You work as the network administrator at certifyme.com. The certifyme.com
network consists of a single Active Directory domain named certifyme.com. All
servers on the certifyme.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
The
Leading the way in IT testing and certification tools, www.certifyme.com
- 130 -
certifyme.com written security policy states that no unauthorized VBScript files are
to be deployed and executed on certifyme.com client computers.350-001 The only authorized
VBScript file is named Market.vbs which consists of several script components;
with each component representing a different task. Market.vbs is stored in a shared
folder named MarketTools on a file server named certifyme-SR05.
Before using Market.vbs, it has to be modified to ensure that only the required
component is run. You need to create a software restriction policy to enforce the
requirements of the certifyme.com written security policy.640-802 You want to use the least
amount of administrative effort to accomplish your task.
What should you do? Choose two correct answers. Each correct answer presents
only part of the complete solution. Choose two.
A. Create a new Path rule and set the path to Market.vbs.
Set the security level to Unrestricted.
B. Create a new Internet zone rule for Market.vbs.
Set the security level to Restricted.
C. Create a new Hash rule for all .vbs files.
Set the security level to Disallowed.
D. Digitally sign each .vbs file to authorize it.
Create a new Certificate rule and set the security level to Restricted.
E. Create a new Path rule and set the path to be *.vbs.
Set the security level to Disallowed.
Answer: A, E
Explanation: There are four different types of software restriction policy rules.
Because more than one rule can be applied to one file, the priority of these rules is
as follows: Hash rules have the highest priority; Certificate rules take priority over
Path rules; Path rules take priority over Internet zone rules; and Internet zone rules
have the lowest priority. When the same type rule is applied to the same file, then
the more specific rule overrides the less specific rule.
To ensure that no unauthorized .vbs scripts are run on client computers, you need to
create a new path rule, set the path to be *.vbs, and then set the security level to
Disallowed. To ensure that Market.vbs can run on client computers, you need to define a
more specific Path rule to override your less specific Path rule already defined.VCP-310 In the
more specific Path rule, you set the path to Market.vbs file, and then set the security level
to Unrestricted.
Leading the way in IT testing and certification tools, www.certifyme.com
- 131 -
Incorrect Answers:
B: Internet zone rules apply to Windows Installer .msi files.
C: It would be an enormous task to create a Hash rule for all .vbs files and then modify
the rule whenever a new .vbs file is available so that it would need to be included in the
rule.
D: If you choose to create a new Certificate rule, you would need to sign the file
whenever it changes. This would be impractical. In this case, then the security level in
this option is also incorrect. It would need to be Unrestricted.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment