多选题A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator

第1题：

第2题：

第3题：

The administrator wants to backup the existing VIO server software and its current configuration before applying an update.  What command will the administrator use to backup the VIO server software so that the backup can be restored from a Network Installation Manager （NIM） server or a Hardware Management Console （HMC）？（）

• A、 mksysb -t vio /mountpoint
• B、 backupios -file /mountpoint
• C、 mksysb -i /mountpoint/vio.mksysb
• D、 backupios -mksysb -file /mountpoint/vio.mksysb

第4题：

Users report that they are unable to connect to a server. An administrator confirms that it is unreachable across the network. Other administrators have been working in the server room throughout the day.  Which of the following is the NEXT step the administrator should take？（）

• A、 Verify the configuration of the connected port on the network switch.
• B、 Reboot the server.
• C、 Install a new NIC on the server.
• D、 Verify that network cables are connected.

第5题：

A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?（）

• A、BPDU
• B、Port security
• C、RSTP
• D、STP
• E、VTP
• F、Blocking mode

第6题：

An administrator replaces the network card in a web server. After replacing the network card some users can access the server but others cannot.  Which of the following is the FIRST thing the administrator should check？（）

• A、 Default gateway
• B、 The ports on the switch
• C、 Port security on the servers switch port
• D、 Ethernet cable

第7题：

Your network consists of a single Active Directory domain. The network contains two servers named Server1 and Server2 that run Windows Server 2003 Service Pack 2 （SP2）.You log on to Server1 by using the Administrator account for the domain. You open Event Viewer and attempt to connect to Server2 but receive the following error message.You verify that you can connect to Server2 by using Windows Explorer and that Windows Firewall is disabled on Server2. You open the Services snap-in on Server2 as shown in the exhibit.You need to ensure that you can connect to Server2 remotely by using Event Viewer.  What should you do on Server2？（）

• A、Add the Administrator account to the HelpServicesGroup.
• B、Set the Startup Type for the Remote Registry service to Automatic and then start the service.
• C、Set the Startup Type for the Secondary Logon service to Disabled and then stop the service.
• D、Set the Startup Type for the Special Administration Console Helper service to Automatic and then start the service.

第8题：

You are the network administrator for The network consists of a single Active Directory domain. The domain contains 20 Windows Server 2003 computers and 400 Windows XP Professional computers. Software Update Services (SUS) is installed on a server named Testking2. The network security administrator wants you to ensure that the administrative password is not compromised when an administrator connects to Testking2's SUSAdmin Web site remotely by using HTTP. You want only SSL to be used to connect to the SUSAdmin Web site. The network security administrator creates a digital certificate and enables communication for SSL on port 443 of Testking2. However, administrators are still able to connect to the SUSAdmin Web site by using HTTP. You need to ensure that communication to the SUSAdmin Web site is always secure. What should you do?（）

• A、Disable port 80 on the SUSAdmin Web site.
• B、Require 128-Bit SSL on all directories related to the SUSAdmin Web site.
• C、Change the default Web site to require 128-Bit SSL.
• D、Enable IPSec on Testking2 with the Request Security IPsec template.

第9题：

第10题：

第11题：

第12题：

第13题：

第14题：

第15题：

A network administrator needs to configure port security on a switch.which two statements are true？（）

• A、The network administrator can apply port security to dynamic access ports
• B、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
• C、The sticky learning feature allows the addition of dynamically learned addresses to the runningconfiguration.
• D、The network administrator can apply port security to EtherChannels.
• E、When dynamic mac address learning is enabled on an interface，the switch can learn new addresses，up to the maximum defined.

第16题：

Your company has a single active directory domain. The company network is protected by a firewall. Remote users connect to your network through a VPN server by using PPTP. When the users try to connect to the VPN server， they receive the following error message： Error 721： The remote computer is not responding. You need to ensure that users can establish a VPN connection. What should you do？ （）

• A、Open port 1423 on the firewall
• B、Open port 1723 on the firewall
• C、Open port 3389 on the firewall
• D、Open port 6000 on the firewall

第17题：

A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server onlinE.What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1? （）

• A、Configure port Fa0/1 to accept connections only from the static IP address of the server.
• B、Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
• C、Configure the MAC address of the server as a static entry associated with port Fa0/1.
• D、Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
• E、Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
• F、Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.

第18题：

An administrator replaces the network card in a web server. After replacing the network card some users can access the server but others cannot. Which of the following is the FIRST thing the administrator should check?（）

• A、Default gateway
• B、The ports on the switch
• C、Port security on the server's switch port
• D、Ethernet cable

第19题：

Your network contains an internal network and a perimeter network. You have one Exchange Server 2010 server on the internal network. You install Windows Server 2008 R2 on a new server in the perimeter network. You need to ensure that you can install the Edge Transport server role on the new server.  What should you do（）？ 

• A、Join the new server to an Active Directory domain.
• B、Install Active？Directory Lightweight Directory Services on the new server.
• C、Run ImportEdgeConfig.ps1 on the existing Exchange Server 2010 server.
• D、Open TCP port 88 and TCP port 3268 on the firewall between the perimeter network and the internal network.

第20题：

Your network contains a server named Server1 that has Windows Server 2008 R2.An administrator runs the following command on Server1: netsh.exe advfirewall reset You discover that you can no longer access Server1 on port 3389.You need to ensure that you can access Server1 on port 3389.Which firewall rule should you enable？（）

• A、File and Printer Sharing (Echo Request ICMPv4-In)
• B、File and Printer Sharing (SMB-In)
• C、Remote Desktop (TCP-In)
• D、Remote Service Management (RPC)

第21题：

第22题：

第23题：