c, d. Windows 2000 uses domain controllers and member servers. Domain controllers are not divided into primary and backup controllers (choices a and b).
c, d, e. The first controller in a domain (but not the first in the forest) is assigned the relative ID master, PDC emulator, and infrastructure master roles.
a, b, d. Telnet, FTP, and SLIP use clear-text authentication.
c. RADIUS (Remote Access Dial-In User Service) is designed for high volume and centralized record-keeping.
c, d. Enterprise CAs require Active Directory.
c. Clients use a web-based interface to request certificates.
b. EFS (Encrypted Filesystem) and file compression cannot be used on the same files or directories.
a, c. Terminal Services can operate in remote administration mode or application sharing mode.
a, d. PPTP and L2TP are VPN protocols.
b. IAS (Internet Authentication Service) is Microsoft’s implementation of RADIUS.
c. Kerberos is Windows 2000’s standard method of authentication.
c, d. Windows NT 4.0 and Windows 2000 support NTLM.
d. New Macintosh computers support TCP/IP and can access Windows 2000 shares without File Services for Macintosh.
b. SSL (Secure Sockets Library) is used for encrypted communication between web clients and servers.
a, b. Standalone CAs are used to authenticate outside individuals or organizations.
c, d. Both Windows NT and Windows 2000 use case-sensitive passwords. Windows 3.11 and Windows 98 don’t differentiate password case by default.
b. The Disable Ctrl-Alt-Del policy must be set before Windows 2000 can use smart card authentication.
a. RADIUS (Remote Authentication Dial-In User Service) is used along with other protocols in managing dial-up user authentication.
d. Microsoft’s implementation of RADIUS is called Internet Authentication Service (IAS).
b. A certificate is made with a user’s public key and a certificate authority’s root key.
a, b, d. A standalone subordinate certificate authority can issue and accept certificates to and from other SSCAs and can issue a certificate to a user, but it can’t accept a certificate from a user.
c. MS-CHAP would provide the most security while supporting the computers. MS-CHAP v2 is more secure, but would not support the Windows 98 machine.
b. Auditing could help you determine whether there is a security problem. EFS and smart cards (choices c and d) could improve security, but could not verify that a problem exists in the first place.
c. The only real solution is to move the files to an operating system that supports security, such as Windows 2000. The user should be educated to avoid saving local copies of the files.