网友您好, 请在下方输入框内输入要搜索的题目:

题目内容 (请给出正确答案)

You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. The domain contains a group named SalesAdmin. Members of the SalesAdmin group need the permission to add Group Policy links and create Group Policy objects (GPOs) for only the Sales organizational unit (OU). You need to configure the domain to provide the SalesAdmin group with the minimum permissions necessary to meet these requirements. What should you do?()

  • A、Add the SalesAdmins group to the Group Policy Creator Owners group.
  • B、Configure the discretionary access control list (DACL) on all of the Group Policy links for the Sales OU to assign the SalesAdmins group the Allow - Apply Group Policy permission.
  • C、Run the Delegation of Control wizard on the domain to assign the SalesAdmin group the Manage Group Policy links task.
  • D、Run the Delegation of Control wizard on the Sales OU to assign the SalesAdmins group the Manage Group Policy links task.

参考答案

更多 “ You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. The domain contains a group named SalesAdmin. Members of the SalesAdmin group need the permission to add Group Policy links and create Group Policy objects (GPOs) for only the Sales organizational unit (OU). You need to configure the domain to provide the SalesAdmin group with the minimum permissions necessary to meet these requirements. What should you do?()A、Add the SalesAdmins group to the Group Policy Creator Owners group.B、Configure the discretionary access control list (DACL) on all of the Group Policy links for the Sales OU to assign the SalesAdmins group the Allow - Apply Group Policy permission.C、Run the Delegation of Control wizard on the domain to assign the SalesAdmin group the Manage Group Policy links task.D、Run the Delegation of Control wizard on the Sales OU to assign the SalesAdmins group the Manage Group Policy links task.” 相关考题
考题 You are the network administrator for The network consists of a single Active Directory domain named The domain contains 352,000 Windows 2000 Professional computers. You install and configure Software Update Services (SUS) on a server named TestKing3. You need to scan all computers in the domain to find out whether they have received all approved updates that are located on the SUS server. What should you do?()A、On a server, install and run the mbsacli.exe command with the appropriate configuration switches.B、On a server that runs IIS, install and configure urlscan.exe.C、Edit and configure the Default Domain Policy to enable the Configure Automatic Updates policy.D、From a command prompt on TestKing3, run the netsh.exe command to scan all computers in the domain.

考题 You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory forest. The forest contains Windows Server 2003 servers and Windows XP Professional computers.   The forest consists of a forest root domain named contoso.com and two child domains named child1.contoso.com and child2.contoso.com. The child1.contoso.com domain contains a member server named Server1. You configure Server1 to be an enterprise certification authority (CA), and you configure a user certificate template. You enable the Publish certificate in Active Directory setting in the certificate template. You instruct users in both the child1.contoso.com and the child2.contoso.com domains to enroll for user certificates.   You discover that the certificates for user accounts in the child1.contoso.com domain are being published to Active Directory, but the certificates for user accounts in the child2.contoso.com domain are not.   You want certificates issued by Server1 to child2.contoso.com domain user accounts to be published in Active Directory.   What should you do? ()A、 Configure user certificate autoenrollment for all domain user accounts in the contoso.com domain.B、 Configure user certificate autoenrollment for all domain user accounts in the child2.contoso.com domain.C、 Add Server1 to the Cert Publishers group in the contoso.com domain.D、 Add Server1 to the Cert Publishers group in the child2.contoso.com domain.

考题 You are the network administrator for . The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003, and all client computers run Windows XP Professional. TestKing acquires a subsidiary. You receive a comma delimited file that contains the names of all user accounts at the subsidiary. You need to import these accounts into your domain. Which command should you use?()A、ldifdeB、csvdeC、ntdsutil with the authoritative restore optionD、dsadd user

考题 You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers. Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO) is configured.You need to confirm whether all computers in the domain have received all approved updates from Server1. What should you do on Server1?()A、Install and configure Urlscan.exe.B、At the command prompt, type gpresult /scope COMPUTER.C、Open the WSUS console. Run the Status of Computers report.D、Open the WSUS console. Run the Synchronization Results report.

考题 You are the network administrator for Humongous Insurance. The network consists of a single Active Directory domain named humongous.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers. You configure several Group Policy objects (GPOs) to enforce the use of IPSec for certain types of communication between specified computers.   A server named Server2 runs the Telnet service. A GPO is supposed to ensure that all Telnet connections to Server2 are encrypted by using IPSec. However, when you monitor network traffic, you notice that Telnet connections are not being encrypted.You need to view all of the IPSec settings that are applied to Server2 by GPOs. Which tool should you use?()A、the IP Security Policy Management consoleB、the IP Security Monitor consoleC、the Resultant Set of Policy consoleD、Microsoft Baseline Security Analyzer (MBSA)

考题 You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers.   According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network.   You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network.   What should you do?  ()A、 On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic.B、 Replace all Windows 98 computers with new Windows XP Professional computers.C、 Install the Active Directory Client Extensions software on the Windows 98 computers.D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.

考题 You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company. You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group.  What should you do?()A、 Add the Cert Administrators group to the Cert Publishers group in the domain.B、 Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow - Write permission.C、 Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow - Modify permission.D、 Assign the Certificate Managers role to the Cert Administrators group.

考题 You are the desktop administrator for one of your company's branch offices. The network in the branch office consists of a single network segment, which contains a domain controller, a DHCP server, 10 Windows 2000 Server computers, and 50 Windows 2000 Professional computers. All servers and client computers are members of the company's Active Directory domain. You purchase 50 new client computers for the branch office. Each new client computer contains a built-in PXE-compliant network adapter. You install and configure RIS on one of the Windows 2000 Server computers that is on the network in the branch office. You create a Windows XP Professional RIS image on the Windows 2000 Server computer. You connect the new client computers to the network in the office, and you turn on each computer. Each computer displays a message stating that it cannot contact a PXE boot server. You verify that the RIS server is connected to the network. You need to ensure that the new client computers can connect to the RIS server and can begin installing Windows XP Professional. What should you do?()A、Ask a domain administrator to authorize the RIS server. B、Grant the Everyone group Allow - Read NTFS permission on the RIS image.C、Install RIS on the domain controller. Copy the RIS image to the domain controller.D、Add a reservation for the RIS server to the DHCP server. 

考题 You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers.Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO)is configured.You need to confirm whether all computers in the domain have received all approved updates from Server1.  What should you do on Server1?()A、Install and configure Urlscan.exe.B、At the command prompt, type gpresult /scope COMPUTER.C、Open the WSUS console. Run the Status of Computers report.D、Open the WSUS console. Run the Synchronization Results report.

考题 You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains three Windows Server 2003 domain controllers, 20 Windows Server 2003 member servers, and 750 Windows XP Professional computers. The domain is configured to use only Kerberos authentication for all server connections.A user reports that she receives an "Access denied" error message when she attempts to connect to one of the member servers. You want to test the functionality of Kerberos authentication on the user’s client computer.  Which command should you run from the command prompt on the user’s computer?()A、netshB、netdiagC、ktpassD、ksetup

考题 You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers.Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO) is configured.You need to confirm whether all computers in the domain have received all approved updates fromServer1. What should you do on Server1?()A、Install and configure Urlscan.exe.B、At the command prompt, type gpresult /scope COMPUTER.C、Open the WSUS console. Run the Status of Computers report.D、Open the WSUS console. Run the Synchronization Results report.

考题 You are the network administrator for The network consists of a single Active Directory domain named The network contains 40 Windows Server 2003 computers. The functional level of the domain is Windows Server 2003. Four servers are configured as domain controllers. The information technology (IT) department has positions for three trainee network administrators. When their training period is complete, the trainees move the other roles, and new trainees are appointed. The trainee administrators are responsible for backing up and restoring all servers. TestKing.com's written security policy states that each trainee must have a unique user account. The trainees' domain user accounts are members of a global group named TraineeAdmins. You need to ensure that trainees have the required rights to log on locally, to shut down, and to backup and restore all servers. When new trainees are appointed, you need to assign their user accounts the required rights. What should you do?()A、Add the TraineeAdmins group to the Power Users group on each server.B、Add the TraineeAdmins group to the Server Operators group on a domain controller.C、Add the TraineeAdmins group to the Backup Operators group on each server.D、Add the TraineeAdmins group to the Backup Operators group on a domain controller.

考题 You are a security administrator for your company. The network consists of three Active Directory domains. All Active Directory domains are running at a Windows Server 2003 mode functionality level.    Employees in the editorial department of your company need access to resources on file servers that are in each of the Active Directory domains. Each Active Directory domain in the company contains at least one editorial department employee user account.    You need to create a single group named Company Editors that contains all editorial department employee user accounts and that has access to the resources on file server computers.  What should you do?()A、 Create a global distribution group in the forest root domain and name it Company Editors.B、 Create a global security group in the forest root domain and name it Company Editors.C、 Create a universal distribution group in the forest root domain and name it Company Editors. D、 Create a universal security group in the forest root domain and name it Company Editors.

考题 You are the network administrator for Testking.com. The network consists of a single Active Directory domain testking.com. The functional level of the domain is Windows 2000 native. Some network servers run Windows 2000 Server, and others run Windows Server 20003. All users in your accounting department are members of an existing global distribution group named Global-1. You create a new network share for the accounting users. You need to enable the members of Global-1 to access the file share. What should you do?()A、Raise the functional level of the domain to Windows Server 2003.B、Change the group type of Global-1 to security.C、Change the group scope of Global-1 to universal.D、Raise the functional level of the forest to Windows Server 2003.

考题 Your company network consists of a single Active Directory domain named testking.com. The functional level of the domain is Windows 2000 Native. The network contains 20 member servers running Windows 2000 and 5 domain controllers running Windows Server 2003. The user accounts for employees in the Finance department are members of a global distribution group named Finance_Users. You create a shared folder named Finance_Docs on a Windows 2000 member server. You need to enable the Finance users to access the Finance_Docs folder. What should you do?()A、Change Finance_Users to a security group.B、Change the scope of Finance_Users to Universal.C、Change the scope of Finance_Users to Domain Local.D、Raise the domain functional level to Windows Server 2003.

考题 You are the network administrator for . The network consists of single Active directory domain. The domain contains a Windows Server 2003 domain controller named TestKing3. The securews.inf security policy has been applied to the domain. A network application requires a service account. The network application runs constantly. You create and configure a service account named SrvAcct for the network application. The software functions properly using the new account and service. You discover an ongoing brute force attack against the SrvAcct account. The intruder appears to be attempting a distributed attack from several Windows XP Professional domain member computers on the LAN. The account has not been compromised and you are able to stop the attack, you restart Server6 and attempt to run the network application, but the application does not respond.()A、Reset the SrvAcct password,B、Configure the default Domain Controllers policy to assign the SrvAcct account the right to log on locally.C、Unlock the SrvAcct account.D、Restart the NetAppService service.

考题 You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003, and all client computers run Windows XP Professional. A user named Lilli receives a new computer named Client223. She successfully logs on to the domain. The next day, she tries to log on again. The domain name appears in the domain dropdown list in the dialog box. However, Lilli cannot log on. You try to log on by using Client223, but you are also unsuccessful. Then you use a local Administrator account to log on. You read the following error message in the system event log. "NETLOGON Event ID 3210: Failed to authenticate with //Server5, a Windows NT domain controller for domain TestKing". You search the computer account for Client223 in Active Directory Users and Computers, but the account does not appear. You need to ensure that Lilli can log on to the domain successfully. What should you do?()A、Recreate the user account for Lilli and add her to all appropriate security groups.B、Run the netdom reset 'Client223' /domain:'testking' command and then restart Client223.C、Add Client223 to a workgroup. Then join Client223 to the domain.D、Reset the computer account for Server5 in Active Directory Users and Computers.

考题 You are the network administrator for Alpine Ski House. The network consists of a single Active Directory forest that contains five domains. The functional level of the forest is Windows 2000. You have not configured any universal groups in the forest. One domain is a child domain named child1.alpineskihouse.com  that contains two domain controllers and 50 client computers. The functional level of the domain is Windows Server 2003. The network includes an Active Directory site named Site1 that contains two domain controllers. Site1 represents a remote clinic, and the location changes every few months. All of the computers in child1.alpineskihouse.com are located in the remote clinic. The single WAN connection that connects the remote clinic to the main network is often saturated or unavailable. Site1 does not include any global catalog servers. You create several new user accounts on the domain controllers located in Site1. You need to ensure that users in the remote clinic can always quickly and successfully log on to the domain.  What should you do?()A、 Enable universal group membership caching in Site1.B、 Add the HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Lsa/IgnoreGCFailures key to the registry on both domain controllers in Site1.C、 Add the HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Lsa/IgnoreGCFailures key to the registry on all global catalog servers in the forest.D、 Raise the functional level of the forest to Windows Server 2003.

考题 You are the network administrator for Humongous Insurance. The network consists of a single Active Directory domain named humongous.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers.You configure several Group Policy objects (GPOs) to enforce the use of IPSec for certain types of communication between specified computers.   A server named Server2 runs the Telnet service. A GPO is supposed to ensure that all Telnet connections to Server2 are encrypted by using IPSec. However, when you monitor network traffic, you notice that Telnet connections are not being encrypted.You need to view all of the IPSec settings that are applied to Server2 by GPOs.   Which tool should you use?()A、the IP Security Policy Management consoleB、the IP Security Monitor consoleC、the Resultant Set of Policy consoleD、Microsoft Baseline Security Analyzer (MBSA)

考题 You are the network administrator for The network consists of a sing Active Directory domain named All domain controllers run Windows Server 2003. All client computers run Windows XP Professional with default settings. Some users have portable computers, and the rest have desktop computers. You need to ensure that all users are authenticated by a domain controller whenthey log on. How should you modify the local security policy?()A、Require authentication by a domain controller to unlock the client computer.B、Cache zero interactive logons.C、Cache 50 interactive logons.D、Grant the Log on locally user right to the Users group.

考题 You are the network administrator for TestKing.com. The network consists of a single Active Directory domain named testking.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers. You use a non-administrative user account named Joseph to log on to a client computer. You need to change the password for a domain user account named Sophia. You open the Active Directory Users and Computers console. When you attempt to change Sophia's password, you receive the following error message: "Access is denied". You need to remain logged on to the client computer as Joseph, and you need to be able to change Sophia's password. What should you do?()A、Add the non-administrative domain user account to the local Administrators group.B、Use the runas command to run Active Directory Users and Computers with domain administrative credentials.C、From a command prompt, run the net user Sophia /add /passwordreq:yes command.D、From a command prompt, run the net accounts /uniquepw: /domain command.

考题 You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers.   According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network.   You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network.  What should you do? ()A、 On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic.  B、 Replace all Windows 98 computers with new Windows XP Professional computers.  C、 Install the Active Directory Client Extensions software on the Windows 98 computers. D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.

考题 单选题You are the network administrator for your company's Active Directory domain. The domain includes Windows Server 2003 domain controllers and Windows XP Professional client computers. A new administrator named Paul is hired to assist you in deploying Windows XP Professional to 100 new computers. Paul installs the operating system on a new computer named Client1. However, when Paul tries to log on to the domain from Client1, he is unsuccessful. The logon dialog box does not allow him to view and select the domain name. You need to ensure that Paul can log on to the domain from Client1. What should you do? ()A Enable the computer account for Client1.B Configure Client1 as a member of the domain.C Add Paul's user account to the Enterprise Admins group.D Add Paul's user account to the Server Operators group.

考题 单选题You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company. You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group.  What should you do?()A  Add the Cert Administrators group to the Cert Publishers group in the domain.B  Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow - Write permission.C  Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow - Modify permission.D  Assign the Certificate Managers role to the Cert Administrators group.

考题 单选题You are the network administrator for The network consists of a sing Active Directory domain named All domain controllers run Windows Server 2003. All client computers run Windows XP Professional with default settings. Some users have portable computers, and the rest have desktop computers. You need to ensure that all users are authenticated by a domain controller whenthey log on. How should you modify the local security policy?()A Require authentication by a domain controller to unlock the client computer.B Cache zero interactive logons.C Cache 50 interactive logons.D Grant the Log on locally user right to the Users group.

考题 单选题You are the network administrator for The network consists of a single Active Directory domain named The domain contains 352,000 Windows 2000 Professional computers. You install and configure Software Update Services (SUS) on a server named TestKing3. You need to scan all computers in the domain to find out whether they have received all approved updates that are located on the SUS server. What should you do?()A On a server, install and run the mbsacli.exe command with the appropriate configuration switches.B On a server that runs IIS, install and configure urlscan.exe.C Edit and configure the Default Domain Policy to enable the Configure Automatic Updates policy.D From a command prompt on TestKing3, run the netsh.exe command to scan all computers in the domain.

考题 单选题You are the network administrator for TestKing.com Active Directory domain. The domain includes Windows Server 2003 domain controllers and Windows XP Professonal client computers. A new administrator named Sandra is hired to assist you in deploying Windows XP Professional to 100 new computers. Sandra installs the operating system on a new computer named TestKing11. However, when Sandra tries to log on to the domain from TestKing11, she is unsuccessful. The logon box does now allow her to view and select the domain name. You need to ensure that Sandra can log on to the domain from TestKing11. What should you do?()A Enable the computer account for Testking11.B Configure TestKing11 as a member of the domain.C Add Sandra's user account to the Enterprise Admins group.D Add Sandra's user account to the Server Operators group.