单项选择题
You are a network administrator for your company. The network contains a perimeter network. The perimeter network contains four Windows Server 2003, Web Edition computers that are configured as a Network Load Balancing cluster.
The cluster hosts an e-commerce Web site that must be available 24 hours per day. The cluster is located in a physically secure data center and uses an Internet-addressable virtual IP address. All servers in the cluster are configured with the Hisecws.inf template.
You need to implement protective measures against the cluster’s most significant security vulnerability.
What should you do? ()
A. Use Encrypting File System (EFS) for all files that contain confidential data stored on the cluster.
B. Use packet filtering on all inbound traffic to the cluster.
C. Use Security Configuration and Analysis regularly to compare the security settings on all servers in the cluster with the baseline settings.
D. Use intrusion detection on the perimeter network.
相关考题
-
单项选择题
You are the network administrator for your company. The network contains a single Active Directory domain. All computers on the network are members of the domain. All domain controllers run Windows Server 2003. You are planning a public key infrastructure (PKI). The PKI design documents for your company specify that certificates that users request to encrypt files must have a validity period of two years. The validity period of a Basic EFS certificate is one year. In the Certificates Templates console, you attempt to change the validity period for the Basic EFS certificate template. However, the console does not allow you to change the value. You need to ensure that you can change the value of the validity period of the certificate that users request to encrypt files. What should you do? ()
A. Install an enterprise certification authority (CA) in each domain.
B. Assign the Domain Admins group the Allow - Full Control permission for the Basic EFS certificate template.
C. Create a duplicate of the Basic EFS certificate template. Enable the new template for issuing certificate authorities.
D. Instruct users to connect to the certification authority (CA) Web enrollment pages to request a Basic EFS certificate. -
单项选择题
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company. You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group. What should you do?()
A. Add the Cert Administrators group to the Cert Publishers group in the domain.
B. Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow - Write permission.
C. Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow - Modify permission.
D. Assign the Certificate Managers role to the Cert Administrators group. -
单项选择题
You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory forest. The forest contains Windows Server 2003 servers and Windows XP Professional computers. The forest consists of a forest root domain named contoso.com and two child domains named child1.contoso.com and child2.contoso.com. The child1.contoso.com domain contains a member server named Server1. You configure Server1 to be an enterprise certification authority (CA), and you configure a user certificate template. You enable the Publish certificate in Active Directory setting in the certificate template. You instruct users in both the child1.contoso.com and the child2.contoso.com domains to enroll for user certificates. You discover that the certificates for user accounts in the child1.contoso.com domain are being published to Active Directory, but the certificates for user accounts in the child2.contoso.com domain are not. You want certificates issued by Server1 to child2.contoso.com domain user accounts to be published in Active Directory. What should you do? ()
A. Configure user certificate autoenrollment for all domain user accounts in the contoso.com domain.
B. Configure user certificate autoenrollment for all domain user accounts in the child2.contoso.com domain.
C. Add Server1 to the Cert Publishers group in the contoso.com domain.
D. Add Server1 to the Cert Publishers group in the child2.contoso.com domain.
