I'm just curious to see how the GC crowd would do on a sample question from an MCP exam. The following question is taken from Kaplan IT's Self-Test Software for the 70-214 (Managing and Administering Security on a Windows 2000 Network) exam. Microsoft endorses Kaplan STS.

My curiosity only extends to seeing how many people get it right. If you want to know if you did, send me a PM with your answer (Please copy the text of the answer, not just a, b, c, or d) and I'll let you know.

Of course, you can use this thread to discuss the question, but if you *know* the answer for sure, keep it to yourself.

Since the question is too big for the poll field, I'm going to put it below:

You are the network administrator for your company. The network consists of a single Windows 2000 domain, five Windows 2000 Server computers, and 350 Windows 2000 Professional client computers.


Confidential files in the Research department are stored on a Windows 2000 member server named FILE3. Access to files on this server is controlled using NTFS permissions. To protect data as it is transmitted to and from FILE3, IPSec is deployed. The Secure Server (Require Security) IPSec policy is configured on FILE3. The Client (Respond Only) IPSec policy is deployed to all computers in the Research organizational unit (OU). All users' computers that need access to files on FILE3 have been added to this OU.


You want to further increase the security for all connections to files on FILE3. What should you do?

EDIT2: I'm going to vote so that I don't have to make that extra click to view the results. What I pick may or may not be the right answer, so don't take your lead from me.

Whew, that's a toughie. *votes*

I went with D...I don't think I fully understood the question though. I got confused :crying2:

#1

*random vote*

... *wins* :D

My pet chicken smells like chicken poo.

Well, it's definitely one of those things.

I don't care, though.

is it supposed to say File1 in choice a?

You've gotta be kidding me. :eep:

is it supposed to say File1 in choice a?

FILE3. My bad.

EDIT: Bastard board won't let me edit the poll.

*edits*

Um... I have no idea. I'll PM you in a bit after I take a somewhat educated guess.

Hmm...A, or F?

I pick Z

No really, I think it might be A, or whichever is the one that says certificate (though I don't think so either about that).

Sars I hate you Bley make me think

I'll just post the correct answer--as well as whether I passed or failed--tomorrow morning/afternoon when I get back from writing the cert that this question is based on.

(I got the question right in the STS, for the record)

i was going to vote option 1 but i saw the file1 thing and I know how kaplan makes wrong answers (because i teach for them) but i figured it didn't make any sense so it must be a typo.

so i say 1.

Correct answer is c. Only Raf and King Bahamut got it right.

(And I passed the cert)

That's why you're the tech guy and we're the people who pay you, eventually, for doing tech things. :D

Congrats. Anymore certs or was that your last one for now?

EDIT: Nevermind. Just read your LJ. :)

My answer was better.

I voted before reading the thread just to see if I could get it right without my choice being influenced by what others had posted... and I got it wrong :P

Was a good question to pop on us, though ;)
*goes back to his books*

I love guessing. :) :) :D :D :p :p

So now, Arche and Unne, bow down to me, your new computer genius-lord!

I was hoping I'd be the only EoFF'er capable of getting certified on the 70-214, but I don't think Raf was guessing, even if KB was.

Oh, like you ever thought that I knew that techno mumbo-jumbo.

And I guarantee you that Raf was guessing, too.

I'll tell you why I picked the one I picked. The key here is what we want to improve: You want to further increase the security for all <b>connections</b> to files on FILE3.

1) Modify the authentication method for the IPSec policy on FILE3 to require a certificate and install certificates on all client computers in the Research OU.

Then there's the risk of said certificate being put on other machine, with possibility for tampering and unwanted access.

2) Reconfigure the IPSec policy for FILE3 to use the Server (Request Security) IPSec policy.

I didn't see any improvement in security here. It seems to just move the issue from clients to server. The communications aren't more secure.

3) Configure the key exchange settings for the IPSec policy on FILE3 to use Master key Perfect Forward Secrecy (PFS).

I don't know the details on that one, but the idea to use secured key exchange seemed to improve security (less tampering possible), which we want.

4) Create a Group Policy object (GPO) that assigns the Secure Server (Require Security) to the Research OU.

I don't really know how that one works, but it doesn't improve the security of the communication.