You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet. You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in theperimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers. These custom security settings must be automatically refreshed every day to ensure compliance with the design. You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements. What should you do？ （）

A. Import Baseline1.inf into the Default Domain Policy Group Policy object （GPO）.
B. Create a task on each application server that runs Security and Configuration Analysis with Baseline1.inf every day.
Create a task on each application server that runs the secedit command with Baseline1.inf every day.
D. Create a startup script in the Default Domain Policy Group Policy object （GPO） that runs the secedit command with Baseline1.inf.

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 10 domain controllers and 50 servers in application server roles. All servers run Windows Server 2003. The application servers are configured with custom security settings that are specific to their roles as application servers. Application servers are required to audit account logon events， object access events， and system events. Application servers are required to have passwords that meet complexity requirements， to enforce password history， and to enforce password aging. Application servers must also be protected against man-in-the-middle attacks during authentication. You need to deploy and refresh the custom security settings on a routine basis. You also need to be able to verify the custom security settings during audits. What should you do？ （）

A. Create a custom security template and apply it by using Group Policy.
B. Create a custom IPSec policy and assign it by using Group Policy.
Create and apply a custom Administrative Template.
D. Create a custom application server image and deploy it by using RI

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003. The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods， audit settings， and account policy settings. The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements， renaming the administrator account， and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings. You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized， and that after the deployment， the security settings on all application servers meet the design requirements. What should you do？ （）

Apply the Setup security.inf template first， the Hisecws.inf template next， and then the Application.inf template.
B. Apply the Application.inf template and then the Hisecws.inf template.
C. Apply the Application.inf template first， the Setup security.inf template next， and then the Hisecws.inf template.
D. Apply the Setup security.inf template and then the Application.inf template.

You are the network administrator for your company. The network contains an application server running Windows Server 2003. Users report that the application server intermittently responds slowly. When the application server is responding slowly， requests that normally take 1 second to complete take more than 30 seconds to complete. You suspect that the slow server response is because of high broadcast traffic on the network. You need to plan how to monitor the application server and to have a message generated when broadcast traffic is high. You also want to minimize the creation of false alarms when nonbroadcast traffic is high. What should you do？ （）

A. Use the Alerts option in the Performance Logs and Alerts snap-in to configure an alert to trigger when the Datagrams/sec counter in the UDPv4 object is high.
B. Use System Monitor and configure it to monitor the Segments/sec counter in the TCPv4 object.
C. Use System Monitor and configure it to monitor the Datagrams/sec counter in the UDPv4 object.
D. Use the Alerts option in the Performance Logs and Alerts snap-in to configure an alert to trigger when the Datagrams/sec counter in the TCPv4 object is high.

冬季启动推土机应该注意什么？

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional. You are planning a security update infrastructure. You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically. What should you do？ （）

A. Schedule the secedit command to run every night.
B. Schedule the mbsacli.exe command to run every night.
C. Install Microsoft Baseline Security Analyzer （MBSA） on one of the servers. Configure Automatic Updates on all other computers to use that server.
D. Install Software Update Services （SUS） on one of the servers. Configure the SUS server to update every night.

You are the senior systems engineer for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Client Extensions software installed. All other client computers run Windows XP Professional. All servers are located in an organizational unit （OU） named Servers. All client computers are located in an OU named Desktops. Four servers contain confidential company information that is used by users in either the finance department or the research department. Users in the sales department also store files and applications on these servers. The company’s written security policy states that for auditing purposes， all network connections to these resources must require authentication at the protocol level. The written security policy also states that all network connections to these resources must be encrypted. The company budget does not allow for the purchase of any new hardware or software. The applications and data located on these servers may not be moved to any other server in the network. You define and assign the appropriate permissions to ensure that only authorized users can access the resources on the servers. You now need to ensure that all connections made to these servers by the users in the finance department and in the research department meet the security guidelines stated by the written security policy. You also need to ensure that all users in the sales department can continue to access their resources. Which two actions should you take？（）

A. Create a new Group Policy object （GPO） and link it to the Servers OEnable the Secure Server （Require Security） IPSec policy in the GP
B. Create a new Group Policy object （GPO） and link it to the Servers OEnable the Server （Request Security） IPSec policy in the GP
Create a new Group Policy object （GPO） and link it to the Desktops OEnable the Client （Respond only） IPSec policy in the GP
D. Create a new Group Policy object （GPO）. Edit the GPO to enable the Registry Policy Processing option and the IP Security Policy Processing option. Copy the GPO files to the Netlogon shared folder.
E. Use System Policy Editor to open the System.adm file and enable the Registry Policy Processing option and the IP Security Policy Processing option. Save the system policy as NTConfig.pol.

You are a network administrator for your company. The design team provides you with the following list of requirements for server disaster recovery： No more than two sets of tapes can be used to restore to the previous day. A full backup of each server must be stored off-site. A full backup of each server that is no more than one week old must be available on-site. Backups must never run during business hours. Tapes may be recalled from off-site storage only if the on-site tapes are corrupted or damaged. A full backup of all servers requires approximately 24 hours. Backing up all files that change during one week requires approximately 4 hours. Business hours for the company are Monday through Friday， from 6：00 A.M. to 10：00 P.M. You need to provide a backup rotation plan that meets the design team’s requirements. Which two actions should you include in your plan？（）

A. Perform a full normal backup for on-site storage on Friday night after business hours. Perform a full copy backup for off-site storage on Saturday night after the Friday backup is complete.
B. Perform a full normal backup for on-site storage on Friday night after business hours. Perform another full normal backup for off-site storage on Saturday night after the Friday backup is complete.
C. Perform a full copy backup for on-site storage on Friday night after business hours. Perform a full copy backup for off-site storage on Saturday night after the Friday backup is complete.
D. Perform differential backups on Sunday， Monday， Tuesday， Wednesday， and Thursday nights after business hours.
E. Perform incremental backups on Sunday， Monday， Tuesday， Wednesday， and Thursday nights after business hours.
F. Perform incremental backups on Sunday， Tuesday， and Thursday nights after business hours. Perform differential backups on Monday and Wednesday nights after business hours.

You are the network administrator for your company. The network consists of a single Active Directory domain. The company has a main office in San Francisco and branch offices in Paris and Bogota. Each branch office contains a Windows Server 2003 domain controller. All client computers run Windows XP Professional. Users in the Bogota office report intermittent problems authenticating to the domain. You suspect that a specific client computer is causing the problem. You need to capture the authentication event details on the domain controller in the Bogota office so that you can find out the IP address of the client computer that is the source of the problem. What should you do？ （）

A. Configure System Monitor to monitor the authentication events.
B. Configure Performance Logs and Alerts with a counter log to record the authentication events.
Configure Network Monitor to record the authentication events.
D. Configure Performance Logs and Alerts with an alert to trigger on authentication events.

You are a network administrator for your company. You install Windows Server 2003 on two servers named Server1 and Server2. You configure Server1 and Server2 as a two-node cluster. You configure a custom application on the cluster by using the Generic Application resource， and you put all resources in the Application group. You test the cluster and verify that it fails over properly and that you can move the Applications group from one node to the other and back again. The application and the cluster run successfully for several weeks. Users then report that they cannot access the application. You investigate and discover that Server1 and Server2 are running but the Application group is in a failed state. You restart the Cluster service and attempt to bring the Application group online on Server1. The Application group fails. You discover that Server1 fails， restarts automatically， and fails again soon after restarting. Server1 continues to fail and restart until the Application group reports that it is in a failed state and stops attempting to bring itself back online. You need to configure the Application group to remain on Server2 while you research the problem on Server1. What should you do？ （）

A. On Server2， configure the failover threshold to 0.
B. On Server2， configure the failover period to 0.
C. Remove Server1 from the Possible owners list.
D. Remove Server1 from the Preferred owners list.