單項選擇題

You are a security administrator for your company. The network consists of a single Active
Directory domain. All servers run Windows Server 2003. All client computers run Windows 2000 Professional.
You manage a Windows Server 2003 computer named Server1 that is a domain member server. You use IIS on Server1 to host an Internet Web site. Approximately 4，000 employees of your company connect over the lnternet to access company confidential data on Server1. You control access to data on Server1 by using NTFS file permissions assigned to groups. Different groups are assigned access to different files. Employees must have access only to files that they are assigned access to based on their membership in a group. You enable SSL on Server1 to protect confidential data while it is in transit. You issue each employee an Authenticated Session certificate and store a copy of that certificate with their user account in the Active Directory domain.
You need to ensure that Server1 authenticates users based on possession of their certificate.
What should you do？（）

A. Request a Web server certificate from a commercial certification authority （CA）.
B. Configure access restrictions based on employee ip address.
C. Enable Digest authentication for Windows domain servers.
D. Configure client certificate mapping.

你可能感興趣的試題

單項選擇題

You are a security administrator for your company. The network consists of two Active Directory forests.
The first forest is named tailspintoys.com and contains domain controllers that run either
Windows Server 2003 or Windows 2000 Server. The second forest is named wingtiptoys.com and contains domain controllers that run Windows Server 2003. No trust relationships areestablished.
A certification authority （CA） running Windows Server 2003 Certificate Services is deployed and all computers are issued a Computer certificate. A Windows Server 2003 computer named
Server1 is a member of the wingtiptoys.com Active Directory domain. Server1 provides users in both domains access to a payroll application. You decide to implement IPSec to encrypt the
payroll application data during transmission. You configure a custom IPSec policy named Payroll App on Server1 using the rules shown in the exhibit. （Click the Exhibit button.）
You configure an IPSec default Client policy on the client computers in both Active Directory domains. During testing， you notice that client computers in the wingtiptoys.com Active Directory domain use IPSec when communicating with Server1. However， client computers in the tailspintoys.com Active Directory domain cannot communicate with Server1.
You need to enable all client computers to use IPSec when communicating with Server1.
What should you do？（）

A. Modify the custom Payroll App policy by adding the certificate authentication type to the existing rules on Server1.
B. Use the custom Payroll App policy and issue an IPSec certificate from the internal CA to Server1.
C. Unassign the custom Payroll App policy and assign the default Server policy on Server1.
D. Unassign the custom Payroll App policy and assign the default Secure Server policy on Server1.

多項選擇題

You are the security administrator of your network. The network consists of an Active Directory domain. All computers on the network are in the domain. The domain controllers and file servers on the network run Windows Server 2003. The client computers run Windows XP Professional.
The file servers use a custom IPSec policy named Server Traffic. The Server Traffic policy contains rules to encrypt Telnet and SNMP traffic， as shown in the exhibit. （Click the Exhibit button.） All client computers use the Client （Respond Only） IPSec policy. The default exemptions to IPSec filtering are disabled on the client computer. You want to configure the network so that Telnet， SNMP，and Kerberos traffic is encrypted by IPSec. You do not want to encrypt other network protocols. What should you do？（）

A. On the client computers，enable the default exemptions to IPSec filtering.
B. On the file servers，enable the default exemptions to IPSec filtering.
C. On the file servers，configure the IPSec policy in the local computer policy to encrypt Kerberos traffic.
D. Add a new rule to the Server Traffic policy to encrypt Kerberos traffic.
E. Configure the Server Traffic policy to enable the Default Response rule.
F. Configure the rules in the Server Traffic policy to use an authentication method other than Kerberos.