单选题You need to design a Security strategy for the wireless network at all resort locations.What should you do？（）A Connect the wireless access points to a dedicated subnet. Allow the subnet direct access to the Internet，but not to the company network.Requi

第1题：

Your company’s network includes client computers that run Windows 7. You design a wireless network to use Extensible Authentication Protocol-Transport Level Security （EAP-TLS）.   The Network Policy Server has a certificate installed.   Client computers are unable to connect to the wireless access points.    You need to enable client computers to connect to the wireless network.   What should you do？（）

• A、Configure client computers to use Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 （PEAP-MS-CHAP v2）.
• B、Configure client computers to use Protected Extensible Authentication Protocol-Transport Layer Security （PEAP-TLS）.
• C、Install a certificate in the Trusted Root Certification Authorities certificate store.
• D、Install a certificate in the Third-Party Root Certification Authorities certificate store.

第2题：

You need to design an audit strategy for Southbridge Video. Your solution must meet business requirements.What should you do？（）

• A、Create a new security template that enables the Audit account logon events policy for successful and failed attempts. Create a new GPO， and link it to the domain. Import the new security template into the new GPO
• B、Create a new security template that enables the Audit account logon events policy for successful and failed attempts. Create a new GPO， and link it to the Domain Controllers OU. Import the new security template into the new GPO
• C、Create a new security template that enables the Audit logon events policy for successful and failed attempts. Create a new GPO， and link it to the Domain Controllers OU. Import the new security template into the new GPO
• D、Create a new security template that enables the Audit logon events policy for successful and failed attempts. Create a new GPO， and link it to the domain. Import the new security template into the new GPO

第3题：

You need to recommend a Group Policy strategy for the Remote Desktop servers. What should you include in the recommendation？（）

• A、block inheritance
• B、loopback processing
• C、security filtering
• D、WMI filtering

第4题：

You need to design an authentication solution for the wireless network. Your solution must meet the security requirements. What should you do？（）

• A、Create wireless VPNs using L2TP/IPSec between the client computers to the wireless access point
• B、Configure IEEE 802.1x authentication with smart cards
• C、Configure the wireless network to use Wired Equivalent Privacy （WEP）
• D、Install and configure an Internet Authentication Service （IAS） server

第5题：

Your computer uses both wired and wireless network connections. The networks are not connected to each other.  You disallow incoming connections in Microsoft Windows Firewall. You create a shared folder. Users on the wireless network cannot access the shared folder.  You need to allow access to the shared folder from the wireless network. You also need to maintain the security of the wired network.  What should you do？（）

• A、Turn off the Windows Firewall feature.
• B、Disable the Block all incoming connections option.
• C、Turn off the Spyware and other malware protection option.
• D、Enable the File and Printer Sharing exception in the firewall settings of the wireless network adapter.

第6题：

You need to design an access control and permission strategy for user objects in Active Directory.What should you do？（）

• A、Make the members of the AdvancedSupport security group members of the Domain Admins security group
• B、Give each desktop support technician permission to reset passwords for the top-level OU that contains user accounts at their own location
• C、Delegate full control over all OUs that contain user accounts to all AllSupport  security group
• D、Change the permissions on the domain object and its child objects so that the BasicSupport security group is denied permissions. Then， add a permission to each OU that contains user accounts that allows AllSupport security group members to reset passwords in that OU

第7题：

You need to design a strategy to ensure that all servers are in compliance with the business requirements for maintaining security patches. What should you do？（）

• A、Log on to a domain controller and run the Resultant Set of Policy wizard in planning mode on the domain
• B、Log on to each server and run Security Configuration and Analysis to analyze the security settings by using a custom security template
• C、Create a logon script to run the secedit command to analyze all servers in the domain
• D、Run the Microsoft Baseline Security Analyzer （MBSA） on a server to scan for Windows vulnerabilities on all servers in the domain

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003.   The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods， audit settings， and account policy settings.   The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements， renaming the administrator account， and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings.   You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized， and that after the deployment， the security settings on all application servers meet the design requirements.   What should you do？ （）

• A、 Apply the Setup security.inf template first， the Hisecws.inf template next， and then the Application.inf template.
• B、 Apply the Application.inf template and then the Hisecws.inf template.
• C、 Apply the Application.inf template first， the Setup security.inf template next， and then the Hisecws.inf template.
• D、 Apply the Setup security.inf template and then the Application.inf template.

第14题：

You need to design an access control strategy for the marketing application. You solution must minimize impact on server and network performance. What should you do？（）

• A、Require client computers to connect to the marketing application by using a VPN connection
• B、Use IPSec to encrypt communications between the servers in the New York and Atlanta offices
• C、Require the high security setting on Terminal Services connections to the marketing application
• D、Configure all marketing application Web pages to require SSL

第15题：

You need to design a security strategy for the DHCP servers in the Seattle office. Which two actions should you perform？（）

• A、Disable all unnecessary services on each DHCP server
• B、Modify the discretionary access control lists （DACLs） in Active Directory so that only members of the Enterprise Admins security group can authorize additional DHCP servers
• C、Use an IPSec policy that allows only the packets necessary for DHCP and domain membership for each DHCP server
• D、Install a digital certificate for SSL on each DHCP server

第16题：

You need to design a Security strategy for the wireless network at all resort locations.What should you do？（）

• A、Connect the wireless access points to a dedicated subnet. Allow the subnet direct access to the Internet，but not to the company network.Require company users to establish a VPN to access company resources
• B、Install Internet Authentication Service （IAS） on a domain controller.Configure the wireless access points to require IEEE 802.1x authentication
• C、Establish IPSec policies on all company servers to request encryption from all computers that connect from the wireless IP networks
• D、Configure all wireless access points to require the Wired Equivalent Privacy （WEP） protocol for all connections. Use a Group Policy object （GPO） to distribute the WEP keys to all computers in the domain

第17题：

You need to design an administrative control strategy for Denver administrators. What should you do？（）

• A、Create a security group named HelpDesk. Add the HelpDesk group to the Enterprise Admins group in both domains
• B、Create a security group named HelpDesk. Add the HelpDesk group to the Domain Admins groups in both domains
• C、Add the Domain Admins group in the litwareinc.com domain to the Domain Admins group in the contoso.com domain. Delegate full control of the litwareinc.com domain to the Domain Admins group in the contoso.com domain
• D、Create a security group named HelpDesk for each office. Delegate administrative tasks to their respective OU or domain.Delegate full control of the contoso.com domain to the Domain Admins group from the litwareinc.com domain

第18题：

You need to recommend a security strategy for WebApp2 that meets the company’s applicaton  requirements.What should you include in the recommendation？（）

• A、Basic authentication and connection security rules
• B、Basic authentication and SSL
• C、Digest authentication and connection security rules
• D、Digest authentication and SSL

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：