Exam Microsoft 70-214 Demo
1.920-321 920-330 920-250 You are the network administrator for your company. The network consists of two Windows 2000 Active Directory forests: office.contoso.com and factory.contoso.com. Each forest consists of a Windows 2000 Active Directory domain. The two domains have a one-way external trust relationship in which office.contoso.com trusts factory.contoso.com. The trust relationship is shown in the exhibit. (Click the Exhibit button.)1. 310-019 310-560 The written security policy of your company requires that ServerA must use IPSec to encrypt data to ServerB. You configure a custom IPSec policy in the Local Security Policy on ServerA and on ServerB. The custom IPSec policy implements Encapsulating Security Payload (ESP) for all data that is transmitted between ServerA and ServerB. You also configure the IPSec security association to use Kerberos authentication. After the IPSec security policies are assigned to ServerA and ServerB, you discover that IP traffic between ServerA and ServerB is not encrypted. What should you do? A: Create a one-way external trust relationship in which factory.contoso.com trusts office.contoso.com.B: Enable the Trust Computer for delegation option in the computer account properties on ServerA and on ServerB.C: Modify the custom IPSec policies to use certificate-based authentication, and acquire IPSec certificates for ServerA and ServerB from a common root Certification Authority (CA).D: Create a computer account for ServerA in factory.contoso.com and a computer account for ServerB in office.contoso.com. Configure the new accounts to use Kerberos name mapping to map the new account name to the existing computer account in the other forest.Correct Answers: C 2. 050-690 1z0-035 1z0-020 You are the network administrator for your company. The network consists of a Windows 2000 Active Directory forest. A Windows 2000 Server computer named ServerA runs Internet Information Services (IIS) and hosts a Web site that allows customers to purchase your company's goods. To protect the transactions, ServerA requires a Web server certificate and must implement SSL encryption. The written security policy for your company requires that all customers use certificate-based authentication when they connect to a secured Web site. The application running on the Web server requires the existence of a custom Object Identifier (OID) in the presented certificate. You need to map the digital certificates to Active Directory user accounts by using one-to-one certificate mapping. You need to acquire a Web server certificate and user certificates that comply with the written policy. What should you do? A: Obtain the certificates from a commercial Certification Authority (CA).B: Obtain the certificates from a private Certification Authority (CA) that is hosted on the company network.C: Obtain the Web Server certificate from a commercial Certification Authority (CA) and the user certificates from a private CA that is hosted on the company network.D: Obtain the user certificates from a commercial Certification Authority (CA) and the Web server certificate from a private CA that is hosted on the company network.Correct Answers: C 3. 310-012 310-056 You are the network administrator for your company. The network consists of a Windows 2000 Active Directory domain. All client computers run Windows 2000 Professional. Each department in the company is in a separate organizational unit (OU) in the domain. Each departmental OU contains user, group, and computer accounts for that department. The human resources (HR) department has one Windows 2000 Server computer named ServerA. The written security policy for the HR department requires all network communications with ServerA to be encrypted. Client computers in the HR department must also be able to communicate with servers in other departments. The administrator for ServerA creates a Group Policy object (GPO) named HRLockdown and links the GPO to the HR OU. HRLockdown is configured with the No Override check box selected. The administrators configure and assign a new IPSec policy named HRSec in the HRLockdown GPO with the parameters shown in the following table. The administrator reports that communications are secure within the department but that users in the department cannot access resources located on other network servers. HP0-450 HP0-210 HP0-240
You need to ensure that client computers in the HR department can communicate with other network servers, while maintaining the HR department's written policy. What should you do?A: Unassign the HRSec policy in the HRLockdown GPO. Create child OUs named Servers and Clients in the HR OU. Move the computer accounts for the client computers and for ServerA to the appropriate OUs. Create a GPO and link it to the Clients OU. Assign the Client (Respond Only) IPSec policy to that GPO. Create a GPO and link it to the Servers OU. Assign the Secure Server (Require Security) IPSec policy to that GPO.B: Unassign the HRSec policy in the HRLockdown GPO. Create child OUs named Servers and Clients in the HR OU. Move the computer accounts for the client computers and for ServerA to the appropriate OUs. Create a GPO and link it to the Clients OU. Assign the Client (Respond Only) IPSec policy to that GPO. Create a GPO and link it to the Servers OU. Assign the Server (Request Security) IPSec policy to that GPO.C: Create a child OU named Clients in the HR OU and move the client computer accounts to the OU. Create a GPO and link it to the Clients OU. Assign the Client (Respond Only) IPSec policy to the GPO. In the HRSec policy, specify the IP subnet address used by computers in the HR department as the source and destination addresses. In the HRSec policy, set the filter action property to Request security .D: Create a child OU named Servers in the HR OU and move the computer account for ServerA to the OU. Create a GPO and link it to the Servers OU. Assign the Secure Server (Require Security) IPSec policy to the GPO. In the HRSec policy, specify the IP subnet address used by computers in the HR department as the source and destination addresses. In the HRSec policy, set the filter action property to Request security .Correct Answers: A
You need to ensure that client computers in the HR department can communicate with other network servers, while maintaining the HR department's written policy. What should you do?A: Unassign the HRSec policy in the HRLockdown GPO. Create child OUs named Servers and Clients in the HR OU. Move the computer accounts for the client computers and for ServerA to the appropriate OUs. Create a GPO and link it to the Clients OU. Assign the Client (Respond Only) IPSec policy to that GPO. Create a GPO and link it to the Servers OU. Assign the Secure Server (Require Security) IPSec policy to that GPO.B: Unassign the HRSec policy in the HRLockdown GPO. Create child OUs named Servers and Clients in the HR OU. Move the computer accounts for the client computers and for ServerA to the appropriate OUs. Create a GPO and link it to the Clients OU. Assign the Client (Respond Only) IPSec policy to that GPO. Create a GPO and link it to the Servers OU. Assign the Server (Request Security) IPSec policy to that GPO.C: Create a child OU named Clients in the HR OU and move the client computer accounts to the OU. Create a GPO and link it to the Clients OU. Assign the Client (Respond Only) IPSec policy to the GPO. In the HRSec policy, specify the IP subnet address used by computers in the HR department as the source and destination addresses. In the HRSec policy, set the filter action property to Request security .D: Create a child OU named Servers in the HR OU and move the computer account for ServerA to the OU. Create a GPO and link it to the Servers OU. Assign the Secure Server (Require Security) IPSec policy to the GPO. In the HRSec policy, specify the IP subnet address used by computers in the HR department as the source and destination addresses. In the HRSec policy, set the filter action property to Request security .Correct Answers: A
