You have a VPN&#8194...

单项选择题X 纠错

You have a VPN server that runs Windows Server 2003 Service Pack 2 (SP2). The VPN server is configured to have a static IP address pool. The IP address range is 10.10.10.1 to 10.10.10.200.All clients connect to the server by using PPTP. You discover that the VPN server supports only five concurrent VPN connections. You need to ensure that the VPN server supports 100 concurrent VPN connections. What should you do?（）

A.From Network Interfaces, create a new demand-dial interface.
B.From the properties of the server, disable multilink connections.
C.From the port properties, configure the WAN Miniport (PPTP) device.
D.From the properties of the server, configure the IP address assignment settings.

参考答案：

进入题库练习

单项选择题

Your company has a main office and one branch office. All servers run Windows Server 2003 Service Pack 2 (SP2).The main office has a third-party gateway device named Gateway1. Gateway1 is connected to the internal network and the Internet. Gateway1 supports IPSec. In the branch office, you have a server named Server1. You create an IPSec policy on Server1.You need to ensure that Server1 can establish an IPSec tunnel to Gateway1.
What should you use to configure the IPSec policy?（）

A.an IP filter that allows only Internet Control Message Protocol (ICMP) traffic
B.an IP filter that allows only TCP traffic on port 1701
C.a pre-shared key for authentication
D.Kerberos authentication

点击查看答案进入题库练习

单项选择题

Your company has a main office and one branch office. Your network consists of an Active Directory domain.You have a remote access server in the main office named Server1. You have a remote access server inthe branch office named Server2.Server2 has a demand-dial interface that connects to Server1. The demand-dial interface connects by using a domain account named Ras1.You need to prevent Server2 from establishing new demand-dial connections to the main office between 18:00 and 08:00.
What should you do?（）

A.Modify the dial-in properties of the Ras1 account.
B.Modify the dial-out hours on the demand-dial interface.
C.Modify the IP demand-dial filters on the demand-dial interface.
D.Enable Bandwidth Allocation Protocol (BAP) on Server2.

点击查看答案进入题库练习

单项选择题

Your company consists of a single Active Directory domain that is configured in Windows 2000 native mode. All servers run Windows Server 2003 Service Pack 2 (SP2). You deploy a Routing and Remote Access server to provide VPN access to the network.You need to ensure that only members of a group named Sales can access the network through the VPN. The solution must minimize the administrative effort required to manage remote access.
What should you do?（）

A.Allow dial-in access for the user accounts of all Sales group members.
B.Deny dial-in access for the user accounts of all users except the Sales group members.
C.Create a remote access policy and assign the Allow - Remote Access permission. Add the Windows-Groups condition and specify the Sales group.
D.Create a remote access policy and assign the Deny - Remote Access permission. Add the Windows-Groups condition and specify all Active Directory groups except for Sales.

点击查看答案进入题库练习

多项选择题

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).You have a VPN server named Server1. You have an Internet Authentication Service (IAS) server named Server2. You need to ensure that all VPN connections to Server1 are authenticated by Server2.Which two actions should you perform?（）

A.From the Internet Authentication Service snap-in on Server2, create a new RADIUS client.
B.From the Internet Authentication Service snap-in on Server2, create a new remote access policy.
C.From the Routing and Remote Access snap-in, configure Server1 to use RADIUS accounting.
D.From the Routing and Remote Access snap-in, configure Server1 to use RADIUS authentication.

点击查看答案进入题库练习

单项选择题

Your network consists of a single Active Directory domain. The remote access permission for all users is set to Control access through Remote Access Policy. You have a VPN server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). The current configuration allows all authenticated users to establish VPN connections to Server1. You create a global group named Group1.You need to prevent all members of Group1 from establishing VPN connections to Server1. What should you do?（）

A.From the local computer policy on Server1, modify the Account Policies settings.
B.From Active Directory Users and Computers, modify the Security settings of Group1.
C.From the Routing and Remote Access snap-in, create a new remote access policy.
D.From the Routing and Remote Access snap-in, open the properties of Server1 and modify the security options.

点击查看答案进入题库练习

单项选择题

ou have a server that runs Windows Server 2003 Service Pack 2 (SP2). Routing and Remote Access is enabled and the server is configured as a remote access server.You need to configure the server to support only the MS-CHAP v2 authentication protocol for remote access authentication.What should you do from the Routing and Remote Access snap-in?（）

A.Configure the port properties.
B.Create and configure a new demand-dial interface.
C.From the server’s properties, modify the security options.
D.From the Connections to Microsoft Routing and Remote Access Server policy, add a new condition.

点击查看答案进入题库练习

单项选择题

You have two stand-alone servers that run Windows Server 2003 Service Pack 2 (SP2). You assign the Secure Server (Require security) IPSec policy to both servers. From Server1, you notice that you cannot access resources on Server2.You need to ensure that you can access resources on Server2. All communications between Server1 and Server2 must be encrypted. What should you do?（）

A.On Server1, assign the Client (Respond only) IPSec policy.
B.On Server2, assign the Server (Request Security) IPSec Policy.
C.On Server1 and Server2, modify the authentication settings in the Secure Server (Require security) IPSec Policy.
D.On Server1 and Server2, enable Master Key perfect forward secrecy (PFS) in the Secure Server (Require security) IPSec Policy.

点击查看答案进入题库练习

单项选择题

our network contains a Web server named Server1 that runs Windows Server 2003 and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed.External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: “There is a problem with this Web site’s security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority.”
You find that users on the corporate network do not receive this error.You need to ensure that external users do not receive the warning message when connecting to Server1.
What should you do?（）

A.In IIS Manager, enable the Enable client certificate mapping option.
B.In IIS Manager, replace the certificate with a certificate obtained from a public Certification Authority.
C.In Local Security Policy, enable Domain Member: Require strong (Windows 2000 or later) session key.
D.In Local Security Policy, enable Domain Member: Digitally encrypt or sign secure channel data

点击查看答案进入题库练习

单项选择题

our network contains a DNS server that has a reverse lookup zone for all of your network segments. You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). An IP security policy is assigned to Server1.You verify IPSec traffic and see that the current security associations display only by IP address. You need to view the fully qualified domain names for all security associations.
What should you do?（）

A.From the DNS console, add Server1 as a name server.
B.From the DNS console, change dynamic updates to Secure only.
C.From IP Security Monitor on Server1, enable DNS name resolution.
D.From IP Security Monitor on Server1, create a new taskpad view.

点击查看答案进入题库练习

单项选择题

Your network consists of a single Active Directory domain named Contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2003 Service Pack 2 (SP2). Server1 has Windows Support Tools and Resource Kit Tools installed. You need to view the Kerberos tickets issued to Server1. Which tool should you run?（）

A.Kerbtray
B.Sc /query kdc
C.Netdiag /test:Kerberos
D.Nltest /sc_query:Contoso.com

点击查看答案进入题库练习