Your company consists of a single Active Directory domain that is configured in Windows 2000 native mode. All servers run Windows Server 2003 Service Pack 2 (SP2). You deploy a Routing and Remote Access server to provide VPN access to the network.You need to ensure that only members of a group named Sales can access the network through the VPN. The solution must minimize the administrative effort required to manage remote access.
What should you do?()
A.Allow dial-in access for the user accounts of all Sales group members.
B.Deny dial-in access for the user accounts of all users except the Sales group members.
C.Create a remote access policy and assign the Allow - Remote Access permission. Add the Windows-Groups condition and specify the Sales group.
D.Create a remote access policy and assign the Deny - Remote Access permission. Add the Windows-Groups condition and specify all Active Directory groups except for Sales.
您可能感兴趣的试卷
你可能感兴趣的试题
A.From the Internet Authentication Service snap-in on Server2, create a new RADIUS client.
B.From the Internet Authentication Service snap-in on Server2, create a new remote access policy.
C.From the Routing and Remote Access snap-in, configure Server1 to use RADIUS accounting.
D.From the Routing and Remote Access snap-in, configure Server1 to use RADIUS authentication.
A.From the local computer policy on Server1, modify the Account Policies settings.
B.From Active Directory Users and Computers, modify the Security settings of Group1.
C.From the Routing and Remote Access snap-in, create a new remote access policy.
D.From the Routing and Remote Access snap-in, open the properties of Server1 and modify the security options.
A.Configure the port properties.
B.Create and configure a new demand-dial interface.
C.From the server’s properties, modify the security options.
D.From the Connections to Microsoft Routing and Remote Access Server policy, add a new condition.
A.On Server1, assign the Client (Respond only) IPSec policy.
B.On Server2, assign the Server (Request Security) IPSec Policy.
C.On Server1 and Server2, modify the authentication settings in the Secure Server (Require security) IPSec Policy.
D.On Server1 and Server2, enable Master Key perfect forward secrecy (PFS) in the Secure Server (Require security) IPSec Policy.
our network contains a Web server named Server1 that runs Windows Server 2003 and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed.External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: “There is a problem with this Web site’s security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority.”
You find that users on the corporate network do not receive this error.You need to ensure that external users do not receive the warning message when connecting to Server1.
What should you do?()
A.In IIS Manager, enable the Enable client certificate mapping option.
B.In IIS Manager, replace the certificate with a certificate obtained from a public Certification Authority.
C.In Local Security Policy, enable Domain Member: Require strong (Windows 2000 or later) session key.
D.In Local Security Policy, enable Domain Member: Digitally encrypt or sign secure channel data
our network contains a DNS server that has a reverse lookup zone for all of your network segments. You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). An IP security policy is assigned to Server1.You verify IPSec traffic and see that the current security associations display only by IP address. You need to view the fully qualified domain names for all security associations.
What should you do?()
A.From the DNS console, add Server1 as a name server.
B.From the DNS console, change dynamic updates to Secure only.
C.From IP Security Monitor on Server1, enable DNS name resolution.
D.From IP Security Monitor on Server1, create a new taskpad view.
A.Kerbtray
B.Sc /query kdc
C.Netdiag /test:Kerberos
D.Nltest /sc_query:Contoso.com
A.Install a Web server certificate on Server2.
B.Configure the Web site to require a secure channel.
C.Configure the Web site to redirect all requests to https://Server2.
D.Configure the Web site to require integrated Windows authentication.
our network consists of an internal network and a perimeter network. On the internal network there is a server named Server1. On the perimeter network there is a server named Server2. All servers run Windows Server 2003 Service Pack 2 (SP2).You schedule a task to transfers files from Server1 to Server2 by using FTP.You monitor the network traffic from Server1 to Server2 and notice that the user name and password used for the FTP transfer are sent as plain text.
You need to ensure that all FTP traffic between Server1 and Server2 is encrypted.
What should you do?()
A.Implement IPSec.
B.Install a server certificate on Server1.
C.Install a server certificate on Server2.
D.Use the Encrypting File System on Server1.
A.\Modify the Local Security Policy on Server1.
B.Modify the Research IPSec Policy Group Policy object.
C.Enable Windows Firewall and do not allow exceptions.
D.From the Properties of the Local Area Connection, modify the Authentication settings.
最新试题
你是公司网络管理员。网络是一个单活动目录域环境。所有的服务器运行Windows Server 2003。所有的客户端运行Windows XP Professional。 你在Server1上安装了WSUS服务。你在对Server1和微软公司Windows Update Server同步时,收到错误提示信息。你打开IE浏览器检查验证了可以通过网络的代理服务器(Proxy Server)访问外网站点。你要确保Server1可以和微软公司的Windows Update Server进行同步通信。你该如何操作?()
你是一活动目录域的管理员。所有的服务器运行Windows Server 2003。你将一台Server3配置为域中的DNS服务器。公司最近使用了新的ISP。自从ISP变更后,用户反应不能使用完全合格域名(FQDN)访问外网站点。 你手动配置了一台计算机,使用新的ISP提供的DNS服务器IP地址进行测试。测试计算机能够使用FQDN访问外网站点。你需要确保网络用户能够使用FQDN访问外网站点,同时用户对内网资源的访问不被中断。有哪两种可行的方法可以实现这目的?()
你是Adventure Works的DNS管理员。Adventure Works是一家互联网服务提供商(ISP),为许多公司提供Web站点运行服务。每一个Adventure Works的DNS服务器上都为用户们运行着多个DNS区域。几个Adventure Works管理员被允许添加DNS区域。你打算每周制定一个报告,列出在每个DNS服务器上的全部区域。你该如何操作?()
你是公司网络管理员。所有的服务器运行Windows Server 2003。所有的客户端运行Windows XP Professional。你在Server1上安装了WSUS服务。安装必须符合以下要求: Server1上的磁盘空间使用量要最小。所有的升级包在部署到客户端计算机上前必须先测试。你安装校验栏清除了自动批准升级项。打开WSUS控制台。你要按要求完成安装。将采取哪两项操作?()
你是公司网络管理员。在Denver(丹佛)的办公室当前正使用一台Windows Server 2003服务器Server23连接到公共WAN上。Server23被配置为一台拨号连接路由器。在Server23上有两块网卡,一块连接本地LAN以太网。另一块连接外网宽带。公司计划在Denver办公室增加至少25%的新雇员,你要确保当前的网络宽带连接能满足将来的扩展需要。你要在Server23上使用系统监视器察看现在的宽带网络连接利用率。你该如何操作?()
你是Fabrikam.Inc公司网络管理员。网络是一单活动目录域环境,域名fabrikam.com。一台Windows server 2003服务器Server1是域中唯一的DNS服务器。Server1上并未运行其他区域。用户报告在fabrikam.com中的计算机连接通信异常缓慢。你要找出DNS客户机和Server1的通信导致了此问题。你该如何操作?()
你是公司网络管理员。公司网络是一个单活动目录域。域中有一个组织单元(OU)Webservers。在Webservers中包含12台作为内网Web Server的Windows Server 2003计算机的账号。组策略对象(GPO)WebserversPolicy链接到了组织单元Webservers。该GPO被用来配置OU中计算机的各种设置。在每个内网Web Server的管理员本地组中有一个名为WebserverAdmins的全局组成员。你计划在每个内网Webserver上安装一个安全扫描应用程序。该应用程序文档规定它必须使用一个服务账号,以此能够对安装了该应用程序的计算机的注册表的HKEY_LOCAL_MACHINE\SYSTEM键值进行修改。 你在域中创建了这个服务账号。公司的安全策略规定:安全账号只能分配得到完成功能的最低限度权利和许可。你需要配置内网的Web servers以便该安全扫描应用程序能够被安装接受。你同时也要遵从公司的安全策略。你要用最低的管理花销实现这个目的。你该怎么做?()
你是公司网络管理员。所有的客户端运行Windows XP Professional。所有的服务器运行Windows Server 2003。公司在Los Angeles(洛杉矶),San Francisco(旧金山),Seattle(西雅图)都有办公室。每个办公室配置成一个独立的IP子网。网络中只用DNS进行名称解析。你要在网络中的实施一次软件升级结构。在Los Angeles办公室中的Server1上你装了WSUS服务。Server1上WSUS用的默认设置。你创建了一个组策略对象(GPO)WSUS。并不打算安装别的WSUS服务器。你要客户端计算机能成功的连接到WSUS服务器。你该如何操作?()
你是Humongous Insurance公司网络管理员。网络是一单活动目录域环境,域名humongous.com。域中有Windows server 2003 和Windows XP Pro计算机。你配置了几个组策略对象(GPOs)使用IPSec来加强那些特定计算机间的可靠通信安全。在Server2上运行着Telnet服务(远程登录)。一个GPO使用IPSec策略来确保对所有到Server2上的Telnet通信加密。但是,你监视网络通信发现这些Telnet连接并未被加密。 你要察看由GPO规定并应用在Server2上的所有IPSec设置。你将使用哪个工具()?
你是Wingtip Toys.公司网络管理员。网络是一单活动目录域环境,域名wingtiptoys.com。活动目录集成DNS区域wingtiptoys.com被复制到了所有域控制器上。只在域控制器上安装了DNS服务。网络管理部门要求所有在生产分支部门的主机都要在DNS名称空间manufacturing.wingtiptoys.com中注册。manufacturing.wingtiptoys.com名称空间不在任何DNS服务器上。你要为所有的DNS服务器添加对manufacturing.wingtiptoys.com名称空间的支持。为减少管理费用,你要找到一个解决方法,使得即使将来有新的DNS服务器添加的域中,也不需要重新做任何配置。你该如何操作?()