多选题The network security policy requires that only one host be permitted to attach dynamically to each switch interfacE.If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Cata

第1题：

第2题：

A network administrator needs to configure port security on a switch.which two statements are true？（）

• A、The network administrator can apply port security to dynamic access ports
• B、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
• C、The sticky learning feature allows the addition of dynamically learned addresses to the runningconfiguration.
• D、The network administrator can apply port security to EtherChannels.
• E、When dynamic mac address learning is enabled on an interface，the switch can learn new addresses，up to the maximum defined.

第3题：

The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy?（）

• A、TestKing1(config-if)# switchport port-security maximum 1
• B、TestKing1(config)# mac-address-table secure
• C、TestKing1(config)# access-list 10 permit ip host
• D、TestKing1(config-if)# switchport port-security violation shutdown
• E、TestKing1(config-if)# ip access-group 10

第4题：

You want to enforce a Host Checker policy so that only users who pass the policy receive the Employee role. In the admin GUI, which two parameters must you configure?（）

• A、Select "Require and Enforce" for the Host Checker Policy in the realm authentication policy.
• B、Select "Evaluate Policies" for the Host Checker policy in the realm authentication policy.
• C、Configure the Host Checker policy as a role restriction for the Employee role.
• D、Configure the Host Checker policy as a resource access policy for the Employee role.

第5题：

Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?（）

• A、Source IP and browser
• B、Source IP and certificate
• C、Certificate and Host Checker
• D、Host Checker and source IP

第6题：

ou are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.Two of the servers on the network contain highly confidential documents. The company’s written security policy states that all network connections with these servers must be encrypted by using an IPSec policy.You place the two servers in an organizational unit （OU） named SecureServers. You configure a Group Policy object （GPO） that requires encryption for all connections. You assign the GPO to the SecureServers OU.  You need to verify that users are connecting to the two servers by using encrypted connections.   What should you do？（）

• A、Run the net view command.
• B、Run the gpresult command.
• C、Use the IP Security Monitor console.
• D、Use the IPSec Policy Management console.

第7题：

Your company has a server named Server1 that runs Windows Server 2008 and Microsoft Hyper-V. Server1 hosts three virtual machines.  Company policy states that the virtual machines must not connect to the company network.  You need to configure all of the virtual machines to connect to each other. You must meet the company policy.  Which two actions should you perform？（）

• A、Select the Not connected option for each virtual machine.
• B、Enable the Enable virtual LAN identification option for each virtual machine.
• C、Set the Connection to Host for the network interface card.
• D、Set the Connection to None for the network interface card.

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

The network security policy requires that only one host be permitted to attach dynamically to each switch interfacE.If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy? （）

• A、Switch1(config-if)# switchport port-security maximum 1
• B、Switch1(config)# mac-address-table secure
• C、Switch1(config)# access-list 10 permit ip host
• D、Switch1(config-if)# switchport port-security violation shutdown
• E、Switch1(config-if)# ip access-group 10

第14题：

The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy (Choose two.)（）。

• A、Switch1(config-if)# switchport port-security maximum 1
• B、Switch1(config)# mac-address-table secure
• C、Switch1(config)# access-list 10 permit ip host
• D、Switch1(config-if)# switchport port-security violation shutdown
• E、Switch1(config-if)# ip access-group 10

第15题：

You need to configure port security on switch R1.  Which two statements are true about this  technology？ （）

• A、 Port security can be configured for ports supporting VoIP.
• B、 With port security configured， four MAC addresses are allowed by default.
• C、 The network administrator must manually enter the MAC address for each device in order for  the switch to allow connectivity.
• D、  Withsecurity configured， only one MAC addresses is allowed by default.  
• E、 Port security cannot be configured for ports supporting VoIP.

第16题：

Your corporate security policy requires that a user performing attacks must have limited network access and activities until an administrator can investigate.In the admin GUI, which sensor event policy action must you configure in "Configuration" > "Sensors" > "Sensor Event Policies" > [rule name] to accomplish this?（）

• A、Ignore
• B、Replace users role
• C、Terminate user session
• D、Disable user account

第17题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet.   You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in theperimeter network and will not be members of the domain. The servers will host only publicly available Web pages.  The network design requires that custom security settings must be applied to the application servers. These custom security settings must be automatically refreshed every day to ensure compliance with the design.   You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements.   What should you do？  （）

• A、 Import Baseline1.inf into the Default Domain Policy Group Policy object （GPO）.
• B、 Create a task on each application server that runs Security and Configuration Analysis with Baseline1.inf every day.
• C、 Create a task on each application server that runs the secedit command with Baseline1.inf every day.
• D、 Create a startup script in the Default Domain Policy Group Policy object （GPO） that runs the secedit command with Baseline1.inf.

第18题：

Your network consists of three Active Directory forests. Forest trust relationships exist between all forests. Each forest contains one domain. All domain controllers run Windows Server 2008 R2. Your company has three network administrators. Each network administrator manages a forest and the Group Policy objects （GPOs） within that forest.   You need to create standard GPOs that the network administrators in each forest will use. The GPOs must meet the following requirements：   èThe GPOs must only contain settings for either user configurations or computer configurations. èThe number of GPOs must be minimized.   Which two actions should you perform？（）

• A、Export the new GPOs to .cab files. Ensure that the .cab files are available to the network administrator  in each forest.
• B、Create two new GPOs. Configure both GPOs to use the required user configurations and the required  computer configurations.
• C、Create two new GPOs. Configure one GPO to use the required user configuration. Configure the other GPO to use the required computer configuration.
• D、Back up the Sysvol folder that is located on the domain controller where the new GPOs were created. Provide the backup to the network administrator in each forest.

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：