单选题Your network consists of a single Active Directory domain. The remote access permission for all users is set to Control access through Remote Access Policy.You have a VPN server named Server1 that runs Windows Server 2003 Service Pack 2 （SP2）.  The cur

第1题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3). You enable and configure Terminal Server on a server named Server1. A firewall separates Server1 from the internal network. Internal users report that they cannot connect to Server1 by using Remote Desktop Connection. You need to ensure that the users can connect to Server1 by using Remote Desktop Connection. Which port should you open on the firewall? （）

• A、389
• B、3268
• C、3389
• D、5900

第2题：

Your network consists of a single Active Directory domain. The remote access permission for all users is set to Control access through Remote Access Policy.You have a VPN server named Server1 that runs Windows Server 2003 Service Pack 2 （SP2）.  The current configuration allows all authenticated users to establish VPN connections to Server1. You create a global group named Group1.You need to prevent all members of Group1 from establishing VPN connections to Server1.  What should you do？（）

• A、From the local computer policy on Server1， modify the Account Policies settings.
• B、From Active Directory Users and Computers， modify the Security settings of Group1.
• C、From the Routing and Remote Access snap-in， create a new remote access policy.
• D、From the Routing and Remote Access snap-in， open the properties of Server1 and modify the security options.

第3题：

You are the network administrator for your company. The network consists of a single Active Directory domain.  The company has remote users in the sales department who work from home. The remote users’ client computers run Windows XP Professional， and they are not members of the domain. The remote users’ client computers have local Internet access through an ISP.   The company is deploying a Windows Server 2003 computer named Server1 that has Routing and Remote Access installed. Server1 will function as a VPN server， and the remote users will use it to connect to the company network. Confidential research data will be transmitted from the remote users’ client computers. Security is critical to the company and Server1 must protect the remote users’ data transmissions to the main office. The remote client computers will use L2TP/IPSec to connect to the VPN server.  You need to choose a secure authentication method.   What should you do？ （）

• A、 Use the authentication method of the default IPSec policies.
• B、 Create a custom IPSec policy and use the Kerberos version 5 authentication protocol.
• C、 Create a custom IPSec policy and use certificate-based authentication.
• D、 Create a custom IPSec policy and use preshared key authentication.
• E、 Use the authentication method of the Routing and Remote Access custom IPSec policy for L2TP connection.

第4题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).You have a VPN server named Server1. You have an Internet Authentication Service (IAS) server named Server2. You need to ensure that all VPN connections to Server1 are authenticated by Server2.Which two actions should you perform?（）

• A、From the Internet Authentication Service snap-in on Server2, create a new RADIUS client. 
• B、From the Internet Authentication Service snap-in on Server2, create a new remote access policy. 
• C、From the Routing and Remote Access snap-in, configure Server1 to use RADIUS accounting. 
• D、From the Routing and Remote Access snap-in, configure Server1 to use RADIUS authentication. 

第5题：

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains three member servers named Server1，Server2，and Server3.    The three member servers are connected to the Internet. You plan to implement remote access to the company network for users that work from home. You configure and enable Routing and Remote Access on Server1 and Server2. An assistant，who is an administrator on all member servers， configures and enables Routing and Remote Access on Server3. Users from the domain can successfully establish VPN connections from the lnternet to Server1 and Server2. However，users cannot establish a VPN connection to Server3. You discover that Server3 can only authenticate Internet VPN connections from local user accounts.    You need to ensure that users from the domain can successfully establish a VPN connection to Server3.  What should you do？（）

• A、 Enable the Server3 computer account in Active Directory as trusted for delegation.
• B、 Assign the Authenticated Users group the Allow - Allowed to Authenticate permission for the Server3 computer acc
• C、 Assign the Server3 computer account the Allow. Read permission on the RAS and IAS Servers access Check cont
• D、 Add the Server3 computer account to the RAS and IAS Servers security group.
• E、 Add the Server3 computer account to the Windows Authorization Access Group security group.

第6题：

第7题：

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

Your network consists of a single Active Directory domain. The network contains a server that runs Windows Server 2003 Service Pack 2 （SP2）. The server has an application that runs as a service. The application uses a domain service account to access other servers in the domain. Security policies require that users reset their passwords every 30 days. After the application runs for a month， the application fails.You need to ensure that the application starts and can access the remote servers. What should you do？（）

• A、In the Services snap-in, set the service to log on as the Local System account and start the service.
• B、In the Services snap-in, set the service to log on as the Local Administrator account and start the service.
• C、In Active Directory Users and Computers, reset the server’s computer account. In the Services snap-in, start the service.
• D、In Active Directory Users and Computers, set the Account Expires option to Never. In the Services snap-in, start the service. 

第14题：

You have a server named Server1 that runs Windows Server 2003 Service Pack 2 （SP2）.  Server1 is configured as a VPN server.You need to enable trace logging for all Routing and Remote Access components.  Which tool should you use？（）

• A、Netdiag.exe
• B、Netcap.exe
• C、Netsh.exe
• D、Tracert.exe

第15题：

You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Server1 is configured as a VPN server.You need to enable trace logging for all Routing and Remote Access components. Which tool should you use?（）

• A、Netdiag.exe 
• B、Netcap.exe 
• C、Netsh.exe 
• D、Tracert.exe

第16题：

Your company consists of a single Active Directory domain that is configured in Windows 2000 native mode. All servers run Windows Server 2003 Service Pack 2 (SP2). You deploy a Routing and Remote Access server to provide VPN access to the network.You need to ensure that only members of a group named Sales can access the network through the VPN. The solution must minimize the administrative effort required to manage remote access.  What should you do?（）

• A、Allow dial-in access for the user accounts of all Sales group members. 
• B、Deny dial-in access for the user accounts of all users except the Sales group members. 
• C、Create a remote access policy and assign the Allow - Remote Access permission. Add the Windows-Groups condition and specify the Sales group. 
• D、Create a remote access policy and assign the Deny - Remote Access permission. Add the Windows-Groups condition and specify all Active Directory groups except for Sales.

第17题：

Your network consists of a single Active Directory domain. You have a Web server named server1.contoso.com that runs Windows Server 2003 Service Pack 2 （SP2）. Users access a Web site on Server1 by using the URL http：//server1.contoso.com.  Users also access the Web site on Server1 by using the URL http：//192.168.1.10. You need to configure DNS to enable users to access the Web site by using the URL http：//www.contoso.com. The solution must prevent the need to manually update DNS if the IP address of Server1 changes. Which type of resource record should you create in DNS？（）

• A、alias （CNAME）
• B、host （A）
• C、host （AAAA）
• D、host information （HINFO）

第18题：

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：