You are the systems engineer for your company. The network consists of a single Active Directory domain. The company has a main office and two branch offices. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional.
Each branch office maintains a dedicated 256-Kbps connection to the main office. Each office also maintains a T1 connection to the Internet. Each office has a Microsoft Internet Security and Acceleration (ISA) Server 2000 computer, which provides firewall and proxy services on the Internet connection. Each branch office contains one domain controller and five servers that are not domain controllers. There is minimal administrative staff at the branch offices. A new company policy states that all servers must now be remotely administered by administrators in the main office. The policy states that all remote administration connections must be authenticated by the domain and that all traffic must be encrypted. The policy also states that the remote administration traffic must never be carried in clear text across the Internet.
You choose to implement remote administration by enabling Remote Desktop connections on all servers on the network. You decide to use the Internet-connected T1 lines for remote administration connectivity between offices.
Because administrative tasks might require simultaneous connections to multiple servers across the network, you need to ensure that administrators do not lose connections to servers in one office when they attempt to connect to servers in another office.
What should you do? ()
A. Configure Routing and Remote Access on one server in each branch office. Create L2TP/IPSec VPN ports on these servers. Create new VPN connections on the administrators’ computers to connect to the VPN servers in the branch offices.
B. Configure a VPN server in each branch office. Create connections that use IPSec Authentication Header (AH) in tunnel mode from the main office connect to VPN servers in the branch offices.
C. Configure a local L2TP/IPSec VPN connection on the ISA Server 2000 firewall computer in the main office. Configure the ISA Server 2000 firewall computers at the branch offices as remote L2TP/IPSec VPN servers.
D. Configure a local PPTP VPN connection on the ISA Server 2000 firewall computers in each branch office. Configure the ISA Server 2000 firewall computer at the main office as a remote PPTP VPN server.
您可能感兴趣的试卷
你可能感兴趣的试题
You are the systems engineer for your company. The network consists of three physical networks connected by hardware-based routers. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
Each physical network contains at least one domain controller and at least one DNS server. One physical network contains a Microsoft Internet Security and Acceleration (ISA) Server array that provides Internet access for the entire company. The network also contains a certificate server.
Company management wants to ensure that all data is encrypted on the network and that all computers transmitting data on the network are authenticated.
You decide to implement IPSec on all computers on the network. You edit the Default Domain Policy Group Policy object (GPO) to apply the Secure Server (Require Security) IPSec policy.
Users immediately report that they cannot access resources located in remote networks. You investigate and discover that all packets are being dropped by the routers. You also discover that Active Directory replication is not functioning between domain controllers in different networks.
You need to revise your design and implementation to allow computers to communicate across the entire network. You also need to ensure that the authentication keys are stored encrypted.
Which two actions should you take?()
A. Configure the routers to use IPSec and a preshared key for authentication.
B. Configure the routers to use IPSec and a certificate for authentication.
C. Configure the routers to use IPSec and Kerberos for authentication
D. Reconfigure the GPOs to require a preshared key for IPSec authentication.
E. Reconfigure the GPOs to require a certificate for IPSec authentication.
You are the senior systems engineer for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Client Extensions software installed. All other client computers run Windows XP Professional. All servers are located in an organizational unit (OU) named Servers. All client computers are located in an OU named Desktops.
Four servers contain confidential company information that is used by users in either the finance department or the research department. Users in the sales department also store files and applications on these servers. The company’s written security policy states that for auditing purposes, all network connections to these resources must require authentication at the protocol level. The written security policy also states that all network connections to these resources must be encrypted. The company budget does not allow for the purchase of any new hardware or software. The applications and data located on these servers may not be moved to any other server in the network.
You define and assign the appropriate permissions to ensure that only authorized users can access the resources on the servers.
You now need to ensure that all connections made to these servers by the users in the finance department and in the research department meet the security guidelines stated by the written security policy. You also need to ensure that all users in the sales department can continue to access their resources.
Which two actions should you take?()
A. Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Secure Server (Require Security) IPSec policy in the GPO.
B. Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Server (Request Security) IPSec policy in the GPO.
C. Create a new Group Policy object (GPO) and link it to the Desktops OU. Enable the Client (Respond only) IPSec policy in the GPO.
D. Create a new Group Policy object (GPO). Edit the GPO to enable the Registry Policy Processing option and the IP Security Policy Processing option. Copy the GPO files to the Netlogon shared folder.
E. Use System Policy Editor to open the System.adm file and enable the Registry Policy Processing option and the IP Security Policy Processing option. Save the system policy as NTConfig.pol.
You are the network administrator for your company. The network consists of a single Active Directory domain.
The company has remote users in the sales department who work from home. The remote users’ client computers run Windows XP Professional, and they are not members of the domain. The remote users’ client computers have local Internet access through an ISP.
The company is deploying a Windows Server 2003 computer named Server1 that has Routing and Remote Access installed. Server1 will function as a VPN server, and the remote users will use it to connect to the company network. Confidential research data will be transmitted from the remote users’ client computers. Security is critical to the company and Server1 must protect the remote users’ data transmissions to the main office. The remote client computers will use L2TP/IPSec to connect to the VPN server. You need to choose a secure authentication method.
What should you do? ()
A. Use the authentication method of the default IPSec policies.
B. Create a custom IPSec policy and use the Kerberos version 5 authentication protocol.
C. Create a custom IPSec policy and use certificate-based authentication.
D. Create a custom IPSec policy and use preshared key authentication.
E. Use the authentication method of the Routing and Remote Access custom IPSec policy for L2TP connection.
You are a network administrator for Alpine Ski House. The network consists of a single Active Directory domain. The domain name is alpineskihouse.com. The network contains three Windows Server 2003 domain controllers. You are creating the recovery plan for the company. According to the existing backup plan, domain controllers are backed up by using normal backups each night. The normal backups of the domain controllers include the system state of each domain controller.
Your recovery plan must incorporate the following organizational requirements:
• Active Directory objects that are accidentally or maliciously deleted must be recoverable.
• Active Directory must be restored to its most recent state as quickly as possible.
• Active Directory database replication must be minimized.
You need to create a plan to restore a deleted organizational unit (OU).
Which two actions should you include in your plan?()
A. Restart a domain controller in Directory Services Restore Mode.
B. Restart a domain controller in Safe Mode.
C. Use the Ntdsutil utility to perform an authoritative restore operation of the Active Directory database.
D. Restore the system state by using the Always replace the file on my computer option.
E. Use the Ntdsutil utility to perform an authoritative restore operation of the appropriate subtree.
You are a network administrator for your company. The network consists of a single Active Directory domain and contains 10 Windows Server 2003 computers.
You install a new service on a server named Server1. The new service requires that you restart Server1. When you attempt to restart Server1, the logon screen does not appear. You turn off and then turn on the power for Server1. The logon screen does not appear. You attempt to recover the failed server by using the Last Known Good Configuration startup option. It is unsuccessful. You attempt to recover Server1 by using the Safe Mode startup options. All Safe Mode options are unsuccessful.
You restore Server1. Server1 restarts successfully. You discover that Server1 failed because the new service is not compatible with a security patch.
You want to configure all servers so that you can recover from this type of failure by using the minimum amount of time and by minimizing data loss. You need to ensure that in the future, other services that fail do not result in the same type of failure.
What should you do? ()
A. Use Add or Remove Programs.
B. Install and use the Recovery Console.
C. Use Automated System Recovery (ASR).
D. Use Device Driver Roll Back.
You are a network administrator for your company. The design team provides you with the following list of requirements for server disaster recovery:
No more than two sets of tapes can be used to restore to the previous day. A full backup of each server must be stored off-site.
A full backup of each server that is no more than one week old must be available on-site. Backups must never run during business hours.
Tapes may be recalled from off-site storage only if the on-site tapes are corrupted or damaged.
A full backup of all servers requires approximately 24 hours. Backing up all files that change during one week requires approximately 4 hours. Business hours for the company are Monday through Friday, from 6:00 A.M. to 10:00 P.M. You need to provide a backup rotation plan that meets the design team’s requirements.
Which two actions should you include in your plan?()
A. Perform a full normal backup for on-site storage on Friday night after business hours. Perform a full copy backup for off-site storage on Saturday night after the Friday backup is complete.
B. Perform a full normal backup for on-site storage on Friday night after business hours. Perform another full normal backup for off-site storage on Saturday night after the Friday backup is complete.
C. Perform a full copy backup for on-site storage on Friday night after business hours. Perform a full copy backup for off-site storage on Saturday night after the Friday backup is complete.
D. Perform differential backups on Sunday, Monday, Tuesday, Wednesday, and Thursday nights after business hours.
E. Perform incremental backups on Sunday, Monday, Tuesday, Wednesday, and Thursday nights after business hours.
F. Perform incremental backups on Sunday, Tuesday, and Thursday nights after business hours. Perform differential backups on Monday and Wednesday nights after business hours.
You are the network administrator for your company. The network consists of a single Active Directory domain. The company has a main office in San Francisco and branch offices in Paris and Bogota. Each branch office contains a Windows Server 2003 domain controller. All client computers run Windows XP Professional.
Users in the Bogota office report intermittent problems authenticating to the domain. You suspect that a specific client computer is causing the problem.
You need to capture the authentication event details on the domain controller in the Bogota office so that you can find out the IP address of the client computer that is the source of the problem.
What should you do? ()
A. Configure System Monitor to monitor the authentication events.
B. Configure Performance Logs and Alerts with a counter log to record the authentication events.
C. Configure Network Monitor to record the authentication events.
D. Configure Performance Logs and Alerts with an alert to trigger on authentication events.
You are the network administrator for your company. You need to provide Internet name resolution services for the company. You set up a Windows Server 2003 computer running the DNS Server service to provide this network service.
During testing, you notice the following intermittent problems:
Name resolution queries sometimes take longer than one minute to resolve.
Some valid name resolution queries receive the following error message in the Nslookup command-line tool: "Non-existent domain."
You suspect that there is a problem with name resolution.
You need to review the individual queries that the server handles. You want to configure monitoring on the DNS server to troubleshoot the problem.
What should you do? ()
A. In the DNS server properties, on the Debug Logging tab, select the Log packets for debugging option.
B. In the DNS server properties, on the Event Logging tab, select the Errors and warnings option.
C. In System Monitor, monitor the Recursive Query Failure counter in the DNS object.
D. In the DNS server properties, on the Monitoring tab, select the monitoring options.
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service (IAS). Server1 provides VPN access to the network for users’ home computers.
You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized. You need to configure Server1 to log the details of access attempts by VPN users.
What should you do? ()
A. Configure the system event log to Do not overwrite.
B. In IAS, in Remote Access Logging, enable the Authentication requests setting.
C. Configure the Remote Access server to Log all events.
D. Create a custom remote access policy and configure it for Authentication-Type.
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.
You administer a four-node Network Load Balancing cluster. All nodes run Windows Server 2003. The cluster has converged successfully. You use Network Load Balancing Manager on the default host to configure all nodes of the cluster.
The nodes have a single network adapter and are connected to the same switching hub device.
Administrators of non-cluster servers that are connected to the same switching hub device report that their servers receive traffic that is destined for the cluster nodes. Receiving this additional network traffic impairs the network performance of the non-cluster servers.
You need to ensure that traffic destined for only the cluster nodes is not sent to all ports of the switching hub device.
You do not want to move the cluster to another switching hub device.
What should you do? ()
A. On one node, run the nlb.exe reload command.
B. On each node, run the wlbs.exe drainstop command.
C. Use Network Load Balancing Manager to enable Internet Group Management Protocol (IGMP) support on the cluster.
D. Use Network Load Balancing Manager to add a second cluster IP address.
最新试题
You are a network administrator for your company. The network consists of a single Active Directory domain and contains 10 Windows Server 2003 computers. You install a new service on a server named Server1. The new service requires that you restart Server1. When you attempt to restart Server1, the logon screen does not appear. You turn off and then turn on the power for Server1. The logon screen does not appear. You attempt to recover the failed server by using the Last Known Good Configuration startup option. It is unsuccessful. You attempt to recover Server1 by using the Safe Mode startup options. All Safe Mode options are unsuccessful. You restore Server1. Server1 restarts successfully. You discover that Server1 failed because the new service is not compatible with a security patch. You want to configure all servers so that you can recover from this type of failure by using the minimum amount of time and by minimizing data loss. You need to ensure that in the future, other services that fail do not result in the same type of failure. What should you do? ()
You are the network administrator for your company. The network consists of a single Active Directory domain. The company has remote users in the sales department who work from home. The remote users’ client computers run Windows XP Professional, and they are not members of the domain. The remote users’ client computers have local Internet access through an ISP. The company is deploying a Windows Server 2003 computer named Server1 that has Routing and Remote Access installed. Server1 will function as a VPN server, and the remote users will use it to connect to the company network. Confidential research data will be transmitted from the remote users’ client computers. Security is critical to the company and Server1 must protect the remote users’ data transmissions to the main office. The remote client computers will use L2TP/IPSec to connect to the VPN server. You need to choose a secure authentication method. What should you do? ()
You are a network administrator for your company. The company has a main office and one branch office. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The company needs to connect the main office network and the branch office network by using Routing and Remote Access servers at each office. The networks will be connected by a VPN connection over the Internet. The company’s written security policy includes the following requirements for VPN connections over the Internet: All data must be encrypted with end-to-end encryption. VPN connection authentication must be at the computer level. Credential information must not be transmitted over the Internet as part of the authentication process. You need to configure security for VPN connection between the main office and the branch office. You need to comply with the written security policy. What should you do? ()
You are a network administrator for your company. The design team provides you with the following list of requirements for server disaster recovery: No more than two sets of tapes can be used to restore to the previous day. A full backup of each server must be stored off-site. A full backup of each server that is no more than one week old must be available on-site. Backups must never run during business hours. Tapes may be recalled from off-site storage only if the on-site tapes are corrupted or damaged.A full backup of all servers requires approximately 24 hours. Backing up all files that change during one week requires approximately 4 hours. Business hours for the company are Monday through Friday, from 6:00 A.M. to 10:00 P.M. You need to provide a backup rotation plan that meets the design team’s requirements. Which two actions should you include in your plan?()
You are the systems engineer for Contoso, Ltd. The internal network consists of a Windows NT 4.0 domain. The company maintains a separate network that contains publicly accessible Web and mail servers. These Web and mail servers are members of a DNS domain named contoso.com. The contoso.com zone is hosted by a UNIX-based DNS server running BIND 4.8.1. Contoso, Ltd., is planning to migrate to a Windows Server 2003 Active Directory domain-based network. The migration plan states that all client computers will be upgraded to Windows XP Professional and that all servers will be replaced with new computers running Windows Server 2003. The migration plan specifies the following requirements for DNS in the new environment:• Active Directory data must not be accessible from the Internet.• The DNS namespace must be contiguous to minimize confusion for users and administrators. • Users must be able to connect to resources in the contoso.com domain.• Users must be able to connect to resources located on the Internet. • The existing UNIX-based DNS server will continue to host the contoso.com domain. • The existing UNIX-based DNS server cannot be upgraded or replaced.You plan to install a Windows Server 2003 DNS server on the internal network. You need to configure this Windows-based DNS server to meet the requirements specified in the migration plan. What should you do? ()
You are a systems engineer for your company. Your company has 20,000 users in a large campus environment located in Los Angeles. Each department in the company is located in its own building. Each department has its own IT staff, which is responsible for all network administration within the building. The company’s network is divided into several IP subnets that are connected to one another by using dedicated routers. Each building on the company’s main campus contains at least one subnet, and possibly up to five subnets. Each building has at least one router. All routers use RIP version 2 (RIPv2) broadcasts. The company acquires a new business unit located in Denver. The Denver office has 25 users. The network in the Denver office is connected to the network at the main campus by using a leased frame relay connection. The network administrator at the Denver office installs a Windows Server 2003 computer and configures Routing and Remote Access on this server. The network administrator at the Denver office configures this server as a router and implements RIPv2 in Routing and Remote Access. Later, the Denver administrator reports that his router is not receiving routing table updates from the routers on the main campus network. He must manually add routing entries to the routing table to enable connectivity between the locations. You investigate and discover that the RIPv2 broadcasts are not being received at the Denver office. You also discover that no routing table announcements from the Denver office are being received on the main campus network. You need to ensure that the network in the Denver office can communicate with the main campus network and can send and receive automatic routing table updates as network conditions change. What should you do on the router in the Denver office?()
You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory forest. The forest contains Windows Server 2003 servers and Windows XP Professional computers. The forest consists of a forest root domain named contoso.com and two child domains named child1.contoso.com and child2.contoso.com. The child1.contoso.com domain contains a member server named Server1. You configure Server1 to be an enterprise certification authority (CA), and you configure a user certificate template. You enable the Publish certificate in Active Directory setting in the certificate template. You instruct users in both the child1.contoso.com and the child2.contoso.com domains to enroll for user certificates. You discover that the certificates for user accounts in the child1.contoso.com domain are being published to Active Directory, but the certificates for user accounts in the child2.contoso.com domain are not. You want certificates issued by Server1 to child2.contoso.com domain user accounts to be published in Active Directory. What should you do? ()
You are a network administrator for Alpine Ski House. The network consists of a single Active Directory domain. The domain name is alpineskihouse.com. The network contains three Windows Server 2003 domain controllers. You are creating the recovery plan for the company. According to the existing backup plan, domain controllers are backed up by using normal backups each night. The normal backups of the domain controllers include the system state of each domain controller. Your recovery plan must incorporate the following organizational requirements: • Active Directory objects that are accidentally or maliciously deleted must be recoverable.• Active Directory must be restored to its most recent state as quickly as possible.• Active Directory database replication must be minimized. You need to create a plan to restore a deleted organizational unit (OU). Which two actions should you include in your plan?()
You are a network administrator for your company. The network consists of a single Active Directory forest that contains three domains. The functional level of the forest and of all three domains is Window Server 2003. The company has a main office and 30 branch offices. Each branch office is connected to the main office by a 56-Kbps WAN connection.You configure the main office and each branch office as a separate Active Directory site. You deploy a Windows Server 2003 domain controller at the main office and at each branch office. Each domain controller is configured as a DNS server. You can log on to the network from client computers in the branch offices at any time. However, users in the branch offices report that they cannot log on to the network during peak hours. You need to allow users to log on to the network from branch office computers. You do not want to affect the performance of the branch office domain controllers. You need to minimize Active Directory replication traffic across the WAN connections. What should you do? ()
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains an application server running Windows Server 2003. Users report intermittent slow performance when they access the application server throughout the day. You find out that the network interface on the application server is being heavily used during the periods of slow performance. You suspect that a single computer is causing the problem.You need to create a plan to identify the problem computer. What should you do?()