单选题Your network contains an internal network and a perimeter network. You have one Exchange Server 2010 server on the internal network. You install Windows Server 2008 R2 on a new server in the perimeter network. You need to ensure that you can install th

第1题：

Your network consists of an internal network and a perimeter network. On the internal network there is a server named Server1. On the perimeter network there is a server named Server2. All servers run Windows Server 2003 Service Pack 2 （SP2）.  You schedule a task to transfers files from Server1 to Server2 by using FTP.You monitor the network traffic from Server1 to Server2 and notice that the user name and password used for the FTP transfer are sent as plain text. You need to ensure that all FTP traffic between Server1 and Server2 is encrypted.  What should you do？（）

• A、Implement IPSec.
• B、Install a server certificate on Server1.
• C、Install a server certificate on Server2.
• D、Use the Encrypting File System on Server1.

第2题：

Your network is configured as shown in the following diagram.You deploy an enterprise certification authority （CA） on the internal network. You also deploy a Microsoft   Online Responder on the internal network.   You need to recommend a secure method for Internet users to verify the validity of individual certificates.   The solution must minimize network bandwidth. What should you recommend？（）

• A、Deploy a subordinate CA on the perimeter network.
• B、Install a stand-alone CA and the Network Device Enrollment Service （NDES） on a server on the perimeter network.
• C、Install a Network Policy Server （NPS） on a server on the perimeter network. Redirect authentication  requests to a server on the internal network.
• D、Install Microsoft Internet Information Services （IIS） on a server on the perimeter network. Configure IIS  to redirect requests to the Online Responder on the internal network.

第3题：

You work as a network Exchange administrator at Company.com.The Company.com network currently consists of an internal network and perimeter network.The Company.com organization makes use of Microsoft Exchange Server 2010 as their messaging solution.Company.com has recently deployed a new server to the perimeter network which runs Microsoft Windows Server 2008 R2.During the course of the business week you receive instruction from Company.com to install the Microsoft Exchange Server Edge Transport server role on the server in the perimeter network. What should you do？（）

• A、You should consider having the ImportEdgeConfig.ps1 script run on the existing Exchange Server 2010 server.
• B、You should consider having TCP port 88 and TCP port 3268 opened on the firewall between the perimeter network and the internal network.
• C、You should consider having the new server joined to an Active Directory domain.
• D、You should consider having the Active Directory Lightweight Directory Services installed on the new server in the perimeter network.

第4题：

You are a network administrator for Alpine Ski House. The internal network has an Active Directory-integrated zone for the alpineskihouse.org domain. Computers on the internal network use the Active Directory-integrated DNS service for all host name resolution.   The Alpine Ski House Web site and DNS server are hosted at a local ISP. The public Web site for Alpine Ski House is accessed at www.alpineskihouse.com. The DNS server at the ISP hosts the alpineskihouse.com domain.   To improve support for the Web site， your company wants to move the Web site and DNS service from the ISP to the company’s perimeter network. The DNS server on the perimeter network must contain only the host （A） resource records for computers on the perimeter network.   You install a Windows Server 2003 computer on the perimeter network to host the DNS service for the alpineskihouse.com domain. You need to ensure that the computers on the internal network can properly resolve host names for all internal resources， all perimeter resources， and all Internet resources.   Which two actions should you take？ （）

• A、 On the DNS server that is on the perimeter network， install a primary zone for alpineskihouse.com.
• B、 On the DNS server that is on the perimeter network， install a stub zone for alpineskihouse.com.
• C、 Configure the DNS server that is on the internal network to conditionally forward lookup requests to the DNS server that is on the perimeter network.
• D、 Configure the computers on the internal network to use one of the internal DNS servers as the preferred DNS server. Configure the the TCP/IP settings on the computers on the internal network to use the DNS server on the perimeter network as an alternate DNS server.
• E、 On the DNS server that is on the perimeter network， configure a root zone.

第5题：

All servers and client computers in your company are configured to use WINS for name resolution. The internal network is separated from a perimeter network （also known as DMZ） by a third-party firewall. Firewall rules do not allow name resolution between the internal network and the perimeter network. You move a Windows Server 2003 server named Server1 to the perimeter network. You need to ensure that all computers on the internal network can connect to Server1 by name.  What should you do？（）

• A、 Create an LMHOSTS file on Server1.
• B、 Create a static WINS entry for Server1.
• C、 Configure Server1 to use Broadcast （B-node） mode.
• D、 Configure Server1 to use Peer-to-Peer （P-node） mode.

第6题：

Your network contains an internal network and a perimeter network that are separated by a firewall. The perimeter network contains an Exchange Server 2010 Edge Transport server.  You plan to deploy an internal Exchange Server 2010 organization that meets the following requirements：.Support EdgeSync synchronization .Support encrypted delivery of outbound e-mail messages to the Edge Transport server .Minimize the attack surface of the internal network  Which TCP ports should you allow from the internal network to the perimeter network？（）

• A、3389 and 25
• B、3389 and 636
• C、50636 and 25
• D、50636 and 135

第7题：

You are the network administrator for The network consists of an internal network and a perimeter network. The internal network is protected by a firewall. The perimeter network is exposed to the Internet. You are deploying 10 Windows Server 2003 computers as Web servers. The servers will be located in the perimeter network. The servers will host only publicly available Web pages. You want to reduce the possibility that users can gain unauthorized access to the servers. You are concerned that a user will probe the Web servers and find ports or services to attack. What should you do?（）

• A、Disable File and Printer Sharing on the servers.
• B、Disable the IIS Admin service on the servers.
• C、Enable Server Message Block (SMB) signing on the servers.
• D、Assign the Secure Server (Require Security) IPSec policy to the servers.

第8题：

our network consists of an internal network and a perimeter network. On the internal network there is a server named Server1. On the perimeter network there is a server named Server2. All servers run Windows Server 2003 Service Pack 2 (SP2).You schedule a task to transfers files from Server1 to Server2 by using FTP.You monitor the network traffic from Server1 to Server2 and notice that the user name and password used for the FTP transfer are sent as plain text.  You need to ensure that all FTP traffic between Server1 and Server2 is encrypted.  What should you do?（）

• A、Implement IPSec. 
• B、Install a server certificate on Server1. 
• C、Install a server certificate on Server2. 
• D、Use the Encrypting File System on Server1.

第9题：

Your network contains an internal network and a perimeter network. The internal network contains a single Active Directory site.  The perimeter network contains two Exchange Server 2010 Edge Transport servers. You plan to deploy an Exchange Server 2010 organization on the internal network.  You need to plan the deployment of Hub Transport server roles to meet the following requirements：.If a single Hub Transport server fails， e-mail messages from the Internet must be delivered to the Mailboxservers. .If a single Hub Transport server fails， users must be able to send e-mail messages to other users thathave mailboxes on the same Mailbox server.  What should you include in the plan？（）

• A、Deploy one Edge Transport server on the internal network， and then configure EdgeSync  synchronization.
• B、Deploy one Hub Transport server on the internal network， and then configure EdgeSync  synchronization.
• C、Deploy one Hub Transport server on the internal network and one Hub Transport server on the   perimeter network.
• D、Deploy two Hub Transport servers on the internal network.

第10题：

You work as the enterprise exchange administrator at TestKing.com. TestKing.com makes use of Microsoft Exchange Server messaging solution. The TestKing.com network consists of a single ActiveDirectory domain named testking.com. A firewall at Testking.com separates the internal network and a perimeter network. The perimeter networkcontains an Exchange Server 2010 Edge Transport server. You have received instructions from the CIO to install an internal Exchange Server 2010 with the followingcriteria： 1. The support of EdgeSync synchronizaiton and encrypted delivery of outbound e-mail messages to theEdge Transport server. 2. The minimization of the attack surface of the internal network. What should you do？（）

• A、The best option is to use port 3309 and 25 from the internal network to the perimeter network.
• B、The best option is to use port 3309 and 636 from the internal network to the perimeter network.
• C、The best option is to use port 50636 and 25 from the internal network to the perimeter network.
• D、The best option is to use port 50636 and 135 from the internal network to the perimeter network.