发信人: songfongling(rrdn)
整理人: reynolds(2002-07-25 15:18:39), 站内信件
|
这是我考试前看的书中附带光盘中的练习题目,人邮翻译的麦格劳-希尔的中文书,真贵,复制下来,希望对大家有所帮助。当然,考试题目一般都比这些题目长,可以练习一下。祝好。
[ Q 1 ] Current Situation: There is one DNS server in your network that hosts records for several zones. Client workstations have been manually configured to the DNS server. Management is concerned that there is no backup for the server.
Required Result: Implement fault-tolerance so that if the DNS server goes down clients can still resolve requests.
Optional Desired Result: Ensure that the zone replication traffic between servers is secure.
Proposed Solution: Configure a second computer with the DNS service. For each zone on the first DNS server configure a standard secondary zone with the same name on the second DNS server, and specify the first server as the master server. Use the Security tab for the zone to enable encrypted zone transfers.
Which of the following results will the proposed solution produce?
A. The proposed solution produces the required result and produces the optional results.
B. The proposed solution does not produce the required result but produces the optional result.
C. The proposed solution produces the required result but not the optional result.
D. The proposed solution does not produce the required result or the optional result
ANSWER:
D: The secondary DNS server is correctly configured by setting up the secondary zones and by using the first DNS server as the master server and is therefore ready to service name resolution requests. However, each client PC must be configured with the IP address of the second DNS server. The client PC will not use the second DNS server unless it has been configured to do so. There is no Security tab option and all zone transfers are done in clear text for standard zones. The only way to encrypt the zone transfer traffic would be configure the TCP/IP stack to use IPSec or a VPN tunnel.
A, B and C are incorrect because the solution does not produce the required result or the optional result
[ Q 2 ] The switch to use to reenter host information into the Dynamic DNS database is the:
A. /renew switch
B. /release switch
C. /displaydns switch
D. /registerdns switch
ANSWER:
D: The /registerdns switch causes the DNS client and DHCP server to reregister a DNS host's entries with a Dynamic DNS server.
A is incorrect because the /renew switch sends a DHCPREQUEST message so that the DHCP client can renew its IP address lease. B is incorrect because the /release switch sends a DHCPRELEASE message to the DHCP server informing it that the client will no longer be using that IP address lease. C is incorrect because the /displaydns switch is used to print out on screen the entries in the local DNS resolver cache.
[ Q 3 ] If you modified the Default Remote Access Policy such that it includes the Windows-Group condition specifying your Domain Users, and the Dial-in tab in each user account is set to the new "Control access through Remote Access Policy option," which of the following would be true?
A. Anybody could connect remotely at any time.
B. Only members of the Users Domain would be able to connect at any time.
C. Only members of the Users Domain would be able to connect during office hours.
D. Nobody would be able to connect at any time.
ANSWER:
D: The Default Remote Access Policy has a Deny Permission rather than a Grant Permission. If you wanted only members of the Users Domain to be able to connect any day, any time, you would have to change the policy from Deny to Grant
A is incorrect because of the default "Deny remote access permission" on the policy, which would not be overridden by the user account. If the user account had an Allow access setting, this would be true. B is incorrect because although you have specified the group you want to use, the Default Remote Access Policy has a "Deny remote access permission." C is incorrect because the Default Remote Access Policy is any day, any time, and this policy also has a "Deny remote access permission."
[ Q 4 ]Which of the following must be configured, either manually or via a DHCP server, in order for a computer to be able to communicate on a TCP/IP network? (Select all that apply.)
A. Subnet mask
B. Default gateway
C. IP address
D. DNS server address
ANSWER:
A, C: An IP address and a subnet mask are required for communication via TCP/IP.
B is incorrect because a computer can communicate with other computers on its same subnet without a default gateway. The gateway is required only for routed communications. D is incorrect because DNS is used for host name resolution, but a computer can still communicate using IP addresses without a DNS server address configured.
[ Q 5 ]You cannot connect to the server from your Windows 2000 Professional workstation. You suspect the TCP/IP stack in your computer may be corrupt. Which of the following would support your conclusion?
A. You can ping the loopback address and your own address, but you cannot ping another host on the same subnet.
B. You can ping the loopback address and your own address, and you can ping hosts on your subnet, but you cannot ping a host on the other side of the router.
C. You can ping the loopback address, but cannot ping your own address.
D. You cannot ping the loopback address.
ANSWER:
D: Pinging the loopback address verifies that TCP/IP is installed and configured correctly and is in working order. If you cannot ping the loopback, there is a problem with the TCP/IP stack. You should uninstall and reinstall TCP/IP.
A, B, and C are incorrect because in all cases you can ping the loopback address, indicating the TCP/IP stack itself is in working order. Thus, the problem is at a different location.
[ Q 6 ] You have a network in which you have Windows NT and Windows 2000 domain controllers and several NetWare file servers. Your client computers have NWLink installed, and Client Services for NetWare is installed and configured. The client machines can connect to the Microsoft servers without any problems, but cannot connect to the NetWare servers. You have inspected all cables to the servers and ascertained that the servers are up. Other clients can access the servers. Which of the following is the most likely source of the problem?
A. GSNW is configured incorrectly on the NetWare servers.
B. The frame types on the NetWare servers don't match the NWLink configuration on the clients.
C. The users should be using the NTGATEWAY account on the NetWare server.
D. You must disconnect from the Windows 2000 and NT machines, because a computer cannot be a client to both a Microsoft and a NetWare server simultaneously.
ANSWER:
B: The most common cause of inability to connect to a NetWare server, when physical connections are stable and the client software is installed and configured properly, is a frame type mismatch.
A is incorrect because GSNW is not installed on a NetWare server. It is used to provide Windows domain clients the ability to connect to the NetWare server through the Microsoft Server, but in this case, the client was using CSNW, which connects the client directly to the NetWare server. C is incorrect because a CSNW machine does not use the account in the NTGATEWAY group, which is for use of GSNW clients. D is incorrect because a machine can be a client to both a Microsoft and a NetWare server simultaneously.
[ Q 7 ] You are performing a Network Monitor Session and you see several DHCP messages included in your capture. While following the message IDs in your capture, you notice a conversation between a DHCP client and DHCP server that only includes a DHCPREQUEST and a DHCPACK message. What might cause the conversation to only include these two messages?
A. There has been an error in the DHCP client's TCP/IP protocol stack.
B. The DHCP client has a valid lease and is booting up.
C. The DHCP client has reached one-half of its lease period.
D. DHCP clients only issue REQUEST messages the first time they boot and never issue any subsequent DHCP messages.
ANSWER:
B, C: B is correct because a DHCP client will always issue a REQUEST message to renew its lease when it boots up in order to assess whether it is still on the same network. C is correct because the DHCP client will issue a REQUEST message after one-half of its lease period in order to renew its lease.
A is incorrect because it is unlikely that a TCP/IP protocol stack error would cause a selective disruption of only the DHCPDISCOVER message on the DHCP client. D is incorrect because DHCP REQUEST messages can be delivered during bootup and during lease renewal.
[ Q 8 ] You must send a message that contains highly sensitive data, and you wish to provide as much protection as possible against the data being changed or read by unauthorized persons. Which of the following solutions will provide the strongest security?
A. Use IPSec with ESP and 40-bit DES encryption
B. Use IPSec with ESP and 60-bit DES encryption
C. Use IP Sec with ESP and 3DES encryption
D. Use IPSec with the AH protocol
ANSWER:
C: 3DES (triple DES) is a stronger form of DES that processes each block of data three times, to increase the complexity of the encryption.
A is incorrect because 40-bit DES is nonstandard and exists only for purposes of U.S. export regulations and is less secure than standard 64-bit DES (the longer the key, the stronger the security). B is incorrect because the standard 64-bit DES is not as secure as 3DES. D is incorrect because AH provides authentication only, not encryption.
[ Q 9 ] You have been asked by your CIO to explain the advantages of implementing a VPN rather than using your existing bank of modems. Which of the following would you present to your boss as an advantage of implementing a VPN solution for your company? (Select all that apply.)
A. Call charges will be less.
B. Users will be able to connect anywhere, at any time, as long as they can connect to the Internet.
C. It is more secure because all data is encrypted.
D. Almost all Windows PPTPoperating system clients will be able to take advantage of the VPN.
ANSWER:
A, B, D: Answer A is correct because the company will not need to pay for multiple phone connections and long distance charges for callers that call from outside the local dialing area. The callers will only need to connect to their local ISP, and then establish the VPN connection from there. Answer B is correct because the VPN connection on the VPN Server is a dedicated network connection, which is always available. A user from anywhere in the world can call the VPN Server at any time, as long as they can establish the initial connection to a local ISP. Answer D is correct because all Windows operating systems, except Windows 3.x, can be VPN Clients. The Windows 2000 VPN clients can use IPSec, and all other Windows operating system clients can use PPTP.
Answer C is incorrect, because all data that traverses a VPN moves across public networks. Even though that data is encrypted, it is still liable for capture, and decoding by a very dedicated individual. Direct calls to a RAS Server are much more difficult to capture and generally are considered much more secure.
[ Q 10 ] You are converting your Windows NT 4.0 network to Windows 2000. Your predecessor named the computers on the network using the underscore character, and during the upgrade process, you decided to keep the underscore character for the NetBIOS names. You want to use the same name for the NetBIOS and the host names to simplify your domain's name resolution scheme. You enter the computer names into the DNS without problems. Your organization also runs some older BIND computers, and zone transfers take place between your Windows 2000 DNS Server and the BIND servers. During zone transfer, you notice error messages. What is the problem?
A. You cannot transfer zone files between Windows 2000 DNS Server and BIND DNS Server.
B. The underscore character is an illegal character for the BIND server.
C. You cannot use the same names for the computer's NetBIOS name and DNS host name.
D. The @ sign is typically used in the place of the underscore for UNIX BIND DNS Servers.
ANSWER:
B: The underscore character is not supported in many downlevel DNS server environments, including older versions of BIND and Windows NT 4.0.
A is incorrect because you can initiate zone transfers between Windows 2000 DNS Servers and BIND DNS Servers. C is incorrect because you can and should use the same name for the computer's NetBIOS and DNS host names. D is incorrect because the @ symbol is not a replacement for the underscore in any environment
[ Q 11 ] Your company's main office is in Dallas, and the only WINS server for the organization is located there. The company also has a satellite office of 30 computers located in Portland, Oregon. You notice that there is a lot of WINS name resolution traffic going over the WAN from the satellite office to the Dallas office. This is causing some slow down in NetBIOS name resolution for the NetBIOS clients in the satellite office. How can you reduce the amount of NetBIOS name resolution traffic traversing the WAN and speed up the NetBIOS name resolution process for the NetBIOS clients in the satellite office?
A. Install a DNS server at the satellite office.
B. Put the WINS server's IP address in the LMHOSTS files of the computers in the satellite office.
C. Make the NetBIOS hosts in the satellite offices p-node clients.
D. Make the NetBIOS hosts at the satellite location m-node clients.
ANSWER:
D: M-node clients will first broadcast for a destination host IP address, and then will query a WINS server if the destination computer is not local.
A is incorrect because installing a DNS server at the satellite office will not reduce the amount of NetBIOS name resolution traffic crossing the WAN link. WINS queries will traverse the WAN before any local DNS queries are issued. B is incorrect because putting the WINS server in the LMHOSTS file will not reduce the amount of WAN traffic from NetBIOS name resolution queries being sent over the WAN to the WINS server. C is incorrect because making the NetBIOS clients at the satellite office p-node clients will cause them to always reach over the WAN to resolve NetBIOS names, both local and remote.
----
回帖请用传纸条好了,最好把题目copy过来;
要不就给我发邮件 |
|