多选题You need to design a security strategy for the DHCP servers in the Seattle office. Which two actions should you perform?()ADisable all unnecessary services on each DHCP serverBModify the discretionary access control lists (DACLs) in Active Directory so that only members of the Enterprise Admins security group can authorize additional DHCP serversCUse an IPSec policy that allows only the packets necessary for DHCP and domain membership for each DHCP serverDInstall a digital certificate for SSL on each DHCP server
多选题
You need to design a security strategy for the DHCP servers in the Seattle office. Which two actions should you perform?()
A
Disable all unnecessary services on each DHCP server
B
Modify the discretionary access control lists (DACLs) in Active Directory so that only members of the Enterprise Admins security group can authorize additional DHCP servers
C
Use an IPSec policy that allows only the packets necessary for DHCP and domain membership for each DHCP server
D
Install a digital certificate for SSL on each DHCP server
参考解析
解析:
暂无解析
相关考题:
You are designing a strategy to upgrade the DHCP servers after the new Active Directory structure is in place. Who can authorize the DHCP servers?()A、 Chief information officerB、 IT support staff in BostonC、 IT support staff in New YorkD、 Network administrator in ChicagoE、 Network administrator in New York
You need to design a method to standardize and deploy a baseline security configuration for servers. You solution must meet business requirements. What should you do?()A、Create a script that installs the Hisecdc.inf security templateB、Use a GPO to distribute and apply the Hisec.inf security templateC、Use the System Policy Editor to configure each server’s security settingsD、Use a GPO to distribute and apply a custom security template
You need to design a security strategy for VPN2. Your solution must meet business requirements. What should you do?()A、Create and configure a new security template. Import the template into the Default Domain Policy Group Policy object (GPO)B、Install Internet Authentication Service (IAS) on RAS1. Configure VPN2 to be the RADIUS client of RAS1. Configure the remote access policy on VPN2C、Create and configure a new security template. Import the template into the local policy on VPN2D、Move VPN2 into the VPN Servers OU. Configure the remote access policy on VPN2
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003. The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods, audit settings, and account policy settings. The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements, renaming the administrator account, and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings. You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized, and that after the deployment, the security settings on all application servers meet the design requirements. What should you do? ()A、 Apply the Setup security.inf template first, the Hisecws.inf template next, and then the Application.inf template.B、 Apply the Application.inf template and then the Hisecws.inf template.C、 Apply the Application.inf template first, the Setup security.inf template next, and then the Hisecws.inf template.D、 Apply the Setup security.inf template and then the Application.inf template.
You need to design an access control strategy for the marketing application. You solution must minimize impact on server and network performance. What should you do?()A、Require client computers to connect to the marketing application by using a VPN connectionB、Use IPSec to encrypt communications between the servers in the New York and Atlanta officesC、Require the high security setting on Terminal Services connections to the marketing applicationD、Configure all marketing application Web pages to require SSL
Your network consists of a single Active Directory site that includes two network segments. Thenetwork segments connect by using a router that is RFC 1542 compliant. You plan to use Windows Deployment Services (WDS) to deploy Windows Server 2008 R2 servers. All new servers support Pre-Boot Execution Environment (PXE). You need to design a deployment strategy to meet the following requirements: èSupport Windows Server?2008 R2 èDeploy the servers by using WDS in both network segments èMinimize the number of servers used to support WDS What should you include in your design?() A、Deploy one server. Install WDS and DHCP on the server. Configure the IP Helper tables on therouterbetween the network segments.B、Deploy two servers. Install WDS and DHCP on both servers. Place one server on each of the network segments. Configure both servers to support DHCP option 60.C、Deploy two servers. Install WDS and DHCP on both servers. Place one server on each of the network segments. Configure both servers to support DHCP option 252.D、Deploy two servers. Install WDS and DHCP on one server. Install DHCP on the other server. Place one server on each of the network segments. Configure both servers to support DHCP option60.
You are designing a DHCP strategy to meet the business and technical requirements. What should you do?()A、 Install one DHCP server in each branch office and one DHCP server in Los Angeles.B、 Install one DHCP server in each branch office and two DHCP servers in Los Angeles.C、 Install two DHCP servers in each branch office and one DHCP server in Los Angeles.D、 Install two DHCP servers in each branch office and two DHCP servers in Los Angeles.
You need to recommend a Group Policy strategy for the Remote Desktop servers. What should you include in the recommendation?()A、block inheritanceB、loopback processingC、security filteringD、WMI filtering
You need to design a method to log changes that are made to servers and domain controllers. You also need to track when administrators modify local security account manager objects on servers. What should you do?()A、Enable failure audit for privilege user and object access on all servers and domain controllersB、Enable success audit for policy change and account management on all servers and domain controllersC、Enable success audit for process tracking and logon events on all servers and domain controllersD、Enable failure audit for system events and directory service access on all servers and domain controllers
You need to design a security strategy for the DHCP servers in the Seattle office. Which two actions should you perform?()A、Disable all unnecessary services on each DHCP serverB、Modify the discretionary access control lists (DACLs) in Active Directory so that only members of the Enterprise Admins security group can authorize additional DHCP serversC、Use an IPSec policy that allows only the packets necessary for DHCP and domain membership for each DHCP serverD、Install a digital certificate for SSL on each DHCP server
Your company has four DNS servers that run Windows Server 2008. Each server has a static IP address. You need to prevent DHCP from assigning the addresses of the DNS servers to DHCP clients. What should you do? ()A、 Create a new scope for the DNS servers.B、 Create a reservation for the DHCP serverC、 Configure the 005 Name Servers scope optionD、 Configure an exclusion that contains the IP addresses of the four DNS servers
You need to design a remote administration solution for servers on the internal network. Your solution must meet business and security requirements. What should you do?()A、Permit administrators to use an HTTP interface to manage servers remotelyB、Permit only administrators to connect to the servers’ Telnet serviceC、Permit administrators to manage the servers by using Microsoft NetMeetingD、Require administrators to use Remote Desktop for Administration connections to manage the servers
You are designing a DHCP strategy for the new Active Directory environment.Which two groups have the necessary rights to authorize the DHCP servers?()A、IT staff in AtlantaB、IT staff in SeattleC、DHCP administrators in all officesD、DHCP administrators in Atlanta onlyE、Members of the Enterprise Admins group
You are the network administrator in the New York office of TestKing. The company network consists of a single Active Directory domain The New York office currently contains one Windows Server 2003 file server named TestKingA. All file servers in the New York office are in an organizational unit (OU) named New York Servers. You have been assigned the Allow - Change permission for a Group Policy object (GPO) named NYServersGPO, which is linked to the New York Servers OU. The written company security policy states that all new servers must be configured with specified predefined security settings when the servers join the domain. These settings differ slightly for the various company offices. You plan to install Windows Sever 2003, on 15 new computers, which all functions as file servers. You will need to configure the specified security settings on the new file servers. TestKingA currently has the specified security settings configured in its local security policy. You need to ensure that the security configuration of the new file servers is identical to that of TestKingA. You export a copy of TestKingA's local security policy settings to a template file. You need to configure the security settings of the new servers, and you want to use the minimum amount of administrative effort. What should you do?()A、Use the Security Configuration and Analysis tool on one of the new servers to import the template file.B、Use the default Domain Security Policy console on one of the new servers to import the template file.C、Use the Group Policy Editor console to open NYServersGPO and import the template file.D、Use the default Local Security Policy console on one of the new servers to import the template file.
You need to recommend a security strategy for WebApp2 that meets the company’s applicaton requirements.What should you include in the recommendation?()A、Basic authentication and connection security rulesB、Basic authentication and SSLC、Digest authentication and connection security rulesD、Digest authentication and SSL
You need to design a strategy to ensure that all servers are in compliance with the business requirements for maintaining security patches. What should you do?()A、Log on to a domain controller and run the Resultant Set of Policy wizard in planning mode on the domainB、Log on to each server and run Security Configuration and Analysis to analyze the security settings by using a custom security templateC、Create a logon script to run the secedit command to analyze all servers in the domainD、Run the Microsoft Baseline Security Analyzer (MBSA) on a server to scan for Windows vulnerabilities on all servers in the domain
单选题You need to design a security strategy for a remote e-mail access. What should you do?()ARequire remote users to access e-mails by using Outlook Mobile AccessBRequire Outlook Web Access users to install the secure MIME ActiveX-Control and to encrypt all messagesCOn Outlook Web Access servers that accept connections from the Internet configure IIS to require SSL for all connectionsDOn Outlook Web Access servers that accept connections from the Internet configure IIS to require Integrated Windows Authentication
单选题The company is evaluating using a new Active Directory domain to contain all customer user accounts. You need to design a monitoring or logging strategy that meets business and security requirements for the new Web-based ordering application. Your solution must minimize overhead on existing domain controllers and servers. What should you do?()AEnable logon auditing in both the new and the existing domainsBEnable logon auditing only in the existing domainCEnable logon auditing only in the new domainDEnable logon auditing on only the Web server
单选题You need to design a method to deploy security configuration settings to servers. What should you do?()ARun the Resultant Set of Policy wizard with a Windows Management Instrumentation (WMI) filter on each department’s Server OUBLog on to each server and use local policy to configure and manage the security settingsCCreate a customer security template. Log on to a domain controller and run the seceditcommand to import the security templateDCreate a customer security template. Create a GPO and import the security template. Link the GPO to each department’s Server OU
多选题You need to design a strategy to increase security for the client computers in the finance department. Which two actions should you perform?()AEnable automatic certificate enrollmentBEnforce smart card logonsCEnable Encrypting File System (EFS) for offline filesDEnable a screen saver password
单选题You need to recommend a Group Policy strategy for the Remote Desktop servers. What should you include in the recommendation?()Ablock inheritanceBloopback processingCsecurity filteringDWMI filtering
单选题You are designing a strategy to upgrade the DHCP servers after the new Active Directory structure is in place. Who can authorize the DHCP servers?()A Chief information officerB IT support staff in BostonC IT support staff in New YorkD Network administrator in ChicagoE Network administrator in New York
单选题Your company has four DNS servers that run Windows Server 2008. Each server has a static IP address. You need to prevent DHCP from assigning the addresses of the DNS servers to DHCP clients. What should you do? ()A Create a new scope for the DNS servers.B Create a reservation for the DHCP serverC Configure the 005 Name Servers scope optionD Configure an exclusion that contains the IP addresses of the four DNS servers
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003. The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods, audit settings, and account policy settings. The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements, renaming the administrator account, and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings. You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized, and that after the deployment, the security settings on all application servers meet the design requirements. What should you do? ()A Apply the Setup security.inf template first, the Hisecws.inf template next, and then the Application.inf template.B Apply the Application.inf template and then the Hisecws.inf template.C Apply the Application.inf template first, the Setup security.inf template next, and then the Hisecws.inf template.D Apply the Setup security.inf template and then the Application.inf template.
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet. You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in theperimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers. These custom security settings must be automatically refreshed every day to ensure compliance with the design. You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements. What should you do? ()A Import Baseline1.inf into the Default Domain Policy Group Policy object (GPO).B Create a task on each application server that runs Security and Configuration Analysis with Baseline1.inf every day.C Create a task on each application server that runs the secedit command with Baseline1.inf every day.D Create a startup script in the Default Domain Policy Group Policy object (GPO) that runs the secedit command with Baseline1.inf.
单选题You need to design a group membership strategy for the EditorialAdmins group. What should you do?()AMove the EditorialAdmins group to the Servers OU in the editorial departmentBMove the members of the EditorialAdmins group to the Editorial OUCMove the members of the EditorialAdmins group to the New York OUDMove the EditorialAdmins group to the New York OU
单选题You need to design a monitoring strategy to meet business requirements for data on servers in the production department. What should you do?()AUse the Microsoft Baseline Security Analyzer (MBSA) to scan for Windows vulnerabilities on all servers in the production departmentBRun Security and Configuration Analysis to analyze the security settings of all servers in the production departmentCEnable auditing for data on each server in the production department. Run System Monitor on all servers in the production department to create a counter log that tracks activity for the Objects performance objectDCreate a Group Policy Object (GPO) that enables auditing for object access and link it to the product department’s Servers OU. Enable auditing for data on each server in the production department
单选题You are designing a strategy to upgrade the DHCP servers after the new Active Directory structure is in place. Who can authorize the DHCP servers?()AChief information officerBIT support staff in BostonCIT support staff in New YorkDNetwork administrator in ChicagoENetwork administrator in New York