Your company has a single active directory domain. The company network is protected by a firewall. Remote users connect to your network through a VPN server by using PPTP. When the users try to connect to the VPN server， they receive the following error m

第1题：

Your company has a single Active Directory domain. The company network is protected by a firewall.Remote users connect to your network through a VPN server by using PPTP. When the users try to connect to the VPN server, they receive the following error message: °Error 721: The remote computer is not responding.You need to ensure that users can establish a VPN connection. What should you do？（）

• A、Open port 1423 on the firewall.
• B、Open port 1723 on the firewall.
• C、Open port 3389 on the firewall.
• D、Open port 6000 on the firewall.

第2题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains a Web server that runs IIS 6.0 and hosts a secure intranet site. All users are required to connect to the intranet site by authenticating and using HTTPS. However， because an automated Web application must connect to the Web site by using HTTP， you cannot configure the intranet site to require HTTPS.  You need to collect information about which users are connecting to the Web site by using HTTPS.   What should you do？（）

• A、Check the application log on the Web server.
• B、Use Network Monitor to capture network traffic on the Web server.
• C、Review the log files created by IIS on the Web server.
• D、Configure a performance log to capture all Web service counters. Review the performance log data.

第3题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. The company has a large number of sales representatives who need access to the company network when they travel. A Windows 2000 Server computer is configured to allow users to access the network by using a dial-up connection. Several of the sales representatives occasionally travel to rural locations that have telephone lines that use outdated technology. The sales representatives report that when they attempt to establish a dial-up connection in these locations, they receive the following error message: "The server is not responding." They cannot connect to the remote access server or to the company network. Users who travel to urban areas do not report this problem. You investigate and find out that the server is running properly, but the problem persists. The sales representatives need to be able to use the dial-up connection to access the company network. What should you do?（）

• A、Change the flow control option in the modem properties to Xon / Xoff.
• B、Disable error correction in the modem's default data connection preferences.
• C、Adjust the modem's default connection speed to a lower rate. 
• D、Disable the first-in, first-out (FIFO) receive and transmit buffers on the modem. 

第4题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2008 R2.   All client computers run Windows 7. Some users have laptop computers and work remotely from home.   You need to plan a data provisioning infrastructure to secure sensitive files. Your plan must meet the following requirements:   èFiles must be stored in an encrypted format.   èFiles must be accessible by remote users over the Internet.   èFiles must be encrypted while they are transmitted over the Internet. What should you include in your plan?（）

• A、Deploy one Microsoft SharePoint Foundation 2010 site. Require users to access the SharePoint site by using a Secure Socket Transmission Protocol （SSTP） connection.
• B、Deploy two Microsoft SharePoint Foundation 2010 sites.Configure one site for internal users. Configure the other site for remote users. Publish the SharePoint sites by using HTTPS.
• C、Configure a Network Policy and Access Services （NPAS） server to act as a VPN server. Require remote users to access the files by using an IPsec connection to the VPN server.
• D、Store all sensitive files in folders that are encrypted by using Encrypting File System （EFS）. Require  remote users to access the files by using Secure Socket Transmission Protocol （SSTP）.

第5题：

Your company has users who connect remotely to the main office though a Windows Server 2008 VPN server. You need to ensure that users cannot access the VPN server remotely from 22：00 to 05：00.  What should you do（　）？ 

• A、Create a network policy for VPN connections. modify the Day and time restrictions.
• B、Create a network policy for VPN connections. apply an ip filter to deny access to the corporate network.
• C、Modify the Logon hours for all users objects to specify only the VPN server otn he computer restrictions option
• D、Modify the Logon hours for the default domain policy to enable the Force logoff when logon hours expire option.

第6题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains an application server running Windows Server 2003.   Users report intermittent slow performance when they access the application server throughout the day. You find out that the network interface on the application server is being heavily used during the periods of slow performance. You suspect that a single computer is causing the problem.You need to create a plan to identify the problem computer.   What should you do？（）

• A、 Monitor the performance monitor counters on the application server by using System Monitor.  
• B、 Monitor the network traffic on the application server by using Network Monitor.
• C、 Monitor network statistics on the application server by using Task Manager.
• D、 Run network diagnostics on the application server by using Network Diagnostics.

第7题：

You are the network administrator for your company. All servers run Windows Server 2003.  You configure a server named Server2 as a Network Address Translation （NAT） server. Server2 has a single network adapter and a modem. Server2 connects to the Internet through a demand-dial connection. Users report that when they attempt to connect to Internet Web sites， they intermittently receive the following error message： "Page not found." After waiting for several minutes， they can connect to the Web sites. These errors occur throughout the day.  You need to configure Server2 to allow users to always connect to Internet Web sites.   What should you do？（）

• A、Set the demand-dial connection to Persistent.
• B、Set the dial-out hours on the demand-dial connection to any day and any time.
• C、Set a demand-dial filter. Configure the filter for Only allow the following traffic. Specify a new filter for outbound port 80.
• D、Configure the demand-dial interface as the private interface.

第8题：

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains three member servers named Server1，Server2，and Server3.    The three member servers are connected to the Internet. You plan to implement remote access to the company network for users that work from home. You configure and enable Routing and Remote Access on Server1 and Server2. An assistant，who is an administrator on all member servers， configures and enables Routing and Remote Access on Server3. Users from the domain can successfully establish VPN connections from the lnternet to Server1 and Server2. However，users cannot establish a VPN connection to Server3. You discover that Server3 can only authenticate Internet VPN connections from local user accounts.    You need to ensure that users from the domain can successfully establish a VPN connection to Server3.  What should you do？（）

• A、 Enable the Server3 computer account in Active Directory as trusted for delegation.
• B、 Assign the Authenticated Users group the Allow - Allowed to Authenticate permission for the Server3 computer acc
• C、 Assign the Server3 computer account the Allow. Read permission on the RAS and IAS Servers access Check cont
• D、 Add the Server3 computer account to the RAS and IAS Servers security group.
• E、 Add the Server3 computer account to the Windows Authorization Access Group security group.

第9题：

You want to configure your Windows 2000 Professional computer to remotely access your company’s Windows 2000 routing and remote access server. You configure a VPN connection. For security purposes， you configure the VPN connection to use MS-CHAP v2 only and to require encryption. You also configure TCP/IP to obtain an IP address automatically， to enable IPSec， and to set IPSec to secure server. When you try to connect， you receive the following error message， “The encryption attempt failed because no valid certificate was found.” What should you do to connect to the server？ （）

• A、Enable the VPN connection to use MS-CHAP.
• B、Change the data encryption setting to Optional Encryption.
• C、Specify a TCP/IP address in the network properties.
• D、Change the IPSec policy setting to Client.

第10题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.The network contains a Web server named Server1 that runs IIS 6.0 and hosts a secure Web site. The Web site is accessible from the intranet， as well as from the Internet. All users must authenticate when they connect to Server1. All users on the Internet must use a secure protocol to connect to the Web site. Users on the intranet do not need to use a secure protocol.You need verify that all users are using a secure protocol to connect to Server1 from the Internet.   What are two possible ways to achieve this goal？（）

• A、Monitor the events in the application log on Server1.
• B、Monitor the events in the security log on Server1.
• C、Monitor the Web server connections on Server1 by using a performance log.
• D、Monitor network traffic to Server1 by using Network Monitor.
• E、Monitor the IIS logs on Server1.

第11题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3). You enable and configure Terminal Server on a server named Server1. A firewall separates Server1 from the internal network. Internal users report that they cannot connect to Server1 by using Remote Desktop Connection. You need to ensure that the users can connect to Server1 by using Remote Desktop Connection. Which port should you open on the firewall? （）

• A、389
• B、3268
• C、3389
• D、5900

第12题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service （IAS）. Server1 provides VPN access to the network for users’ home computers.   You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized.  You need to configure Server1 to log the details of access attempts by VPN users.   What should you do？  （）

• A、 Configure the system event log to Do not overwrite.
• B、 In IAS， in Remote Access Logging， enable the Authentication requests setting.
• C、 Configure the Remote Access server to Log all events.
• D、 Create a custom remote access policy and configure it for Authentication-Type.

第13题：

Your company has users who connect remotely to the main office through a Windows Server 2008 VPN server.You need to ensure that users cannot access the VPN server remotely from 22：00 to 05：00. What should you do？（）

• A、Create a network policy for VPN connections. Modify the Day and time restrictions.
• B、Create a network policy for VPN connections. Apply an IP filter to deny access to the corporate network.
• C、Modify the Logon hours for all user objects to specify only the VPN server on the Computer restrictions option.
• D、Modify the Logon Hours for the default domain policy to enable the Force logoff when logon hours expire option.

第14题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3). You enable and configure Terminal Server on a server named Server1. A firewall separates Server1 from the internal network. Internal users report that they cannot connect to Server1 by using Remote Desktop Connection. You need to ensure that the users can connect to Server1 by using Remote Desktop Connection. Which port should you open on the firewall? （）

• A、389
• B、3268
• C、3389
• D、5900

第15题：

Your network contains several Windows Server 2008 R2 servers that run Windows Server Update   Services (WSUS). The WSUS servers distribute updates to all computers on the internal network. Remote users connect from their personal computers to the internal network by using a split-tunnel VPN  connection.   You need to plan a strategy for patch management that deploys updates on the remote users coputers.   Your strategy must meet the following requirements: èMinimize bandwidth use over the VPN connections.   èRequire updates to be approved on the WSUS servers before they are installed on the client computers. What should you include in your plan?（）

• A、Create a Group Policy object （GPO） to perform client-side targeting.
• B、 Create a computer group for the remote users¯ computers. Configure the remote user computers touse the internal WSUS server.
• C、Create a custom connection by using the Connection Manager Administration Kit （CMAK）. Deploy the  custom connection to all of the remote users computers
• D、Deploy an additional WSUS server. Configure the remote userscomputers to use the additional WSUS server. Configure the additional WSUS server to leave the updates on the Microsoft Update Web  site.

第16题：

Your company has a single Active Directory domain. The company network is protected by a firewall.Remote users connect to your network through a VPN server by using PPTP.When the users try to connect to the VPN server, they receive the following error message :Error 721:The remote computer is not responding.You need to ensure that users can establish a VPN connection.What should you do？（）

• A、Open port 1423 on the firewall.
• B、Open port 1723 on the firewall.
• C、Open port 3389 on the firewall.
• D、Open port 6000 on the firewall.

第17题：

You are the network administrator for your company. The network consists of a single Active Directory domain.  The company has remote users in the sales department who work from home. The remote users’ client computers run Windows XP Professional， and they are not members of the domain. The remote users’ client computers have local Internet access through an ISP.   The company is deploying a Windows Server 2003 computer named Server1 that has Routing and Remote Access installed. Server1 will function as a VPN server， and the remote users will use it to connect to the company network. Confidential research data will be transmitted from the remote users’ client computers. Security is critical to the company and Server1 must protect the remote users’ data transmissions to the main office. The remote client computers will use L2TP/IPSec to connect to the VPN server.  You need to choose a secure authentication method.   What should you do？ （）

• A、 Use the authentication method of the default IPSec policies.
• B、 Create a custom IPSec policy and use the Kerberos version 5 authentication protocol.
• C、 Create a custom IPSec policy and use certificate-based authentication.
• D、 Create a custom IPSec policy and use preshared key authentication.
• E、 Use the authentication method of the Routing and Remote Access custom IPSec policy for L2TP connection.

第18题：

You are the network administrator for Company.  You configure an L2TP virtual private network (VPN) connection on your Windows 2000 Professional computer to remotely access Company’s Windows 2000 Routing and Remote Access server. The server is configured to accept a limited number of both PPTP and L2TP connections. You configure the VPN connection to use MS-CHAP v2 only and to require encryption. You also configure TCP/IP to obtain an IP address automatically. Many times when you try to connect, you are unable to because all of the ports are in use. Other times you are able to connect successfully.   You want to increase your chances of being able to connect to the server while ensuring that the most secure connection type available is used.   What should you do? （）

• A、Enable the VPN connection to use MS-CHAP.
• B、Specify a TCP/IP address in the Network properties.
• C、Change the data encryption setting to Optional Encryption.
• D、Configure the Type of VPN server I am calling to be Automatic.
• E、Configure the Type of VPN server I am calling to be PPTP.

第19题：

Your company has a single Active Directory domain. The company network is protected by a firewall. Remote users connect to your network through a VPN server by using PPTP.When the users try to connect to the VPN server， they receive the following error message：Error 721：The remote computer is not responding.You need to ensure that users can establish a VPN connection. What should you do？（）

• A、Open port 1423 on the firewall.
• B、Open port 1723 on the firewall.
• C、Open port 3389 on the firewall.
• D、Open port 6000 on the firewall.