testinside70-293(247.8元)考题及考试指南分享.doc

70-293 考试资料Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure科目编号：70-293 科目名称：Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure语言（s）：英语，法语，德语，日语，西班牙语，中文（简体）考生：IT专业人士技术：微软Windows服务器2003类型：监考考试相关分类：MCSE 2003 Security70-293 考试是 Microsoft 公司的 Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure 认证考试官方代号，Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure 认证作为全球IT领域专家 Microsoft 热门认证之一，是许多大中IT企业选择人才标准的必备条件。下面是由Testinside考题大师的70-293 考试资料相关分享：70-293 考试概述：About this ExamThe Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 credential is intended for IT professionals who work in the typically complex computing environment of medium-sized to large companies.Audience ProfileThe Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 credential is intended for IT professionals who work in the typically complex computing environment of medium-sized to large companies. An MCSE candidate should have at least one year of experience implementing and administering a network operating system in environments that have the following characteristics:250 to 5,000 or more usersThree or more physical locationsThree or more domain controllersNetwork services and resources such as messaging, database, file and print, proxy server, firewall, Internet, intranet, remote access, and client computer managementConnectivity requirements such as connecting branch offices and individual users in remote locations to the corporate network and connecting corporate networks to the InternetIn addition, an MCSE candidate should have at least one year of experience in the following areas:Implementing and administering a desktop operating systemDesigning a network infrastructureCredit Toward CertificationWhen you pass Exam 70-293: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, you complete the requirements for the following certification(s):Microsoft Certified Professional (MCP)Exam 70-293: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: counts as credit toward the following certification(s):Core credit toward Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 certificationElective credit toward Microsoft Certified Database Administrator (MCDBA) on Microsoft SQL Server 2000 certification70-293 考试知识点：Skills Being MeasuredThis exam measures your ability to accomplish the technical tasks listed below.The percentages indicate the relative weight of each major topic area on the exam.Planning and Implementing Server Roles and Server SecurityConfigure security for servers that are assigned specific roles.Plan a secure baseline installation.Plan a strategy to enforce system default security settings on new systems.Identify client operating system default security settings.Identify all server operating system default security settings.Plan security for servers that are assigned specific roles. Roles might include domain controllers, Web servers, database servers, and mail servers.Deploy the security configuration for servers that are assigned specific roles.Create custom security templates based on server roles.Evaluate and select the operating system to install on computers in an enterprise.Identify the minimum configuration to satisfy security requirements.Planning, Implementing, and Maintaining a Network InfrastructurePlan a TCP/IP network infrastructure strategy.Analyze IP addressing requirements.Plan an IP routing solution.Create an IP subnet scheme.Plan and modify a network topology.Plan the physical placement of network resources.Identify network protocols to be used.Plan an Internet connectivity strategy.Plan network traffic monitoring. Tools might include Network Monitor and System Monitor.Troubleshoot connectivity to the Internet.Diagnose and resolve issues related to client configuration.Diagnose and resolve issues related to Network Address Translation (NAT).Diagnose and resolve issues related to name resolution cache information.Troubleshoot TCP/IP addressing.Diagnose and resolve issues related to client computer configuration.Diagnose and resolve issues related to DHCP server address assignment.Plan a host name resolution strategy.Plan a DNS namespace design.Plan zone replication requirements.Plan a forwarding configuration.Plan for DNS security.Examine the interoperability of DNS with third-party DNS solutions.Plan a NetBIOS name resolution strategy.Plan a WINS replication strategy.Plan NetBIOS name resolution by using the Lmhosts file.Troubleshoot host name resolution.Diagnose and resolve issues related to DNS services.Diagnose and resolve issues related to client computer configuration.Planning, Implementing, and Maintaining Routing and Remote AccessPlan a routing strategy.Identify routing protocols to use in a specified environment.Plan routing for IP multicast traffic.Plan security for remote access users.Plan remote access policies.Analyze protocol security requirements.Plan authentication methods for remote access clients.Implement secure access between private networks.Create and implement an IPSec policy.Troubleshoot TCP/IP routing. Tools might include the route, tracert, ping, pathping, and netsh commands and Network Monitor.Planning, Implementing, and Maintaining Server AvailabilityPlan services for high availability.Plan a high-availability solution that uses clustering services.Plan a high-availability solution that uses Network Load Balancing.Identify system bottlenecks, including memory, processor, disk, and network related bottlenecks.Identify system bottlenecks by using System Monitor.Implement a cluster server.Recover from cluster node failure.Manage Network Load Balancing. Tools might include the Network Load Balancing Monitor Microsoft Management Console (MMC) snap-in and the WLBS cluster control utility.Plan a backup and recovery strategy.Plan system recovery that uses Automated System Recovery (ASR).Identify appropriate backup types. Methods include full, incremental, and differential.Plan a backup strategy that uses volume shadow copy.Planning and Maintaining Network SecurityConfigure network protocol security.Configure protocol security in a heterogeneous client computer environment.Configure protocol security by using IPSec policies.Configure security for data transmission.Configure IPSec policy settings.Plan for network protocol security.Specify the required ports and protocols for specified services.Plan an IPSec policy for secure network communications.Plan secure network administration methods.Create a plan to offer Remote Assistance to client computers.Plan for remote administration by using Terminal Services.Plan security for wireless networks.Plan security for data transmission.Secure data transmission between client computers to meet security requirements.Secure data transmission by using IPSec.Troubleshoot security for data transmission. Tools might include the IP Security Monitor MMC snap-in and the Resultant Set of Policy (RSoP) MMC snap-in.Planning, Implementing, and Maintaining Security Infrastructure.Configure Active Directory directory service for certificate publication.Plan a public key infrastructure (PKI) that uses Certificate Services.Identify the appropriate type of certificate authority to support certificate issuance requirements.Plan the enrollment and distribution of certificates.Plan for the use of smart cards for authentication.Plan a framework for planning and implementing security.Plan for security monitoring.Plan a change and configuration management framework for security.Plan a security update infrastructure. Tools might include Microsoft Baseline Security Analyzer and Microsoft Software Update Services.70-293 考试题库：Exam : Microsoft 70-293Title : Plan. and Maint. a MSWin Srvr2003 Net. Infrastructure1. You are the network administrator for your company. The network consists of a single Active Directory domain. Thenetwork contains 50 application servers that run Windows Server 2003.The security configuration of the application servers is not uniform. The application servers were deployed by localadministrators who configured the settings for each of the application servers differently based on their knowledge andskills. The application servers are configured with different authentication methods, audit settings, and account policysettings.The security team recently completed a new network security design. The design includes a baseline configuration forsecurity settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. Thedesign also requires modified settings for servers in an application role. These settings include system service startuprequirements, renaming the administrator account, and more stringent account lockout policies. The security teamcreated a security template named Application.inf that contains the modified settings.You need to plan the deployment of the new security design. You need to ensure that all security settings for theapplication servers are standardized, and that after the deployment, the security settings on all application serversmeet the design requirements.What should you do?A. Apply the Setup security.inf template first, the Hisecws.inf template next, and then the Application.inf template.B. Apply the Application.inf template and then the Hisecws.inf template.C. Apply the Application.inf template first, the Setup security.inf template next, and then the Hisecws.inf template.D. Apply the Setup security.inf template and then the Application.inf template.Answer: A2. You are the network administrator for your company. The network consists of a single Active Directory domain. Alldomain controllers run Windows Server 2003. All client computers run Windows XP Professional.The company has legacy applications that run on UNIX servers. The legacy applications use the LDAP protocol toquery Active Directory for employee information.The domain controllers are currently configured with the default security settings. You need to configure enhancedsecurity for the domain controllers. In particular, you want to configure stronger password settings, audit settings, andlockout settings. You want to minimize interference with the proper functioning of the legacy applications.You decide to use the predefined security templates. You need to choose the appropriate predefined securitytemplate to apply to the domain controllers.What should you do?A. Apply the Setup security.inf template to the domain controllers.B. Apply the DC security.inf template to the domain controllers.C. Apply the Securedc.inf template to the domain controllers.D. Apply the Rootsec.inf template to the domain controllers.Answer: C3. You are the network administrator for your company. The network consists of a single Active Directory domain. Thenetwork contains 10 domain controllers and 50 servers in application server roles. All servers run Windows Server2003.The application servers are configured with custom security settings that are specific to their roles as applicationservers. Application servers are required to audit account logon events, object access events, and system events.Application servers are required to have passwords that meet complexity requirements, to enforce password history,and to enforce password aging. Application servers must also be protected against man-in-the-middle attacks duringauthentication.You need to deploy and refresh the custom security settings on a routine basis. You also need to be able to verify thecustom security settings during audits.What should you do?A. Create a custom security template and apply it by using Group Policy.B. Create a custom IPSec policy and assign it by using Group Policy.C. Create and apply a custom Administrative Template.D. Create a custom application server image and deploy it by using RIS.Answer: A4. You are the network administrator for your company. The network consists of a single Active Directory domain. Thenetwork contains two Windows Server 2003 domain controllers, two Windows 2000 Server domain controllers, andtwo Windows NT Server 4.0 domain controllers.All file servers for the finance department are located in an organizational unit (OU) named Finance Servers. All fileservers for the payroll department are located in an OU named Payroll Servers. The Payroll Servers OU is a child OUof the Finance Servers OU.The companys written security policy for the finance department states that departmental servers must have securitysettings that are enhanced from the default settings. The written security policy for the payroll department states thatdepartmental servers must have enhanced security settings from the default settings, and auditing must be enabledfor file or folder deletion.You need to plan the security policy settings for the finance and payroll departments.What should you do?A. Create a Group Policy object (GPO) to apply the Compatws.inf security template to computer objects, and link itto the Finance Servers OU.Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the PayrollServers OU.B. Create a Group Policy object (GPO) to apply the Securews.inf security template to computer objects, and link it tothe Finance Servers OU.Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the PayrollServers OU.C. Create a Group Policy object (GPO) to apply the Compatws.inf security template to computer objects, and link itto the Finance Servers OU.Create a second GPO to apply the Hisecws.inf security template to computer objects, and link it to the PayrollServers OU.D. Create a Group Policy object (GPO) to apply the Securews.inf security template to computer objects, and link it tothe Finance Servers and to the Payroll Servers OUs.Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the PayrollServers OU.Answer: B5. You are a network administrator for your company. The network consists of a single Active Directory domain. Thenetwork contains 80 Web servers that run Windows 2000 Server. The IIS Lockdown Wizard is run on all Web serversas they are deployed.Your company is planning to upgrade its Web servers to Windows Server 2003. You move all Web servers into anorganizational unit (OU) named Web Servers.You are planning a baseline security configuration for the Web servers. The companys written security policy statesthat all unnecessary services must be disabled on servers. Testing shows that the server upgrade process leaves thefollowing unnecessary services enabled:* SMTP* TelnetYour plan for the baseline security configuration for Web servers must comply with the written security policy.You need to ensure that unnecessary services are always disabled on the Web servers.What should you do?A. Create a Group Policy object (GPO) to apply a logon script that disables the unnecessary services. Link the GPOto the Web Servers OU.B. Create a Group Policy object (GPO) and import the Hisecws.inf security template. Link the GPO to the WebServers OU.C. Create a Group Policy object (GPO) to set the startup type of the unnecessary services to Disabled. Link the GPOto the Web Servers OU.D. Create a Group Policy object (GPO) to apply a startup script to stop the unnecessary services. Link the GPO tothe Web Servers OU.Answer: C6. You are the network administrator for your company. The network consists of a single Active Directory domain. Thefunctional level of the domain is Windows Server 2003. The domain contains an organizational unit (OU) namedServers that contains all of the companys Windows Server 2003 resource servers. The domain also contains an OUnamed Workstations that contains all of the companys Windows XP Professional client computers.You configure a baseline security template for resource servers named Server.inf and a baseline security template forclient computers named Workstation.inf. The Server.inf template contains hundreds of settings, including file andregistry permission settings that have inheritance propagation enabled. The Workstation.inf template contains 20security settings, none of which contain file or registry permissions settings.The resource servers operate at near capacity during business hours.You need to apply the baseline security templates so that the settings will be periodically enforced. You need toaccomplish this task by using the minimum amount of administrative effort and while minimizing the performanceimpact on the resource servers.What should you do?A. Create a Group Policy object (GPO) and link it to the domain. Import both the Server.inf and the Workstation.inftemplates into the GPO.B. Import both the Server.inf and the Workstation.inf templates into the Default Domain Policy Group Policy object(GPO).C. On each resource server, create a weekly scheduled task to apply the Server.inf settings during off-peak hours byusing the secedit command. Create a Group Policy object (GPO) and link it to the Workstations OU. Import theWorkstation.inf template into the GPO.D. On each resource server, create a weekly scheduled task to apply the Server.inf settings during off-peak hours byusing the secedit command. Import the Workstation.inf template into the Default Domain Policy Group Policy object(GPO).Answer: C7. You are the network administrator for your company. The ne