You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.B、Speci

题目

You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()

  • A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.
  • B、Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
  • C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
  • D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
相似考题

1.The network consists of a single domain named Ezonexam.com that includes 20 Windows NT workstation 4.0 client computers. All other client computers are Windows 2000 Professional computers. You install Terminal Services on one of the Windows Server computers and Terminal Services Client on the 20 Windows NT Workstation 4.0 client computers. You create a system policy on the server that is configured as the terminal server. This system policy denies access to Network Neighborhood. You find that the users of the terminal server can still browse the network when they open My Network Places from Windows 2000 Professional computer or when they open Network Neighborhood from Windows NT Workstation 4.0 computers.You want to prevent all users from browsing the network.What should you do? (Each correct answer presents a complete solution. Choose two.)A.Create a Windows Group Policy that denies user access to My Network Places.B.Copy the Windows NT policy file to the 20 Windows NT Workstation 4.0 computers.C.Create a Windows NT 4.0 default user policy on the Windows 2000 Server computer that is configured as the PDC emulator.D.Modify the Windows NT policy template file so that you can restrict access to both My Network Places and Network Neighborhood. Save the policy file on the terminal server.E.Configure the terminal server to use Application server mode. Select the Permissions compatible with Terminal Server 4.0 Users option.

2.Network access protection (NAP) is configured for the corporate network. Users connect to the corporate network by using portable computers. The command policy required confidentiality of data when is in transmit between the portable computers and the servers. You need to ensure that users can access network resources only from computers that comply with the company policy. What should you do?()A.Create an Ipsec enforcement network policy.B.Create an 802.1xenforcemen tnetwork policy.C.Createa wired network(IEEE802.3)Group policy.D.Create an extensible authentication protocol(EAP)enforcement network policy.

3.You are the administrator of a network that consists of Windows 2000 Server Computers and Windows 2000 Professional computers.You want to configure the deployment of the most recent Windows 2000 Service pack so that users of the Windows 2000 Professional Computers receive the service pack automatically when they log on to the domain.What should you do?A.Create a Microsoft Windows installer package for the service pack. Configure RIS to use the package.B.Create a Microsoft Windows installer package for the service pack. Configure the package in a group policy.C.Create a Microsoft Windows installer package for the service pack. Configure the package in the local computer policy.D.Place the service pack in a distributed file system (Dfs).

4.Your company has deployed Network Access Protection (NAP) enforcement for VPNs.You need to ensure that the health of all clients can be monitored and reported. What should you do?()A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).

更多“You want to create a policy allo”相关问题

  • 第1题:

    You are the administrator of a Windows 2000 Active Directory network. The network consists of a single domain. The domain includes 20 Windows NT Workstation 4.0 client computers. All other client computers are Windows 2000 Professional computers.

    You create a Windows NT 4.0 default user policy on the Windows 2000 Server computer that is configured as the PDC emulator. This default user policy denies access to Network Neighborhood. You then install Terminal Services on one of the servers and Terminal Services Client on the 20 Windows NT Workstation client computers.

    You find that the users of the Terminal Server can still browse the network when they open My Network Places. You want to prevent all users from browsing the network.

    What should you do?

    A.Modify the Windows NT policy template file so that you can restrict access to both My Network Places and Network Neighborhood. Save the policy file on the Terminal Server.

    B.Copy the Windows NT policy file to the 20 Windows NT Workstation computers.

    C.Create a Windows 2000 Group Policy that denies user access to My Network Places.

    D.Edit the local registry on the Windows NT Workstation computers to deny access to Entire Network in Network Neighborhood.


    正确答案:C
    解析:Explanation: Windows NT 4.0 system polices affect computers running Windows NT 4.0. The Windows NT computers in this scenario are being used as Terminals for the Windows 2000 Server computer that is running Terminal Services. In effect the Windows NT clients are running locally on the Windows 2000 Server. The restriction must be applied on the Windows 2000 Server. This can be done by using a group policy.

    Incorrect answers:
    A: System policy templates only affect Windows NT 4.0 computers. The restriction must be applied on the Windows 2000 Server.

    B: Windows NT policies only affect Windows NT 4.0 computers. The restriction must be applied on the Windows 2000 Server.

    D: The NT clients are running locally on the Windows 2000 Server. The restriction must be applied on the Windows 2000 Server.

  • 第2题:

    You configure a Group Policy Object for the Marketing organizational unit (OU) to prevent users from accessing My Network Places and from running System in Control Panel. You want the Managers domain local group to be able to access My Network Places, but you still want to prevent them from running System in Control Panel.

    What should you do?

    A.Add the managers group to the access control list of the GPO. Disable the permission of the managers group to read and apply the group policy.

    B.Add the managers group to the access control list of the GPO. Deny the permission of the managers group to read and apply the group policy.

    C.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to apply the group policy. Deny the authenticated users group permission to read and apply group policy. Configure the new GPO to deny the ability to run System in Control Panel. Give the original GPO a higher priority than the new GPO.

    D.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to read and apply the group policy. Disable the permission of the authenticated user group to read and apply the group policy. Configure the new GPO to allow access to My Network Places. Give the new GPO a higher priority than the original GPO.


    正确答案:D
    解析:Explanation:InthisscenarioweneedtocreateasecondGPOandapplyitonlytotheManagers.WemustallowaccesstoMyNetworkPlacesinthenewGPO.ThenwegivetheGPOhigherprioritythantheoriginalone.Incorrectanswers:A:WestillrequiretheoriginalGPOtoapplytothemanagers,aswewanttopreventthemfromrunningSysteminControlPanel.ThereforeweshouldnotdisablethepermissionofthemanagersgrouptoreadandapplytheGroupPolicy,asthiswillresultintheGPOnotbeingappliedtotheManagers.B:WestillrequiretheoriginalGPOtoapplytothemanagers,aswewanttopreventthemfromrunningSysteminControlPanel.ThereforeweshouldnotdenythepermissionofthemanagersgrouptoreadandapplytheGroupPolicy,asthiswillresultintheGPOnotbeingappliedtotheManagers.C:WeneedtoallowtheManagersaccesstoMyNetworkPlaces.ThatmustbeconfiguredinthesecondGPO.

  • 第3题:

    You want to customize access to the corporate network so that agentiess users are instructed to obtain a certificatebefore accessing the network.Which two configurations solve this problem? ()

    • A、Create a custom sign-in page with specific instructions in the "Instructions" field.
    • B、Create a custom sign-in page with specific "Missing Certificate" messages in the "Custom error messages" field.
    • C、Create a custom sign-in policy with specific instructions in the "Instructions" field.
    • D、Create a custom sign-in notification and assign it to the "Pre-Auth Sign-in Notification" in the sign-in policy.

    正确答案:A,D

  • 第4题:

    Network Access Protection (NAP) is configured for the corporate network.Users connect to the corporate network by using portable computers.The company policy requires confidentiality of data when the data is in transit between the portable computers and the servers.You need to ensure that users can access network resources only from computers that comply with the company policy.What should you do?()

    • A、Create an IPsec Enforcement Network policy.
    • B、Create an 802.1X Enforcement Network policy.
    • C、Create a Wired Network (IEEE 802.3) Group policy.
    • D、Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.

    正确答案:A

  • 第5题:

    You are the network administrator for The network consists of a single Active Directory domain named The domain contains 15 Windows Server 2003 computers and 3,000 Windows XP Professional computers. All client computers are running the most recent service pack. You install and configure Software Update Services (SUS) on a server named Testking1. You install the Automatic Updates client on all client computers. All client computer accounts are in the Clients organization unit (OU). Currently all client computers obtain their Windows security updates from Windows Update. You want all client computers, and no other computers, to obtain their updates from Testking1. You need to configure all client computers to obtain Windows security updates from Testking1. You need to accomplish this task with the minimum amount of administrative effort. What should you do?()

    • A、Create a Group Policy object (GPO) named SUS and link it to the Clients OU. Open the SUS GPO and enable the Configure Automatic Update policy to automatically download updates.
    • B、Create a Group Policy object (GPO) named SUS and link it to the Clients OU. Open the SUS GPO and enable the Specify intranet Microsoft updates service location policy to use http://Testking1 as the value for the update and statistics server.
    • C、Create a Group Policy object (GPO) named SUS and link to the domain. Open the SUS GPO and enable the Specify intranet Microsoft update service location policy to use http://Testking1 as the value for the update and statistics server.
    • D、Create a Group Policy object (GPO) named SUS and link it to the domain. Open the SUS GPO and enable the Configure Automatic Update policy to automatically download updates.

    正确答案:B

  • 第6题:

    You have a combined Windows 2000 and Windows 98 network that contain sensitive data. You want to utilize as many new Windows 2000 security features as possible. You want to customize a security policy on each computer to ensure that data is kept confidential and secured. Allcomputers must still be able to communicate with each other over the network. What should you do?()

    • A、Use the security configuration and analysis console to improve the HISECWS security  template file.
    • B、Use the local computer policy to disable the access this computer from the network option.
    • C、Use SECEDIT to reconfigure the computer default security settings to not allow anonymous  access to the computer.
    • D、Create a policy that excludes write access to the windows 2000 computers then apply the  policy to all non-windows 2000 computers.
    • E、None of the above, Windows 9X systems cannot be secured using security template files.

    正确答案:E

  • 第7题:

    You need to configure the security settings for the new app servers. Which two actions should you perform?()

    • A、Create a Group policy object (GPO) for the web servers.
    • B、Create a Group policy object (GPO) for the database servers.
    • C、Modify the Default Domain Policy.
    • D、Modify the Default Domain Controllers Policy.

    正确答案:A,B

  • 第8题:

    You have an Exchange Server 2010 organization named contoso.com.Your company acquires a company named Fabrikam, Inc. You plan to create new mailboxes for each user from Fabrikam.You need to ensure that each new mailbox can receive e-mail messages sent to fabrikam.com.The solution must not prevent the organization from receiving e-mails sent to contoso.com. What should you do?()

    • A、Create an accepted domain and then create a new e-mail address policy.
    • B、Create a remote domain and then modify the default e-mail address policy.
    • C、Create a Receive connector and then create a managed folder mailbox policy.
    • D、Modify the default accepted domain and then modify the default e-mail address policy.

    正确答案:A

  • 第9题:

    Your company acquires a new Internet domain name.You need to ensure that all users can receive e-mail messages sent to the new domain name.Which two actions should you perform?()

    • A、Create a sharing policy.
    • B、Create a remote domain.
    • C、Create an accepted domain.
    • D、Create an e-mail address policy.
    • E、Modify the properties of the default Receive connector.

    正确答案:C,D

  • 第10题:

    单选题
    You have a Windows 7 computer that is a member of a workgroup. You need to prevent members of a localgroup from starting a specific application. You must achieve this goal by using the minimum amount ofadministrative effort.  What should you create?()
    A

    administrative template.

    B

    application control policy.

    C

    IPSec policy.

    D

    software restriction policy.


    正确答案: B
    解析: 暂无解析

  • 第11题:

    单选题
    A policy-based IPsec VPN is ideal for which scenario?()
    A

    when you want to conserve tunnel resources

    B

    when the remote peer is a dialup or remote access client

    C

    when you want to configure a tunnel policy with an action of deny

    D

    when a dynamic routing protocol such as OSPF must be sent across the VPN


    正确答案: B
    解析: 暂无解析

  • 第12题:

    单选题
    You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()
    A

    Specify the IP address (172.19.1.1/32) as the destination address in the policy.

    B

    Specify the DNS entry (hostb.example.com.) as the destination address in the policy.

    C

    Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.

    D

    Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy


    正确答案: C
    解析: 暂无解析

  • 第13题:

    You want to create a Host Checker policy that looks for a specific antivirus product that is running on your client machines, but the predefined antivirus options do not include the antivirus product version that you use.Which feature should you verify the antivirus product is up to date?()

    A. Enhanced Endpoint Security

    B. DP signatures

    C. Antivirus licensing

    D. Endpoint Security Assessment Plug-in


    参考答案:D

  • 第14题:

    You have an Exchange Server 2010 organization named contoso.com.All users have a Personal Archive.You need to ensure that messages that are older than 90 days are moved from the user’s mailboxto the Personal Archive.What should you do?()

    • A、Create a retention tag.Assign the retention tag to a retention policy.Apply the retention policy to all users
    • B、Create a retention tag.Assign the retention tag to a retention policy.Create a journal rule
    • C、Create managed custom folder.Run the New Managed Content Settings wizard.Create a journal rule
    • D、Run the New Managed Content Settings wizard.Create a new managed folder mailbox policy.Apply the policy to all users

    正确答案:A

  • 第15题:

    You have an Exchange Server 2010 organization.You need to prevent users from changing their password by using Outlook Web App (OWA).What should you do?()

    • A、Create a Group Policy Object.
    • B、Create an Outlook Web App Mailbox policy.
    • C、Modify the authentication settings of the OWA virtual directory.
    • D、Modify the authentication settings of the IISADMPWD virtual directory.

    正确答案:B

  • 第16题:

    You are the administrator of your company's network. You want to configure a Security Policy for the Windows 2000 Professional Computers that are in the sales department.   On one of the computers, you use Security Templates to configure the Security Policy based on the desired security settings. You then export those settings to an .inf file that will be used on all of the Computers in the sales department. You want to configure each Computer to have a customized Security Policy. What steps should you follow in order to achieve your goal?()

    • A、Use Secedit.exe to import the security settings from the .inf file to the computers in the sales department.
    • B、Use a text editor to change the default security settings to the desired security settings. Then export those settings to the Computers in the sales department.
    • C、Create an organizational unit (OU) named Sales. Add the users in the sales department to the Sales OU. Then apply the security template to the users in the Sales OU.
    • D、Create an organizational unit (OU) named Sales. Add the computers in the sales department to the Sales OU. Then apply the security template to computers in the Sales OU.

    正确答案:D

  • 第17题:

    You have a single Active Directory directory service domain. You create organizational units (OUs)  named Corporate and Support. You move the corporate user and computer accounts into the Corporate  OU. You move the accounts of computers in the support department into the Support OU. You need to ensure that users have one screensaver while using computers that are in the Corporate OU, and aseparate screensaver while using computers that are in the Support OU.  What should you do?()

    • A、 Create a new parent OU for the Corporate and Support OUs and name the parent OU Users. Move all user objects to the Users OU, and then create and link a Group Policy object (GPO) with the screensaver setting to the Users OU.
    • B、 Create and link a Group Policy object (GPO) with the screensaver setting to the Support OU and select the Block Inheritance option.
    • C、 Create and link a Group Policy object (GPO) with the screensaver setting to the Corporate OU, create and link a GPO with the screensaver setting to the Support OU, and then enable loopback processing in Replace mode on the Support OUs GPO.
    • D、 Create and link a Group Policy object (GPO) with the screensaver setting to the Support OU and select the Enforced option.

    正确答案:C

  • 第18题:

    You are the administrator of your company’s network. You use Security Templates to configure a Security Policy on the Windows 2000 Professional Computers in the Sales organizational unit (OU). You notice that the Computers in the Sales OU are not downloading the Security Policy settings. On each computer, the Security Policy appears in the Local Computer Policy, but is not listed as the effective policy. You want all computers in the Sales OU to have the Security Policy listed as the effective policy. How should you accomplish this task? ()

    • A、Use Security Templates to correct the setting and export the security file.
    • B、Use Security Configuration and Analysis to import the security setting. Then create a Group policy object (GPO) for the Sales QU.
    • C、Use Secedit /RefreshPolicy Machine_Policy command.
    • D、Use the Basicwk.inf security file settings, save the security file, and then import the fileto theComputers.

    正确答案:C

  • 第19题:

    Your company has deployed network access protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?()

    • A、Create a group policy object (GPO) that enabled security center and link the policy to the domain.
    • B、Create a group policy object (GPO) that enabled security center and link the policy to the domain controllers organizational unit (OU).
    • C、Create a group policy object (GPO) and set the require trusted path for credential entry option to enabled. Link the policy to the domain.
    • D、Create a group policy object (GPO) and set the require trusted path for credential entry option to Enabled. Link the policy to the domain controllers organizational unit (OU).

    正确答案:A

  • 第20题:

    You have an Exchange Server 2010 Mailbox server. You need to ensure that deleted mailboxes are kept for 60 days. What should you do()? 

    • A、Create a Retention Policy.
    • B、Create a managed folder mailbox policy.
    • C、Modify the properties of the mailbox database.
    • D、Modify the properties of the Mailbox server object.

    正确答案:C

  • 第21题:

    You administer a Windows 2000 Professional computer that is shared by multiple users. You receive a phone call from one of the users of the shared computer that tells you that the computer is reporting a kernel stop error. You notice that a user has tried to install video drivers that have caused the computer to become unstable. You want to ensure that users can install only the drivers that are approved by the manufacturer.  What should you do? ()

    • A、Configure File signature verification to block driver installation, and set driver signing as a system default.
    • B、Remove all users from the Power User group.
    • C、Create a Local Computer Policy to prevent users from installing drivers.
    • D、Create a Local Computer Policy to enable Windows File Protection.

    正确答案:A

  • 第22题:

    单选题
    You need to recommend changes to the existing environment that meet the company’s security requirements for the file server on the main campus. What should you recommend?()
    A

    Deploy Network Policy Server (NPS) and create a network policy.

    B

    Deploy Print and Document Services and create a custom printer filter.

    C

    Deploy File Server Resource Manager (FSRM) and create a file classification rule.

    D

    Deploy Active Directory Rights Management Services (AD RMS) and create an AD RMS rights policy  template.


    正确答案: A
    解析: 暂无解析

  • 第23题:

    单选题
    You want to create a Host Checker policy that looks for a specific antivirus product that is running on your client machines, but the predefined antivirus options do not include the antivirus product version that you use.Which feature should you verify the antivirus product is up to date?()
    A

    Enhanced Endpoint Security

    B

    DP signatures

    C

    Antivirus licensing

    D

    Endpoint Security Assessment Plug-in


    正确答案: A
    解析: 暂无解析

相关内容