You are the senior systems engineer for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Client Extensions software installed. All other client computers run Windows XP Professional. All servers are located in an organizational unit (OU) named Servers. All client computers are located in an OU named Desktops.
Four servers contain confidential company information that is used by users in either the finance department or the research department. Users in the sales department also store files and applications on these servers. The company’s written security policy states that for auditing purposes, all network connections to these resources must require authentication at the protocol level. The written security policy also states that all network connections to these resources must be encrypted. The company budget does not allow for the purchase of any new hardware or software. The applications and data located on these servers may not be moved to any other server in the network.
You define and assign the appropriate permissions to ensure that only authorized users can access the resources on the servers.
You now need to ensure that all connections made to these servers by the users in the finance department and in the research department meet the security guidelines stated by the written security policy. You also need to ensure that all users in the sales department can continue to access their resources.
Which two actions should you take?()
A. Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Secure Server (Require Security) IPSec policy in the GPO.
B. Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Server (Request Security) IPSec policy in the GPO.
C. Create a new Group Policy object (GPO) and link it to the Desktops OU. Enable the Client (Respond only) IPSec policy in the GPO.
D. Create a new Group Policy object (GPO). Edit the GPO to enable the Registry Policy Processing option and the IP Security Policy Processing option. Copy the GPO files to the Netlogon shared folder.
E. Use System Policy Editor to open the System.adm file and enable the Registry Policy Processing option and the IP Security Policy Processing option. Save the system policy as NTConfig.pol.
您可能感兴趣的试卷
你可能感兴趣的试题
You are the network administrator for your company. The network consists of a single Active Directory domain.
The company has remote users in the sales department who work from home. The remote users’ client computers run Windows XP Professional, and they are not members of the domain. The remote users’ client computers have local Internet access through an ISP.
The company is deploying a Windows Server 2003 computer named Server1 that has Routing and Remote Access installed. Server1 will function as a VPN server, and the remote users will use it to connect to the company network. Confidential research data will be transmitted from the remote users’ client computers. Security is critical to the company and Server1 must protect the remote users’ data transmissions to the main office. The remote client computers will use L2TP/IPSec to connect to the VPN server. You need to choose a secure authentication method.
What should you do? ()
A. Use the authentication method of the default IPSec policies.
B. Create a custom IPSec policy and use the Kerberos version 5 authentication protocol.
C. Create a custom IPSec policy and use certificate-based authentication.
D. Create a custom IPSec policy and use preshared key authentication.
E. Use the authentication method of the Routing and Remote Access custom IPSec policy for L2TP connection.
You are a network administrator for Alpine Ski House. The network consists of a single Active Directory domain. The domain name is alpineskihouse.com. The network contains three Windows Server 2003 domain controllers. You are creating the recovery plan for the company. According to the existing backup plan, domain controllers are backed up by using normal backups each night. The normal backups of the domain controllers include the system state of each domain controller.
Your recovery plan must incorporate the following organizational requirements:
• Active Directory objects that are accidentally or maliciously deleted must be recoverable.
• Active Directory must be restored to its most recent state as quickly as possible.
• Active Directory database replication must be minimized.
You need to create a plan to restore a deleted organizational unit (OU).
Which two actions should you include in your plan?()
A. Restart a domain controller in Directory Services Restore Mode.
B. Restart a domain controller in Safe Mode.
C. Use the Ntdsutil utility to perform an authoritative restore operation of the Active Directory database.
D. Restore the system state by using the Always replace the file on my computer option.
E. Use the Ntdsutil utility to perform an authoritative restore operation of the appropriate subtree.
You are a network administrator for your company. The network consists of a single Active Directory domain and contains 10 Windows Server 2003 computers.
You install a new service on a server named Server1. The new service requires that you restart Server1. When you attempt to restart Server1, the logon screen does not appear. You turn off and then turn on the power for Server1. The logon screen does not appear. You attempt to recover the failed server by using the Last Known Good Configuration startup option. It is unsuccessful. You attempt to recover Server1 by using the Safe Mode startup options. All Safe Mode options are unsuccessful.
You restore Server1. Server1 restarts successfully. You discover that Server1 failed because the new service is not compatible with a security patch.
You want to configure all servers so that you can recover from this type of failure by using the minimum amount of time and by minimizing data loss. You need to ensure that in the future, other services that fail do not result in the same type of failure.
What should you do? ()
A. Use Add or Remove Programs.
B. Install and use the Recovery Console.
C. Use Automated System Recovery (ASR).
D. Use Device Driver Roll Back.
You are a network administrator for your company. The design team provides you with the following list of requirements for server disaster recovery:
No more than two sets of tapes can be used to restore to the previous day. A full backup of each server must be stored off-site.
A full backup of each server that is no more than one week old must be available on-site. Backups must never run during business hours.
Tapes may be recalled from off-site storage only if the on-site tapes are corrupted or damaged.
A full backup of all servers requires approximately 24 hours. Backing up all files that change during one week requires approximately 4 hours. Business hours for the company are Monday through Friday, from 6:00 A.M. to 10:00 P.M. You need to provide a backup rotation plan that meets the design team’s requirements.
Which two actions should you include in your plan?()
A. Perform a full normal backup for on-site storage on Friday night after business hours. Perform a full copy backup for off-site storage on Saturday night after the Friday backup is complete.
B. Perform a full normal backup for on-site storage on Friday night after business hours. Perform another full normal backup for off-site storage on Saturday night after the Friday backup is complete.
C. Perform a full copy backup for on-site storage on Friday night after business hours. Perform a full copy backup for off-site storage on Saturday night after the Friday backup is complete.
D. Perform differential backups on Sunday, Monday, Tuesday, Wednesday, and Thursday nights after business hours.
E. Perform incremental backups on Sunday, Monday, Tuesday, Wednesday, and Thursday nights after business hours.
F. Perform incremental backups on Sunday, Tuesday, and Thursday nights after business hours. Perform differential backups on Monday and Wednesday nights after business hours.
You are the network administrator for your company. The network consists of a single Active Directory domain. The company has a main office in San Francisco and branch offices in Paris and Bogota. Each branch office contains a Windows Server 2003 domain controller. All client computers run Windows XP Professional.
Users in the Bogota office report intermittent problems authenticating to the domain. You suspect that a specific client computer is causing the problem.
You need to capture the authentication event details on the domain controller in the Bogota office so that you can find out the IP address of the client computer that is the source of the problem.
What should you do? ()
A. Configure System Monitor to monitor the authentication events.
B. Configure Performance Logs and Alerts with a counter log to record the authentication events.
C. Configure Network Monitor to record the authentication events.
D. Configure Performance Logs and Alerts with an alert to trigger on authentication events.
You are the network administrator for your company. You need to provide Internet name resolution services for the company. You set up a Windows Server 2003 computer running the DNS Server service to provide this network service.
During testing, you notice the following intermittent problems:
Name resolution queries sometimes take longer than one minute to resolve.
Some valid name resolution queries receive the following error message in the Nslookup command-line tool: "Non-existent domain."
You suspect that there is a problem with name resolution.
You need to review the individual queries that the server handles. You want to configure monitoring on the DNS server to troubleshoot the problem.
What should you do? ()
A. In the DNS server properties, on the Debug Logging tab, select the Log packets for debugging option.
B. In the DNS server properties, on the Event Logging tab, select the Errors and warnings option.
C. In System Monitor, monitor the Recursive Query Failure counter in the DNS object.
D. In the DNS server properties, on the Monitoring tab, select the monitoring options.
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service (IAS). Server1 provides VPN access to the network for users’ home computers.
You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized. You need to configure Server1 to log the details of access attempts by VPN users.
What should you do? ()
A. Configure the system event log to Do not overwrite.
B. In IAS, in Remote Access Logging, enable the Authentication requests setting.
C. Configure the Remote Access server to Log all events.
D. Create a custom remote access policy and configure it for Authentication-Type.
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.
You administer a four-node Network Load Balancing cluster. All nodes run Windows Server 2003. The cluster has converged successfully. You use Network Load Balancing Manager on the default host to configure all nodes of the cluster.
The nodes have a single network adapter and are connected to the same switching hub device.
Administrators of non-cluster servers that are connected to the same switching hub device report that their servers receive traffic that is destined for the cluster nodes. Receiving this additional network traffic impairs the network performance of the non-cluster servers.
You need to ensure that traffic destined for only the cluster nodes is not sent to all ports of the switching hub device.
You do not want to move the cluster to another switching hub device.
What should you do? ()
A. On one node, run the nlb.exe reload command.
B. On each node, run the wlbs.exe drainstop command.
C. Use Network Load Balancing Manager to enable Internet Group Management Protocol (IGMP) support on the cluster.
D. Use Network Load Balancing Manager to add a second cluster IP address.
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.
You administer a three-node Network Load Balancing cluster. Each cluster node runs Windows Server 2003 and has a single network adapter. The cluster has converged successfully.
You notice that the nodes in the cluster run at almost full capacity most of the time. You want to add a fourth node to the cluster. You enable and configure Network Load Balancing on the fourth node.
However, the cluster does not converge to a four-node cluster. In the System log on the existing three nodes, you find the exact same TCP/IP error event. The event has the following description: "The system detected an address conflict for IP address 10.50.8.70 with the system having network hardware address 02:BF:0A:32:08:46."
In the System log on the new fourth node, you find a similar TCP/error event with the following description: "The system detected an address conflict for IP address 10.50.8.70 with the system having network hardware address 03:BF:0A:32:08:46." Only the hardware address is different in the two descriptions. You verify that IP address 10.50.8.70 is configured as the cluster IP address on all four nodes. You want to configure a four-node Network Load Balancing cluster.
What should you do? ()
A. Configure the fourth node to use multicast mode.
B. Remove 10.50.8.70 from the Network Connections Properties of the fourth node.
C. On the fourth node, run the nlb.exe resume command.
D. On the fourth node, run the wlbs.exe reload command.
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.
You administer a Network Load Balancing cluster that consists of three nodes. Each node runs Windows Server 2003 and contains a single network adapter. The Network Load Balancing cluster can run only in unicast mode. The Network Load Balancing cluster has converged successfully.
To increase the utilization of the cluster, you decide to move a particular application to each node of the cluster. For this application to run, you must add a Network Load Balancing port rule to the nodes of the cluster.
You start Network Load Balancing Manager on the second node of the cluster. However, Network Load Balancing Manager displays a message that it cannot communicate with the other two nodes of the cluster. You want to add the port rule to the nodes of the cluster.
What should you do? ()
A. Use Network Load Balancing Manager on the Network Load Balancing default host to add the port rule.
B. Change the host priority of the second node to be the highest in the cluster, and then use Network Load Balancing Manager to add the port rule.
C. Run the nlb.exe drain command on each node, and then use Network Load Balancing Manager to add the port rule.
D. Add the port rule through Network Connections Properties on each node.
最新试题
You are a network administrator for your company. The network contains a Windows Server 2003 computer named Server1. Server1 has a single CPU, 512 MB of RAM, and a single 100-Mb network adapter. All network users’ home folders are stored on Server1. Users access their home folders by using a mapped network drive that connects to a shared folder on Server1. After several weeks, users report that accessing home folders on Server1 is extremely slow at certain times during the day. You need to identify the resource bottleneck that is causing the poor performance. What should you do? ()
You are a network administrator for your company. The network consists of a single Active Directory domain and contains 10 Windows Server 2003 computers. You install a new service on a server named Server1. The new service requires that you restart Server1. When you attempt to restart Server1, the logon screen does not appear. You turn off and then turn on the power for Server1. The logon screen does not appear. You attempt to recover the failed server by using the Last Known Good Configuration startup option. It is unsuccessful. You attempt to recover Server1 by using the Safe Mode startup options. All Safe Mode options are unsuccessful. You restore Server1. Server1 restarts successfully. You discover that Server1 failed because the new service is not compatible with a security patch. You want to configure all servers so that you can recover from this type of failure by using the minimum amount of time and by minimizing data loss. You need to ensure that in the future, other services that fail do not result in the same type of failure. What should you do? ()
You are a network administrator for your company. The network contains four Windows Server 2003 computers configured as a four-node server cluster. Each cluster node is the preferred owner of a clustered instance of Microsoft SQL Server 2000, and each cluster node is configured as a possible owner of all other instances of SQL Server. All nodes have identically configured hardware. All four nodes operate at a sustained 70 percent CPU average. You add a server that has identically configured hardware to the cluster as a fifth node. You want each SQL Server instance to continue operating at the same level of performance in the event of a single node failure. What should you do? ()
You are the network administrator for your company. The network contains an application server running Windows Server 2003. Users report that the application server intermittently responds slowly. When the application server is responding slowly, requests that normally take 1 second to complete take more than 30 seconds to complete. You suspect that the slow server response is because of high broadcast traffic on the network. You need to plan how to monitor the application server and to have a message generated when broadcast traffic is high. You also want to minimize the creation of false alarms when nonbroadcast traffic is high. What should you do? ()
You are the systems engineer for Contoso, Ltd. The internal network consists of a Windows NT 4.0 domain. The company maintains a separate network that contains publicly accessible Web and mail servers. These Web and mail servers are members of a DNS domain named contoso.com. The contoso.com zone is hosted by a UNIX-based DNS server running BIND 4.8.1. Contoso, Ltd., is planning to migrate to a Windows Server 2003 Active Directory domain-based network. The migration plan states that all client computers will be upgraded to Windows XP Professional and that all servers will be replaced with new computers running Windows Server 2003. The migration plan specifies the following requirements for DNS in the new environment:• Active Directory data must not be accessible from the Internet.• The DNS namespace must be contiguous to minimize confusion for users and administrators. • Users must be able to connect to resources in the contoso.com domain.• Users must be able to connect to resources located on the Internet. • The existing UNIX-based DNS server will continue to host the contoso.com domain. • The existing UNIX-based DNS server cannot be upgraded or replaced.You plan to install a Windows Server 2003 DNS server on the internal network. You need to configure this Windows-based DNS server to meet the requirements specified in the migration plan. What should you do? ()
You are the network administrator for your company. You need to provide Internet name resolution services for the company. You set up a Windows Server 2003 computer running the DNS Server service to provide this network service. During testing, you notice the following intermittent problems: Name resolution queries sometimes take longer than one minute to resolve. Some valid name resolution queries receive the following error message in the Nslookup command-line tool: "Non-existent domain." You suspect that there is a problem with name resolution. You need to review the individual queries that the server handles. You want to configure monitoring on the DNS server to troubleshoot the problem. What should you do? ()
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional. You are planning a security update infrastructure. You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically. What should you do? ()
You are a network administrator for your company. The network consists of a single Active Directory forest that contains three domains. The functional level of the forest and of all three domains is Window Server 2003. The company has a main office and 30 branch offices. Each branch office is connected to the main office by a 56-Kbps WAN connection.You configure the main office and each branch office as a separate Active Directory site. You deploy a Windows Server 2003 domain controller at the main office and at each branch office. Each domain controller is configured as a DNS server. You can log on to the network from client computers in the branch offices at any time. However, users in the branch offices report that they cannot log on to the network during peak hours. You need to allow users to log on to the network from branch office computers. You do not want to affect the performance of the branch office domain controllers. You need to minimize Active Directory replication traffic across the WAN connections. What should you do? ()
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. You administer a three-node Network Load Balancing cluster. Each cluster node runs Windows Server 2003 and has a single network adapter. The cluster has converged successfully. You notice that the nodes in the cluster run at almost full capacity most of the time. You want to add a fourth node to the cluster. You enable and configure Network Load Balancing on the fourth node. However, the cluster does not converge to a four-node cluster. In the System log on the existing three nodes, you find the exact same TCP/IP error event. The event has the following description: "The system detected an address conflict for IP address 10.50.8.70 with the system having network hardware address 02:BF:0A:32:08:46." In the System log on the new fourth node, you find a similar TCP/error event with the following description: "The system detected an address conflict for IP address 10.50.8.70 with the system having network hardware address 03:BF:0A:32:08:46." Only the hardware address is different in the two descriptions. You verify that IP address 10.50.8.70 is configured as the cluster IP address on all four nodes. You want to configure a four-node Network Load Balancing cluster. What should you do? ()
You are a systems engineer for your company. Your company has 20,000 users in a large campus environment located in Los Angeles. Each department in the company is located in its own building. Each department has its own IT staff, which is responsible for all network administration within the building. The company’s network is divided into several IP subnets that are connected to one another by using dedicated routers. Each building on the company’s main campus contains at least one subnet, and possibly up to five subnets. Each building has at least one router. All routers use RIP version 2 (RIPv2) broadcasts. The company acquires a new business unit located in Denver. The Denver office has 25 users. The network in the Denver office is connected to the network at the main campus by using a leased frame relay connection. The network administrator at the Denver office installs a Windows Server 2003 computer and configures Routing and Remote Access on this server. The network administrator at the Denver office configures this server as a router and implements RIPv2 in Routing and Remote Access. Later, the Denver administrator reports that his router is not receiving routing table updates from the routers on the main campus network. He must manually add routing entries to the routing table to enable connectivity between the locations. You investigate and discover that the RIPv2 broadcasts are not being received at the Denver office. You also discover that no routing table announcements from the Denver office are being received on the main campus network. You need to ensure that the network in the Denver office can communicate with the main campus network and can send and receive automatic routing table updates as network conditions change. What should you do on the router in the Denver office?()