You are the network administrator for The network consi-找考题网

单项选择题You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. One domain controller on the network is configured as a certification authority (CA). The network contains a Web server that runs IIS 6.0 and hosts a secure intranet site. The server also hosts other sites that do not require HTTPS. You configure a server certificate on the IIS server by using a certificate from your internal CA. All users are required to connect to the intranet site by using HTTPS. Some users report that they cannot connect to the secure intranet site by using HTTPS. You confirm that all users can connect to the nonsecure sites hosted on the Web server by using HTTP. You want to view the failed HTTPS requests. What should you do?（）

A. Review the log files created by IIS on the Web server.
B. Review the security log in Event Viewer on the Web server.
C. Review the security log in Event Viewer on the ca.
D. Review the contents of the Failed Requests folder on the ca.

单项选择题You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. The network contains a Web server that runs IIS 6.0 and hosts a secure intranet site. All users are required to connect to the intranet site by authenticating and using HTTPS. However, because an automated Web application must connect to the Web site by using HTTP, you cannot configure the intranet site to require HTTPS. You need to collect information about which users are connecting to the Web site by using HTTPS. What should you do?（）

A. Check the application log on the Web server.
B. Use Network Monitor to capture network traffic on the Web server.
C. Review the log files created by IIS on the Web server.
D. Configure a performance log to capture all Web service counters. Review the performance log data.

多项选择题You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. All confidential company files are stored on a file server named TestKing1. The written company security states that all confidential data must be stored and transmitted in a secure manner. To comply with the security policy, you enable Encrypting File System (EFS) on the confidential files. You also add EFS certificates to the data decryption field (DDF) of the confidential files for the users who need to access them. While performing network monitoring, you notice that the confidential files that are stored on TestKing1 are being transmitted over the network without encryption. You must ensure that encryption is always used when the confidential files on TestKing1 are stored and transmitted over the network. What are two possible ways to accomplish this goal? （）(Each correct answer presents a complete solution. Choose two)

A. Enable offline files for the confidential files that are stored on TestKing1, and select the Encrypt offline files to secure data check box on the client computers of the users who need to access the files.
B. Use IPSec encryption between TestKing1 and the client computers of the users who need to access the confidential files.
C. Use Server Message Block (SMB) signing between TestKing1 and the client computers of the users who need to access the confidential files.
D. Disable all LM and NTLM authentication methods on TestKing1.
E. Use IIS to publish the confidential files. Enable SSL on the IIS server. Open the files as a Web folder.

单项选择题You are the network administrator for The network consists of a single Active Directory domain named The intranet Web site is hosted on a Windows Server 2003 computer named TestKing4, which is a member of a workgroup. All client computers are members of the domain and are enabled for IPSec. The network security administrator creates a new security policy for TestKing4. The policy states that only HTTP traffic is permitted, that HTTP traffic must be encrypted, and that all computers must be authenticated. The new security policy is implemented. Domain users report that they are not able to connect to TestKing4. You load the IP Security Monitor snap-in, and you view the details shown in the following window. You need to ensure that all domain users can securely connect to TestKing4. What should you do?（）

A. Install a digital certificate on TestKing4.
B. Make TestKing4 a member of the domain.
C. Change the source and destination ports for outbound traffic.
D. Change the source and destination ports for inbound traffic.

单项选择题You are the network administrator for The network consists of a single Active Directory domain named All network servers run Windows Server 2003. A member server named TK1 runs IIS. You install a Web-enabled application on TK1. The application includes a security feature that detects unauthorized attemptsto access the server. Whenever an authorized attempt is detected, the application automatically modifies the IIS configuration file to restrict the unauthorized users access. To test the security feature, you try to gain unauthorized access to TK1. Twenty seconds after your first attempt, you try again. However, TK1 does not restrict your access on the second attempt. You wait five minutes, and then you examine the IIS configuration file. You verify that it was correctly modified by the application to restrict your access. You need to configure IIS to ensure that changes in the IIS configuration file will result in immediate changes in the behaviour of IIS. What should you do?（）

A. Select the Enable Direct Metabase Edit option.
B. Specify the service account for the Application Pool as the IIS service account.
C. Select the Enable Rapid-Fail protection option.
D. Specify the status of the Internet Data Connector Web service extension as Allow.