Use a GPO to distribute and apply the Hisec.inf security template.
C. Use the System Policy Editor to configure each server's security settings.
D. Use a GPO to distribute and apply a custom security template.
Answer: D
المفضلات