The network security policy requires that only one host be permitted to attach dynamically to each switch interfacE.If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy? ()A、Switch1(config-if)# switchport port-security maximum 1B、Switch1(config)# mac-address-table secureC、Switch1(config)# access-list 10 permit ip hostD、Switch1(config-if)# switchport port-security violation shutdownE、Switch1(config-if)# ip access-group 10
The network security policy requires that only one host be permitted to attach dynamically to each switch interfacE.If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy? ()
- A、Switch1(config-if)# switchport port-security maximum 1
- B、Switch1(config)# mac-address-table secure
- C、Switch1(config)# access-list 10 permit ip host
- D、Switch1(config-if)# switchport port-security violation shutdown
- E、Switch1(config-if)# ip access-group 10
相关考题:
a firewall is both policy and the implementation of that policy in terms of (),(),and (), as well as other security measures A、network configurationB、host systemsC、routersD、softwares
Which of the following documents should always be kept up-to-date after any major changes aremade to a network backbone?() A. Network diagramB. Performance baselineC. Network security procedureD. Company policy
A network vulnerability scanner is part of which critical element of network and system security?() A. host securityB. perimeter securityC. security monitoringD. policy management
What would you use to enforce security-policy compliance on all devices that seek to access the network?()A、 VLANB、 NACC、 EAPD、 WLAN
A network vulnerability scanner is part of which critical element of network and system security?()A、host securityB、perimeter securityC、security monitoringD、policy management
The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy?()A、TestKing1(config-if)# switchport port-security maximum 1B、TestKing1(config)# mac-address-table secureC、TestKing1(config)# access-list 10 permit ip hostD、TestKing1(config-if)# switchport port-security violation shutdownE、TestKing1(config-if)# ip access-group 10
Which two are needed components when designing and implementing a security solution?()A、detailed VLAN informationB、an incident response planC、results of testing the new network configurationD、an existing hierarchical network topologyE、a security policy for your organization
Which of the following documents should always be kept up-to-date after any major changes aremade to a network backbone?()A、Network diagramB、Performance baselineC、Network security procedureD、Company policy
You are the administrator of your company’s network. Ten Windows 2000 Professional computers are located in the Research department. The computers contain highly confidential information. You want the 10 computers to be able to communicate with other Windows 2000 Professional computers on the network. However, you do not want them to communicate with computers that are not running Windows 2000, including those that are running Windows 95, Windows 98 and Windows NT. You want to configure a security policy on each computer to ensure that the confidential information is secure. What should you do?()A、Use Security Configuration and Analysis to import the Hisecws.inf security template file to modify the default security settings.B、Use security templates to create a security template file and import the security settings to modify the default security settings.C、Use the local computer policy to disable the access to this computer from the network option.D、Use Secedit.exe to reconfigure the computers’ default security settings to not allow anonymous access to the computers.
You have a combined Windows 2000 and Windows 98 network that contain sensitive data. You want to utilize as many new Windows 2000 security features as possible. You want to customize a security policy on each computer to ensure that data is kept confidential and secured. Allcomputers must still be able to communicate with each other over the network. What should you do?()A、Use the security configuration and analysis console to improve the HISECWS security template file.B、Use the local computer policy to disable the access this computer from the network option.C、Use SECEDIT to reconfigure the computer default security settings to not allow anonymous access to the computer.D、Create a policy that excludes write access to the windows 2000 computers then apply the policy to all non-windows 2000 computers.E、None of the above, Windows 9X systems cannot be secured using security template files.
You are the administrator of your company’s network. You use Security Templates to configure a Security Policy on the Windows 2000 Professional Computers in the Sales organizational unit (OU). You notice that the Computers in the Sales OU are not downloading the Security Policy settings. On each computer, the Security Policy appears in the Local Computer Policy, but is not listed as the effective policy. You want all computers in the Sales OU to have the Security Policy listed as the effective policy. How should you accomplish this task? ()A、Use Security Templates to correct the setting and export the security file.B、Use Security Configuration and Analysis to import the security setting. Then create a Group policy object (GPO) for the Sales QU.C、Use Secedit /RefreshPolicy Machine_Policy command.D、Use the Basicwk.inf security file settings, save the security file, and then import the fileto theComputers.
You are the network administrator for Test King. The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. The Default Domain Policy has been modified by importing a security template file, which contain several security settings. A server named TestKing1 cannot run a program that us functioning on other similarly configured servers. You need to find out whether additional security settings have been added to the local security policy on TestKing1. To troubleshoot, you want to use a tool to compare the current security settings on TestKing1 against the security template file in order to automatically identify any settings that might have been added to the local security policy. Which tool should you run on TestKing1?()A、Microsoft Baseline Security Analyzer (MBSA)B、Security Configuration and Analysis consoleC、gpresult.exeD、Resultant Set of Policy console in planning mode
You work as the enterprise exchange administrator at Company.com.The Company.com network consists of a single Active Directory domain named Company.com.Company.com has an Exchange Server 2010 organization.A new Company.com security policy prohibits the employees to send certain words between them.What should you do?()A、The best option is to create an Outlook Protection Rule to comply with the Company.com security policy.B、The best option is to set up a content filtering feature to comply with the Company.com security policy.C、The best option is to create a transport rule to comply with the Company.com security policy.D、The best option is to set up a sender reputation feature to comply with the Company.com security policy.
Your network consists of a single Active Directory domain. The domain contains a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Your company’s security policy states that domain users must be prevented from logging on to Server1 if a domain controller is unavailable. You disconnect Server1 from the network and discover that you can log on to Server1. You need to configure Server1 to comply with the company’s security policy. What should you do on Server1? ()A、From the local security policy, modify the Security Options.B、From the local security policy, modify the User Rights Assignment.C、From Active Directory Users and Computers, modify the properties of the Server1 account.D、From Active Directory Users and Computers, modify the properties of the Domain Computers group.
You are the network administrator for The network consists of a single Activev Directory domain named . All network servers run Windows Server 2003. purchases a new server to test applications in a stand-alone environment. The company's written security policy states that if a user attempts to log on by using an incorrect password three times in 30 minutes, the account is locked out. An administrator must unlock the account. You discover that users of the new server who have accounts that are locked out can log on again after 30 minutes. You need to ensure that the new server meets the requirements of the written security policy. What should you do?()A、Set the Reset account lockout counter after policy to 1.B、Set the Reset account lockout counter after policy to 99999.C、Set the Account lockout duration policy to 0.D、Set the Account lockout duration policy to 99999
You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. All client computers in the domain run Windows XP Professional. An application named Inventory.exe is installed on all computers in the domain to remotely gather software inventory information. The application runs as a service in the security context of the Local System. The startup type of the service is set to Automatic.In the Default Domain Policy Group Policy object (GPO), the security administrator has configured a software restriction policy that is applied to all computers in the domain. The policy contains a hash rule for the Inventory.exe application, and the hash rule is configured with a security level of Unrestricted. The client computers on the network are attacked by a worm that is distributed by e-mail messages received over the Internet. The worm detects the presence of Inventory.exe on a computer, then starts a new instance of the application in the security context of the logged-on user. The worm exploits a bug in the application to cause the computer to fail.You need to ensure that Inventory.exe cannot be started by the worm, while still allowing the application to run as a service. What should you do?()A、In the computer settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a zone rule for the Internet zone. Configure the zone rule with a security level of Disallowed.B、In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a zone rule for the Internet zone. Configure the zone rule with a security level of Disallowed.C、In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a hash rule for the Inventory.exe application. Configure the hash rule with a security level of Disallowed.D、In the computer settings section of the Default Domain Policy GPO, modify the existing software restriction policy hash rule for the Inventory.exe application so that the hash rule has a security level of Disallowed.
单选题A network vulnerability scanner is part of which critical element of network and system security?()A host securityB perimeter securityC security monitoringD policy management
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,200 Windows 2000 Professional computers. The written company security policy states that all computers in the domain must be examined, with the following goals: (1)to find out whether all available security updates are present (2)to find out whether shared folders are present to record the file system type on each hard disk You need to provide this security assessment of every computer and verify that the requirementsof the written security policy are met. What should you do?()AOpen the Default Domain Policy and enable the Configure Automatic Updates policy.BOpen the Default Domain Policy and enable the Audit object access policy, the Audit account management policy, and the Audit system events policy.COn a server, install and run mbsacli.exe with the appropriate configuration switches.DOn a server, install and run HFNetChk.exe with the appropriate configuration switches.
单选题You are the network administrator for Test King. The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. The Default Domain Policy has been modified by importing a security template file, which contain several security settings. A server named TestKing1 cannot run a program that us functioning on other similarly configured servers. You need to find out whether additional security settings have been added to the local security policy on TestKing1. To troubleshoot, you want to use a tool to compare the current security settings on TestKing1 against the security template file in order to automatically identify any settings that might have been added to the local security policy. Which tool should you run on TestKing1?()AMicrosoft Baseline Security Analyzer (MBSA)BSecurity Configuration and Analysis consoleCgpresult.exeDResultant Set of Policy console in planning mode
单选题You are a security administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. All servers run Windows Server 2003. All computers on the network are members of the domain. Traffic on the network is encrypted by IPSec. The domain contains a custom IPSec policy named Lan Security that applies to all computers in the domain. The Lan Security policy does not allow unsecured communication with non-lPSec-aware computers. The company’s written security policy states that the configuration of the domain and the configuration of the Lan Security policy must not be changed. The domain contains a multihomed server named Server1. Server1 isconnected to the company network, and Server1 is also connected to a test network. Currently, the Lan Security IPSec policy applies to network traffic on both network adapters in Server1. You need to configure Server1 so that it communicates on the test network without IPSec security. Server1 must still use the Lan Security policy when it communicates on the company network. How should you configure Server1?()A Configure a packet filter for the network adapter on the test network to block the Internet Key Exchange (IKE) port.B Configure the network adapter on the test network to disable IEEE 802.1x authentication.C Configure the network adapter on the test network to enable TCP/IP filtering, and then permit all traffic.D Use the netsh command to assign a persistent IPSec policy that permits all traffic on the network adapter on the test.E Assign an IPSec policy in the local computer policy that permits all traffic on the network adapter on the test.
单选题Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 hosts a custom application named App1. App1 is accessible on TCP port 5000.You need to encrypt App1 data on the network.What should you do?()AFrom the Local Security Policy console, configure the Security Options.BFrom the Local Security Policy console, configure the Application Control Policies.CFrom the Windows Firewall with Advanced Security console, create an inbound rule.DFrom the Windows Firewall with Advanced Security console, create a connection security rule.
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains a Windows Server 2003 computer named Server1 that is located in an organizational unit (OU) named Servers. Server1 contains confidential data, and all network communications with Server1 must be encrypted by using IPSec. The default Client (Respond Only) IPSec policy is enabled in the Default Domain Policy Group Policy object (GPO). You create a new GPO and link it to the Servers OU. You configure the new GPO by creating and enabling a custom IPSec policy. You monitor and discover that network communications with Server1 are not being encrypted. You need to view all IPSec policies that are being applied to Server1. What should you do? ()A Use Local Security Policy to view the Security Options for Server1.B Use Resultant Set of Policy (RSoP) to run an RSoP logging mode query to view the IP Security Policies on Local Computer for Server1.C Use Resultant Set of Policy (RSoP) to run an RSoP planning mode query to view the Security Options for Server1.D Use IP Security Monitor to view the Active Policy for Server1.E Use IP Security Monitor to view the IKE Policies for Server1.
多选题You are the senior systems engineer for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Client Extensions software installed. All other client computers run Windows XP Professional. All servers are located in an organizational unit (OU) named Servers. All client computers are located in an OU named Desktops. Four servers contain confidential company information that is used by users in either the finance department or the research department. Users in the sales department also store files and applications on these servers. The company’s written security policy states that for auditing purposes, all network connections to these resources must require authentication at the protocol level. The written security policy also states that all network connections to these resources must be encrypted. The company budget does not allow for the purchase of any new hardware or software. The applications and data located on these servers may not be moved to any other server in the network. You define and assign the appropriate permissions to ensure that only authorized users can access the resources on the servers. You now need to ensure that all connections made to these servers by the users in the finance department and in the research department meet the security guidelines stated by the written security policy. You also need to ensure that all users in the sales department can continue to access their resources. Which two actions should you take?()ACreate a new Group Policy object (GPO) and link it to the Servers OU. Enable the Secure Server (Require Security) IPSec policy in the GPO.BCreate a new Group Policy object (GPO) and link it to the Servers OU. Enable the Server (Request Security) IPSec policy in the GPO.CCreate a new Group Policy object (GPO) and link it to the Desktops OU. Enable the Client (Respond only) IPSec policy in the GPO.DCreate a new Group Policy object (GPO). Edit the GPO to enable the Registry Policy Processing option and the IP Security Policy Processing option. Copy the GPO files to the Netlogon shared folder.EUse System Policy Editor to open the System.adm file and enable the Registry Policy Processing option and the IP Security Policy Processing option. Save the system policy as NTConfig.pol.
单选题Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?()ASource IP and browserBSource IP and certificateCCertificate and Host CheckerDHost Checker and source IP
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet. You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in theperimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers. These custom security settings must be automatically refreshed every day to ensure compliance with the design. You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements. What should you do? ()A Import Baseline1.inf into the Default Domain Policy Group Policy object (GPO).B Create a task on each application server that runs Security and Configuration Analysis with Baseline1.inf every day.C Create a task on each application server that runs the secedit command with Baseline1.inf every day.D Create a startup script in the Default Domain Policy Group Policy object (GPO) that runs the secedit command with Baseline1.inf.
单选题What would you use to enforce security-policy compliance on all devices that seek to access the network?()A VLANB NACC EAPD WLAN
多选题Which two are needed components when designing and implementing a security solution?()Adetailed VLAN informationBan incident response planCresults of testing the new network configurationDan existing hierarchical network topologyEa security policy for your organization