The following excerpt is from Chapter 3 of the MCSA/MCSE Exam Cram 2 book "Implementing and Administering Security in a Windows 2000 Network" written by Roberta Bragg, courtesy of Que Certification. Click to purchase the book, or check out Chapter 3 right now.
Check your answers to Exam Cram Quiz #2: Maintaining Security by Implementing, Managing, and Troubleshooting Service Packs and Security Updates.
Answer C is correct because Windows Update is used to automatically download updates on Windows XP computers. Answer A is incorrect because
qchain is a utility that can be used in scripts to apply multiple hotfixes with a single reboot. Answer B is incorrect because Dynamic Update is the ability of a Windows XP installation to connect to the Internet and download the latest drivers and updates during installation. Answer D is incorrect because SUS is the server software used to create an intranet version of Windows Update.
Answers A, B, and C, are correct because dynamic updates can be done with an Internet connection and with an intranet connection and include service pack files, and because slipstreaming is a method that adds service pack files to an installation directory copy of Windows files. Answer D is incorrect because Windows Update cannot be used to install the operating system. Answer E is incorrect because MBSA is a tool for determining hotfix status and Answer F is incorrect because SUS is the server software used to create an intranet version of Windows Update.
Answer B is correct because SUS clients can install updates even if an administrator is not logged on. Answer C is incorrect because Windows Update can be set to automatically download critical updates as they become available, but an administrator must install the updates. Answer A is incorrect because MBSA is a tool for determining hotfix status. Answer D is incorrect because Dynamic Update is the ability of an XP installation to connect to the Internet and download the latest drivers and updates during installation.
Answers A and B are correct because Windows Update can search for and download drivers for new hardware devices and for updated drivers for existing hardware. Answer C is incorrect because third-party software may include its own update service, but Windows Update cannot be used. Answer D is incorrect because new Microsoft security tools are not made available via Windows Update.
Answers B, D, and E are correct because MBSA cannot be used to scan Windows 98 and because Windows XP Home Edition must be locally scanned, and if Windows XP is using simple file sharing, it cannot be remotely scanned. Answer A is incorrect because MBSA can be installed and will run on Windows 2000 Professional. Answer C is incorrect because Remote Registry Service must be running on Windows 2000 computers, but it is not a service that is available in Windows NT.
Answers B and C are correct because you must either have access to the Internet or a copy of the
mssecure.xml file and you must have administrative privileges for every computer scanned. Answer A is incorrect because the Windows NT computer can be scanned across the network (and cannot be scanned locally because
hfnetchk cannot be installed on Windows NT). Answer D is incorrect because security policy does not allow Internet access from these computers, so you should not connect them to the Internet.
Answer B is correct because the switches and entries listed cause
hfnetchk to redirect its output to the
file.txt file. It then uses a local copy of the
mssecure.xml file and disables the registry checks. If a patch is not found,
hfnetchk displays the reason. The remaining answers are incorrect because at least one thing they do is not listed in the answer: Answer D is incorrect because the
-s 2 switch would produce stop warning messages from being displayed. In Answer A, the
-fh switch reads a list of computer names and performs a scan against multiple computers. In Answer C, the
-s 1 switch stops notes messages from being displayed.
Answer B is correct because putting the command in this file causes the file to run after a reboot. Answer A is incorrect because it would affect all computers in the domain and not just the newly installed computers. Answer C is incorrect because a local GPO written for the RIS computer would not be applied to the newly installed Windows computers. Answer D is incorrect because automatic update is not available for Windows 2000 Professional computers prior to Service Pack 3.
Answer C is correct because it is the recommended solution for companies with more than 500 computers to maintain. Answer A is incorrect because SUS is generally recommended for a much smaller network than this one; it cannot provide the management and reporting features that SMS can. Answer B is incorrect because MBSA is not a good patching solution (well, it might be okay for a very small company whose users act as administrators on their own computers). Answer D is incorrect because Windows Update is not a good solution for this many computers.
Answers C and D are correct because a smaller company may not be able to afford another server for just this one service. Both of these options describe reasons that SUS cannot be used on other servers. Answer A is incorrect because SUS is a free download. Answer B is incorrect because installation and configuration require little administrator activity.
Click here to return to the SearchWindowsSecurity.com Book Excerpts Library.