单选题A company has a policy that states that all servers will be fully backed up on the weekend.Additionally， all changed items will be backed up each night. In the event of a server failure， the administrator wants to be able to fully recover the system us

第1题：

ou are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.Two of the servers on the network contain highly confidential documents. The company’s written security policy states that all network connections with these servers must be encrypted by using an IPSec policy.You place the two servers in an organizational unit （OU） named SecureServers. You configure a Group Policy object （GPO） that requires encryption for all connections. You assign the GPO to the SecureServers OU.  You need to verify that users are connecting to the two servers by using encrypted connections.   What should you do？（）

• A、Run the net view command.
• B、Run the gpresult command.
• C、Use the IP Security Monitor console.
• D、Use the IPSec Policy Management console.

第2题：

Your company has several branch offices. Your network consists of a single Active Directory domain.   Each branch office contains domain controllers and member servers. The domain controllers run  Windows Server 2003 SP2. The member servers run Windows Server 2008 R2.  Physical security of the servers at the branch offices is a concern.   You plan to implement Windows BitLocker Drive Encryption （BitLocker） on the member servers.  You need to ensure that you can access the BitLocker volume if the BitLocker keys are corruptedon the member servers. The recovery information must be stored in a central location. What should you do？（）

• A、Upgrade all domain controllers to Windows Server 2008 R2.Use Group Policy to configure Public Key  policies.
• B、Upgrade all domain controllers to Windows Server 2008 R2. Use Group Policy to enable Trusted platform Module（TPM） backups to Active Directory.
• C、Upgrade the domain controller that has the schema master role to Windows Server 2008 R2. Use group Policy to enable a Data Recovery Agent （DRA）.
• D、Upgrade the domain controller that has the primary domain controller （PDC） emulator role to windows Server 2008 R2. Use Group Policy to enable a Data Recovery Agent （DRA）.

第3题：

You have an Exchange Server 2010 organization.  Your company has a relationship with another company.  The partner company has an Exchange Server 2010 organization.  You need to recommend a security solution to meet the following requirements：  .Ensure that all e-mail delivery between your servers and the partner companys servers is encrypted .Ensure that all communication between your servers and the partner companys servers is authenticated What should you include in the solution？（）

• A、Active Directory Rights Management Services （AD RMS）
• B、Domain Security
• C、Forms-based Authentication
• D、Secure/Multipurpose Internet Mail Extensions （S/MIME）

第4题：

You are the network administrator in the New York office of TestKing. The company network consists of a single Active Directory domain The New York office currently contains one Windows Server 2003 file server named TestKingA. All file servers in the New York office are in an organizational unit (OU) named New York Servers. You have been assigned the Allow - Change permission for a Group Policy object (GPO) named NYServersGPO, which is linked to the New York Servers OU. The written company security policy states that all new servers must be configured with specified predefined security settings when the servers join the domain. These settings differ slightly for the various company offices. You plan to install Windows Sever 2003, on 15 new computers, which all functions as file servers. You will need to configure the specified security settings on the new file servers. TestKingA currently has the specified security settings configured in its local security policy. You need to ensure that the security configuration of the new file servers is identical to that of TestKingA. You export a copy of TestKingA's local security policy settings to a template file. You need to configure the security settings of the new servers, and you want to use the minimum amount of administrative effort. What should you do?（）

• A、Use the Security Configuration and Analysis tool on one of the new servers to import the template file.
• B、Use the default Domain Security Policy console on one of the new servers to import the template file.
• C、Use the Group Policy Editor console to open NYServersGPO and import the template file.
• D、Use the default Local Security Policy console on one of the new servers to import the template file.

第5题：

第6题：

第7题：

第8题：

第9题：

Your company has a single active directory domain. All servers run windows server 2008. The company network has 10 servers that perform as web servers. All confidential files are located on a server named FSS1. The company security policy states that all confidential data must be transmitted in the most secure manner. When you monitor the network, you notice that the confidential files are stored on FSS1 server are being transmitted over the network without encryption. You need to ensure that encryption is always used when the confidential files on the FSS1 server are transmitted over the network. What are two possible ways to achieve this goal? （）

• A、Deactivate all LM and NTLM authentication methods on the FSS1 server.
• B、Use IIS to publish the confidentials files. Activate SSL on the ISS server, and then open the files as a web folder.
• C、Use IPSec encryption between the FSS 1 server and the computers of the users who need to access the confidential files.
• D、Use the server messager block (SMB) signing between the FSS1 server and the computers of the users who want to access the confidential files.
• E、Activate offline files for the confidential files that are stored on the FSS1 server. In the folder advanced properties dialog box, select the encrypt contents to secure data option.

第10题：

Your company has deployed Network Access Protection （NAP）.You configure secure wireless access to the network by using 802.1X authentication from any access point. You need to ensure that all client computers that access the network are evaluated by NAP.  What should you do？（）

• A、Configure all access points as RADIUS clients to the Remediation Servers.
• B、Configure all access points as RADIUS clients to the Network Policy Server （NPS）.
• C、Create a Network Policy that defines Remote Access Server as a network connection method.
• D、Create a Network Policy that specifies EAP-TLS as the only available authentication method.

第11题：

You are the systems engineer for your company. The network consists of a single Active Directory domain. The company has a main office and two branch offices. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional.   Each branch office maintains a dedicated 256-Kbps connection to the main office. Each office also maintains a T1 connection to the Internet. Each office has a Microsoft Internet Security and Acceleration （ISA） Server 2000 computer， which provides firewall and proxy services on the Internet connection. Each branch office contains one domain controller and five servers that are not domain controllers. There is minimal administrative staff at the branch offices.  A new company policy states that all servers must now be remotely administered by administrators in the main office. The policy states that all remote administration connections must be authenticated by the domain and that all traffic must be encrypted. The policy also states that the remote administration traffic must never be carried in clear text across the Internet.   You choose to implement remote administration by enabling Remote Desktop connections on all servers on the network. You decide to use the Internet-connected T1 lines for remote administration connectivity between offices.   Because administrative tasks might require simultaneous connections to multiple servers across the network， you need to ensure that administrators do not lose connections to servers in one office when they attempt to connect to servers in another office.   What should you do？ （）

• A、 Configure Routing and Remote Access on one server in each branch office. Create L2TP/IPSec VPN ports on these servers. Create new VPN connections on the administrators’ computers to connect to the VPN servers in the branch offices.
• B、 Configure a VPN server in each branch office. Create connections that use IPSec Authentication Header （AH） in tunnel mode from the main office connect to VPN servers in the branch offices.
• C、 Configure a local L2TP/IPSec VPN connection on the ISA Server 2000 firewall computer in the main office. Configure the ISA Server 2000 firewall computers at the branch offices as remote L2TP/IPSec VPN servers.
• D、 Configure a local PPTP VPN connection on the ISA Server 2000 firewall computers in each branch office. Configure the ISA Server 2000 firewall computer at the main office as a remote PPTP VPN server.

第12题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.   The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group.   A new requirement in the company’s written security policy states that the Power Users group must be empty on all resource servers.   You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented.   What should you do？  （）

• A、 Add the Domain Users global group to the Remote Desktop Users built-in group in the domain.  
• B、 Add the Domain Users global group to the Remote Desktop Users local group on each terminal server.
• C、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Import the security template into the Default Domain Controllers Policy Group Policy object （GPO）.
• D、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Apply the modified template to each terminal server.

第13题：

第14题：

第15题：

第16题：