Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 7: Securing Windows Server 2008 Servers

Full screen (f)
exit full mode
Question
A ____ system starts with a reduced attack surface; it is regularly audited to ensure that it remains secure and is kept up to date.

A) hardened
C) constrained
B) restricted
D) hindered
Use Space or
up arrow
down arrow
to flip the card.
Question
The scwcmd command ____ is used to apply the security policy to the system.

A) enable
C) display
B) configure
D) register
Question
The scwcmd command ____ can be used to extend the SCW database by adding roles, tasks, services, and port definitions.

A) configure
C) transform
B) rebuild
D) register
Question
When hardening a system, start by making sure that only the needed services and protocols are installed and enabled.
Question
A perimeter network is provided by using two firewalls; this arrangement is often referred to as a(n) ____.

A) restricted zone
C) demilitarized zone
B) internal zone
D) buffer zone
Question
____ logs an event when a user account or group is added, deleted, or modified, or when a password is set or modified.

A) Audit account management
C) Audit file management
B) Audit object management
D) Audit user management
Question
____ can be used to track the actions of users and record the details of these actions in the Windows Security log.

A) Policy monitoring
C) Eventlog monitoring
B) Scanning
D) Auditing
Question
A scheduled ____ provides automation and streamlines an administrator's job.

A) script
C) baseline
B) interface
D) tool
Question
____ if enabled, logs events when a user exercises most user rights.

A) Audit logon
B) Audit object
C) Audit account
D) Audit privilege use
Question
The SCW GUI version can be used to perform compliance auditing on a system.
Question
You can perform the compliance audit with the following command: ____

A) scwcmd configure /p:PolicyPathName
B) scwcmd display /p:PolicyPathName
C) scwcmd analyze /p:PolicyPathandName
D) scwcmd baseline /p:PolicyPathName
Question
WSUS includes the ability to export and import updates to and from media.
Question
The value of any command-line tool is that it can be ____.

A) kept secure
C) scheduled
B) controlled
D) scripted
Question
____ checks include possible security issues such as whether the Guest account is enabled, the file system isn't NTFS, or whether there are excessive members of the Administrators group.

A) Windows administrative vulnerabilities
C) Common security vulnerabilities
B) Windows patches
D) Windows configuration vulnerabilities
Question
You can use Server Manager to create a security policy that can be applied to any system to reduce the attack surface.
Question
____ audits user logon events when a user is authenticated from a local computer (not a domain controller).

A) Audit account management
C) Audit object events
B) Audit logon events
D) Audit privilege use
Question
When MBSA is installed, the ____ command-line utility is also installed, which can be used to run MBSA from the command line.

A) MBSAGUI
C) MBSA /CLI
B) MBSACLI
D) MBSA MMC
Question
In general, ____ record who performed an action, what action was performed, and when and where it was performed.

A) security log entries
C) system log entries
B) auditing log entries
D) application log entries
Question
Regularly checking systems to ensure that they haven't been changed is called ____.

A) compliance certification
C) compliance auditing
B) compliance baselining
D) compliance hardening
Question
The scwcmd command transform is used to roll back the settings of the last applied SCW security policy.
Question
____ logs tracking information events such as program activation and process exits.

A) Audit account management
B) Audit log purging
C) Audit process tracking
D) Audit token tracking
Question
____ provides updates for all supported versions of Windows operating systems.

A) Windows Update
B) Microsoft Update
C) Windows Control
D) Software Update
Question
Discuss using WSUS with branch offices.
Question
____________________ identify resources in one network that can communicate with resources in another network.
Question
Within a domain environment, ____ can be used as a central location to download and approve updates.

A) BITS
B) Microsoft Server Update Services
C) Windows Update Services
D) Windows Server Update Services
Question
In the context of server security, a(n) ____________________ is a starting point for a server that locks it down as much as possible while also allowing it to operate.
Question
Name and describe a primary tool used for compliance auditing.
Question
List and explain the three parts to the Microsoft SD³+C approach.
Question
When two WSUS servers are working as upstream/downstream servers in ____ mode, the upstream server sends all the updates it receives to the downstream server.

A) autonomous
B) synchronous
C) automatic
D) controlled
Question
List and describe a primary benefit provided by WSUS.
Question
Explain the difference between an upstream server and a downstream server.
Question
____ are a group of updates used to target a specific area such as security, or a specific component or application.

A) Service packs
B) Drivers
C) Update rollups
D) Updates
Question
____ are software components designed to support hardware.

A) Interfaces
B) Drivers
C) Applications
D) Update rollups
Question
____________________ rules are commonly used to publish an Internet-facing server's connection information to the external firewall.
Question
List and describe two areas that should be considered when hardening a system's security.
Question
Explain how to install WSUS.
Question
The scwcmd command ____________________ is used to analyze a system against a policy and determine if the system is compliant with the policy.
Question
List and explain one concern when considering adding WSUS to a network.
Question
When you run SCW, it creates a configuration ____________________ of all the possible server roles, client features, options, services, and Windows firewall settings.
Question
Discuss options for creating a perimeter network.
Question
Describe the purpose of the WSUS statistics server.
Question
Match between columns
Premises:
Responses:
Additional product functionality that wasn’t included in the original release
hardening
Additional product functionality that wasn’t included in the original release
service packs
Additional product functionality that wasn’t included in the original release
feature packs
Additional product functionality that wasn’t included in the original release
perimeter network
Additional product functionality that wasn’t included in the original release
trusted
Additional product functionality that wasn’t included in the original release
semi-trusted
Additional product functionality that wasn’t included in the original release
untrusted
Additional product functionality that wasn’t included in the original release
system policy rules
Additional product functionality that wasn’t included in the original release
ISA Server
Connections from the Internet from customers, remote employees, or trusted business partners
hardening
Connections from the Internet from customers, remote employees, or trusted business partners
service packs
Connections from the Internet from customers, remote employees, or trusted business partners
feature packs
Connections from the Internet from customers, remote employees, or trusted business partners
perimeter network
Connections from the Internet from customers, remote employees, or trusted business partners
trusted
Connections from the Internet from customers, remote employees, or trusted business partners
semi-trusted
Connections from the Internet from customers, remote employees, or trusted business partners
untrusted
Connections from the Internet from customers, remote employees, or trusted business partners
system policy rules
Connections from the Internet from customers, remote employees, or trusted business partners
ISA Server
A dedicated application that can be installed on a server to perform as a firewall
hardening
A dedicated application that can be installed on a server to perform as a firewall
service packs
A dedicated application that can be installed on a server to perform as a firewall
feature packs
A dedicated application that can be installed on a server to perform as a firewall
perimeter network
A dedicated application that can be installed on a server to perform as a firewall
trusted
A dedicated application that can be installed on a server to perform as a firewall
semi-trusted
A dedicated application that can be installed on a server to perform as a firewall
untrusted
A dedicated application that can be installed on a server to perform as a firewall
system policy rules
A dedicated application that can be installed on a server to perform as a firewall
ISA Server
Collections of updates and fixes that often include additional features
hardening
Collections of updates and fixes that often include additional features
service packs
Collections of updates and fixes that often include additional features
feature packs
Collections of updates and fixes that often include additional features
perimeter network
Collections of updates and fixes that often include additional features
trusted
Collections of updates and fixes that often include additional features
semi-trusted
Collections of updates and fixes that often include additional features
untrusted
Collections of updates and fixes that often include additional features
system policy rules
Collections of updates and fixes that often include additional features
ISA Server
Connections on the internal network from company-owned resources and employees
hardening
Connections on the internal network from company-owned resources and employees
service packs
Connections on the internal network from company-owned resources and employees
feature packs
Connections on the internal network from company-owned resources and employees
perimeter network
Connections on the internal network from company-owned resources and employees
trusted
Connections on the internal network from company-owned resources and employees
semi-trusted
Connections on the internal network from company-owned resources and employees
untrusted
Connections on the internal network from company-owned resources and employees
system policy rules
Connections on the internal network from company-owned resources and employees
ISA Server
Identify traffic and protocols that are allowed to and from the perimeter network
hardening
Identify traffic and protocols that are allowed to and from the perimeter network
service packs
Identify traffic and protocols that are allowed to and from the perimeter network
feature packs
Identify traffic and protocols that are allowed to and from the perimeter network
perimeter network
Identify traffic and protocols that are allowed to and from the perimeter network
trusted
Identify traffic and protocols that are allowed to and from the perimeter network
semi-trusted
Identify traffic and protocols that are allowed to and from the perimeter network
untrusted
Identify traffic and protocols that are allowed to and from the perimeter network
system policy rules
Identify traffic and protocols that are allowed to and from the perimeter network
ISA Server
Connections from the Internet
hardening
Connections from the Internet
service packs
Connections from the Internet
feature packs
Connections from the Internet
perimeter network
Connections from the Internet
trusted
Connections from the Internet
semi-trusted
Connections from the Internet
untrusted
Connections from the Internet
system policy rules
Connections from the Internet
ISA Server
The process of making a system more secure from the default configuration
hardening
The process of making a system more secure from the default configuration
service packs
The process of making a system more secure from the default configuration
feature packs
The process of making a system more secure from the default configuration
perimeter network
The process of making a system more secure from the default configuration
trusted
The process of making a system more secure from the default configuration
semi-trusted
The process of making a system more secure from the default configuration
untrusted
The process of making a system more secure from the default configuration
system policy rules
The process of making a system more secure from the default configuration
ISA Server
Added as a buffer between an internal protected network and an external unprotected network
hardening
Added as a buffer between an internal protected network and an external unprotected network
service packs
Added as a buffer between an internal protected network and an external unprotected network
feature packs
Added as a buffer between an internal protected network and an external unprotected network
perimeter network
Added as a buffer between an internal protected network and an external unprotected network
trusted
Added as a buffer between an internal protected network and an external unprotected network
semi-trusted
Added as a buffer between an internal protected network and an external unprotected network
untrusted
Added as a buffer between an internal protected network and an external unprotected network
system policy rules
Added as a buffer between an internal protected network and an external unprotected network
ISA Server
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/42
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 7: Securing Windows Server 2008 Servers
1
A ____ system starts with a reduced attack surface; it is regularly audited to ensure that it remains secure and is kept up to date.

A) hardened
C) constrained
B) restricted
D) hindered
A
2
The scwcmd command ____ is used to apply the security policy to the system.

A) enable
C) display
B) configure
D) register
B
3
The scwcmd command ____ can be used to extend the SCW database by adding roles, tasks, services, and port definitions.

A) configure
C) transform
B) rebuild
D) register
D
4
When hardening a system, start by making sure that only the needed services and protocols are installed and enabled.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
5
A perimeter network is provided by using two firewalls; this arrangement is often referred to as a(n) ____.

A) restricted zone
C) demilitarized zone
B) internal zone
D) buffer zone
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
6
____ logs an event when a user account or group is added, deleted, or modified, or when a password is set or modified.

A) Audit account management
C) Audit file management
B) Audit object management
D) Audit user management
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
7
____ can be used to track the actions of users and record the details of these actions in the Windows Security log.

A) Policy monitoring
C) Eventlog monitoring
B) Scanning
D) Auditing
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
8
A scheduled ____ provides automation and streamlines an administrator's job.

A) script
C) baseline
B) interface
D) tool
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
9
____ if enabled, logs events when a user exercises most user rights.

A) Audit logon
B) Audit object
C) Audit account
D) Audit privilege use
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
10
The SCW GUI version can be used to perform compliance auditing on a system.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
11
You can perform the compliance audit with the following command: ____

A) scwcmd configure /p:PolicyPathName
B) scwcmd display /p:PolicyPathName
C) scwcmd analyze /p:PolicyPathandName
D) scwcmd baseline /p:PolicyPathName
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
12
WSUS includes the ability to export and import updates to and from media.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
13
The value of any command-line tool is that it can be ____.

A) kept secure
C) scheduled
B) controlled
D) scripted
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
14
____ checks include possible security issues such as whether the Guest account is enabled, the file system isn't NTFS, or whether there are excessive members of the Administrators group.

A) Windows administrative vulnerabilities
C) Common security vulnerabilities
B) Windows patches
D) Windows configuration vulnerabilities
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
15
You can use Server Manager to create a security policy that can be applied to any system to reduce the attack surface.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
16
____ audits user logon events when a user is authenticated from a local computer (not a domain controller).

A) Audit account management
C) Audit object events
B) Audit logon events
D) Audit privilege use
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
17
When MBSA is installed, the ____ command-line utility is also installed, which can be used to run MBSA from the command line.

A) MBSAGUI
C) MBSA /CLI
B) MBSACLI
D) MBSA MMC
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
18
In general, ____ record who performed an action, what action was performed, and when and where it was performed.

A) security log entries
C) system log entries
B) auditing log entries
D) application log entries
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
19
Regularly checking systems to ensure that they haven't been changed is called ____.

A) compliance certification
C) compliance auditing
B) compliance baselining
D) compliance hardening
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
20
The scwcmd command transform is used to roll back the settings of the last applied SCW security policy.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
21
____ logs tracking information events such as program activation and process exits.

A) Audit account management
B) Audit log purging
C) Audit process tracking
D) Audit token tracking
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
22
____ provides updates for all supported versions of Windows operating systems.

A) Windows Update
B) Microsoft Update
C) Windows Control
D) Software Update
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
23
Discuss using WSUS with branch offices.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
24
____________________ identify resources in one network that can communicate with resources in another network.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
25
Within a domain environment, ____ can be used as a central location to download and approve updates.

A) BITS
B) Microsoft Server Update Services
C) Windows Update Services
D) Windows Server Update Services
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
26
In the context of server security, a(n) ____________________ is a starting point for a server that locks it down as much as possible while also allowing it to operate.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
27
Name and describe a primary tool used for compliance auditing.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
28
List and explain the three parts to the Microsoft SD³+C approach.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
29
When two WSUS servers are working as upstream/downstream servers in ____ mode, the upstream server sends all the updates it receives to the downstream server.

A) autonomous
B) synchronous
C) automatic
D) controlled
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
30
List and describe a primary benefit provided by WSUS.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
31
Explain the difference between an upstream server and a downstream server.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
32
____ are a group of updates used to target a specific area such as security, or a specific component or application.

A) Service packs
B) Drivers
C) Update rollups
D) Updates
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
33
____ are software components designed to support hardware.

A) Interfaces
B) Drivers
C) Applications
D) Update rollups
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
34
____________________ rules are commonly used to publish an Internet-facing server's connection information to the external firewall.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
35
List and describe two areas that should be considered when hardening a system's security.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
36
Explain how to install WSUS.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
37
The scwcmd command ____________________ is used to analyze a system against a policy and determine if the system is compliant with the policy.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
38
List and explain one concern when considering adding WSUS to a network.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
39
When you run SCW, it creates a configuration ____________________ of all the possible server roles, client features, options, services, and Windows firewall settings.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
40
Discuss options for creating a perimeter network.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
41
Describe the purpose of the WSUS statistics server.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
42
Match between columns
Premises:
Responses:
Additional product functionality that wasn’t included in the original release
hardening
Additional product functionality that wasn’t included in the original release
service packs
Additional product functionality that wasn’t included in the original release
feature packs
Additional product functionality that wasn’t included in the original release
perimeter network
Additional product functionality that wasn’t included in the original release
trusted
Additional product functionality that wasn’t included in the original release
semi-trusted
Additional product functionality that wasn’t included in the original release
untrusted
Additional product functionality that wasn’t included in the original release
system policy rules
Additional product functionality that wasn’t included in the original release
ISA Server
Connections from the Internet from customers, remote employees, or trusted business partners
hardening
Connections from the Internet from customers, remote employees, or trusted business partners
service packs
Connections from the Internet from customers, remote employees, or trusted business partners
feature packs
Connections from the Internet from customers, remote employees, or trusted business partners
perimeter network
Connections from the Internet from customers, remote employees, or trusted business partners
trusted
Connections from the Internet from customers, remote employees, or trusted business partners
semi-trusted
Connections from the Internet from customers, remote employees, or trusted business partners
untrusted
Connections from the Internet from customers, remote employees, or trusted business partners
system policy rules
Connections from the Internet from customers, remote employees, or trusted business partners
ISA Server
A dedicated application that can be installed on a server to perform as a firewall
hardening
A dedicated application that can be installed on a server to perform as a firewall
service packs
A dedicated application that can be installed on a server to perform as a firewall
feature packs
A dedicated application that can be installed on a server to perform as a firewall
perimeter network
A dedicated application that can be installed on a server to perform as a firewall
trusted
A dedicated application that can be installed on a server to perform as a firewall
semi-trusted
A dedicated application that can be installed on a server to perform as a firewall
untrusted
A dedicated application that can be installed on a server to perform as a firewall
system policy rules
A dedicated application that can be installed on a server to perform as a firewall
ISA Server
Collections of updates and fixes that often include additional features
hardening
Collections of updates and fixes that often include additional features
service packs
Collections of updates and fixes that often include additional features
feature packs
Collections of updates and fixes that often include additional features
perimeter network
Collections of updates and fixes that often include additional features
trusted
Collections of updates and fixes that often include additional features
semi-trusted
Collections of updates and fixes that often include additional features
untrusted
Collections of updates and fixes that often include additional features
system policy rules
Collections of updates and fixes that often include additional features
ISA Server
Connections on the internal network from company-owned resources and employees
hardening
Connections on the internal network from company-owned resources and employees
service packs
Connections on the internal network from company-owned resources and employees
feature packs
Connections on the internal network from company-owned resources and employees
perimeter network
Connections on the internal network from company-owned resources and employees
trusted
Connections on the internal network from company-owned resources and employees
semi-trusted
Connections on the internal network from company-owned resources and employees
untrusted
Connections on the internal network from company-owned resources and employees
system policy rules
Connections on the internal network from company-owned resources and employees
ISA Server
Identify traffic and protocols that are allowed to and from the perimeter network
hardening
Identify traffic and protocols that are allowed to and from the perimeter network
service packs
Identify traffic and protocols that are allowed to and from the perimeter network
feature packs
Identify traffic and protocols that are allowed to and from the perimeter network
perimeter network
Identify traffic and protocols that are allowed to and from the perimeter network
trusted
Identify traffic and protocols that are allowed to and from the perimeter network
semi-trusted
Identify traffic and protocols that are allowed to and from the perimeter network
untrusted
Identify traffic and protocols that are allowed to and from the perimeter network
system policy rules
Identify traffic and protocols that are allowed to and from the perimeter network
ISA Server
Connections from the Internet
hardening
Connections from the Internet
service packs
Connections from the Internet
feature packs
Connections from the Internet
perimeter network
Connections from the Internet
trusted
Connections from the Internet
semi-trusted
Connections from the Internet
untrusted
Connections from the Internet
system policy rules
Connections from the Internet
ISA Server
The process of making a system more secure from the default configuration
hardening
The process of making a system more secure from the default configuration
service packs
The process of making a system more secure from the default configuration
feature packs
The process of making a system more secure from the default configuration
perimeter network
The process of making a system more secure from the default configuration
trusted
The process of making a system more secure from the default configuration
semi-trusted
The process of making a system more secure from the default configuration
untrusted
The process of making a system more secure from the default configuration
system policy rules
The process of making a system more secure from the default configuration
ISA Server
Added as a buffer between an internal protected network and an external unprotected network
hardening
Added as a buffer between an internal protected network and an external unprotected network
service packs
Added as a buffer between an internal protected network and an external unprotected network
feature packs
Added as a buffer between an internal protected network and an external unprotected network
perimeter network
Added as a buffer between an internal protected network and an external unprotected network
trusted
Added as a buffer between an internal protected network and an external unprotected network
semi-trusted
Added as a buffer between an internal protected network and an external unprotected network
untrusted
Added as a buffer between an internal protected network and an external unprotected network
system policy rules
Added as a buffer between an internal protected network and an external unprotected network
ISA Server
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree