Which of the following is true regarding NetWare Directory Services （NDS） configuration？（）A、Remote users can access the tree through dial-in connections.B、Mobile users do not require changing the NDS name context.C、Remote users do not require a special ND

第1题：

Your network consists of a single Active Directory domain. The remote access permission for all users is set to Control access through Remote Access Policy. You have a VPN server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). The current configuration allows all authenticated users to establish VPN connections to Server1. You create a global group named Group1.You need to prevent all members of Group1 from establishing VPN connections to Server1. What should you do?（）

• A、From the local computer policy on Server1, modify the Account Policies settings. 
• B、From Active Directory Users and Computers, modify the Security settings of Group1. 
• C、From the Routing and Remote Access snap-in, create a new remote access policy. 
• D、From the Routing and Remote Access snap-in, open the properties of Server1 and modify the security options.

第2题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service （IAS）. Server1 provides VPN access to the network for users’ home computers.   You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized.  You need to configure Server1 to log the details of access attempts by VPN users.   What should you do？  （）

• A、 Configure the system event log to Do not overwrite.
• B、 In IAS， in Remote Access Logging， enable the Authentication requests setting.
• C、 Configure the Remote Access server to Log all events.
• D、 Create a custom remote access policy and configure it for Authentication-Type.

第3题：

You need to design an e-mail access strategy for remote users. What should you do? （） 

• A、 Instruct remote users to connect to their e-mail by using RPC
• B、 Instruct remote users to connect to Outlook Web Access by using only HTTPS
• C、 Instruct remote users to connect to the company network by using PPTP connections
• D、 Instruct remote users to connectd to their e-mail by using RPC over HTTP Configure the HTTP servers to require encryption.

第4题：

You are designing a security strategy for users who need remote access to the corporate network.  What should you do？（）

• A、 Configure Internet Authentication Service （IAS） for accounting.
• B、 Configure the server running Routing and Remote Access to support L2TP.
• C、 Configure the server running Routing and Remote Access to restrict dial-in traffic to the NewApp servers only.
• D、 Create a separate account for remote access users. Configure these accounts to access the NewApp server only.

第5题：

You need to design a remote access authentication strategy that will allow users in the IT department to remotely connect to the network. Your solution must meet security requirements. What should you do？（）

• A、Install Internet Authentication Services （IAS） on a server in the den.corp.woodgrovebank.com domain. Configure the VPN servers as RADIUS clients
• B、Install Internet Authentication Services （IAS） on a stand-alone server in the Denver extranet. Create local user accounts for the IT personnel on the IAS server. Configure the VPN servers as RADIUS clients
• C、Create a remote access policy on each of the VPN servers. Configure the policy to use the den.corp.woodgrovebank.com to authenticate remote access users. Configure the policy to require L2TP to establish a connection
• D、Create a remote access policy on each of the VPN servers. Create local user accounts for the IT personnel on the VPN servers. Configure the policy to use the VPN servers’ local accounts database to authenticate users. Configure the policy to require L2TP to establish a connection

第6题：

You need to design access to e-mail by Internet users. What should you do？（）

• A、Configure front-end servers to use HTTP to communicate with back-end servers
• B、Configure the internal firewall to allow IPSec traffic between front-end and back-end Exchange servers
• C、Require all users to encrypt all outbound e-mail messages
• D、Issue digital certificates to all remote users. Require the certificates to be used when authenticating to Outlook Web Access

第7题：

第8题：

第9题：

第10题：

Your company has a single Active Directory domain. The company network is protected by a firewall.Remote users connect to your network through a VPN server by using PPTP. When the users try to connect to the VPN server, they receive the following error message: °Error 721: The remote computer is not responding.You need to ensure that users can establish a VPN connection. What should you do？（）

• A、Open port 1423 on the firewall.
• B、Open port 1723 on the firewall.
• C、Open port 3389 on the firewall.
• D、Open port 6000 on the firewall.

第11题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2008 R2.   All client computers run Windows 7. Some users have laptop computers and work remotely from home.   You need to plan a data provisioning infrastructure to secure sensitive files. Your plan must meet the following requirements:   èFiles must be stored in an encrypted format.   èFiles must be accessible by remote users over the Internet.   èFiles must be encrypted while they are transmitted over the Internet. What should you include in your plan?（）

• A、Deploy one Microsoft SharePoint Foundation 2010 site. Require users to access the SharePoint site by using a Secure Socket Transmission Protocol （SSTP） connection.
• B、Deploy two Microsoft SharePoint Foundation 2010 sites.Configure one site for internal users. Configure the other site for remote users. Publish the SharePoint sites by using HTTPS.
• C、Configure a Network Policy and Access Services （NPAS） server to act as a VPN server. Require remote users to access the files by using an IPsec connection to the VPN server.
• D、Store all sensitive files in folders that are encrypted by using Encrypting File System （EFS）. Require  remote users to access the files by using Secure Socket Transmission Protocol （SSTP）.

第12题：

Your network consists of a single Active Directory domain. The network contains a server that runs Windows Server 2003 Service Pack 2 （SP2）. The server has an application that runs as a service. The application uses a domain service account to access other servers in the domain. Security policies require that users reset their passwords every 30 days. After the application runs for a month， the application fails.You need to ensure that the application starts and can access the remote servers. What should you do？（）

• A、In the Services snap-in, set the service to log on as the Local System account and start the service.
• B、In the Services snap-in, set the service to log on as the Local Administrator account and start the service.
• C、In Active Directory Users and Computers, reset the server’s computer account. In the Services snap-in, start the service.
• D、In Active Directory Users and Computers, set the Account Expires option to Never. In the Services snap-in, start the service. 

第13题：

You need to design a security strategy for a remote e-mail access. What should you do？（）

• A、Require remote users to access e-mails by using Outlook Mobile Access
• B、Require Outlook Web Access users to install the secure MIME ActiveX-Control and to encrypt all messages
• C、On Outlook Web Access servers that accept connections from the Internet configure IIS to require SSL for all connections
• D、On Outlook Web Access servers that accept connections from the Internet configure IIS to require Integrated Windows Authentication

第14题：

Your company consists of a single Active Directory domain that is configured in Windows 2000 native mode. All servers run Windows Server 2003 Service Pack 2 (SP2). You deploy a Routing and Remote Access server to provide VPN access to the network.You need to ensure that only members of a group named Sales can access the network through the VPN. The solution must minimize the administrative effort required to manage remote access.  What should you do?（）

• A、Allow dial-in access for the user accounts of all Sales group members. 
• B、Deny dial-in access for the user accounts of all users except the Sales group members. 
• C、Create a remote access policy and assign the Allow - Remote Access permission. Add the Windows-Groups condition and specify the Sales group. 
• D、Create a remote access policy and assign the Deny - Remote Access permission. Add the Windows-Groups condition and specify all Active Directory groups except for Sales.

第15题：

You have a server that runs Windows Server 2003 Service Pack 2 (SP2). You enable Remote Desktop on the server and add 10 users to the Remote Desktop Users group. Users report that they occasionally receive an error message indicating that Terminal Server has reached the maximum number of connections. You need to ensure that all 10 users can establish Remote Desktop connections to the server concurrently. What should you do?（）

• A、From Add or Remove Programs, add the Terminal Server component.
• B、From Add or Remove Programs, add the Connection Point Services component.
• C、From the Terminal Services Configuration console, modify the Maximum connections setting.
• D、From the Terminal Services Configuration console, modify the Restrict each user to one session setting.

第16题：

第17题：