找考题网-背景图
多项选择题

You are the security administrator of your network. The network consists of an Active Directory domain. All computers on the network are in the domain. The domain controllers and file servers on the network run Windows Server 2003. The client computers run Windows XP Professional.   
The file servers use a custom IPSec policy named Server Traffic. The Server Traffic policy contains rules to encrypt Telnet and SNMP traffic, as shown in the exhibit. (Click the Exhibit button.) All client computers use the Client (Respond Only) IPSec policy. The default exemptions to IPSec filtering are disabled on the client computer. You want to configure the network so that Telnet, SNMP,and Kerberos traffic is encrypted by IPSec. You do not want to encrypt other network protocols. What should you do?()

A. On the client computers,enable the default exemptions to IPSec filtering.
B. On the file servers,enable the default exemptions to IPSec filtering.
C. On the file servers,configure the IPSec policy in the local computer policy to encrypt Kerberos traffic.
D. Add a new rule to the Server Traffic policy to encrypt Kerberos traffic.
E. Configure the Server Traffic policy to enable the Default Response rule.
F. Configure the rules in the Server Traffic policy to use an authentication method other than Kerberos.

<上一题 目录 下一题>
热门试题

单项选择题You are a security administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. All servers run Windows Server 2003. All computers on the network are members of the domain.    Traffic on the network is encrypted by IPSec. The domain contains a custom IPSec policy named Lan Security that applies to all computers in the domain. The Lan Security policy does not allow unsecured communication with non-lPSec-aware computers. The company’s written security policy states that the configuration of the domain and the configuration of the Lan Security policy must not be changed. The domain contains a multihomed server named Server1. Server1 isconnected to the company network, and Server1 is also connected to a test network. Currently, the Lan Security IPSec policy applies to network traffic on both network adapters in Server1. You need to configure Server1 so that it communicates on the test network without IPSec security. Server1 must still use the Lan Security policy when it communicates on the company network.  How should you configure Server1?()

A. Configure a packet filter for the network adapter on the test network to block the Internet Key Exchange (IKE) port.
B. Configure the network adapter on the test network to disable IEEE 802.1x authentication.
C. Configure the network adapter on the test network to enable TCP/IP filtering, and then permit all traffic.
D. Use the netsh command to assign a persistent IPSec policy that permits all traffic on the network adapter on the test.
E. Assign an IPSec policy in the local computer policy that permits all traffic on the network adapter on the test.

单项选择题You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains three member servers named Server1,Server2,and Server3.    The three member servers are connected to the Internet. You plan to implement remote access to the company network for users that work from home. You configure and enable Routing and Remote Access on Server1 and Server2. An assistant,who is an administrator on all member servers, configures and enables Routing and Remote Access on Server3. Users from the domain can successfully establish VPN connections from the lnternet to Server1 and Server2. However,users cannot establish a VPN connection to Server3. You discover that Server3 can only authenticate Internet VPN connections from local user accounts.    You need to ensure that users from the domain can successfully establish a VPN connection to Server3.  What should you do?()

A. Enable the Server3 computer account in Active Directory as trusted for delegation.
B. Assign the Authenticated Users group the Allow - Allowed to Authenticate permission for the Server3 computer acc
C. Assign the Server3 computer account the Allow. Read permission on the RAS and IAS Servers access Check cont
D. Add the Server3 computer account to the RAS and IAS Servers security group.
E. Add the Server3 computer account to the Windows Authorization Access Group security group.

单项选择题You are a security administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network is configured as shown in the Network Diagram exhibit. (Click the Exhibit button.)Users in the sales department use portable computers that are not connected to the company network. Each week sales users travel to the company’s main office and connect to the IEEE 802.11b wireless LAN (WLAN). The WLAN is configured as shown in the Wireless Configuration exhibit. (Click the Exhibit button.) The WLAN hardware does not support IEEE 802.1x. Once a Week, sales users connect to the WLAN to retrieve confidential sales documents from file servers on the network.    You discover that unauthorized users intercepted data in sales documents while the documents were transmitted over the WLAN. You need to protect sales documents from being intercepted by unauthorized users.  What should you do?()

A. Configure a new VPN server on the corporate network. Configure a Connection Manager administration Kit (CMAK)profile that connects sales users to the VPN server.
B. Disable NetBIOS on all portable computers and file servers.
C. Configure a packet filter on the router that separates the WLAN from the corporate network.Configure the packet filter to all ow only traffic from the WLAN to enter the internal network. 
D. Configure the file server that contains sales documents to be trusted for delegation.Instruct sales users to use Encrypting File System (EFS) when storing files on the file server.