单选题Which additional configuration must be completed when setting up role restrictions using certificates? （）A Set up a certificate authentication server.B Configure the authentication realm to remember certificate information.C Configure the authenticatio

第1题：

Which additional configuration step is necessary in order to connect to an access point that has SSID broadcasting disabled?（）

• A、Set the SSID value in the client software to public.
• B、Configure open authentication on the AP and the client.
• C、Set the SSID value on the client to the SSID configured on the AP
• D、Configure MAC address filtering to permit the client to connect to the AP

第2题：

Using an LDAP authentication server, what do you configure to validate certificate attributes?（）

• A、Use the "is exactly" or "contains" operators.
• B、Create a user filter matching the dn of the certificate.
• C、Verify that the certificate is issued by a publicly trusted cs.
• D、Match the certificate type and value with an attribute from the ldap server.

第3题：

You want to enforce a Host Checker policy so that only users who pass the policy receive the Employee role. In the admin GUI, which two parameters must you configure?（）

• A、Select "Require and Enforce" for the Host Checker Policy in the realm authentication policy.
• B、Select "Evaluate Policies" for the Host Checker policy in the realm authentication policy.
• C、Configure the Host Checker policy as a role restriction for the Employee role.
• D、Configure the Host Checker policy as a resource access policy for the Employee role.

第4题：

Which action is optional when adding an authentication realm for use on an Infranet Controller? （）

• A、Modify sign-in policy.
• B、Configure role mapping.
• C、Assign authentication server.
• D、Configure authentication policy.

第5题：

You need to design a remote access solution for the mobile sales users in the litwareinc.com domain. Which two actions should you perform？（）

• A、Configure autoenrollment for user certificates and computer certificates
• B、Configure Web enrollment for user certificates and computer certificates
• C、Configure a Certificate Services hierarchy in the litwareinc.com domain
• D、Configure qualified subordination between the litwareinc.com and the contoso.com domains
• E、Configure PEAP authentication on the remote access servers

第6题：

You have a Windows Server 2008 R2 Enterprise Root CA . Security policy prevents port 443 and  port 80 from being opened on domain controllers and on the issuing CA .   You need to allow users to request certificates from a Web interface. You install the Active  Directory Certificate Services （AD CS） server role.     What should you do next（）

• A、Configure the Online Responder Role Service on a member server.
• B、Configure the Online Responder Role Service on a domain controller.
• C、Configure the Certificate Enrollment Web Service role service on a member server.
• D、Configure the Certificate Enrollment Web Service role service on a domain controller.

第7题：

You are designing an authentication solution to meet the security needs of the network administrators. You install an enterprise certification authority (CA). Which three additional actions should you take?（）

• A、Enroll each administrative account for a smart card authentication certificate.
• B、Configure autoenrollment for computer authentication certificates. 
• C、Install a smart card reader on each server computer.  
• D、Install a smart card reader on each network administrator’s computer.  
• E、Configure each administrative account to require a smart card for interactive logon.
• F、Configure the Default Domain Policy GPO to require smart cards for interactive login.

第8题：

You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain， which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit （OU） named Sales in your domain.   Users in the sales department use a public key infrastructure （PKI） enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers  running Windows Server 2003. You configure one server as an enterprise subordinate certification authority （CA） and the other server as a stand-alone root CA.   You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort.   What should you do？  （）

• A、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object （GPO） to autoenroll users for certificates.
• B、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object （GPO） to autoenroll computers for certificates.
• C、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object （GPO） and link it to the Sales OU. Configure the GPO to autoenroll sales users for certificates.
• D、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object （GPO） and link it to the Sales OU. Configure the GPO to autoenroll sales client computers for certificates.

第9题：

第10题：

第11题：

第12题：

第13题：

What are two steps to configure user authentication for a Junos Pulse Access Control Service?（）

• A、Configure an authentication policy as part of the user role definitions.
• B、Configure a Sign-in Policy.
• C、Configure authentication agents as part of the user role definitions
• D、Configure an authentication policy as part of the authentication realm definition.

第14题：

When using RADIUS as an external authentication method for 802.1X authentication for the Junos Pulse Access Control Service, what must you do to ensure that the RADIUS authentication works properly?（）

• A、Configure IP helper to forward the authentication requests from the clients to the external RADIUS server
• B、Configure the supplicant as anexternal authentication server
• C、Configure RADIUS proxy on the realm
• D、Specify the correct RADIUS port 389 on the Junos Pulse Access Control Service

第15题：

Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?（）

• A、Source IP and browser
• B、Source IP and certificate
• C、Certificate and Host Checker
• D、Host Checker and source IP

第16题：

Which additional configuration must be completed when setting up role restrictions using certificates? （）

• A、Set up a certificate authentication server.
• B、Configure the authentication realm to remember certificate information.
• C、Configure the authentication realm to use a certificate server for authentication.
• D、Configure a role mapping rule requiring certification information to map user to role.

第17题：

You need to design an access control solution for customer information. Your solution must meet security requirements.What should you do？（）

• A、Configure the Web site to require SSL connections. Configure the Web site to require client certificates. Enable and configure client certificate mapping on the Web site
• B、Configure the Web site to require SSL connections. Disable anonymous access to the Web site.Assign the Allow – Read  permission to the customer user accounts for the folder that contains the Web site files
• C、Configure the Web site to use only Microsoft .NET Passport authentication. Specify the den.corp.woodgrovebank.com domain as the default domain for .NET Passport authentication.Configure a custom local IPSec policy on the Web servers to require IPSec communications
• D、Configure the Web site to use only Windows Integrated authentication. Configure a custom local IPSec policy on the Web servers to require IPSec communications. Configure the IPSec policy to use certificate-based authentication and encryption

第18题：

You manage a server named Server2 that runs Windows Server 2008. You install and test the Terminal Services role on Server2. You publish an application by using Terminal Services. All users must connect to the Terminal Services application by using the Remote Desktop Protocol.  You install and configure the Terminal Services Gateway （TS Gateway） role service on Server2. You configure a default domain policy to enable the Enable Connection through TS Gateway setting. Users report that they cannot connect to the Terminal Services application.  You need to ensure that users can access the Terminal Services application on the intranet and from the Internet.  What should you do？（）

• A、Configure the Enable Connection through TS Gateway Group Policy setting to Disabled.
• B、Configure the Set TS Gateway server address Group Policy and configure the IP address of the TSGateway server. Link the GPO to the domain.
• C、Configure Server Authentication on the Remote Desktop Connection client to Always connect， even if server authentication fails for all users.
• D、Enable the Set TS Gateway server authentication method Group Policy to the Ask for credential， use NTLM protocol setting. Link the GPO to the domain.

第19题：

You are the administrator of your company’s network. The dial-up server on your network is configured to support certificate authentication.   A user named Tom wants to use smart card authentication on his Windows 2000 Professional portable computer. You that Tom’s computer has a PC Card smart card reader and the appropriate drivers installed. You give Tom a smart card to use.   What else should you do to enable smart card authentication on Tom’s computer? （）

• A、Configure a dial-up connection to use EAP.  Select the smart card device for authentication. 
• B、Configure a dial-up connection to use SPAP.  Select the smart card device for authentication.
• C、Configure a dial-up connection to use certificate authentication.  Enable the usercredentials for authentication.
• D、Configure a dial-up connection to connect to a private network through the Internet.  Enable L2TP be create a virtual private network （VPN） tunnel.

第20题：

You manage a server that runs Windows Server 2008. The server has the Web Server （IIS） role installed. The server hosts an Internet-accessible Web site that has a virtual directory named /orders/. A Web server certificate is installed and an SSL listener has been configured for the Web site. The /orders/ virtual directory must meet the following company policy requirements： Be accessible to authenticated users only. Allow authentication types to support all browsers. Encrypt all authentication traffic by using HTTPS.  All other directories of the Web site must be accessible to anonymous users and be available withoutSSL.  You need to configure the /orders/ virtual directory to meet the company policy requirements.  Which two actions should you perform？（）

• A、Configure the Web site to the Require SSL setting.
• B、Configure the /orders/ virtual directory to the Require SSL setting.
• C、Configure the Digest Authentication setting to Enabled for the /orders/ virtual directory.
• D、Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the Web site.
• E、Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the /orders/ virtual directory.

第21题：

第22题：

第23题：

第24题：