In which tunnel－less VPN topology do group members register with a key server in order to receive the security association necessary to communicate with the group?()A. Easy VPNB. GRE tunnelingC. Virtual Tunnel InterfacesD. DynamicMultipoint VPNE. Group En

第1题：

In which tunnel-less VPN topology do group members register with a key server in order to receive the security association necessary to communicate with the group?（）

• A、Easy VPN
• B、GRE tunneling
• C、Virtual Tunnel Interfaces
• D、DynamicMultipoint VPN
• E、Group Encrypted Transport VPN

第2题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1.   You are planning a public key infrastructure （PKI） for the company. You want to deploy a certification authority （CA） on Server1.   You create a new global security group named Cert Administrators. You need to delegate the tasks to issue， approve， and revoke certificates to members of the Cert Administrators group.   What should you do？（）

• A、 Add the Cert Administrators group to the Cert Publishers group in the domain.
• B、 Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow - Write permission.
• C、 Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow - Modify permission.
• D、 Assign the Certificate Managers role to the Cert Administrators group.

第3题：

You manage Hyper-V host servers and virtual machines （VMs） by using Microsoft System Center Virtual Machine Manager （VMM） 2008 R2. Developers are members of an AD security group named  Development. You need to ensure that on a specific host server， members of the Development group can perform only the Create，Modify，and Remove VM management tasks. What should you do？（）

• A、Create a Self-Service user role and add the Development group to this role.
• B、Create a Delegated Administrator user role and add the Development group to this role.
• C、In Authorization Manager， create a role on the client computer of each member of the Development group， and add the Development group to this role.
• D、Install Hyper-V Manager on the client computer of each member of the Development group，and grant the Development group administrative privileges on the specific server.

第4题：

our network contains a server that runs window server 2008. The serve has the network policy server(NPS) service role installed. You need to allow only members of a global group named group1 VPN access to the network. What should you do?（）

• A、Add group1 to the RAS and IAS servers group.
• B、Add group1 to the network configuration operators group..
• C、Create a new network policy and define a group-based connection for group1. Set the access permission of the policy to access granted. Set the processing order of the policy to 1.
• D、Create a new network policy and define a group-based condition for group1. Set the access permission of the policy to acces granted. Set the processing of the policy to 3.

第5题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.   The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group.   A new requirement in the company’s written security policy states that the Power Users group must be empty on all resource servers.   You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented.   What should you do？  （）

• A、 Add the Domain Users global group to the Remote Desktop Users built-in group in the domain.  
• B、 Add the Domain Users global group to the Remote Desktop Users local group on each terminal server.
• C、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Import the security template into the Default Domain Controllers Policy Group Policy object （GPO）.
• D、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Apply the modified template to each terminal server.

第6题：

第7题：

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

Which site-to-site VPN solution allows Cisco routers， PIX Firewalls， and Cisco hardware clients to act as remote VPN clients in order to receive predefined security policies and configuration parameters from the VPN headend at the central site？（）

• A、Easy VPN
• B、GRE tunneling
• C、Virtual Tunnel Interfaces
• D、Dynamic Multipoint VPN
• E、Group Encrypted Transport VPN

第14题：

Which three IP multicast group concepts are true？ （Choose three.） （）

• A、 If a packet is sent to a multicast group address， all members of the multicast group will receive it
• B、 If a packet is sent to a multicast group address， the multicast frame contains the source multicast  address
• C、 A router does not have to be a member of a multicast group to receive multicast data.
• D、 A router does not have to be a member of a multicast group to send to the group.
• E、 A router must be a member of a multicast group to receive multicast data.
• F、 A router must be a member of a multicast group to send to the group.

第15题：

Your network consists of a single Active Directory domain. The remote access permission for all users is set to Control access through Remote Access Policy.You have a VPN server named Server1 that runs Windows Server 2003 Service Pack 2 （SP2）.  The current configuration allows all authenticated users to establish VPN connections to Server1. You create a global group named Group1.You need to prevent all members of Group1 from establishing VPN connections to Server1.  What should you do？（）

• A、From the local computer policy on Server1， modify the Account Policies settings.
• B、From Active Directory Users and Computers， modify the Security settings of Group1.
• C、From the Routing and Remote Access snap-in， create a new remote access policy.
• D、From the Routing and Remote Access snap-in， open the properties of Server1 and modify the security options.

第16题：

You have a server that runs Windows Server 2008. The server has the Terminal Services Gateway （TS Gateway） role service installed.  You need to provide a security group access to the TS Gateway server. What should you do？（）

• A、Add the security group to the Remote Desktop Users group.
• B、Add the security group to the TS Web Access Computers group.
• C、Create and configure a Resource Authorization Policy.
• D、Create and configure a Connection Authorization Policy.

第17题：

Your environment includes multiple Windows Server 2008 R2 Hyper-V servers. You are designing an administrative strategy for virtual machines （VMs）. You need to ensure that members of the Security Compliance Active Directory Domain Services （AD DS） security group can monitor failed logon events on the VMs. What should you do？（）

• A、Add the Security Compliance group to the local administrators group of each VM
• B、Add the Security Compliance group to the local administrators group of each Hyper-V server
• C、In the InitialStore.xml file of each VM， define an access policy for the Security Compliance group
• D、in the InitialStore.xml file of each Hyper-V server， define an access policy for the Security Compliance group

第18题：

第19题：

第20题：

第21题：

第22题：

第23题：