Words of warning to those experimenting with CompTIA Security+ dumps: nothing can prepare you for the real CompTIA Security+ exam questions and answers like a CompTIA Security+ dump - but no functional learning can be obtained training with these fraudulent CompTIA Security+ exam papers. CompTIA Security+ exams are difficult but they are not impossible. Nothing feels better than legitimately passing CompTIA Security+ practice questions, knowing you will be knocking out the actual CompTIA Security+ quiz when you get to the training and testing center.

Your CompTIA Security+ material should include the following:

• CompTIA Security+ lab questions. A good CompTIA Security+ labs will display your strengths and weaknesses like nothing else.
• CompTIA Security+ online tests for fast training anywhere you have a connection to the internet.
• CompTIA Security+ practice tests with CompTIA Security+ test answers to quickly check your results.
• No CompTIA Security+ training course is complete without CompTIA Security+ testking questions and answers.
• If you can locate them CompTIA Security+ video training is invaluable.
• Finally advice from recent CompTIA Security+ test questions experiencers - personal experience is the best CompTIA Security+ study guide and there is no CompTIA Security+ simulation like CompTIA Security+ tips from a friend.

• Tutorial:
  A smart jack acts as the demark in telecommunication distribution. The demark refers to the point where the telephone network ends and the customer equipment begins. A smart jack, also referred to as a network interface device (NID) or network interface unit (NIU), performs telephone network interface functions enabling the connection to the telephone company network.
• A 66 block does not act as the demark. A 66 block is a component in the customer’s on-premise wiring. It is a punch-down block with 50 rows of 4 clips used for terminating telephone lines.
• An MDF does not act as a demark. An MDF typically is found at the telephone company central office or local loop, but it also can be installed on the customer premises in a large installation. It is used as a termination point for trunk cables and a connection point for IDFs.
• An IDF does not act as a demark. An IDF provides the intermediate connection to the customer telecommunication equipment and typically is connected to a punch-down block or patch panel that is then connected to the customer equipment.
• For example, when wiring a large office building, you might have an MDF when the building connects to the telephone network. You could then have an IDF on each floor that connects to the MDF through vertical cross connects between floors. Finally, the patch panels used for the final wiring would connect to the IDFs.

Biographical note

Glen E. Clarke, CompTIA Network+, CompTIA A+, CompTIA Security+, MCSE, CEH, SCNP is an independent trainer and consultant, focusing on network security and web application development.

CompTIA's Security+ is a vendor-neutral certification that validates the competency of security professionals working in the IT industry. The Security Plus Certification confirms a technician's critical knowledge of communication security, infrastructure security, cryptography, operational security, and general security concepts. Because human error is the number one cause for a network security breach, CompTIA Security+ is recognized by the technology community as a valuable credential thatproves competency with information security.

QuickCert's Security Plus training course follows the CompTIA authorized curriculum, ensuring you receive the training and knowledge needed to succeed. QuickCert is so certain this class meets and exceeds the exam objectives, we guarantee you will pass your exam!

CompTIA Security+ Exam Objectives

The Security+ exam blueprint includes the test objectives and the relative weightings. The table below lists the domains measured by this examination and the extent to which they are represented in the examination. Example topics and concepts are included to clarify the test objectives and should not be construed as a comprehensive list of all the content of this exam.

Nine minibooks cover everything you need to earn the A+ certification

CompTIA's A+ certification is the industry-leading entry-level certification for IT professionals, and this guide is the quick, easy way to prepare for the test. 1,200 pages of up-to-date information correlates with both the hardware and operating system exams and serves as a reference after the test-taking is completed.

The minibooks cover each domain of the exam: A+ Groundwork, Inside the Box, Outside the Box, Maintenance and Troubleshooting, Operating System Basics, Managing The Operating System, Recovering Systems, Networking, and Securing Systems. You'll find plenty of sample test questions to get you prepared, too.

• CompTIA's A+ certification is vendor-neutral and validates the skills of entry-level computer technicians; it can be the ticket to a new or better job
• Certification requires successful completion of two exams; this prep guide covers all the core competencies required
• Nine minibooks cover A+ Groundwork, Inside the Box, Outside the Box, Maintenance and Troubleshooting, Operating System Basics, Managing The Operating System, Recovering Systems, Networking, and Securing Systems
• Covers installation, configuration, diagnosing, preventive maintenance, and basic networking, with extra information about Vista and a heavier emphasis on hardware
• Companion CD-ROM include the Dummies Test Engine, an exclusive, fully customizable test-prep software package that includes 400 exam review questions

Refreshing a GPO

Each GPO is refreshed when you restart your computer. When you modify the settings in a GPO, they are refreshed every 90 minutes on a workstation or server and every five minutes on a domain controller. The settings are also refreshed every 16 hours, whether or not there are any changes. In Windows Server 2003, you can refresh policy immediately by using the Gpupdate command-line tool. Gpupclate replaces the secedit.exe /refreshpolicy command used for refreshing GPOs in Windows 2000.

To refresh GPOs immediately, complete the following steps:

1.      Click Start, and then click Run.

2.      In the Run dialog box, type gpupdate in the Open box, and then click OK. You

will briefly see the message "Refreshing Policy" on the command line while the

policy is being refreshed.

Gpupdate also permits certain options to be specified on the command line. You can learn more about these options by searching for "gpupdate" in Windows Server 2003 Help.

Group Policy Best Practices

The following are the best practices for implementing Group Policy:

•       Disable unused parts of a GPO    If a GPO has, under the User Configuration or

Computer Configuration node of the console, only settings that are Not Configured, disable the node to expedite startup and logging on.

•       Use the Block Policy Inheritance and No Override features sparingly   Rou¬

tine use of these feature makes it difficult to troubleshoot Group Policy.

•       Do not use the same name for different GPOs    Although using the same GPO

name doesn't affect GPO function, it can be confusing to administer.

•       Filter policy based on security group membership    Users who do not have

permissions directing that a particular GPO be applied to them can avoid the associated logon delay, because the GPO is not applied for those users.

•       Use loopback only -when necessary    Use loopback only if you need the desk¬

top configuration to be the same regardless of who logs on.

•       Override Group Policy rather than System Policy    Use System Policy only to

manage computers on an operating system earlier than Windows 2000 or if you

need to manage desktops for multiple users on a stand-alone computer.

•       Avoid cross-domain GPO assignments    The processing of GPOs delays log¬

ging on and startup if Group Policy is obtained from another domain.

• Do not link a GPO to the same OU more than once When more than one link for the same OU is applied to a single object, the links may be interpreted differently and produce an unexpected RSoP.

Practice: Implementing a GPO

In this practice, you implement a GPO for your practice domain.

Exam Tip Know the difference between Block Policy Inheritance and No Override.

I Loopback setting Loopback is an advanced Group Policy setting that is useful on computers in certain closely managed environments such as kiosks, laboratories, classrooms, and reception areas. Loopback provides alternatives to the default method of obtaining the ordered list of GPOs -whose user configuration settings affect a user. By default, a user's settings come from a GPO list that depends on the user's location in Active Directory. The ordered list goes from site-linked to domain-linked to OU-linked GPOs, with inheritance determined by the location of the user in Active Directory and in an order specified by the administrator at each level. Loopback can be Not Configured, Enabled, or Disabled, as can any other Group Policy setting. In the Enabled state, loopback can be set to Merge or Replace mode.

CJ Replace mode In this case, the GPO list for the user is replaced in its entirety by the GPO list already obtained for the computer at computer startup (during step 2 in "How Group Policy Affects Startup and Logging On"). The computer's GPOs replace the user GPOs normally applied to the user.

Q Merge mode In this case, the GPO list is concatenated. The GPO list obtained for the computer at computer startup (step 2 in "How Group Policy Affects Startup and Logging On") is appended to the GPO list obtained for the user when logging on (step 7 in "How Group Policy Affects Startup and Logging On"). Because the GPO list obtained for the computer is applied later, it has precedence if it conflicts with settings in the user's list.

Centralized GPO Design

With a centralized GPO approach (shown in Figure 10-9), the goal is to use very few GPOs (ideally only one) for any given user or computer. All of the policy settings required for a given site, domain, or OU should be implemented within a single GPO.

If the site, domain, or OU has groups of users or computers with different policy requirements, consider subdividing the container into OUs and applying separate GPOs to each OU rather than to the parent. A change to the centralized GPO design involves more administration than the decentralized approach because the settings might need to be changed in multiple GPOs, but logon time is shorter. This model is best suited for environments in which users and computers can be classified into a small number of OUs for policy assignment.

Administrative Templates

The previous section discussed the Administrative Templates node in a GPO, which contains the registry-based Group Policy settings you set on the Group Policy Object Editor. However, an administrative template is actually a text file used to generate the user interface for the Group Policy settings you can set on the Group Policy Object Editor. In Windows Server 2003, administrative templates have the .adm file name extension, as they did in Windows NT 4. In earlier versions of Windows, administrative templates were text files using the American National Standards Institute (ANSI) character set. They created a namespace within the System Policy Editor for convenient editing of the registry, a friendlier user interface than the Registry Editor (Regedit.exe). In Windows Server 2003 and Windows 2000, administrative templates are Unicode-based text files. The Group Policy Object Editor replaces the System Policy Editor and

gives you greater control over configuration settings. Administrative templates is the only area of Group Policy (the other areas being software settings and Windows settings) that allows you to make modifications by adding new administrative templates.

There are three types of administrative templates:

•       Default    Administrative   templates   provided  with   Windows   Sei"ver   2003,   as

described in Table 10-2.

•       Vendor-supplied    Administrative templates provided with software applications

designed to run on Windows Server 2003. You might need to install these tem¬

plates separately or download them from a Web site. For example, you can down¬

load the Microsoft Office 2000 or Microsoft Windows XP Resource Kit tools from

the Microsoft Web site (www.microsoft.com) in order to implement Office 2000 or

Windows XP Group Policy settings.

•       Custom    Templates created using the .adm language to further control computer

or user settings. Custom templates are generally created by application developers.

Note A detailed discussion on creating custom administrative templates is beyond the scope of this course. You can find the details about creating your own administrative templates by searching for ".adm Language Reference" on the Microsoft TechNet Web site (www. m/eras oft. com/Tech Net).

1.      Why is it necessary to delegate administrative control of Active Directory objects?

You delegate administrative control of domains, OUs, and containers in order to provide other administrators, groups, or users with the ability to manage functions according to their needs.

2.      What is the purpose of the Delegation Of Control Wizard?

The Delegation Of Control Wizard is provided to automate and simplify the process of setting administrative permissions for a domain, OU, or container.

3.      How can you remove permissions you set by using the Delegation Of Control

Wizard?

Although the Delegation Of Control Wizard can be used to grant administrative permissions to containers and the objects within them, it cannot be used to remove those privileges. If you need to remove permissions, you must do so manually in the Security tab in the Properties dialog box for the container and in the Advanced Security Settings dialog box for the container.

4. For which of the following Active Directory objects can you delegate administrative control by using the Delegation Of Control Wizard? (Choose all that apply.)

a.      Folder

b.      User

c.      Group

d.      Site

e.      OU

f.       Domain

g.      Shared folder

The correct answers are a, d, e, and f. Folders, sites, OUs, and domains are all objects for which administrative control can be delegated by using the Delegation Of Control Wizard.

Implementing Group Policy

Exam Objectives in this Chapter:

•       Plan a Group Policy strategy

•       Plan a strategy for configuring the user environment with Group Policy

•       Plan a strategy for configuring the computer environment with Group Policy

•       Configure user environment by Group Policy

•       Deploy computer environment by Group Policy

Why This Chapter Matters

The information in this chapter shows you how to plan and implement group policies. Planning your Group Policy strategy is essential to provide the most efficient Group Policy implementation for your organization. To effectively plan your Group Policy strategy, you must plan the settings that will be included in each Group Policy Object (GPO); whether the GPO should be applied to a site, domain, or organizational unit (OU); and administrative control of GPOs. After you've planned your Group Policy strategy, you must be able to implement GPOs for your organization. To effectively implement your Group Policy strategy, you must be able to create a GPO, create a Microsoft Management Console (MMC) for the GPO, delegate administrative control of the GPO, configure Group Policy settings for the GPO, disable unused Group Policy settings, indicate any GPO processing exceptions, filter the scope of the GPO with security groups, and link the GPO to a site, domain, or OU.

To ensure that specific administrators receive the appropriate permissions for an object, you must delegate the administration of the object. In this lesson, you learn how to use the Delegation Of Control Wizard to delegate administrative control of domains, OUs, and containers.

After this lesson, you will be able to

•  Delegate administrative control of domains, OUs, and containers Estimated lesson time: 10 minutes

Delegating Administrative Control

You delegate administrative control of domains, OUs, and containers in order to provide other administrators, groups, or users with the ability to manage functions according to their needs. In small organizations, a few administrators might be responsible for managing Active Directory objects. However, larger organizations might require many more administrators, requiring administrators to manage specific domains, OUs, or containers or even specific objects within OUs or containers. To ensure that administrators receive the appropriate permissions, you must delegate the administration of the domain, OU, or container. The Delegation Of Control Wizard is provided to automate and simplify the process of setting administrative permissions for a domain or an OU. Once you've used the Delegation Of Control Wizard to set up permissions, you can view or modify permissions for an object by viewing or modifying the access control entries (ACEs) in the object's ACL.

When you delegate administrative control to users, you must ensure that the users take responsibility and can be held accountable. Provide training for users who have control of objects. If the users to whom you delegate responsibility are not performing the administrative tasks, you need to assume responsibility for their failure.

Note By default, all child objects in an OU inherit the permissions set on the OU.

Standard permissions are assigned in the Security tab in the Properties dialog box for the object, which is accessed by using the Active Directory Users And Computers console.

To assign standard permissions for an object, complete the following steps:

1. Click Start, point to Administrative Tools, and then click Active Directory Users And Computers. On the View menu, ensure that Advanced Features is selected. Right-click the object for which you want to assign permissions and click Properties.

Important You must select Advanced Features on the View menu to be able to access the Security tab and assign standard permissions for an object.

2.      In the Properties dialog box for the object, click the Security tab, shown previously in

Figure 9-6. Note that the permissions provided in the Properties dialog box are different for each object type. Click Add.

3.      In the Select Users, Computers, Or Groups dialog box, type the name of the security principal for which you want to set permissions in the Enter The Object Names

To Select box, then click OK.

4.      In the Permissions For Security Principal box, select the Allow check box or the

Deny check box for each permission you want to add, change, or deny. Refer

to the procedure "To set inheritance for a standard or special permission," on

page 9-25 in this lesson, for details on setting inheritance. Click OK.

In this exercise, you find various user accounts you created in Exercise 1 by using the Dsquery command.

To locate users using the Dsquery command

1. Use the procedure provided earlier in this lesson and Windows Server 2003 Help to find disabled user accounts in the contoso.com domain. What command did you use and what is the result?

Use the dsquery user domainroot -disabled command to find disabled user accounts in the contoso.com domain. The command lists the Guest, the SUPPORT, the krbtgt, and the User Nineteen accounts as disabled. Results might vary on your system if additional users have been created.

2. Use the procedure provided earlier in this lesson and Windows Server 2003 Help to find a list of all OUs in the contoso.com domain, listed by their relative distinguished name. What command did you use and what is result?

Use the dsquery ou -o rdn command to find a list of all OUs in the contoso.com domain, listed by their relative distinguished name. The command lists the Domain Controllers, East, West, Columbus, Chicago, St. Paul, and Kansas City OUs. Results might vary on your system if additional OUs have been created.

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson and then try the question again. Answers to the questions can be found in the "Questions and Answers" section at the end of this chapter.

1. Why shouldn't administrators be assigned to the Administrators group?

2. What is the purpose of the Run As program?

3. What are the two ways of invoking the Run As Program?

Lesson Summary

Running Windows Server 2003 as an administrator makes the system vulnerable to Trojan horse attacks and other security risks. Therefore, you should not assign yourself to the Administrators group and you should avoid running your computer while logged on as an administrator.

For most computer activity, you should assign yourself to the Users or Power Users group. If you need to perform an administrator-only task, such as upgrading the operating system or configuring system parameters, you should log on as an administrator, perform the task, and then log off.

If you frequently need to log on as an administrator, you can use the Run As program to start programs as an administrator. The Run As program allows you to run specific tools and programs with permissions other than those provided by the account with which you are currently logged on. The Run As program can be invoked on the desktop or by using the Runas command.