You are a network administrator for your company. The network contains a perimeter network. The perimeter network contains four Windows Server 2003， Web Edition computers that are configured as a Network Load Balancing cluster. The cluster hosts an e-commerce Web site that must be available 24 hours per day. The cluster is located in a physically secure data center and uses an Internet-addressable virtual IP address. All servers in the cluster are configured with the Hisecws.inf template. You need to implement protective measures against the cluster’s most significant security vulnerability. What should you do？（）A. Use Encrypting File System （EFS） for all files that contain confidential data stored on the cluster.B. Use packet filtering on all inbound traffic to the cluster.C. Use Security Configuration and Analysis regularly to compare the security settings on all servers in the cluster with the baseline settings.D. Use intrusion detection on the perimeter network.

单项选择题 You are the network administrator for your company. The network contains a single Active Directory domain. All computers on the network are members of the domain. All domain controllers run Windows Server 2003. You are planning a public key infrastructure （PKI）. The PKI design documents for your company specify that certificates that users request to encrypt files must have a validity period of two years. The validity period of a Basic EFS certificate is one year. In the Certificates Templates console， you attempt to change the validity period for the Basic EFS certificate template. However， the console does not allow you to change the value. You need to ensure that you can change the value of the validity period of the certificate that users request to encrypt files. What should you do？（）

单项选择题 You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure （PKI） for the company. You want to deploy a certification authority （CA） on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue， approve， and revoke certificates to members of the Cert Administrators group. What should you do？（）

单项选择题 You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory forest. The forest contains Windows Server 2003 servers and Windows XP Professional computers. The forest consists of a forest root domain named contoso.com and two child domains named child1.contoso.com and child2.contoso.com. The child1.contoso.com domain contains a member server named Server1. You configure Server1 to be an enterprise certification authority （CA）， and you configure a user certificate template. You enable the Publish certificate in Active Directory setting in the certificate template. You instruct users in both the child1.contoso.com and the child2.contoso.com domains to enroll for user certificates. You discover that the certificates for user accounts in the child1.contoso.com domain are being published to Active Directory， but the certificates for user accounts in the child2.contoso.com domain are not. You want certificates issued by Server1 to child2.contoso.com domain user accounts to be published in Active Directory. What should you do？（）

MCSE(70-293)