certification-cisco

You are considering a pilot program for the rollout of the first service pack for Office 2003 in your organization. All of the workstations in your organization are running Windows XP Professional. Your organization has five departments. There is also a small IT unit with five staff members. Each department has its own OU within the Active Directory structure. 642-481  HP0-J23  MB6-817  350-018 Approximately 100 user accounts reside in each OU. Because the requirements for each department are different, each department’s OU has an individualized Group Policy Object applied. You want the pilot program to run for a month before you deploy Office 2003 Service Pack 1 across the rest of your organization. You want to make sure that all applications currently used in the organization are compatible with the service pack. Which of the following is the best suggestion for membership of the pilot program? 350-018  000-061

1. Create a lab with five different workstations running Windows XP. Add each of these workstations to the OU that corresponds to each department.

2. Select one user from each department to be a member of the pilot program.

3. Select five users from each department to be members of the pilot program.

4. Have each member of IT join a corresponding departmental OU. Deploy the service pack to each IT staff member’s system. Correct Answers: C   MB6-817  642-481  642-691 350-030

Which tool would you use to configure policy files for clients running Windows NT Workstation 4.0 that are located in a Windows Server 2003 mixed mode domain? 70-652 

1. POLEDIT.EXE

2. REGEDIT.EXE

3. REGEDT32.EXE

4. Security Templates snap-in for the MMC

   Correct Answers: A   MB6-817

   1. Correct POLEDIT.EXE is used to configure policies for computers running Windows NT Workstation 4.0 and Windows NT Server 000-210 4.0. Policies are used to secure computers running Windows NT Workstation 4.0 and Windows NT Server 4.0 because they are not able to be fully configured using Active Directory technology, HP0-J23 which made its debut with Windows 2000.

   2. Incorrect REGEDIT.EXE is used to edit the registry of computers running Windows. 70-640 Although many settings can be configured in the registry, it is not used to configure policy files for clients running Windows NT Workstation 4.0. 642-524

   3. Incorrect REGEDT32.EXE is 642-481 used to edit the registry of computers running Windows. Although many settings can be configured in the registry, it is not used to configure policy files for clients running Windows NT Workstation 642-691 4.0.

   4. Incorrect The Security Templates snap-in interfaces with Group Policy objects. It cannot be used to configure policy files for clients running Windows NT Workstation 4.0 350-018 in a Windows Server 2003 mixed mode domain.

You are in the process of planning the development of a security template that will be applied to the 35 domain controllers that are used to support your organization’s nationwide domain. All domain controllers run Windows Server 2003,  HP0-J23 Standard Edition. Your company has 15 branch sites, each with two domain controllers for the purpose of redundancy. Your headquarters site hosts five domain controllers to cope with the increased load in addition to roles such as schema master and global catalog server. Out of the 15 branch sites, the largest eight also have one of 70-652 their domain controllers serving the global catalog server role. Each of the domain controllers is also able to respond to host name lookup requests in addition to processing host name updates.

Which of the following system services can be disabled in the security template to be applied to the organization’s 35 domain controllers? 350-018

1. distributed file system (DFS)

2. Kerberos Key Distribution Center (KDC)

3. Distributed Transaction Coordinator

4. intersite messaging

   Correct Answers: D   70-630

   1. Incorrect The Active Directory System Volume (Sysvol) requires that the DFS service be running.  70-640

   2. Incorrect The question text indicates that all of the domain controllers are functioning in Active Directory integrated mode. This means that DNS duties are distributed across the domain with any domain controller server being able to respond to requests or process updates. 350-030 

   3. Incorrect The KDC service is required to allow security accounts to log on to the network. A non-functional KDC service means that logon authentication cannot complete.  000-210

   4. Correct This service is not used by domain controllers. It is used on servers such as database servers for coordinating transactions that are distributed across multiple systems. MB6-817

   5. Incorrect Intersite messaging is used by the Active Directory replication processes and is hence a service that must be active on a domain controller. n10-003

IPSec is a framework of open standards for helping to ensure private, secure communications over Internet Protocol (IP) networks through the use of cryptographic security services. IPSec supports network-level data integrity, data confidentiality, data origin authentication, and replay protection. Because IPSec is integrated at the Internet layer (layer 3), it provides security for almost all protocols in the TCP/IP suite, and because IPSec is applied transparently to applications, there is no need to configure separate security for each application that uses TCP/IP.  VCP-310   642-845  642-825  642-691

IPSec can be used to provide packet filtering, to encrypt and authenticate traffic between two hosts, and to create a virtual private network (VPN). Using these capabilities of IPSec helps to provide protection against:

Network-based denial-of-service attacks from untrusted computers.

Data corruption.

Data theft.

User-credential theft.

Administrative control of servers, other computers, and the network.

Besides simply improving security, IPSec can be used to save money by enabling communications between remote offices and remote access clients across the public Internet, rather than more costly dedicated circuits that offer privacy at the physical level.

You can use IPSec to encrypt and validate the integrity of communications between two computers. For example, IPSec can protect traffic between domain controllers in different sites, between Web servers and database servers, or between Web clients and Web servers. When an IPSec client attempts to initiate a connection to an IPSec server, the client and server negotiate IPSec integrity and encryption protocols. After the IPSec connection is established, the application’s data is transported within the IPSec connection.

For example, consider the common scenario of a user downloading e-mail from a server using Post Office Protocol version 3 (POP3). If IPSec is not enabled, the e-mail client software initiates a connection directly to the e-mail server software. The user name and password will be transmitted in clear text, so that anyone with a protocol analyzer such as Network Monitor can intercept the user’s credentials. An attacker who has control of a router can modify the contents of the user’s e-mail messages as they are downloaded without being detected.

Now consider the same scenario with IPSec enabled. In this case, when the server receives the POP3 request from the e-mail client, it will send a message back to the client requesting an IPSec connection. The client will agree, and IPSec will negotiate encryption and integrity protocols. Then IPSec on the client computer will intercept the e-mail client’s network traffic, store it within encrypted IPSec packets, and send the data to the server using TCP/IP. IPSec on the server will receive the packets, decrypt the contents, and pass the e-mail client’s original communication to the e-mail server software.  70-270   642-453  70-649

Pass4sure 640-802 has a comprehensive and systematic practice exam designed by our professional IT team. It helps you to master the knowledge more easily. By using it, we promise you will pass the exam. Otherwise, we have the guarantee policy to protect your interests.
If you are unconfident about our Pass4sure 640-802, you have the right to test it. We have free demo online and free demo download. It’s up to you to choose any one of the two ways to test our product’s quality.
The Pass4sure 640-802 is built up by a team consisted of professional IT experts. It covers all points of the latest exam and the examination points in recent years. So we are sure that it covers all the knowledge points and at least 95% of the exam questions.
The quality of the Pass4sure 640-802 has been tested by thousands of IT examiners who have passed the exam successfully with our product. These who did an excellent job in the Cisco 640-802 Certification exam also had given advices to perfect our product.
We have a professional pre-sale & post-sale team to provide our customers with 7×24 services. No matter when, your needs and questions about the Pass4sure 640-802 will be answered instantly and with high quality to get your satisfaction as possible as we can.
Pass4sure 640-802 offers free demo trial. You can check out its interface, question quality and usability before you decide to buy it. In this way, you are never worried about buying it with regret.
If you unfortunately failed to pass the Cisco 640-802 Certification exam, and only if you used our Pass4sure 640-802 for the first time, we are bound to protect your interests with 100% money back for your fee to buy our product. We have 100% Pass Guarantee to make sure that your interests are subject to no loss.
Relate Exams:
[ 640-553 ] – IINS Implementing Cisco IOS Network Security
[ 640-811 ] – Interconnecting Cisco Networking Devices
[ 640-801 ] – CCNA
[ 640-822 ] – Interconnecting Cisco Networking Devices Part 1
[ 640-721 ] – Implementing Cisco Unified Wireless Networking Essentials (IUWNE)
[ 640-816 ] – Interconnecting Cisco Networking Devices Part 2
[ 640-821 ] – Introduction to Cisco Networking Technologies
[ 640-802 ] – Cisco Certified Network Associate
[ 640-460 ] – IIUC Implementing Cisco IOS Unified Communications (IIUC)

Public key encryption wouldn’t be any easier than shared key encryption if everyone had to manually exchange public keys. That’s why we use a PKI-to make the process of managing and exchanging public keys simpler.  70-649   642-825   VCP-310   642-453

A PKI is a set of policies, standards, and software that manages certificates and public and private keys. A PKI consists of a set of digital certificates, certification authorities (CAs), and tools that can be used to authenticate users and computers and to verify transactions. In order to place the PKI implementation provided by Windows Server 2003 in the proper context, this section provides a general overview of the components that make up a PKI.

For example, if Sam wants to send an encrypted message to Toby, Sam uses Toby’s public key to encrypt the message. When Toby receives the message, Toby uses his private key to decrypt it. Only Toby’s private key can be used to decrypt a message encrypted with his public key, so Sam can be sure that nobody else was able to view the contents of the message.

There’s another interesting way to use public key encryption: digital signatures. If Sam wants to prove to Toby that Sam, and not somebody else, sent the message, Sam can use Sam’s own private key to encrypt the message. After Toby receives it, Toby needs to use Sam’s public key to decrypt the message. If it decrypts properly, Toby can be certain that Sam’s private key was used to encrypt it and that the message hadn’t changed since Sam sent it. Of course, encryption takes a great deal of processing power, so Sam would probably choose to encrypt a short hash of the message instead of the entire message, and append the hash onto the end of the message. That would be sufficient to prove that Sam sent the message and that it hadn’t been modified in transit.

A public key certificate, referred to in this chapter as simply a certificate, is a tool for using public key encryption for authentication and encryption. Certificates are issued and signed by a CA, and any user or application that examines the certificate can safely assume that the CA did indeed issue the certificate. If you trust the CA to do a good job of authenticating users before handing out certificates, and you believe that the CA protects the privacy of its certificates and keys, you can trust that a certificate holder is who he or she claims to be.

Certificates can be issued for a variety of functions, including Web user authentication, Web server authentication, secure e-mail, encryption of network communications, and code signing. CAs even use certificates to identify themselves, create other certificates, and establish a certification hierarchy between other CAs. If the Windows Server 2003 enterprise CA is used in an organization, clients can use certificates to log on to the domain. 642-845  70-647  70-270 642-691