You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()
第1题:
You are the administrator of a Windows 2000 Active Directory network. The network consists of a single domain. The domain includes 20 Windows NT Workstation 4.0 client computers. All other client computers are Windows 2000 Professional computers.
You create a Windows NT 4.0 default user policy on the Windows 2000 Server computer that is configured as the PDC emulator. This default user policy denies access to Network Neighborhood. You then install Terminal Services on one of the servers and Terminal Services Client on the 20 Windows NT Workstation client computers.
You find that the users of the Terminal Server can still browse the network when they open My Network Places. You want to prevent all users from browsing the network.
What should you do?
A.Modify the Windows NT policy template file so that you can restrict access to both My Network Places and Network Neighborhood. Save the policy file on the Terminal Server.
B.Copy the Windows NT policy file to the 20 Windows NT Workstation computers.
C.Create a Windows 2000 Group Policy that denies user access to My Network Places.
D.Edit the local registry on the Windows NT Workstation computers to deny access to Entire Network in Network Neighborhood.
第2题:
You configure a Group Policy Object for the Marketing organizational unit (OU) to prevent users from accessing My Network Places and from running System in Control Panel. You want the Managers domain local group to be able to access My Network Places, but you still want to prevent them from running System in Control Panel.
What should you do?
A.Add the managers group to the access control list of the GPO. Disable the permission of the managers group to read and apply the group policy.
B.Add the managers group to the access control list of the GPO. Deny the permission of the managers group to read and apply the group policy.
C.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to apply the group policy. Deny the authenticated users group permission to read and apply group policy. Configure the new GPO to deny the ability to run System in Control Panel. Give the original GPO a higher priority than the new GPO.
D.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to read and apply the group policy. Disable the permission of the authenticated user group to read and apply the group policy. Configure the new GPO to allow access to My Network Places. Give the new GPO a higher priority than the original GPO.
第3题:
You want to customize access to the corporate network so that agentiess users are instructed to obtain a certificatebefore accessing the network.Which two configurations solve this problem? ()
第4题:
Network Access Protection (NAP) is configured for the corporate network.Users connect to the corporate network by using portable computers.The company policy requires confidentiality of data when the data is in transit between the portable computers and the servers.You need to ensure that users can access network resources only from computers that comply with the company policy.What should you do?()
第5题:
You are the network administrator for The network consists of a single Active Directory domain named The domain contains 15 Windows Server 2003 computers and 3,000 Windows XP Professional computers. All client computers are running the most recent service pack. You install and configure Software Update Services (SUS) on a server named Testking1. You install the Automatic Updates client on all client computers. All client computer accounts are in the Clients organization unit (OU). Currently all client computers obtain their Windows security updates from Windows Update. You want all client computers, and no other computers, to obtain their updates from Testking1. You need to configure all client computers to obtain Windows security updates from Testking1. You need to accomplish this task with the minimum amount of administrative effort. What should you do?()
第6题:
You have a combined Windows 2000 and Windows 98 network that contain sensitive data. You want to utilize as many new Windows 2000 security features as possible. You want to customize a security policy on each computer to ensure that data is kept confidential and secured. Allcomputers must still be able to communicate with each other over the network. What should you do?()
第7题:
You need to configure the security settings for the new app servers. Which two actions should you perform?()
第8题:
You have an Exchange Server 2010 organization named contoso.com.Your company acquires a company named Fabrikam, Inc. You plan to create new mailboxes for each user from Fabrikam.You need to ensure that each new mailbox can receive e-mail messages sent to fabrikam.com.The solution must not prevent the organization from receiving e-mails sent to contoso.com. What should you do?()
第9题:
Your company acquires a new Internet domain name.You need to ensure that all users can receive e-mail messages sent to the new domain name.Which two actions should you perform?()
第10题:
administrative template.
application control policy.
IPSec policy.
software restriction policy.
第11题:
when you want to conserve tunnel resources
when the remote peer is a dialup or remote access client
when you want to configure a tunnel policy with an action of deny
when a dynamic routing protocol such as OSPF must be sent across the VPN
第12题:
Specify the IP address (172.19.1.1/32) as the destination address in the policy.
Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
第13题:
You want to create a Host Checker policy that looks for a specific antivirus product that is running on your client machines, but the predefined antivirus options do not include the antivirus product version that you use.Which feature should you verify the antivirus product is up to date?()
A. Enhanced Endpoint Security
B. DP signatures
C. Antivirus licensing
D. Endpoint Security Assessment Plug-in
第14题:
You have an Exchange Server 2010 organization named contoso.com.All users have a Personal Archive.You need to ensure that messages that are older than 90 days are moved from the user’s mailboxto the Personal Archive.What should you do?()
第15题:
You have an Exchange Server 2010 organization.You need to prevent users from changing their password by using Outlook Web App (OWA).What should you do?()
第16题:
You are the administrator of your company's network. You want to configure a Security Policy for the Windows 2000 Professional Computers that are in the sales department. On one of the computers, you use Security Templates to configure the Security Policy based on the desired security settings. You then export those settings to an .inf file that will be used on all of the Computers in the sales department. You want to configure each Computer to have a customized Security Policy. What steps should you follow in order to achieve your goal?()
第17题:
You have a single Active Directory directory service domain. You create organizational units (OUs) named Corporate and Support. You move the corporate user and computer accounts into the Corporate OU. You move the accounts of computers in the support department into the Support OU. You need to ensure that users have one screensaver while using computers that are in the Corporate OU, and aseparate screensaver while using computers that are in the Support OU. What should you do?()
第18题:
You are the administrator of your company’s network. You use Security Templates to configure a Security Policy on the Windows 2000 Professional Computers in the Sales organizational unit (OU). You notice that the Computers in the Sales OU are not downloading the Security Policy settings. On each computer, the Security Policy appears in the Local Computer Policy, but is not listed as the effective policy. You want all computers in the Sales OU to have the Security Policy listed as the effective policy. How should you accomplish this task? ()
第19题:
Your company has deployed network access protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?()
第20题:
You have an Exchange Server 2010 Mailbox server. You need to ensure that deleted mailboxes are kept for 60 days. What should you do()?
第21题:
You administer a Windows 2000 Professional computer that is shared by multiple users. You receive a phone call from one of the users of the shared computer that tells you that the computer is reporting a kernel stop error. You notice that a user has tried to install video drivers that have caused the computer to become unstable. You want to ensure that users can install only the drivers that are approved by the manufacturer. What should you do? ()
第22题:
Deploy Network Policy Server (NPS) and create a network policy.
Deploy Print and Document Services and create a custom printer filter.
Deploy File Server Resource Manager (FSRM) and create a file classification rule.
Deploy Active Directory Rights Management Services (AD RMS) and create an AD RMS rights policy template.
第23题:
Enhanced Endpoint Security
DP signatures
Antivirus licensing
Endpoint Security Assessment Plug-in