You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The servers at the ABC.com network run Windows Server and the workstations, Windows XP Professional.
The ABC.com network has a Web server named ABC-SR10 that has the Internet Information Services (IIS) 6.0 installed. ABC-SR10 hosts a Web site that can be reached from the internal network and the Internet. The internal traffic at
ABC.com needs authentication without a secure protocol to access the Web site; however Internet traffic needs to authenticate with a secure protocol.
What actions must you take to ensure that the all accesses to ABC-SR10 use a secure protocol?
A. You need to configure the log to capture Notification events.
B. You need to apply the hisecdc.inf predefined security template.
C. You need to monitor network traffic and IIS logs.
D. You need to apply a custom security template.
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The servers at the ABC.com network run Windows Server and the workstations, Windows XP Professional.
The ABC.com network has two servers, named ABC-SR30 and ABC-SR31, which contain file with sensitive company information. You create a new OU named SenSrv and move ABC-SR30 and ABC-SR31 to the new OU. You then create a
new GPO that and configure it to encrypt all network connections. You then link the GPO to the SenSrv OU.
How would you check to see if encrypted connections to ABC-SR30 and ABC-SR31 are taking place?
A. By opening the Resultant Set of Policy console.
B. By running the Microsoft Baseline Security Analyzer (MBSA).
C. By applying the hisecdc.inf predefined security template.
D. By opening the IP Security Monitor console.
You work as a network administrator for ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. There are currently 120 Web servers running Windows Server and are contained in an Organizational Unit (OU) named ABC_WebServers
ABC.com management took a decision to uABCrade all Web servers to Windows Server. You disable all services on the Web servers that are not required. After running the IIS Lockdown Wizard on a recently deployed web server, you discover that services such as NNTP that are not required are still enabled on the Web server.
How can you ensure that the services that are not required are forever disabled on the Web servers without affecting the other servers on the network? (Choose two.)
A. Set up a GPO that will change the startup type for the services to Automatic.
B. By linking the GPO to the ABC_WebServers OU.
C. Set up a GPO with the Hisecws.inf security template imported into the GPO.
D. By linking the GPO to the domain.
E. Set up a GPO in order to set the startup type of the redundant services to Disabled.
F. By linking the GPO to the Domain Controllers OU.
G. Set up a GPO in order to apply a startup script to stop the redundant services.
You are working as the administrator at ABC.com. ABC.com has headquarters in London and branch offices in Berlin, Minsk, and Athens. The Berlin, Minsk and Athens branch offices each have a Windows Server domain controller named ABC-DC01, ABC-DC02 and ABC-DC03 respectively. All client computers on the ABC.com network run Windows XP Professional.
One morning users at the Minsk branch office complain that they are experiencing intermittent problems authenticating to the domain. You believe that a specific client computer is the cause of this issue and so need to discover the IP address client computer.
How would you capture authentication event details on ABC-DC02 in the Minsk branch office?
A. By monitoring the logon events using the SysMon utility.
B. By recording the connections to the NETLOGON share using the SysMon utility.
C. By recording the authentication events with the NetMon utility.
D. By monitoring the authentication events using the Performance and Reliability Monitor.
You are working as the administrator at ABC.com. Part of you job description includes the deployment of applications on the ABC.com network. To this end you operate by testing new application deployment in a test environment prior to deployment on the production network.
The new application that should be tested requires 2 processors and 3 GB of RAM to run successfully. Further requirements of this application also include shared folders and installation of software on client computers. You install the application on a Windows Server Web Edition computer and install the application on 30 test client computers.
During routine monitoring you discover that only a small amount of client computers are able to connect and run the application. You decide to turn off the computers that are able to make a connection and discover that the computers that failed to open the application can now run the application.
How would you ensure that all client computers can connect to the server and run the application?
A. By running a second instance of the application on the server.
B. By increasing the Request Queue Limit on the Default Application Pool.
C. By modifying the test server operating system to Window Server Standard Edition.
D. By increasing the amount of RAM in the server to 4GB.
You are an Enterprise administrator for ABC.com. All servers on the corporate network run Windows Server and all client computers run Windows XP.
The network contains a server named ABC-SR01 that has Routing and Remote Access service and a modem installed which connects to an external phone line.
A partner company uses a dial-up connection to connect to ABC-SR01 to upload product and inventory information. This connection happens between the hours of 1:00am and 2:00am every morning and uses a domain user account to log on
to ABC-SR01.
You have been asked by the security officer to secure the connection.
How can you ensure that the dial-up connection is initiated only from the partner company and that access is restricted to just ABC-SR01? (Choose three.)
A. Set up the log on hours restriction for the domain user account to restrict the log on to between the hours of 1:00am and 2:00am.
B. Set up a local user account on ABC-SR01. Have the dial-up connection configured to log on with this account.
C. Set up the remote access policy on ABC-SR01 to allow the connection for the specified user account between the hours of 1:00am and 2:00am.
D. Set up the remote access policy with the Verify Caller ID option to only allow calling from the phone number of the partner company modem.
E. Set up the remote access policy to allow access to the domain user account only.
The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server.
ABC.com contains a Development department. ABC.com contains a domain controller named ABC-SR24 which is also configured as a DNS Server. A ABC.com employee named Clive Wilson works in the Development department. One
morning Clive Wilson complains that he cannot connect to another network server.
During investigation, you notice that nslookup queries sometimes take a long time and sometimes fail altogether.
You suspect that there is a problem with ABC-SR24.
How would you configure monitoring on ABC-SR24 so that you can review individual name resolution queries?
A. Use System Monitor to monitor host resolution queries on ABC-SR24.
B. Use Event Viewer to view the DNS event log on ABC-SR24.
C. Select the Log packets for debugging option on the Debug Logging tab in the DNS server properties on ABC-SR24.
D. Use Network Monitor to capture DNS query packets on ABC-SR24.
You are working as the administrator at ABC.com. The network consists of a single Active Directory domain named ABC.com with the domain functional level set at Windows Server. All network servers run Windows Server and all client computers run Windows XP Professional.
The ABC.com domain is divided into organizational units (OU). All the resource servers are contained in an OU named ABC_SERVERS and the workstations are contained in an OU named ABC_CLIENTS. All resource servers operate at near capacity during business hours. All workstations have low resource usage during business hours.
You received instructions to configure baseline security templates for the resource servers and the workstations. To this end you configured two baseline security templates named ABC_SERVERS.inf and ABC_CLIENTS.inf respectively. The ABC_SERVERS.inf template contains many configuration settings. Applying the ABC_SERVERS.inf template would have a performance impact on the servers. The ABC_CLIENTS.inf contains just a few settings so applying this template would not adversely affect the performance of the workstations.
How would you apply the security templates so that the settings will be periodically enforced whilst ensuring that the solution reduces the impact on the resource servers? (Choose three.)
A. By setting up a GPO named SERVER-GPO and link it to the ABC_SERVERS OU.
B. By having the ABC_SERVERS.inf template imported into SERVER-GPO.
C. By having the ABC_SERVERS.inf and the ABC_CLIENTS.inf templates imported into the Default Domain Policy GPO.
D. By scheduling SECEDIT on each resource server to regularly apply the ABC_SERVERS.inf settings during off-peak hours.
E. By having a GPO named CLIENT-GPO created and linked to the ABC_CLIENTS OU.
F. By having the ABC_CLIENTS.inf template imported into CLIENT-GPO.
G. By having SERVER-GPO and CLIENT-GPO linked to the domain.
You are working as the administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network contains a DMZ that contains a two-node Network Load Balancing cluster, which
is located in a data centre that is physically impenetrable to unauthorized persons.
The cluster servers run Windows Server Web Edition and host an e-commerce website. The NLB cluster uses a virtual IP address that can be accessed from the Internet.
What can you do to mitigate the cluster's most obvious security vulnerability?
A. Configure the cluster to require IPSec.
B. Configure the network cards to use packet filtering on all inbound traffic to the cluster.
C. Use EFS on the server hard disks.
D. Configure intrusion detection the servers on the DMZ.
E. Configure Mac addressing on the servers in the DMZ.
You are working for an administrator for ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All the servers on the network run Windows Server servers.
You have configured four servers in a network load balancing cluster. You need to enable the cluster in unicast mode although each server only has one network card. After your configuration, the NLB cluster has successfully converged.
You discover that you can optimize the use of the cluster by moving a specific application to each node of the cluster. However for this application to execute, all the nodes of the cluster must be configured by a Network Load Balancing Port
Rule.
When you open Network Load Balancing Manager on one of the NLB nodes, you receive a message saying that Network Load Balancing Manager is unable to see the other nodes in the cluster.
How can you add a port rule to the cluster nodes?
A. By opening Network Load Balancing Manager on a different host.
B. By creating an additional virtual IP address on the cluster.
C. By modifying the Network Connection Properties on every host.
D. By removing each host from the cluster before creating the port rule.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JPR-961 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.