Incremental
Normal
Differential
Full
第1题:
ou are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.Two of the servers on the network contain highly confidential documents. The company’s written security policy states that all network connections with these servers must be encrypted by using an IPSec policy.You place the two servers in an organizational unit (OU) named SecureServers. You configure a Group Policy object (GPO) that requires encryption for all connections. You assign the GPO to the SecureServers OU. You need to verify that users are connecting to the two servers by using encrypted connections. What should you do?()
第2题:
Your company has several branch offices. Your network consists of a single Active Directory domain. Each branch office contains domain controllers and member servers. The domain controllers run Windows Server 2003 SP2. The member servers run Windows Server 2008 R2. Physical security of the servers at the branch offices is a concern. You plan to implement Windows BitLocker Drive Encryption (BitLocker) on the member servers. You need to ensure that you can access the BitLocker volume if the BitLocker keys are corruptedon the member servers. The recovery information must be stored in a central location. What should you do?()
第3题:
You have an Exchange Server 2010 organization. Your company has a relationship with another company. The partner company has an Exchange Server 2010 organization. You need to recommend a security solution to meet the following requirements: .Ensure that all e-mail delivery between your servers and the partner companys servers is encrypted .Ensure that all communication between your servers and the partner companys servers is authenticated What should you include in the solution?()
第4题:
You are the network administrator in the New York office of TestKing. The company network consists of a single Active Directory domain The New York office currently contains one Windows Server 2003 file server named TestKingA. All file servers in the New York office are in an organizational unit (OU) named New York Servers. You have been assigned the Allow - Change permission for a Group Policy object (GPO) named NYServersGPO, which is linked to the New York Servers OU. The written company security policy states that all new servers must be configured with specified predefined security settings when the servers join the domain. These settings differ slightly for the various company offices. You plan to install Windows Sever 2003, on 15 new computers, which all functions as file servers. You will need to configure the specified security settings on the new file servers. TestKingA currently has the specified security settings configured in its local security policy. You need to ensure that the security configuration of the new file servers is identical to that of TestKingA. You export a copy of TestKingA's local security policy settings to a template file. You need to configure the security settings of the new servers, and you want to use the minimum amount of administrative effort. What should you do?()
第5题:
Incremental
Normal
Differential
Full
第6题:
Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Secure Server (Require Security) IPSec policy in the GPO.
Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Server (Request Security) IPSec policy in the GPO.
Create a new Group Policy object (GPO) and link it to the Desktops OU. Enable the Client (Respond only) IPSec policy in the GPO.
Create a new Group Policy object (GPO). Edit the GPO to enable the Registry Policy Processing option and the IP Security Policy Processing option. Copy the GPO files to the Netlogon shared folder.
Use System Policy Editor to open the System.adm file and enable the Registry Policy Processing option and the IP Security Policy Processing option. Save the system policy as NTConfig.pol.
第7题:
Select the Not connected option for each virtual machine.
Enable the Enable virtual LAN identification option for each virtual machine.
Set the Connection to Host for the network interface card.
Set the Connection to None for the network interface card.
第8题:
Deactivate all LM and NTLM authentication methods on FSS1 server
Use IIS to publish the confidential files, activate SSL on the IIS server, and then open the files as a web folder
Use IPsec encryption between the FSS1 server and the computers of the users who need to access the confidential files.
Use the Server Message Block (SMB) signing between the FSS1 server and the computers of the users who want to access the confidential files.
Activate offline files for the confidential files that are stored on the FSS1 server. In the Folder avanced Properties box, select the Encrypt contents to secure data optiion
第9题:
Your company has a single active directory domain. All servers run windows server 2008. The company network has 10 servers that perform as web servers. All confidential files are located on a server named FSS1. The company security policy states that all confidential data must be transmitted in the most secure manner. When you monitor the network, you notice that the confidential files are stored on FSS1 server are being transmitted over the network without encryption. You need to ensure that encryption is always used when the confidential files on the FSS1 server are transmitted over the network. What are two possible ways to achieve this goal? ()
第10题:
Your company has deployed Network Access Protection (NAP).You configure secure wireless access to the network by using 802.1X authentication from any access point. You need to ensure that all client computers that access the network are evaluated by NAP. What should you do?()
第11题:
You are the systems engineer for your company. The network consists of a single Active Directory domain. The company has a main office and two branch offices. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional. Each branch office maintains a dedicated 256-Kbps connection to the main office. Each office also maintains a T1 connection to the Internet. Each office has a Microsoft Internet Security and Acceleration (ISA) Server 2000 computer, which provides firewall and proxy services on the Internet connection. Each branch office contains one domain controller and five servers that are not domain controllers. There is minimal administrative staff at the branch offices. A new company policy states that all servers must now be remotely administered by administrators in the main office. The policy states that all remote administration connections must be authenticated by the domain and that all traffic must be encrypted. The policy also states that the remote administration traffic must never be carried in clear text across the Internet. You choose to implement remote administration by enabling Remote Desktop connections on all servers on the network. You decide to use the Internet-connected T1 lines for remote administration connectivity between offices. Because administrative tasks might require simultaneous connections to multiple servers across the network, you need to ensure that administrators do not lose connections to servers in one office when they attempt to connect to servers in another office. What should you do? ()
第12题:
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group. A new requirement in the company’s written security policy states that the Power Users group must be empty on all resource servers. You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented. What should you do? ()
第13题:
Configure a packet filter for the network adapter on the test network to block the Internet Key Exchange (IKE) port.
Configure the network adapter on the test network to disable IEEE 802.1x authentication.
Configure the network adapter on the test network to enable TCP/IP filtering, and then permit all traffic.
Use the netsh command to assign a persistent IPSec policy that permits all traffic on the network adapter on the test.
Assign an IPSec policy in the local computer policy that permits all traffic on the network adapter on the test.
第14题:
Instruct the technician to customize the Start menu to display the administrative tools.
Instruct the technician to install Remote Server Administration Tools (RSAT) and to modify the Windows Features.
Request that the technician be added to the Server Operators group in Active Directory.
Request that the technician be added to the Network Configuration Operators group in Active Directory and modify the Windows Features.
第15题:
Configure all access points as RADIUS clients to the remediation servers.
Configure all access points as RADIUS clients to the network Policy Server (NPS).
Create a network policy that defines remote access server as a network connection method.
Create a network policy that specifies EAP-TLS as the only available authentication method.
第16题:
BranchCache
DirectAccess
Distributed File System Replication (DFSR)
Universal Group Membership Caching