You need to design a patch management strategy for Willow Bridge, Ltd. Take care
that you solutions meet the requirements.
What should you do?
A. Create a test network representing a SUS server and all types of computers to be
found in the production environment in all the offices.
Test all updates in the test networks and approve the appropriate updates. Deploy a SUS server in each office.
Use Group Policy to configure network computers to download approved updates from
their local SUS servers.
B. Deploy a SUS server in Chicago and a child SUS server in New York, Los Angeles
and Detroit and configure each SUS server to connect to the official Microsoft Windows
Updates Web site and download updates.
Test all updates in the test network and approve the appropriate updates on the parent
SUS server for distribution to the child SUS servers at the other offices.
Configure the child SUS servers to receive updates from the parent SUS server.
Use Group Policy to configure network computers to download approved updates from
their local SUS servers.
C. Create a test network representing a SUS server and all types of computers to be found
in the production environment in the Chicago office.
Test all updates in the test network and approve the appropriate updates on the parent
SUS server for distribution to the child SUS servers at the other offices.
Configure the child SUS servers to receive updates from the parent SUS server.
Use Group Policy to configure network computers to download approved updates from
their local SUS servers.
D. Create a test network representing a SUS server and all types of computers to be
found in the production environment in the Chicago office.
Leading the way in IT testing and certification tools, www.certifyme.com
- 55 -
Test all updates in the test network and approve the appropriate updates on the parent
SUS server for distribution to the child SUS servers at the other offices.350-001 Configure the child SUS servers to receive updates from the parent SUS server.
Use Group Policy to configure network computers to receive the list of approved updates
from their local SUS servers and downloads these updates from the official Microsoft
Windows Updates Web site.
Answer: C
Explanation: In the Scenario it is stated that:
1. All solutions must ensure that WAN traffic is kept to a minimum.
2. Security updates and patches are to be deployed in a centralized, efficient manner that
minimizes traffic over WAN connections.
3. We also want to be able to ascertain which security patches have been applied to client
computers.
4. We want to enable all client computers automatically update themselves.
5. We need to make sure that our patch management system must support compatibility
testing of all updates before the updates are deployed to the production network.
6. All security patches must be tested and approved by the IT department in the Chicago
office.
7. We need to deploy security patches efficiently.
Thus you should create a test network representing a SUS server and all types of
computers to be found in the production environment in the Chicago office.640-802 Then test all
updates in the test network and approve the appropriate updates on the parent SUS server
for distribution to the child SUS servers at the other offices. The child SUS servers must
then be configured to receive updates from the parent SUS server. Use Group Policy to
configure network computers to download approved updates from their local SUS servers
to ascertain which security patches have been applied to client computers.
Incorrect answers:
A: Setting up test environments in each office will result in a decentralized patch
management and the scenario states a desire for centralized control over patch
management. There is also the added problem of increased WAN traffic.
B: The deployment of SUS server in Chicago and a child SUS server in New York, Los
Angeles and Detroit and configure each SUS server to connect to the official Microsoft
Windows Updates Web site and download updates makes the rest of the option obsolete.VCP-310 Since the requirements states that you need to ensure that updates should be installed in a
timely manner and this will not ensure that each office will keep up to date and distribute
tested and approved updates.
D:
Leading the way in IT testing and certification tools, www.certifyme.com
- 56 -
Using Group Policy to configure network computers to receive the list of approved
updates from their local SUS servers and downloads these updates from the official
Microsoft Windows Updates Web site will result in each of the local SUS servers
connecting to the Internet to download updates, albeit a list a approved updates, and this
will violate the one requirement that all solutions should minimize WAN traffic.
Reference:
Elias N. Khnaser, Susan Snedak, Chris Peiris & Rob Amini, MCSE Designing Security
for a Windows Server 2003 Network Exam 70-298 Study Guide, Chapter 2, p. 140
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment