Your company has users who connect remotely to the main office though a Windows Server 2008 VPN server. You need to ensure that users cannot access the VPN server remotely from 22：00 to 05：00.  What should you do（　）？  A、Create a network policy for VPN co

第1题：

Your corporate network has a member server named RAS1 that runs Windows Server 2008 R2. You configure RAS1 to use the Routing and Remote Access Services (RRAS). The companyˉs remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees. You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection. What should you do？（）

• A、Install the Network Policy Server (NPS) server role on RAS1.
• B、Create a remote access policy that requires users to authenticate by using SPAP.
• C、Create a remote access policy that requires users to authenticate by using EAP-TLS.
• D、Create a remote access policy that requires users to authenticate by using MS-CHAP v2.

第2题：

Your company has a single Active Directory domain. The company network is protected by a firewall.Remote users connect to your network through a VPN server by using PPTP. When the users try to connect to the VPN server, they receive the following error message: °Error 721: The remote computer is not responding.You need to ensure that users can establish a VPN connection. What should you do？（）

• A、Open port 1423 on the firewall.
• B、Open port 1723 on the firewall.
• C、Open port 3389 on the firewall.
• D、Open port 6000 on the firewall.

第3题：

第4题：

Your company has users who connect remotely to the main office through a Windows Server 2008 VPN server.You need to ensure that users cannot access the VPN server remotely from 22：00 to 05：00. What should you do？（）

• A、Create a network policy for VPN connections. Modify the Day and time restrictions.
• B、Create a network policy for VPN connections. Apply an IP filter to deny access to the corporate network.
• C、Modify the Logon hours for all user objects to specify only the VPN server on the Computer restrictions option.
• D、Modify the Logon Hours for the default domain policy to enable the Force logoff when logon hours expire option.

第5题：

Your company has an Active Directory domain. A server named Server1 runs Windows Server 2008. The Terminal Services role and the Terminal Services Web Access role service are installed on Server1.You install the Terminal Services Gateway role service on Server1. You create the Terminal Services connection authorization policy. Users report that they cannot connect to Server1. You need to ensure that users can connect to Server1. What should you do？（）

• A、Configure Network Access Protection （NAP） on Server1.
• B、Configure the Terminal Services Resource Authorization Policy （RAP） on Server1.
• C、Create a Terminal Services Group Policy object （GPO）. Enable the Allow users to connect remotely using Terminal Services setting on the GPO. Link the GPO to the domain.
• D、Create a Terminal Services Group Policy object （GPO）. Enable the Set path for TS Roaming Profiles setting on the GPO. Create an organization unit （OU） named TSUsers. Link the GPO to the TSUsers OU.

第6题：

Your network consists of a single Active Directory domain. The remote access permission for all users is set to Control access through Remote Access Policy. You have a VPN server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). The current configuration allows all authenticated users to establish VPN connections to Server1. You create a global group named Group1.You need to prevent all members of Group1 from establishing VPN connections to Server1. What should you do?（）

• A、From the local computer policy on Server1, modify the Account Policies settings. 
• B、From Active Directory Users and Computers, modify the Security settings of Group1. 
• C、From the Routing and Remote Access snap-in, create a new remote access policy. 
• D、From the Routing and Remote Access snap-in, open the properties of Server1 and modify the security options.

第7题：

You deploy a Windows Server 2008 R2 VPN server behind a firewall. Remote users connect to the VPN by using portable computers that run Windows 7.The firewall is configured to allow only secured Web communications.You need to enable remote users to connect as securely as possible. You must achieve this goal without opening any additional ports on the firewall.What should you do？（）

• A、Create an IPsec tunnel.
• B、Create an SSTP VPN connection.
• C、Create a PPTP VPN connection.
• D、Create an L2TP VPN connection.

第8题：

Your company has a single active directory domain. The company network is protected by a firewall. Remote users connect to your network through a VPN server by using PPTP. When the users try to connect to the VPN server， they receive the following error message： Error 721： The remote computer is not responding. You need to ensure that users can establish a VPN connection. What should you do？ （）

• A、Open port 1423 on the firewall
• B、Open port 1723 on the firewall
• C、Open port 3389 on the firewall
• D、Open port 6000 on the firewall

第9题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service （IAS）. Server1 provides VPN access to the network for users’ home computers.   You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized.  You need to configure Server1 to log the details of access attempts by VPN users.   What should you do？  （）

• A、 Configure the system event log to Do not overwrite.
• B、 In IAS， in Remote Access Logging， enable the Authentication requests setting.
• C、 Configure the Remote Access server to Log all events.
• D、 Create a custom remote access policy and configure it for Authentication-Type.

第10题：

Your corporate network has a member server named RAS1 that runs Windows Server 2008 R2. You configure RAS1 to use the Routing and Remote Access Services (RRAS).The companys remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees.You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection.What should you do？（）

• A、Install the Network Policy Server (NPS) server role on RAS1.
• B、Create a remote access policy that requires users to authenticate by using SPAP.
• C、Create a remote access policy that requires users to authenticate by using EAP-TLS.
• D、Create a remote access policy that requires users to authenticate by using MS-CHAP v2.