Your company has a main office and one branch office. Your network consists of an Active Directory domain.You have a remote access server in the main office named Server1. You have a remote access server inthe branch office named Server2.Server2 has a demand-dial interface that connects to Server1. The demand-dial interface connects by using a domain account named Ras1.You need to prevent Server2 from establishing new demand-dial connections to the main office between 18:00 and 08:00.
What should you do?()
A.Modify the dial-in properties of the Ras1 account.
B.Modify the dial-out hours on the demand-dial interface.
C.Modify the IP demand-dial filters on the demand-dial interface.
D.Enable Bandwidth Allocation Protocol (BAP) on Server2.
您可能感兴趣的试卷
你可能感兴趣的试题
Your company consists of a single Active Directory domain that is configured in Windows 2000 native mode. All servers run Windows Server 2003 Service Pack 2 (SP2). You deploy a Routing and Remote Access server to provide VPN access to the network.You need to ensure that only members of a group named Sales can access the network through the VPN. The solution must minimize the administrative effort required to manage remote access.
What should you do?()
A.Allow dial-in access for the user accounts of all Sales group members.
B.Deny dial-in access for the user accounts of all users except the Sales group members.
C.Create a remote access policy and assign the Allow - Remote Access permission. Add the Windows-Groups condition and specify the Sales group.
D.Create a remote access policy and assign the Deny - Remote Access permission. Add the Windows-Groups condition and specify all Active Directory groups except for Sales.
A.From the Internet Authentication Service snap-in on Server2, create a new RADIUS client.
B.From the Internet Authentication Service snap-in on Server2, create a new remote access policy.
C.From the Routing and Remote Access snap-in, configure Server1 to use RADIUS accounting.
D.From the Routing and Remote Access snap-in, configure Server1 to use RADIUS authentication.
A.From the local computer policy on Server1, modify the Account Policies settings.
B.From Active Directory Users and Computers, modify the Security settings of Group1.
C.From the Routing and Remote Access snap-in, create a new remote access policy.
D.From the Routing and Remote Access snap-in, open the properties of Server1 and modify the security options.
A.Configure the port properties.
B.Create and configure a new demand-dial interface.
C.From the server’s properties, modify the security options.
D.From the Connections to Microsoft Routing and Remote Access Server policy, add a new condition.
A.On Server1, assign the Client (Respond only) IPSec policy.
B.On Server2, assign the Server (Request Security) IPSec Policy.
C.On Server1 and Server2, modify the authentication settings in the Secure Server (Require security) IPSec Policy.
D.On Server1 and Server2, enable Master Key perfect forward secrecy (PFS) in the Secure Server (Require security) IPSec Policy.
our network contains a Web server named Server1 that runs Windows Server 2003 and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed.External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: “There is a problem with this Web site’s security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority.”
You find that users on the corporate network do not receive this error.You need to ensure that external users do not receive the warning message when connecting to Server1.
What should you do?()
A.In IIS Manager, enable the Enable client certificate mapping option.
B.In IIS Manager, replace the certificate with a certificate obtained from a public Certification Authority.
C.In Local Security Policy, enable Domain Member: Require strong (Windows 2000 or later) session key.
D.In Local Security Policy, enable Domain Member: Digitally encrypt or sign secure channel data
our network contains a DNS server that has a reverse lookup zone for all of your network segments. You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). An IP security policy is assigned to Server1.You verify IPSec traffic and see that the current security associations display only by IP address. You need to view the fully qualified domain names for all security associations.
What should you do?()
A.From the DNS console, add Server1 as a name server.
B.From the DNS console, change dynamic updates to Secure only.
C.From IP Security Monitor on Server1, enable DNS name resolution.
D.From IP Security Monitor on Server1, create a new taskpad view.
A.Kerbtray
B.Sc /query kdc
C.Netdiag /test:Kerberos
D.Nltest /sc_query:Contoso.com
A.Install a Web server certificate on Server2.
B.Configure the Web site to require a secure channel.
C.Configure the Web site to redirect all requests to https://Server2.
D.Configure the Web site to require integrated Windows authentication.
our network consists of an internal network and a perimeter network. On the internal network there is a server named Server1. On the perimeter network there is a server named Server2. All servers run Windows Server 2003 Service Pack 2 (SP2).You schedule a task to transfers files from Server1 to Server2 by using FTP.You monitor the network traffic from Server1 to Server2 and notice that the user name and password used for the FTP transfer are sent as plain text.
You need to ensure that all FTP traffic between Server1 and Server2 is encrypted.
What should you do?()
A.Implement IPSec.
B.Install a server certificate on Server1.
C.Install a server certificate on Server2.
D.Use the Encrypting File System on Server1.
最新试题
你是一活动目录域的管理员。所有的服务器运行Windows Server 2003。所有的客户端计算机都是域中成员,运行Windows XP Professional。域中包含唯一的DNS服务器Server1。Server上的根提示功能开启。公司对Internet的访问由服务器Server2提供的网络地址转换功能(NAT)实现。Server2通过ISP和互联网永久连接。用户报告说不能访问http://www.adatum.com..但是可以访问其他的外网站点和内网络的资源。你可以从公司网络之外的计算机上访问http://www.adatum.com.站点。 你需要确保这些用户能够访问http://www.adatum.com.站点。同时要确保这些用户能够继续访问内网资源。下列哪两种操作你将采用?()
你是公司网络管理员。公司网络是一个单活动目录域。域中有一个组织单元(OU)Webservers。在Webservers中包含12台作为内网Web Server的Windows Server 2003计算机的账号。组策略对象(GPO)WebserversPolicy链接到了组织单元Webservers。该GPO被用来配置OU中计算机的各种设置。在每个内网Web Server的管理员本地组中有一个名为WebserverAdmins的全局组成员。你计划在每个内网Webserver上安装一个安全扫描应用程序。该应用程序文档规定它必须使用一个服务账号,以此能够对安装了该应用程序的计算机的注册表的HKEY_LOCAL_MACHINE\SYSTEM键值进行修改。 你在域中创建了这个服务账号。公司的安全策略规定:安全账号只能分配得到完成功能的最低限度权利和许可。你需要配置内网的Web servers以便该安全扫描应用程序能够被安装接受。你同时也要遵从公司的安全策略。你要用最低的管理花销实现这个目的。你该怎么做?()
你是Fabrikam.Inc公司网络管理员。网络是一单活动目录域环境,域名fabrikam.com。一台Windows server 2003服务器Server1为域中提供DNS服务器功能。WingTip Yoys是Fabrikam公司的一个分部。WingTip Toys中有一单活动目录域环境,域名Wingtipyoys.com。Server1是的Wingtipyoys.com的辅助区域服务器。你监视着两个域间的通知通信。当Wingtipyoys.com的主要区域服务器上有可用变化并通知Server1服务器数据同步时,你要将之记录下来。你该怎么操做?()
你是公司网络管理员。网络是一单活动目录域环境。域中有35台Windows server 2003,3000台Windows XP Pro,2200台Windows 2000 Pro。公司的安全策略规定域中所有的计算机必须检查检修,符合以下要求: 检查是否所有的可用安全升级都被安装;检查是否共享目录都可用;在每个硬盘上记录文件系统类型,你需要提供每台计算机的安全评估分析,并核实满足制定的安全策略要求。你该如何操作?()
你是公司网络管理员。网络是一个单活动目录域环境。所有的服务器运行Windows Server 2003系统。所有的客户端运行打了SP4补丁的Windows 2000 Professional或Windows XP Professional。你在Server2上安装WSUS服务。你创建了一个组策略对象配置所有的客户机从Server2上获取软件升级。一周后,你在所有的客户机上运行Microsoft baseline security Analyzer(MBSA,微软基准安全分析)以找出是否所有的升级都被执行应用。你发现所有的Windows 2000 Professional客户机都顺利获取利了升级,但是所有的Windows XP Professional客户机则不然。你检查验证了指派在所有Windows XP Professional客户机上的GPO设置。你要确保所有Windows XP Professional客户机都从Server2处获取升级。你该如何操作?()
你是活动目录域的管理员。网络中包含一台名为Server1的域控制器。用户报告当他们登陆到Server1上时出现断断续续的延迟。管理报告说在Server1和其他的域控制器间的复制操作偶尔出现延迟。你需要检察出到Server1的网络连接间歇性延迟的原因。你同时要查出问题原因是否和Server1上的硬件资源不足有关。你需要花一天以上的时间来检查追踪延迟的原因。你该如何操作?()
你是Alpine Ski House的网络管理员。网络是一个单活动目录环境,域名为alpineskihouse.com 。你们公司兼并了一家名为Adventure Works的公司。Adventure Works公司的网络是一个单活动目录域环境,域名为Adventure-works.com。在Adventure-works.com域中有一台名为Server32的网络应用程序管理服务器。Server32可以访问所有的客户端计算机以提供自动的软件升级和硬件清点服务。在Server32上的网络管理软件使用不合格的主机名定位其他的桌面计算机,主机名由一台DNS服务器解析到clientname.adventure-works.com。Server32的IP地址是10.10.10.90。你逐渐地将所有adventure-works.com域中的桌面客户端计算机移植到clientname.alpineskihouse.com域中。你不能访问adventure-works.com 的DNS服务器。当Server32试图对客户机进行升级时,网络管理软件返回了大量警报显示没有发现桌面客户机。你要用最小的网络花销,使得Server32上的网络管理软件可以解析adventure-works.com和alpineskihouse.com中的不合格主机名。你该如何操作?()
你是A.Datum公司的网络管理员。网络是一个单活动目录域环境,域名adatum.net。Adatum.com域名下的所有Web服务,电子邮件服务都外包给了一家ISP。所有对adatum.com的名称解析都由ISP提供。你无权管理ISP处的DNS服务器。你不可以在ISP的DNS服务器上使用nslookup命令列出阿datum .com的资源内容。一台Windows Server 2003计算机Server1上配置了adatum .net的一个主要区域。Server1上的所有根提示已被删除了。所有客户端计算机都向这台计算机提交名称解析。你要配置该服务器的DNS解析以保证所有的客户端计算机都能定位并访问adatum.com,adatum.net及互联网的资源。你该如何操作?()
你是公司网络管理员。网络是一个单活动目录域环境。所有的服务器运行Windows Server 2003。所有的客户端运行Windows XP Professional。有一新的低优先级别升级包Q318138从网络中的WSUS服务器上同步发行。你决定不测试升级包直接批准通过。在该升级包应用在客户机上后,用户反应不能运行一个统计账目程序。 你需要从所有客户端计算机上删除该升级包,直到它被测试通过。你该如何操作?()
你是公司网络管理员。网络中有一台Windows server 2003服务器Server1。三个管理员都是Server1的管理员本地组的成员。另外12个管理员是域管理组成员。域管理组也是Server1上的管理员本地组成员。有人未经授权修改了Server1的HKEY_LOCAL_MACHINE\SYSTEM键值。这导致了计算机当机。你要修复这问题。你需要记录下所有对Server1的注册表中HKEY_LOCAL_MACHINE\SYSTEM键值的访问尝试。你决定在Server1的本地安全策略中启用审核功能。你将采取哪两个操作步骤?()