QUESTION NO: 168
You are the administrator of TestKing’s network, which consists of a single Windows 2000 domain. All
client computers run Windows 2000 Professional.
Your network uses an IPSec policy that is defined in a Group Policy applied to all computers in the
domain. You upgrade all network adapters in all computers to high-security adapters that provide
encryption at the hardware level. You then delete the IPSec policy from the Group Policy.
However, you learn that the IPSec policy is still being applied to all computers in the domain. You need
to ensure that the IPSec policy is removed from all computers. As your first step in achieving this goal,
you create a new IPSec policy with default settings.
What should you do?
A. Assign the new policy. Run the secedit/refreshpolicy machine_policy command on all computers.
B. Assign and then unassign the new policy. Run the secedit/refreshpolicy machine_policy command
on all computers.
C. Assign the new policy. Run the secedit/configure /overwrite /areas securitypolicy command on all
computers.
D. Assign and then unassign the new policy. Run the secedit/configure /overwrite /areas
securitypolicy command on all computers.
Answer: B
Explanation: To correctly delete a policy, it should first be unassigned, and then deleted. If a policy is deleted
before it is unassigned, you can assign a new policy, and then unassign it. We should then run the
secedit/refreshpolicy machine_policy command on all computers to force a policy update.
IPSec policy will remain active even after the Group Policy object to which it is assigned has been deleted. You
must unassign the IPSec policy before you delete the policy object. If you delete the policy objects and keep the
policy assigned, the IPSec Policy Agent will assume it simply cannot find the policy and use a cached copy.
Reference:
IPSec Policy Is Applied After Being Deleted from a Group Policy (Q234320)
Windows 2000 Server documentation, Configure system security
Windows 2000 Server documentation, To assign IPSec policy to Group Policy
Incorrect Answers:
A: The old policy has been incorrectly deleted so we must unassign the new policy before forcing a policy
update.
C: The /overwrite argument is only valid when the /CFG argument is also used.
D: The /overwrite argument is only valid when the /CFG argument is also used.
You are the administrator of TestKing’s network, which consists of a single Windows 2000 domain. All
client computers run Windows 2000 Professional.
Your network uses an IPSec policy that is defined in a Group Policy applied to all computers in the
domain. You upgrade all network adapters in all computers to high-security adapters that provide
encryption at the hardware level. You then delete the IPSec policy from the Group Policy.
However, you learn that the IPSec policy is still being applied to all computers in the domain. You need
to ensure that the IPSec policy is removed from all computers. As your first step in achieving this goal,
you create a new IPSec policy with default settings.
What should you do?
A. Assign the new policy. Run the secedit/refreshpolicy machine_policy command on all computers.
B. Assign and then unassign the new policy. Run the secedit/refreshpolicy machine_policy command
on all computers.
C. Assign the new policy. Run the secedit/configure /overwrite /areas securitypolicy command on all
computers.
D. Assign and then unassign the new policy. Run the secedit/configure /overwrite /areas
securitypolicy command on all computers.
Answer: B
Explanation: To correctly delete a policy, it should first be unassigned, and then deleted. If a policy is deleted
before it is unassigned, you can assign a new policy, and then unassign it. We should then run the
secedit/refreshpolicy machine_policy command on all computers to force a policy update.
IPSec policy will remain active even after the Group Policy object to which it is assigned has been deleted. You
must unassign the IPSec policy before you delete the policy object. If you delete the policy objects and keep the
policy assigned, the IPSec Policy Agent will assume it simply cannot find the policy and use a cached copy.
Reference:
IPSec Policy Is Applied After Being Deleted from a Group Policy (Q234320)
Windows 2000 Server documentation, Configure system security
Windows 2000 Server documentation, To assign IPSec policy to Group Policy
Incorrect Answers:
A: The old policy has been incorrectly deleted so we must unassign the new policy before forcing a policy
update.
C: The /overwrite argument is only valid when the /CFG argument is also used.
D: The /overwrite argument is only valid when the /CFG argument is also used.