考题
You are the network administrator for your company. The network originally consists of a single Windows NT 4.0 domain.You upgrade the domain to a single Active Directory domain. All network servers now run Windows Server 2003, and all client computers run Windows XP Professional.Your staff provides technical support to the network. They frequently establish Remote Desktop connections with a domain controller named DC1.You hire 25 new support specialists for your staff. You use Csvde.exe to create Active Directory user accounts for all 25.A new support specialist named Paul reports that he cannot establish a Remote Desktop connection with DC1. He receives the message shown in the Logon Message exhibit. (Click the Exhibit button.)You open Gpedit.msc on DC1. You see the display shown in the Security Policy exhibit. (Click the Exhibit button.)You need to ensure that Paul can establish Remote Desktop connections with DC1.What should you do? ()
考题
You are the administrator of a Windows 2000 Active Directory network. The network consists of a single domain. The domain includes 20 Windows NT Workstation 4.0 client computers. All other client computers are Windows 2000 Professional computers.You create a Windows NT 4.0 default user policy on the Windows 2000 Server computer that is configured as the PDC emulator. This default user policy denies access to Network Neighborhood. You then install Terminal Services on one of the servers and Terminal Services Client on the 20 Windows NT Workstation client computers.You find that the users of the Terminal Server can still browse the network when they open My Network Places. You want to prevent all users from browsing the network.What should you do?A.Modify the Windows NT policy template file so that you can restrict access to both My Network Places and Network Neighborhood. Save the policy file on the Terminal Server.B.Copy the Windows NT policy file to the 20 Windows NT Workstation computers.C.Create a Windows 2000 Group Policy that denies user access to My Network Places.D.Edit the local registry on the Windows NT Workstation computers to deny access to Entire Network in Network Neighborhood.
考题
You are the network administrator for The network consists of a single Active Directory domain named The functional level of the domain is Windows Server 2003. You install Terminal Services on all domain controllers. However, your technical support specialists report that they cannot use Terminal Services to access any domain controllers. Which action or actions should you perform to solve this problem? ()(Choose all that apply)A、Install Remote Desktop for Administration.B、Require the support specialists to use a console session to connect to the terminal servers.C、Add the Remote Administrators group to the Account Operators group.D、Add the support specialists to the Remote Desktop group.E、Modify the Default Domain Controller Group Policy object (GPO) to grant the Log on locally user right to the support specialists.
考题
You are the network administrator for . The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003, and all client computers run Windows XP Professional. TestKing acquires a subsidiary. You receive a comma delimited file that contains the names of all user accounts at the subsidiary. You need to import these accounts into your domain. Which command should you use?()A、ldifdeB、csvdeC、ntdsutil with the authoritative restore optionD、dsadd user
考题
You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All client computers run Windows XP Professional. You install Software Update Services (SUS) on a network server named Testking1. When you attempt to synchronize Testking1 with the Windows Update servers, you receive an error message. You suspect that your proxy server requires authentication. You open Internet Explorer and verify that you can communicate with an external Web site by using the proxy server. You need to ensure that Testking1 can communicate with the Windows Update servers. What should you do on Testking1?()A、Restart the IIS administration tool.B、Configure the Internet Explorer settings to bypass the proxy server.C、In the SUS options, configure authentication to the proxy server.D、Install the Microsoft Firewall Client.
考题
Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest. The forest contains a single domain. You plan to deploy 10 Edge Transport servers on the perimeter network. You need to recommend a solution for the Edge Transport server deployment. The solution must meet the following requirements: .Allow administrators to apply a single security policy to all Edge Transport servers .Reduce the administrative overhead that is required to manage servers .Minimize the attack surface of the internal network What should you recommend?()A、Implement Network Policy and Access Services (NPAS).B、Implement Active Directory Federation Services (AD FS).C、Create a new Active Directory domain in the internal forest, and then join all Edge Transport servers to the new domain.D、Create an Active Directory forest in the perimeter network, and then join all Edge Transport servers to the new domain.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company. You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group. What should you do?()A、 Add the Cert Administrators group to the Cert Publishers group in the domain.B、 Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow - Write permission.C、 Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow - Modify permission.D、 Assign the Certificate Managers role to the Cert Administrators group.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install Windows Server Update Services (WSUS) on a network server named Server1. When you attempt to synchronize Server1 with the Windows Update servers, you receive an error message. You open Internet Explorer and verify that you can communicate with an external Web site by using the proxy server. You need to ensure that Server1 can communicate with the Windows Update servers. What should you do on Server1?()A、Restart the IIS administration tool.B、Configure the Internet Explorer settings to bypass the proxy server.C、In the WSUS options, configure authentication to the proxy server.D、Install the ISA Firewall Client.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service (IAS). Server1 provides VPN access to the network for users’ home computers. You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized. You need to configure Server1 to log the details of access attempts by VPN users. What should you do? ()A、 Configure the system event log to Do not overwrite.B、 In IAS, in Remote Access Logging, enable the Authentication requests setting.C、 Configure the Remote Access server to Log all events.D、 Create a custom remote access policy and configure it for Authentication-Type.
考题
Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest. The forest contains a single domain. You plan to deploy 10 Edge Transport servers on the perimeter network. You need to recommend a solution for the Edge Transport server deployment. The solution must meet the following requirements: .Allow administrators to apply a single security policy to all Edge Transport servers .Reduce the administrative overhead that is required to manage servers .Minimize the attack surface of the internal network What should you recommend?()A、Implement Network Policy and Access Services (NPAS).B、Implement Active Directory Federation Services (AD FS).C、Create a new Active Directory domain in the internal forest, and then join all Edge Transport servers to the new domain.D、Create an Active Directory forest in the perimeter network, and then join all Edge Transport servers to the new domain.
考题
You are the network administrator for The network consists of a single Active Directory domain named All network servers run Windows Server 2003. A member server named TestKing17 hosts several shared folders. Users report that they receive an error message when they try to connect to the shared folders. The error message states: "No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept." How should you solve the problem?()A、Add an additional network adapter to TestKing17. Configure a network bridge between the new network adapter and the original network adapter.B、Purchase additional per-seat licenses for TestKing17. In Control Panel on TestKing17, run the Licensing application. Add the additional licenses to TestKing17.C、Disable quota management on TestKing17.D、In Active Directory Sites and Services, select the site that contains TestKing17. Add an additional Active Directory connection object to the domain controller for the site.
考题
You are the network administrator for The network consists of a single Active Directory domain. The domain contains 20 Windows Server 2003 computers and 400 Windows XP Professional computers. Software Update Services (SUS) is installed on a server named Testking2. The network security administrator wants you to ensure that the administrative password is not compromised when an administrator connects to Testking2's SUSAdmin Web site remotely by using HTTP. You want only SSL to be used to connect to the SUSAdmin Web site. The network security administrator creates a digital certificate and enables communication for SSL on port 443 of Testking2. However, administrators are still able to connect to the SUSAdmin Web site by using HTTP. You need to ensure that communication to the SUSAdmin Web site is always secure. What should you do?()A、Disable port 80 on the SUSAdmin Web site.B、Require 128-Bit SSL on all directories related to the SUSAdmin Web site.C、Change the default Web site to require 128-Bit SSL.D、Enable IPSec on Testking2 with the Request Security IPsec template.
考题
You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003, and all client computers run Windows XP Professional. A user named Lilli receives a new computer named Client223. She successfully logs on to the domain. The next day, she tries to log on again. The domain name appears in the domain dropdown list in the dialog box. However, Lilli cannot log on. You try to log on by using Client223, but you are also unsuccessful. Then you use a local Administrator account to log on. You read the following error message in the system event log. "NETLOGON Event ID 3210: Failed to authenticate with //Server5, a Windows NT domain controller for domain TestKing". You search the computer account for Client223 in Active Directory Users and Computers, but the account does not appear. You need to ensure that Lilli can log on to the domain successfully. What should you do?()A、Recreate the user account for Lilli and add her to all appropriate security groups.B、Run the netdom reset 'Client223' /domain:'testking' command and then restart Client223.C、Add Client223 to a workgroup. Then join Client223 to the domain.D、Reset the computer account for Server5 in Active Directory Users and Computers.
考题
You are the network administrator for TestKing.com. The network consists of a single Active Directory domain named testking.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers. You use a non-administrative user account named Joseph to log on to a client computer. You need to change the password for a domain user account named Sophia. You open the Active Directory Users and Computers console. When you attempt to change Sophia's password, you receive the following error message: "Access is denied". You need to remain logged on to the client computer as Joseph, and you need to be able to change Sophia's password. What should you do?()A、Add the non-administrative domain user account to the local Administrators group.B、Use the runas command to run Active Directory Users and Computers with domain administrative credentials.C、From a command prompt, run the net user Sophia /add /passwordreq:yes command.D、From a command prompt, run the net accounts /uniquepw: /domain command.
考题
单选题You are the network administrator for The network consists of a single Active Directory domain named All network servers run Windows Server 2003. A member server named TestKing17 hosts several shared folders. Users report that they receive an error message when they try to connect to the shared folders. The error message states: "No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept." How should you solve the problem?()A
Add an additional network adapter to TestKing17. Configure a network bridge between the new network adapter and the original network adapter.B
Purchase additional per-seat licenses for TestKing17. In Control Panel on TestKing17, run the Licensing application. Add the additional licenses to TestKing17.C
Disable quota management on TestKing17.D
In Active Directory Sites and Services, select the site that contains TestKing17. Add an additional Active Directory connection object to the domain controller for the site.
考题
单选题You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003, and all client computers run Windows XP Professional. A user named Lilli receives a new computer named Client223. She successfully logs on to the domain. The next day, she tries to log on again. The domain name appears in the domain dropdown list in the dialog box. However, Lilli cannot log on. You try to log on by using Client223, but you are also unsuccessful. Then you use a local Administrator account to log on. You read the following error message in the system event log. "NETLOGON Event ID 3210: Failed to authenticate with //Server5, a Windows NT domain controller for domain TestKing". You search the computer account for Client223 in Active Directory Users and Computers, but the account does not appear. You need to ensure that Lilli can log on to the domain successfully. What should you do?()A
Recreate the user account for Lilli and add her to all appropriate security groups.B
Run the netdom reset 'Client223' /domain:'testking' command and then restart Client223.C
Add Client223 to a workgroup. Then join Client223 to the domain.D
Reset the computer account for Server5 in Active Directory Users and Computers.
考题
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install Windows Server Update Services (WSUS) on a network server named Server1. When you attempt to synchronize Server1 with the Windows Update servers, you receive an error message. You open Internet Explorer and verify that you can communicate with an external Web site by using the proxy server. You need to ensure that Server1 can communicate with the Windows Update servers. What should you do on Server1?()A
Restart the IIS administration tool.B
Configure the Internet Explorer settings to bypass the proxy server.C
In the WSUS options, configure authentication to the proxy server.D
Install the ISA Firewall Client.
考题
单选题You are the network administrator for The network consists of a single Active Directory domain. The domain contains 20 Windows Server 2003 computers and 400 Windows XP Professional computers. Software Update Services (SUS) is installed on a server named Testking2. The network security administrator wants you to ensure that the administrative password is not compromised when an administrator connects to Testking2's SUSAdmin Web site remotely by using HTTP. You want only SSL to be used to connect to the SUSAdmin Web site. The network security administrator creates a digital certificate and enables communication for SSL on port 443 of Testking2. However, administrators are still able to connect to the SUSAdmin Web site by using HTTP. You need to ensure that communication to the SUSAdmin Web site is always secure. What should you do?()A
Disable port 80 on the SUSAdmin Web site.B
Require 128-Bit SSL on all directories related to the SUSAdmin Web site.C
Change the default Web site to require 128-Bit SSL.D
Enable IPSec on Testking2 with the Request Security IPsec template.
考题
单选题Your network consists of a single Active Directory domain. You have two servers named Server1 and Server2 that run Windows Server 2003 Service Pack 2 (SP2). Server1 is the site license server for the Default-First-Site-Name site. You need to configure Server2 to be the site license server. What should you do? ()A
From the Licensing console on Server1, modify the Products View configuration.B
From the Licensing Control Panel applet on Server2, modify the Replication configuration.C
From the Active Directory Sites and Services console, modify the Licensing Site Settings.D
From the Active Directory Users and Computers console, modify the AdminSDHolder object.
考题
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company. You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group. What should you do?()A
Add the Cert Administrators group to the Cert Publishers group in the domain.B
Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow - Write permission.C
Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow - Modify permission.D
Assign the Certificate Managers role to the Cert Administrators group.
考题
单选题You are the network administrator for . The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003, and all client computers run Windows XP Professional. TestKing acquires a subsidiary. You receive a comma delimited file that contains the names of all user accounts at the subsidiary. You need to import these accounts into your domain. Which command should you use?()A
ldifdeB
csvdeC
ntdsutil with the authoritative restore optionD
dsadd user
考题
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service (IAS). Server1 provides VPN access to the network for users’ home computers. You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized. You need to configure Server1 to log the details of access attempts by VPN users. What should you do? ()A
Configure the system event log to Do not overwrite.B
In IAS, in Remote Access Logging, enable the Authentication requests setting.C
Configure the Remote Access server to Log all events.D
Create a custom remote access policy and configure it for Authentication-Type.
考题
单选题Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest. The forest contains a single domain. You plan to deploy 10 Edge Transport servers on the perimeter network. You need to recommend a solution for the Edge Transport server deployment. The solution must meet the following requirements: .Allow administrators to apply a single security policy to all Edge Transport servers .Reduce the administrative overhead that is required to manage servers .Minimize the attack surface of the internal network What should you recommend?()A
Implement Network Policy and Access Services (NPAS).B
Implement Active Directory Federation Services (AD FS).C
Create a new Active Directory domain in the internal forest, and then join all Edge Transport servers to the new domain.D
Create an Active Directory forest in the perimeter network, and then join all Edge Transport servers to the new domain.
考题
单选题Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest. The forest contains a single domain. You plan to deploy 10 Edge Transport servers on the perimeter network. You need to recommend a solution for the Edge Transport server deployment. The solution must meet the following requirements: .Allow administrators to apply a single security policy to all Edge Transport servers .Reduce the administrative overhead that is required to manage servers .Minimize the attack surface of the internal network What should you recommend?()A
Implement Network Policy and Access Services (NPAS).B
Implement Active Directory Federation Services (AD FS).C
Create a new Active Directory domain in the internal forest,and then join all Edge Transport servers to the new domain.D
Create an Active Directory forest in the perimeter network,and then join all Edge Transport servers to the new domain.
考题
单选题You are the network administrator for TestKing.com. The network consists of a single Active Directory domain named testking.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers. You use a non-administrative user account named Joseph to log on to a client computer. You need to change the password for a domain user account named Sophia. You open the Active Directory Users and Computers console. When you attempt to change Sophia's password, you receive the following error message: "Access is denied". You need to remain logged on to the client computer as Joseph, and you need to be able to change Sophia's password. What should you do?()A
Add the non-administrative domain user account to the local Administrators group.B
Use the runas command to run Active Directory Users and Computers with domain administrative credentials.C
From a command prompt, run the net user Sophia /add /passwordreq:yes command.D
From a command prompt, run the net accounts /uniquepw: /domain command.
考题
单选题You are the network administrator for The network consists of a single Active Directory domain named Site License Logging is enabled in the domain. Administrators report that they cannot manage Client Access Licenses. When they attempt to open Licensing, they receive the following error: "RPC Server too busy." You suspect there is a problem on the domain controller that functions as the site license server. You do not know which domain controller is the site license server. You need to locate the site license server. What should you do?()A
Open Licensing, click the Server Browser tab, and expand your domain. Inspect the properties of each server.B
Open Active Directory Sites and Services, open the properties for the site name. Inspect the contents of the Location tab.C
Open the Active Directory Users and Computers, click your domain name, click Action, and select Operations Masters. Inspect the contents of the Infrastructure tab.D
Open Active Directory Sites and Services, and click your site name. Inspect the properties of the Licensing Site Settings.
考题
单选题You are the network administrator for Fabrikam, Inc. The network consists of a single Active Directory domain named fabrikam.com. A Windows Server 2003 computer named Server1 is the only DNS server in the domain. It hosts no other zones. Users report that connecting to computers within the fabrikam.com domain is slow. You need to find out whether DNS client traffic on Server1 is causing this problem. What should you do?()A
Use System Monitor to create a log of the DNS counters Dynamic updates/sec and Total queries/sec.B
Use System Monitor to create a log of the NetworkInterface counter Total bytes/sec.C
Enable debug logging on Server1. Configure the log to capture Notification events.D
Enable debug logging on Server1. Configure the log to capture Update events.
考题
单选题You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All client computers run Windows XP Professional. You install Software Update Services (SUS) on a network server named Testking1. When you attempt to synchronize Testking1 with the Windows Update servers, you receive an error message. You suspect that your proxy server requires authentication. You open Internet Explorer and verify that you can communicate with an external Web site by using the proxy server. You need to ensure that Testking1 can communicate with the Windows Update servers. What should you do on Testking1?()A
Restart the IIS administration tool.B
Configure the Internet Explorer settings to bypass the proxy server.C
In the SUS options, configure authentication to the proxy server.D
Install the Microsoft Firewall Client.