多选题You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. All confidential company files are stored on a file server named TestKing1. The written company security states that all confidential data must be stored and transmitted in a secure manner. To comply with the security policy, you enable Encrypting File System (EFS) on the confidential files. You also add EFS certificates to the data decryption field (DDF) of the confidential files for the users who need to access them. While performing network monitoring, you notice that the confidential files that are stored on TestKing1 are being transmitted over the network without encryption. You must ensure that encryption is always used when the confidential files on TestKing1 are stored and transmitted over the network. What are two possible ways to accomplish this goal? ()(Each correct answer presents a complete solution. Choose two)AEnable offline files for the confidential files that are stored on TestKing1, and select the Encrypt offline files to secure data check box on the client computers of the users who need to access the files.BUse IPSec encryption between TestKing1 and the client computers of the users who need to access the confidential files.CUse Server Message Block (SMB) signing between TestKing1 and the client computers of the users who need to access the confidential files.DDisable all LM and NTLM authentication methods on TestKing1.EUse IIS to publish the confidential files. Enable SSL on the IIS server. Open the files as a Web folder.
多选题
You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. All confidential company files are stored on a file server named TestKing1. The written company security states that all confidential data must be stored and transmitted in a secure manner. To comply with the security policy, you enable Encrypting File System (EFS) on the confidential files. You also add EFS certificates to the data decryption field (DDF) of the confidential files for the users who need to access them. While performing network monitoring, you notice that the confidential files that are stored on TestKing1 are being transmitted over the network without encryption. You must ensure that encryption is always used when the confidential files on TestKing1 are stored and transmitted over the network. What are two possible ways to accomplish this goal? ()(Each correct answer presents a complete solution. Choose two)
A
Enable offline files for the confidential files that are stored on TestKing1, and select the Encrypt offline files to secure data check box on the client computers of the users who need to access the files.
B
Use IPSec encryption between TestKing1 and the client computers of the users who need to access the confidential files.
C
Use Server Message Block (SMB) signing between TestKing1 and the client computers of the users who need to access the confidential files.
D
Disable all LM and NTLM authentication methods on TestKing1.
E
Use IIS to publish the confidential files. Enable SSL on the IIS server. Open the files as a Web folder.
参考解析
解析:
暂无解析
相关考题:
You are the network administrator for The network consists of a single Active Directory domain named The domain contains 352,000 Windows 2000 Professional computers. You install and configure Software Update Services (SUS) on a server named TestKing3. You need to scan all computers in the domain to find out whether they have received all approved updates that are located on the SUS server. What should you do?()A、On a server, install and run the mbsacli.exe command with the appropriate configuration switches.B、On a server that runs IIS, install and configure urlscan.exe.C、Edit and configure the Default Domain Policy to enable the Configure Automatic Updates policy.D、From a command prompt on TestKing3, run the netsh.exe command to scan all computers in the domain.
You are the network administrator for . The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003, and all client computers run Windows XP Professional. TestKing acquires a subsidiary. You receive a comma delimited file that contains the names of all user accounts at the subsidiary. You need to import these accounts into your domain. Which command should you use?()A、ldifdeB、csvdeC、ntdsutil with the authoritative restore optionD、dsadd user
You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. All confidential company files are stored on a file server named TestKing1. The written company security states that all confidential data must be stored and transmitted in a secure manner. To comply with the security policy, you enable Encrypting File System (EFS) on the confidential files. You also add EFS certificates to the data decryption field (DDF) of the confidential files for the users who need to access them. While performing network monitoring, you notice that the confidential files that are stored on TestKing1 are being transmitted over the network without encryption. You must ensure that encryption is always used when the confidential files on TestKing1 are stored and transmitted over the network. What are two possible ways to accomplish this goal?() (Each correct answer presents a complete solution. Choose two)A、Enable offline files for the confidential files that are stored on TestKing1, and select the Encrypt offline files to secure data check box on the client computers of the users who need to access the files.B、Use IPSec encryption between TestKing1 and the client computers of the users who need to access the confidential files.C、Use Server Message Block (SMB) signing between TestKing1 and the client computers of the users who need to access the confidential files.D、Disable all LM and NTLM authentication methods on TestKing1.E、Use IIS to publish the confidential files. Enable SSL on the IIS server. Open the files as a Web folder.
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers. Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO) is configured.You need to confirm whether all computers in the domain have received all approved updates from Server1. What should you do on Server1?()A、Install and configure Urlscan.exe.B、At the command prompt, type gpresult /scope COMPUTER.C、Open the WSUS console. Run the Status of Computers report.D、Open the WSUS console. Run the Synchronization Results report.
You are the network administrator for Humongous Insurance. The network consists of a single Active Directory domain named humongous.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers. You configure several Group Policy objects (GPOs) to enforce the use of IPSec for certain types of communication between specified computers. A server named Server2 runs the Telnet service. A GPO is supposed to ensure that all Telnet connections to Server2 are encrypted by using IPSec. However, when you monitor network traffic, you notice that Telnet connections are not being encrypted.You need to view all of the IPSec settings that are applied to Server2 by GPOs. Which tool should you use?()A、the IP Security Policy Management consoleB、the IP Security Monitor consoleC、the Resultant Set of Policy consoleD、Microsoft Baseline Security Analyzer (MBSA)
You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers. According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network. You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network. What should you do? ()A、 On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic.B、 Replace all Windows 98 computers with new Windows XP Professional computers.C、 Install the Active Directory Client Extensions software on the Windows 98 computers.D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.
You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. All confidential company files are stored on a file server named TestKing1. The written company security states that all confidential data must be stored and transmitted in a secure manner. To comply with the security policy, you enable Encrypting File System (EFS) on the confidential files. You also add EFS certificates to the data decryption field (DDF) of the confidential files for the users who need to access them. While performing network monitoring, you notice that the confidential files that are stored on TestKing1 are being transmitted over the network without encryption. You must ensure that encryption is always used when the confidential files on TestKing1 are stored and transmitted over the network. What are two possible ways to accomplish this goal? ()(Each correct answer presents a complete solution. Choose two)A、Enable offline files for the confidential files that are stored on TestKing1, and select the Encrypt offline files to secure data check box on the client computers of the users who need to access the files.B、Use IPSec encryption between TestKing1 and the client computers of the users who need to access the confidential files.C、Use Server Message Block (SMB) signing between TestKing1 and the client computers of the users who need to access the confidential files.D、Disable all LM and NTLM authentication methods on TestKing1.E、Use IIS to publish the confidential files. Enable SSL on the IIS server. Open the files as a Web folder.
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,200 Windows 2000 Professional computers. The written company security policy states that all computers in the domain must be examined, with the following goals: (1)to find out whether all available security updates are present (2)to find out whether shared folders are present to record the file system type on each hard disk You need to provide this security assessment of every computer and verify that the requirementsof the written security policy are met. What should you do?()A、Open the Default Domain Policy and enable the Configure Automatic Updates policy.B、Open the Default Domain Policy and enable the Audit object access policy, the Audit account management policy, and the Audit system events policy.C、On a server, install and run mbsacli.exe with the appropriate configuration switches.D、On a server, install and run HFNetChk.exe with the appropriate configuration switches.
You are the network administrator for . The network consists of a single Active Directory domain named All network servers run Windows Server 2003. All client computers run Windows XP Professional. Multiple users share the same client computer. A server named TestKing2 functions as a file and print server. You set the profile path for all user accounts to //TestKing2/Profiles/username. Some domain users were added to the local Administrators group on the Windows XP Professional computers. A user reports that other users can log on to client computers that he has previously used and gain access to files stored in his My Documents folder on the local hard disk. You need to permanently prevent users from being able to access the My Documents folder of other domain users on the client computers. What should you do?()A、In Active Directory, modify the Default Domain Policy. Disable the Do not check for user ownership of Roaming Profile Folders setting.B、In Active Directory, modify the Default Domain Policy. Enable the Delete cached copies of roaming profiles setting.C、Log on to all client computers and delete all user profiles from the local hard disks.D、Log on to all client computers and configure the Number of previous logons to cache setting to 0.
You are the desktop administrator for one of your company's branch offices. The network in the branch office consists of a single network segment, which contains a domain controller, a DHCP server, 10 Windows 2000 Server computers, and 50 Windows 2000 Professional computers. All servers and client computers are members of the company's Active Directory domain. You purchase 50 new client computers for the branch office. Each new client computer contains a built-in PXE-compliant network adapter. You install and configure RIS on one of the Windows 2000 Server computers that is on the network in the branch office. You create a Windows XP Professional RIS image on the Windows 2000 Server computer. You connect the new client computers to the network in the office, and you turn on each computer. Each computer displays a message stating that it cannot contact a PXE boot server. You verify that the RIS server is connected to the network. You need to ensure that the new client computers can connect to the RIS server and can begin installing Windows XP Professional. What should you do?()A、Ask a domain administrator to authorize the RIS server. B、Grant the Everyone group Allow - Read NTFS permission on the RIS image.C、Install RIS on the domain controller. Copy the RIS image to the domain controller.D、Add a reservation for the RIS server to the DHCP server.
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains Windows Server 2003 computers and Windows XP Professional computers. You configure a server named Server1 to be a file server. The written company security policy states that you must analyze network traffic that is sent to and from all file servers.You need to capture file-transfer network traffic that is being sent to and from Server1. You install Network Monitor Tools from a Windows Server 2003 product CD-ROM on a server named Server2, which is on the same network segment as Server1.You run Network Monitor on Server2. However, Network Monitor captures only network traffic that is sent to and from Server2. You need to capture all network traffic that is sent to and from Server1. What should you do?()A、Install the Network Monitor driver on Server1. Run Network Monitor on Server2 to capture network traffic.B、Open Network Monitor on Server2 and create a capture filter to enable the capture of all protocols. Run Network Monitor to capture network traffic.C、Install Network Monitor Tools on Server1. Run Network Monitor to capture network traffic.D、Open Network Monitor on Server2 and increase the capture buffer from 1 MB to 20 MB in size. Run Network Monitor to capture network traffic.
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers.Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO)is configured.You need to confirm whether all computers in the domain have received all approved updates from Server1. What should you do on Server1?()A、Install and configure Urlscan.exe.B、At the command prompt, type gpresult /scope COMPUTER.C、Open the WSUS console. Run the Status of Computers report.D、Open the WSUS console. Run the Synchronization Results report.
You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains three Windows Server 2003 domain controllers, 20 Windows Server 2003 member servers, and 750 Windows XP Professional computers. The domain is configured to use only Kerberos authentication for all server connections.A user reports that she receives an "Access denied" error message when she attempts to connect to one of the member servers. You want to test the functionality of Kerberos authentication on the user’s client computer. Which command should you run from the command prompt on the user’s computer?()A、netshB、netdiagC、ktpassD、ksetup
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers.Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO) is configured.You need to confirm whether all computers in the domain have received all approved updates fromServer1. What should you do on Server1?()A、Install and configure Urlscan.exe.B、At the command prompt, type gpresult /scope COMPUTER.C、Open the WSUS console. Run the Status of Computers report.D、Open the WSUS console. Run the Synchronization Results report.
You are a security administrator for your company. The network consists of three Active Directory domains. All Active Directory domains are running at a Windows Server 2003 mode functionality level. Employees in the editorial department of your company need access to resources on file servers that are in each of the Active Directory domains. Each Active Directory domain in the company contains at least one editorial department employee user account. You need to create a single group named Company Editors that contains all editorial department employee user accounts and that has access to the resources on file server computers. What should you do?()A、 Create a global distribution group in the forest root domain and name it Company Editors.B、 Create a global security group in the forest root domain and name it Company Editors.C、 Create a universal distribution group in the forest root domain and name it Company Editors. D、 Create a universal security group in the forest root domain and name it Company Editors.
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Windows Server Update Services (WSUS) on a computer named Server2. You create a Group Policy object (GPO) that configures all client computers to receive software updates from Server2. One week later, you run Microsoft Baseline Security Analyzer (MBSA) on all client computers to find out whether all updates are being applied. You discover that all of the Windows 2000 Professional client computers receive updates, but the Windows XP Professional client computers do not receive updates. You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from Server2. What should you do?()A、Make all users of Windows XP Professional client computers members of the Administrators local group.B、On all Windows XP Professional client computers, install the latest service pack.C、On all Windows XP Professional client computers, use the gpupdate /force command.D、On all Windows XP Professional client computers, delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.
You are the network administrator for . Your network consists of a single Active Directory domain named . All network servers run Windows Server 2003, and all client computers run Windows XP Professional. You install a new file and print server named File1. You configure standard company policies and other local options. You use third-party software to create and save an image of the server. Then you join File1 to the domain. Six weeks later, you reapply the saved image to File1 and restart the server. You try to log on to the domain by using domain credentials. However, you are unsuccessful. You need to log on to File1 and re-establish its domain membership. Your solution must require the minimum amount of administrative effort. Which two actions should you perform? ()(Each correct answer presents part of the solution. Choose two)A、Reset the computer account for File1 in Active Directory Users and Computers.B、Reset the password for Administrator account by logging on locally to File1 as a member of the local Power Users group.C、Reinstall and reconfigure File1.D、Join File1 to the domain.E、Remove File1 from the domain.
You are the network administrator for Humongous Insurance. The network consists of a single Active Directory domain named humongous.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers.You configure several Group Policy objects (GPOs) to enforce the use of IPSec for certain types of communication between specified computers. A server named Server2 runs the Telnet service. A GPO is supposed to ensure that all Telnet connections to Server2 are encrypted by using IPSec. However, when you monitor network traffic, you notice that Telnet connections are not being encrypted.You need to view all of the IPSec settings that are applied to Server2 by GPOs. Which tool should you use?()A、the IP Security Policy Management consoleB、the IP Security Monitor consoleC、the Resultant Set of Policy consoleD、Microsoft Baseline Security Analyzer (MBSA)
You are a security administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. All servers run Windows Server 2003. All computers on the network are members of the domain. Traffic on the network is encrypted by IPSec. The domain contains a custom IPSec policy named Lan Security that applies to all computers in the domain. The Lan Security policy does not allow unsecured communication with non-lPSec-aware computers. The company’s written security policy states that the configuration of the domain and the configuration of the Lan Security policy must not be changed. The domain contains a multihomed server named Server1. Server1 isconnected to the company network, and Server1 is also connected to a test network. Currently, the Lan Security IPSec policy applies to network traffic on both network adapters in Server1. You need to configure Server1 so that it communicates on the test network without IPSec security. Server1 must still use the Lan Security policy when it communicates on the company network. How should you configure Server1?()A、 Configure a packet filter for the network adapter on the test network to block the Internet Key Exchange (IKE) port.B、 Configure the network adapter on the test network to disable IEEE 802.1x authentication.C、 Configure the network adapter on the test network to enable TCP/IP filtering, and then permit all traffic.D、 Use the netsh command to assign a persistent IPSec policy that permits all traffic on the network adapter on the test.E、 Assign an IPSec policy in the local computer policy that permits all traffic on the network adapter on the test.
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows 2000 Professional. You manage a Windows Server 2003 computer named Server1 that is a domain member server. You use IIS on Server1 to host an Internet Web site. Approximately 4,000 employees of your company connect over the lnternet to access company confidential data on Server1. You control access to data on Server1 by using NTFS file permissions assigned to groups. Different groups are assigned access to different files. Employees must have access only to files that they are assigned access to based on their membership in a group. You enable SSL on Server1 to protect confidential data while it is in transit. You issue each employee an Authenticated Session certificate and store a copy of that certificate with their user account in the Active Directory domain. You need to ensure that Server1 authenticates users based on possession of their certificate. What should you do?()A、 Request a Web server certificate from a commercial certification authority (CA).B、 Configure access restrictions based on employee ip address.C、 Enable Digest authentication for Windows domain servers.D、 Configure client certificate mapping.
You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers. According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network. You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network. What should you do? ()A、 On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic. B、 Replace all Windows 98 computers with new Windows XP Professional computers. C、 Install the Active Directory Client Extensions software on the Windows 98 computers. D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.
多选题You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install and configure a single server to run Windows Server Update Services (WSUS). You configure the appropriate Group Policy settings to specify separate WSUS target groups for client and server computers. You need to ensure that computers automatically assign themselves to the correct computer group. What should you do?()AIn the WSUS console, configure Computer Options so that Use group policy or registry settings on computers is selected.BIn the WSUS console, configure Computer Options so that Use the Move Computers Task in Windows Server Update Services is selected.CIn the WSUS console, create the appropriate computer groups.DCreate organizational units (OUs) for each group.
多选题You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. All confidential company files are stored on a file server named TestKing1. The written company security states that all confidential data must be stored and transmitted in a secure manner. To comply with the security policy, you enable Encrypting File System (EFS) on the confidential files. You also add EFS certificates to the data decryption field (DDF) of the confidential files for the users who need to access them. While performing network monitoring, you notice that the confidential files that are stored on TestKing1 are being transmitted over the network without encryption. You must ensure that encryption is always used when the confidential files on TestKing1 are stored and transmitted over the network. What are two possible ways to accomplish this goal?() (Each correct answer presents a complete solution. Choose two)AEnable offline files for the confidential files that are stored on TestKing1, and select the Encrypt offline files to secure data check box on the client computers of the users who need to access the files.BUse IPSec encryption between TestKing1 and the client computers of the users who need to access the confidential files.CUse Server Message Block (SMB) signing between TestKing1 and the client computers of the users who need to access the confidential files.DDisable all LM and NTLM authentication methods on TestKing1.EUse IIS to publish the confidential files. Enable SSL on the IIS server. Open the files as a Web folder.
单选题You are the network administrator for The network consists of a sing Active Directory domain named All domain controllers run Windows Server 2003. All client computers run Windows XP Professional with default settings. Some users have portable computers, and the rest have desktop computers. You need to ensure that all users are authenticated by a domain controller whenthey log on. How should you modify the local security policy?()ARequire authentication by a domain controller to unlock the client computer.BCache zero interactive logons.CCache 50 interactive logons.DGrant the Log on locally user right to the Users group.
单选题You are the network administrator for The network consists of a single Active Directory domain named The domain contains 352,000 Windows 2000 Professional computers. You install and configure Software Update Services (SUS) on a server named TestKing3. You need to scan all computers in the domain to find out whether they have received all approved updates that are located on the SUS server. What should you do?()AOn a server, install and run the mbsacli.exe command with the appropriate configuration switches.BOn a server that runs IIS, install and configure urlscan.exe.CEdit and configure the Default Domain Policy to enable the Configure Automatic Updates policy.DFrom a command prompt on TestKing3, run the netsh.exe command to scan all computers in the domain.
多选题You are the network administrator for . Your network consists of a single Active Directory domain named . All network servers run Windows Server 2003, and all client computers run Windows XP Professional. You install a new file and print server named File1. You configure standard company policies and other local options. You use third-party software to create and save an image of the server. Then you join File1 to the domain. Six weeks later, you reapply the saved image to File1 and restart the server. You try to log on to the domain by using domain credentials. However, you are unsuccessful. You need to log on to File1 and re-establish its domain membership. Your solution must require the minimum amount of administrative effort. Which two actions should you perform? ()(Each correct answer presents part of the solution. Choose two)AReset the computer account for File1 in Active Directory Users and Computers.BReset the password for Administrator account by logging on locally to File1 as a member of the local Power Users group.CReinstall and reconfigure File1.DJoin File1 to the domain.ERemove File1 from the domain.
单选题You are a security administrator for your company. The network consists of three Active Directory domains. All Active Directory domains are running at a Windows Server 2003 mode functionality level. Employees in the editorial department of your company need access to resources on file servers that are in each of the Active Directory domains. Each Active Directory domain in the company contains at least one editorial department employee user account. You need to create a single group named Company Editors that contains all editorial department employee user accounts and that has access to the resources on file server computers. What should you do?()A Create a global distribution group in the forest root domain and name it Company Editors.B Create a global security group in the forest root domain and name it Company Editors.C Create a universal distribution group in the forest root domain and name it Company Editors. D Create a universal security group in the forest root domain and name it Company Editors.