Your company has a main office and one branch office. All servers run Windows Server 2003 Service Pack 2 (SP2).The main office has a third-party gateway device named Gateway1. Gateway1 is connected to the internal network and the Internet. Gateway1 supports IPSec. In the branch office, you have a server named Server1. You create an IPSec policy on Server1.You need to ensure that Server1 can establish an IPSec tunnel to Gateway1.
What should you use to configure the IPSec policy?()
A.an IP filter that allows only Internet Control Message Protocol (ICMP) traffic
B.an IP filter that allows only TCP traffic on port 1701
C.a pre-shared key for authentication
D.Kerberos authentication
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has a main office and one branch office. Your network consists of an Active Directory domain.You have a remote access server in the main office named Server1. You have a remote access server inthe branch office named Server2.Server2 has a demand-dial interface that connects to Server1. The demand-dial interface connects by using a domain account named Ras1.You need to prevent Server2 from establishing new demand-dial connections to the main office between 18:00 and 08:00.
What should you do?()
A.Modify the dial-in properties of the Ras1 account.
B.Modify the dial-out hours on the demand-dial interface.
C.Modify the IP demand-dial filters on the demand-dial interface.
D.Enable Bandwidth Allocation Protocol (BAP) on Server2.
Your company consists of a single Active Directory domain that is configured in Windows 2000 native mode. All servers run Windows Server 2003 Service Pack 2 (SP2). You deploy a Routing and Remote Access server to provide VPN access to the network.You need to ensure that only members of a group named Sales can access the network through the VPN. The solution must minimize the administrative effort required to manage remote access.
What should you do?()
A.Allow dial-in access for the user accounts of all Sales group members.
B.Deny dial-in access for the user accounts of all users except the Sales group members.
C.Create a remote access policy and assign the Allow - Remote Access permission. Add the Windows-Groups condition and specify the Sales group.
D.Create a remote access policy and assign the Deny - Remote Access permission. Add the Windows-Groups condition and specify all Active Directory groups except for Sales.
A.From the Internet Authentication Service snap-in on Server2, create a new RADIUS client.
B.From the Internet Authentication Service snap-in on Server2, create a new remote access policy.
C.From the Routing and Remote Access snap-in, configure Server1 to use RADIUS accounting.
D.From the Routing and Remote Access snap-in, configure Server1 to use RADIUS authentication.
A.From the local computer policy on Server1, modify the Account Policies settings.
B.From Active Directory Users and Computers, modify the Security settings of Group1.
C.From the Routing and Remote Access snap-in, create a new remote access policy.
D.From the Routing and Remote Access snap-in, open the properties of Server1 and modify the security options.
A.Configure the port properties.
B.Create and configure a new demand-dial interface.
C.From the server’s properties, modify the security options.
D.From the Connections to Microsoft Routing and Remote Access Server policy, add a new condition.
A.On Server1, assign the Client (Respond only) IPSec policy.
B.On Server2, assign the Server (Request Security) IPSec Policy.
C.On Server1 and Server2, modify the authentication settings in the Secure Server (Require security) IPSec Policy.
D.On Server1 and Server2, enable Master Key perfect forward secrecy (PFS) in the Secure Server (Require security) IPSec Policy.
our network contains a Web server named Server1 that runs Windows Server 2003 and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed.External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: “There is a problem with this Web site’s security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority.”
You find that users on the corporate network do not receive this error.You need to ensure that external users do not receive the warning message when connecting to Server1.
What should you do?()
A.In IIS Manager, enable the Enable client certificate mapping option.
B.In IIS Manager, replace the certificate with a certificate obtained from a public Certification Authority.
C.In Local Security Policy, enable Domain Member: Require strong (Windows 2000 or later) session key.
D.In Local Security Policy, enable Domain Member: Digitally encrypt or sign secure channel data
our network contains a DNS server that has a reverse lookup zone for all of your network segments. You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). An IP security policy is assigned to Server1.You verify IPSec traffic and see that the current security associations display only by IP address. You need to view the fully qualified domain names for all security associations.
What should you do?()
A.From the DNS console, add Server1 as a name server.
B.From the DNS console, change dynamic updates to Secure only.
C.From IP Security Monitor on Server1, enable DNS name resolution.
D.From IP Security Monitor on Server1, create a new taskpad view.
A.Kerbtray
B.Sc /query kdc
C.Netdiag /test:Kerberos
D.Nltest /sc_query:Contoso.com
A.Install a Web server certificate on Server2.
B.Configure the Web site to require a secure channel.
C.Configure the Web site to redirect all requests to https://Server2.
D.Configure the Web site to require integrated Windows authentication.
最新试题
你是公司网络管理员。公司网络是一个单活动目录域。域中有一个组织单元(OU)Webservers。在Webservers中包含12台作为内网Web Server的Windows Server 2003计算机的账号。组策略对象(GPO)WebserversPolicy链接到了组织单元Webservers。该GPO被用来配置OU中计算机的各种设置。在每个内网Web Server的管理员本地组中有一个名为WebserverAdmins的全局组成员。你计划在每个内网Webserver上安装一个安全扫描应用程序。该应用程序文档规定它必须使用一个服务账号,以此能够对安装了该应用程序的计算机的注册表的HKEY_LOCAL_MACHINE\SYSTEM键值进行修改。 你在域中创建了这个服务账号。公司的安全策略规定:安全账号只能分配得到完成功能的最低限度权利和许可。你需要配置内网的Web servers以便该安全扫描应用程序能够被安装接受。你同时也要遵从公司的安全策略。你要用最低的管理花销实现这个目的。你该怎么做?()
你是一活动目录域的管理员。所有的服务器运行Windows Server 2003。你将一台Server3配置为域中的DNS服务器。公司最近使用了新的ISP。自从ISP变更后,用户反应不能使用完全合格域名(FQDN)访问外网站点。 你手动配置了一台计算机,使用新的ISP提供的DNS服务器IP地址进行测试。测试计算机能够使用FQDN访问外网站点。你需要确保网络用户能够使用FQDN访问外网站点,同时用户对内网资源的访问不被中断。有哪两种可行的方法可以实现这目的?()
你是一活动目录域的管理员。所有的服务器运行Windows Server 2003。所有的客户端计算机都是域中成员,运行Windows XP Professional。域中包含唯一的DNS服务器Server1。Server上的根提示功能开启。公司对Internet的访问由服务器Server2提供的网络地址转换功能(NAT)实现。Server2通过ISP和互联网永久连接。用户报告说不能访问http://www.adatum.com..但是可以访问其他的外网站点和内网络的资源。你可以从公司网络之外的计算机上访问http://www.adatum.com.站点。 你需要确保这些用户能够访问http://www.adatum.com.站点。同时要确保这些用户能够继续访问内网资源。下列哪两种操作你将采用?()
你是公司网络管理员。所有的服务器运行Windows Server 2003。所有的客户端运行Windows XP Professional。你在Server1上安装了WSUS服务。安装必须符合以下要求: Server1上的磁盘空间使用量要最小。所有的升级包在部署到客户端计算机上前必须先测试。你安装校验栏清除了自动批准升级项。打开WSUS控制台。你要按要求完成安装。将采取哪两项操作?()
你是公司的网络管理员。有一台Windows Server 2003服务器Server1出现连接故障。你使用了系统监视器和网络监视器来监视Server1。在监视过程中,你发现Server1的可用物理内存仅剩4MB,并且CPU的平均利用率达95%。在调查中,你还发现发给Server1的部分数据包并未被捕捉监视到。你需要确保在Server1的监视操作对Server1的影响最低且所有发送的数据包都要被截获。你该如何操作?()
你是Fabrikam.Inc公司网络管理员。网络是一单活动目录域环境,域名fabrikam.com。一台Windows server 2003服务器Server1是域中唯一的DNS服务器。Server1上并未运行其他区域。用户报告在fabrikam.com中的计算机连接通信异常缓慢。你要找出DNS客户机和Server1的通信导致了此问题。你该如何操作?()
你是Humongous Insurance公司网络管理员。网络是一单活动目录域环境,域名humongous.com。域中有Windows server 2003 和Windows XP Pro计算机。你配置了几个组策略对象(GPOs)使用IPSec来加强那些特定计算机间的可靠通信安全。在Server2上运行着Telnet服务(远程登录)。一个GPO使用IPSec策略来确保对所有到Server2上的Telnet通信加密。但是,你监视网络通信发现这些Telnet连接并未被加密。 你要察看由GPO规定并应用在Server2上的所有IPSec设置。你将使用哪个工具()?
你是公司网络管理员。网络中有一台Windows server 2003 Web服务器WebServer1。WebServer1通过专线和互联网连接。你负责监视WebServer1的宽带利用率。你在WebServer1上运行系统监视器监视记录Network Interface object上的Byte Total/sec(总字节数/秒)计数。数据包采样率计数器为每15秒一次。日志记录每天保存一次。已经没有足够的磁盘空间存储日益变大的系统监视器日志记录。你需要重新配置监视器的日志记录设置,以减少捕获数据量。你该如何操作?()
你是公司网络管理员。公司在Seattle(西雅图)和Chicago(芝加哥)都有办公室。网络是一个单活动目录森林环境。所有的服务器运行Windows Server 2003。所有的客户端运行打过补丁的Windows XPProfessional。在Seattle的办公室的Server1上安装了WSUS服务。Server1被配置为在本地存储升级数据包。你要再Chicago的办公室安装一台WSUS服务器Server2。安装操作必须符合以下要求: 在Chicago的客户机必须自动地获得和Seattle的客户机一样的升级包。 在Chicago的客户机必须从Server2上获得升级 你该如何操作?()
你是一台Windows Server 2003 服务器Server1的管理员。Server1是位于公司内部网络的FTP服务器。管理员报告说连接到Server1的FTP通信量增加。你需要配置Server1以实现以下目的:识别所有正在和Server1进行FTP传输的计算机的MAC地址。准确查找出已被执行的FTP命令。 确保不会中断Server1上的操作。你该如何操作?()