多选题You are the network administrator for your company. A user is complaining that they are not able to access the network with the Junos Pulse client. You run a packet capture on the network interface to monitor the 802.1X authentication process. You noti

第1题：

A user calls the help desk and explains that they just purchased a Macintosh computer. When they log into the network, the Odyssey Access Client is not automatically downloaded as it was when the user used their Windows PC.How do you resolve this issue?（）

• A、Download the Macintosh installer from the Junos Pulse Access Control Service and manually install the Odyssey Access Client.
• B、Provide the user with the sign-in URL you set up for Macintosh users; this will push the Odyssey Access Client to the user's machine.
• C、Assist the user to configure the Macintosh native supplicant and provide the AppleScnptto expose the EAP-JUAC inner authentication protocol.
• D、Configure the user's role to install the Java agent, which is a requirement to allow the Junos Pulse Access Control Service to deploy the Odyssey Access Client.

第2题：

You are the network administrator for your company. A user is complaining that they are not able to access the network with the Junos Pulse client. You run a packet capture on the network interface to monitor the 802.1X authentication process. You notice that after the EAP- request/identity packet is received, and the supplicant responds with an EAP-response/identity packet, no further communication occurs for several seconds. What are three causes for this behavior?（）

• A、The authenticator is not licensed to support Junos Pulse.
• B、The authenticator did not receive the EAP-response/identity packet.
• C、The authentication server is not receiving the RADIUS packet containing the EAP-response/identity data.
• D、The authenticator is sending the request over its loopback interface.
• E、The authentication server is sending back a RADIUS response packet, but the authenticator is not forwarding the response back to the supplicant.

第3题：

You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?（）

• A、CLI
• B、WebUI
• C、NSM
• D、Junos Pulse Access Control Service

第4题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service （IAS）. Server1 provides VPN access to the network for users’ home computers.   You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized.  You need to configure Server1 to log the details of access attempts by VPN users.   What should you do？  （）

• A、 Configure the system event log to Do not overwrite.
• B、 In IAS， in Remote Access Logging， enable the Authentication requests setting.
• C、 Configure the Remote Access server to Log all events.
• D、 Create a custom remote access policy and configure it for Authentication-Type.

第5题：

You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains three Windows Server 2003 domain controllers， 20 Windows Server 2003 member servers， and 750 Windows XP Professional computers. The domain is configured to use only Kerberos authentication for all server connections.A user reports that she receives an "Access denied" error message when she attempts to connect to one of the member servers. You want to test the functionality of Kerberos authentication on the user’s client computer.  Which command should you run from the command prompt on the user’s computer？（）

• A、netsh
• B、netdiag
• C、ktpass
• D、ksetup

第6题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains an application server running Windows Server 2003.   Users report intermittent slow performance when they access the application server throughout the day. You find out that the network interface on the application server is being heavily used during the periods of slow performance. You suspect that a single computer is causing the problem.You need to create a plan to identify the problem computer.   What should you do？（）

• A、 Monitor the performance monitor counters on the application server by using System Monitor.  
• B、 Monitor the network traffic on the application server by using Network Monitor.
• C、 Monitor network statistics on the application server by using Task Manager.
• D、 Run network diagnostics on the application server by using Network Diagnostics.

第7题：

You are a network administrator for your company.A Windows Server 2003 computer named Server1 is exhibiting connectivity problems. You monitor Server1 by using System Monitor and Network Monitor. While monitoring， you notice that Server1 has approximately 4 MB of available memory， and the average CPU utilization is running at 95 percent. When you investigate the Network Monitor capture， you notice that some network packets sent to Server1 during the capture have not been captured. You need to ensure that the impact of monitoring on Server1 is reduced and that all packets sent to the computer are captured.   What should you do？（）

• A、From a command prompt， run the diskperf command.
• B、Run Network Monitor in dedicated capture mode.
• C、Configure a Network Monitor capture filter.
• D、Increase the buffer size in Network Monitor.

第8题：

You install a new hardware router that provides wireless network connectivity between your computer and the Internet. You connect to the router by using a wireless network adapter. Your computer is able to access the Internet but is unable to discover other computers in the local wireless network.  You need to configure the wireless connection to allow your computer to discover other computers.  What should you do？（）

• A、Configure the network category of your wireless network connection to Private.
• B、Configure the network category of your wireless network connection to Public.
• C、Configure the TCP/IP packet filtering on the wireless network connection.
• D、Configure the wireless network connection with the appropriate authentication to the router.

第9题：

第10题：

第11题：

第12题：

第13题：

A users Junos Pulse client uses 802.1X to access a wired network and is failing to authenticate. You run a packet capture from the users PC and notice that immediately after the client machine sends an EAPoL-start packet, an EAP-failure packet is returned. You review the RADIUS troubleshooting logs on the MAG Series device and do not see any authentication attempts from the user. Other users on the same Ethernet switch are successfully authenticating. Which device is sending the EAP-failure packet to the workstation?（）

• A、The RADIUS server
• B、The EAPoL server
• C、The workstation's network adapter
• D、The Ethernet switch

第14题：

You have three classes of users on your network: employee, contractor, and IT administrator. You configure the Junos Pulse Access Control Service to assign roles to each user class and require that a specific wireless SSID be preconfigured for the Odyssey Access Client based on the role. Which configuration method should you use to satisfy this scenario?（）

• A、Create a "Settings Update file" in the Odyssey Access Client Administrator and upload it to the Junos Pulse Access Control Service under "User Roles" > "Agent" > "Odyssey Settings" > "Preconfigured Installer".
• B、Configure a wired adapter and assign the required SSID under "User Roles" > "Agent" > "Odyssey Settings".
• C、Create a script in the Odyssey Access Client Administrator and upload it to the Junos Pulse Access Control Service under "User Roles" > "Agent" > "Odyssey Settings" > "Preconfigured Installer".
• D、Create a "Preconfiguration file" in the Odyssey Access Client Administrator and upload it to the Junos Pulse Access Control Service under "User Roles" > "Agent" > "Odyssey Settings" > "Preconfigured Installer".

第15题：

Your company has deployed Network Access Protection (NAP).You configure secure wireless access to the network by using 802.1X authentication from any access point.You need to ensure that all client computers that access the network are evaluated by NAP. What should you do?（）

• A、Configure all access points as RADIUS clients to the Remediation Servers.
• B、Configure all access points as RADIUS clients to the Network Policy Server (NPS).
• C、Create a Network Policy that defines Remote Access Server as a network connection method. 
• D、Create a Network Policy that specifies EAP-TLS as the only available authentication method.

第16题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains Windows Server 2003 computers and Windows XP Professional computers.  You configure a server named Server1 to be a file server. The written company security policy states that you must analyze network traffic that is sent to and from all file servers.You need to capture file-transfer network traffic that is being sent to and from Server1. You install Network Monitor Tools from a Windows Server 2003 product CD-ROM on a server named Server2， which is on the same network segment as Server1.You run Network Monitor on Server2. However， Network Monitor captures only network traffic that is sent to and from Server2. You need to capture all network traffic that is sent to and from Server1.  What should you do？（）

• A、Install the Network Monitor driver on Server1. Run Network Monitor on Server2 to capture network traffic.
• B、Open Network Monitor on Server2 and create a capture filter to enable the capture of all protocols. Run Network Monitor to capture network traffic.
• C、Install Network Monitor Tools on Server1. Run Network Monitor to capture network traffic.
• D、Open Network Monitor on Server2 and increase the capture buffer from 1 MB to 20 MB in size. Run Network Monitor to capture network traffic.

第17题：

You are the network administrator for your company. The network contains 12 Windows Server 2003 computers and 300 Windows XP Professional computers. Three servers named Server4， Server5， and Server6 run a critical business application. When performing performance baselining on these three servers， you notice that Server6 has a larger number of concurrently connected users at any given moment than Server4 or Server5. The additional workload is causing performance problems on Server6. You need to identify which client computers are connecting to Server6.You plan to run Network Monitor on Server6 to capture all packets sent to Server6. The capture task must be configured to meet the following requirements.To reduce the size of the captured data， you want to capture only the packet headers.If a large number of packets are captured， the packets must be retained on the server. Captured packets must not overwrite previously captured packets.   Which two tasks should you perform to configure Network Monitor？（）

• A、Configure the Network Monitor display filters.
• B、Configure the Network Monitor capture filters.
• C、Increase the Network Monitor buffer size setting.
• D、Decrease the Network Monitor buffer size setting.
• E、Increase the Network Monitor frame size setting.
• F、Decrease the Network Monitor frame size setting.

第18题：

You are the network administrator for your company. A Windows Server 2003 computer named Router11 is used to connect the network to the Internet. You find out that some computers on the network are infected with a worm， which occasionally sends out traffic to various hosts on the Internet. This traffic always uses a certain source TCP port number.You need to identify which computers are infected with the worm. You need to configure a solution on Router11 that will perform the following two tasks： Detect and identify traffic that is sent by the worm.   Immediately send a notification to a network administrator that the infected computer needs to be repaired.  What should you do？（）

• A、Configure a WMI event trigger.
• B、Configure a Network Monitor capture filter.
• C、Configure a Network Monitor trigger.
• D、Configure a System Monitor alert.

第19题：

Your company has deployed Network Access Protection （NAP). You configure secure wireless access to the network by using 802.1x authentication from any access point. You need to ensure that all client computers that access the network are evaluated by NAP.  what should you do（）？ 

• A、Configure all access points as RADIUS clients to the Remediation Servers
• B、Configure all access points as RADIUS clients to the Network Policy Server （NPS）
• C、Create a Network Policy that defines Remote Access Server as a network connection method
• D、Create a Network Policy that specifies EAP-TLS as the only availible authentication method.

第20题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 25 Windows Server 2003 computers and 6，000 Windows XP Professional computers.The written company security policy states that network traffic to Web servers must be audited on a regular basis. A server named Server1 is configured as a Web server on the company’s intranet. You install Network Monitor Tools from a Windows Server 2003 product CD-ROM on Server1.You run Network Monitor on Server1 for three hours. When you stop the network capture， you see that Network Monitor captured over 40，000 frames. As you look at the captured frames， you notice that an extremely large number of TCP connection requests have all come from the 131.107.0.1 IP address.In Network Monitor， you need to view only the frames for network traffic that are captured between Server1 and the 131.107.0.1 IP address.  What should you do？（）

• A、Create an Address Capture filter for all network traffic between Server1 and the 131.107.0.1 IP address.
• B、Create a Find Frame Expression filter for network traffic captured between Server1 and the 131.107.0.1 IP address.
• C、Create an Address Display filter for all network traffic captured between Server1 and the 131.107.0.1 IP address.
• D、Create a Pattern Match capture trigger for the 131.107.0.1 IP address.

第21题：

第22题：

第23题：