Which device might be installed at a branch office to enable and manage an IPsec site－to－site VPN?()A.Cisco IOS IPsec/SSL VPN clientB.Cisco VPN ClinetC.ISDN terminal adapterD.Cisco Adaptive Security Appliance

第1题：

Which are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links？（）

• A、reduced cost
• B、better throughput
• C、increased security
• D、scalability
• E、reduced latency
• F、broadband incompatibility

第2题：

You are the network consultant from Cisco.com.Your customer has eight sites and will add in thefuture. Branch site to branch site traffic is approaching 30 percent. The customer’s goals are to make iteasier to add branch sites in the future and to reduce traffic through the hub. Which VPN topology should you recommend？（）

• A、 Easy VPN
• B、 IPsec GRE tunneling
• C、 Virtual Tunnel Interfaces
• D、 Dynamic Multipoint VPN

第3题：

Which security-enabled device is recommended to provide a site-to-site IPsec VPN solution， but not SSL？（）

• A、 Cisco Integrated Service Routers
• B、 Cisco ASA 5500 Series Security Appliance
• C、 CiscoWebVPN Services Module
• D、 CiscoIPsec VPN Module

第4题：

Which two of these are advantages of placing the VPN device parallel to the firewall？（）

• A、 high scalability
• B、 the design supports a layered security model
• C、 firewall addressing does not need to change
• D、 IPsec decrypted traffic is inspected by the firewall
• E、 there is a centralized point for logging and content inspection

第5题：

Your company has a main office and a branch office.The branch office administrators are the only members of a custom management role group.The role group is configured to allow members to manage recipients. You notice that the branch office administrators can manage recipients in both offices.You need to ensure that the branch office administrators can manage recipients in the branch office only. What should you do？（）

• A、Create and associate a management scope to the role group.
• B、Create and associate a management role assignment policy to the role group.
• C、Create a new linked role group， and then add the branch office administrators to the role group.
• D、Create a new role， and then add management role entries to the role.

第6题：

You are the systems engineer for your company. The company has a main office in Los Angeles and two branch offices， one in Chicago and one in New York. The offices are connected to one another by dedicated T1 lines. Each office has its own local IT department and administrative staff.   The company network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. All servers support firmware-based console redirection by means of the serial port. The server hardware does not support any other method of console redirection and cannot be upgraded to do so.  The company is currently being reorganized. The IT departments from each branch office are being relocated to a new central data center in the Los Angeles office. Several servers from each branch office are also being relocated to the Los Angeles data center. Each branch office will retain 10 servers.  A new written security policy includes the following requirements：   • All servers must be remotely administered for all administrative tasks.   • All servers must be administered from the Los Angeles office.   • All remote administration connections must be authenticated and encrypted.   Your current network configuration already adheres to the new written security policy for day-to-day server administration tasks performed on the servers. You need to plan a configuration for out-of-band management tasks for each office that meets the new security requirements.   Which three actions should you take？（）

• A、 Connect each server’s serial port to a terminal concentrator. Connect the terminal concentrator to the network.
• B、 Connect a second network adapter to each server. Connect the second network adapter in each server to a separate network switch. Connect the management port on the switch to a WAN port on the office router. Enable IPSec on the router.
• C、 Enable Routing and Remote Access on a server in each branch office， and configure it as an L2TP/IPSec VPN server. Configure a remote access policy to allow only authorized administrative staff to make a VPN connection.
• D、 On each server， enable the Telnet service with a startup parameter of Automatic. Configure Telnet on each server to use only NTLM authentication. Apply the Server （Request Security） IPSec policy to all servers.
• E、 On each server， enable Emergency Management Services console redirection and the Emergency Management Services Special Administration Console （SAC）.

第7题：

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

our company has a main office and one branch office. All servers run Windows Server 2003 Service Pack 2 （SP2）. The main office has a third-party gateway device named Gateway1.  Gateway1 is connected to the internal network and the Internet. Gateway1 supports IPSec. In the branch office， you have a server named Server1. You create an IPSec policy on Server1. You need to ensure that Server1 can establish an IPSec tunnel to Gateway1.  What should you use to configure the IPSec policy？（）

• A、an IP filter that allows only Internet Control Message Protocol （ICMP） traffic
• B、an IP filter that allows only TCP traffic on port 1701
• C、a pre-shared key for authentication
• D、Kerberos authentication

第14题：

Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?（）

• A、Cisco IOS IPsec/SSL VPN client
• B、Cisco VPN Clinet
• C、ISDN terminal adapter
• D、Cisco Adaptive Security Appliance

第15题：

Which factor is least likely to affect the scalability of a VPN design？（）

• A、 number of branch offices
• B、 number of IGP routing peers
• C、 remote Office and home worker throughput bandwidth requirements
• D、 high availability requirements
• E、 Supported applications

第16题：

You are the systems engineer for your company. The network consists of a single Active Directory domain. The company has a main office and two branch offices. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional.   Each branch office maintains a dedicated 256-Kbps connection to the main office. Each office also maintains a T1 connection to the Internet. Each office has a Microsoft Internet Security and Acceleration （ISA） Server 2000 computer， which provides firewall and proxy services on the Internet connection. Each branch office contains one domain controller and five servers that are not domain controllers. There is minimal administrative staff at the branch offices.  A new company policy states that all servers must now be remotely administered by administrators in the main office. The policy states that all remote administration connections must be authenticated by the domain and that all traffic must be encrypted. The policy also states that the remote administration traffic must never be carried in clear text across the Internet.   You choose to implement remote administration by enabling Remote Desktop connections on all servers on the network. You decide to use the Internet-connected T1 lines for remote administration connectivity between offices.   Because administrative tasks might require simultaneous connections to multiple servers across the network， you need to ensure that administrators do not lose connections to servers in one office when they attempt to connect to servers in another office.   What should you do？ （）

• A、 Configure Routing and Remote Access on one server in each branch office. Create L2TP/IPSec VPN ports on these servers. Create new VPN connections on the administrators’ computers to connect to the VPN servers in the branch offices.
• B、 Configure a VPN server in each branch office. Create connections that use IPSec Authentication Header （AH） in tunnel mode from the main office connect to VPN servers in the branch offices.
• C、 Configure a local L2TP/IPSec VPN connection on the ISA Server 2000 firewall computer in the main office. Configure the ISA Server 2000 firewall computers at the branch offices as remote L2TP/IPSec VPN servers.
• D、 Configure a local PPTP VPN connection on the ISA Server 2000 firewall computers in each branch office. Configure the ISA Server 2000 firewall computer at the main office as a remote PPTP VPN server.

第17题：

You are a network administrator for your company. The company has a main office and a branch office. The branch office has a cable modem connection to the Internet and uses a virtual private network (VPN) connection to access resources on the main office network. The cable modem is connected to a Windows XP Professional computer named Pro1. You configure Internet Connection Sharing (ICS) on Pro1 to allow users in the branch office to use the VPN connection. ICS sets the network adapter to use the IP address 192.168.0.1. Several sales representatives in the branch office use wireless network adapters to share files between their client computers. They need access to the VPN connection to upload sales reports to the main office. You install a wireless network adapter in Pro1 and configure it with the appropriate settings for the wireless LAN. The sales representatives who use the wireless LAN report that they cannot access the VPN connection. However, they are able to connect to resources in the branch office. Users on the wired network do not report any connectivity problems. The sales representatives need to be able to access the VPN. What should you do?（） 

• A、Configure the wireless network connection on Pro1 so that it has an IP address of 192. 168. 0. 2.
• B、Disable and then re-enable Internet Connection Sharing (ICS) on Pro1.
• C、Create a network bridge between the wired and wireless connections on Pro1.  
• D、Clear the Allow other network users to control or disable the shared Internet connection check box in the advanced properties of the VPN connection.

第18题：

Your company has a main office and a branch office. All branch office administrators are members of a custom management role group.The role group is configured to allow members to manage recipients.The branch office administrators are also members of The Domain Admins security group. The organization contains one Exchange Server 2010 server. You discover that the branch office administrators can manage recipients in both offices. You need to ensure that the branch office administrators can manage recipients in their assigned branch office only.What should you do？（）

• A、Create a new management role entry for the role group.
• B、Create a management role assignment policy and associate the policy to the role group.
• C、Create a management scope and associate the scope to the role group.Set a recipient filter for the management scope.
• D、Remove the branch office administrators from the Domain Admins group.Add the branch office recipients to the role group.

第19题：

第20题：

第21题：

第22题：

第23题：