多选题The default domain GPO in your company is configured by using the following account policy settings：   （ Minimum password length： 8 characters  .Maximum password age： 30 days. Enforce password history： 12 passwords remembered  .Account lockout threshol

第1题：

You need to ensure that users who enter three successive invalid passwords within 5 minutes are locked out for five minutes. Which threeactions should you perform（）

• A、Set the Minimun password age setting to one day.
• B、Set the Maximum password age setting to one day.
• C、Set the Account lockout duration setting to 5 minutes.
• D、Set the Reset account lockout counter after setting to 5 minutes.
• E、Set the Account lockout threshold setting to 3 invalid logon attempts.
• F、Set the Enforce password history setting to 3 passswords remembered.

第2题：

The default domain GPO in your company is configured by using the following account policy  settings：   - Minimum password length： 8 characters   - Maximum password age： 30 days   - Enforce password history： 12 passwords remembered   - Account lockout threshold： 3 invalid logon attempts .Account lockout duration： 30 minutes     You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008  R2. The SQL Server application uses a service account named SQLSrv. The SQLSrv account  has domain user rights.   The SQL Server computer fails after running successfully for several weeks. The SQLSrv user  account is not locked out.     You need to resolve the server failure and prevent recurrence of the failure.     Which two actions should you perform（）

• A、Reset the password of the SQLSrv user account.
• B、Configure the local security policy on Server1 to grant the Logon as a service right on the SQLSrv user account.
• C、Configure the properties of the SQLSrv account to Password never expires.
• D、Configure the properties of the SQLSrv account to User cannot change password.
• E、Configure the local security policy on Server1 to explicitly grant the SQLSrv user account the Allow logon locally us

第3题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You create a new domain user account named User1 and assign the account a password of P@ssw0rd. On the new account, you enable the User must change password at next logon option. A week later, you discover that User1 is still using the password P@ssw0rd to log on to the domain. You need to ensure that User1 is forced to use a different password the next time she changes her password. What should you do first? （）

• A、In the Default Domain Policy, select Enforce password history.
• B、In the Default Domain Policy, select Passwords must meet complexity requirements.
• C、From the User’s account properties, select Account is sensitive and cannot be delegated.
• D、From the User’s account properties, select Store password using reversible encryption.

第4题：

Your company has an Active Directory domain. A user attempts to log on to the domain from a client computer and receives the following message： "This user account has expired Ask your administrator to reactivate the account." You need to ensure that the user is able to log on to the domain. What should you do（）

• A、Modify the properties of the user account to set the account to never expire.
• B、Modify the properties of the user account to extend the Logon Hours setting.
• C、Modify the properties of the user account to set the password to never expire.
• D、Modify the default domain policy to decrease the account lockout duration.

第5题：

You are the network administrator for Testking.com. The network consists of a single Active Directory domain testking.com. All domain controllers run Windows Server 2003. Users who enter an invalid password more than twice in one day must be locked out. You need to configure domain account policy settings to enforce this rule. Which two actions should you perform?（） (Each correct answer presents part of the solution. Choose two)

• A、Set the minimum password age to one day.
• B、Set the maximum password age to one day.
• C、Change the Enforce password history setting to three passwords remembered.
• D、Change the Account lockout duration setting to 1440 minutes.
• E、Change the Account lockout threshold setting to three invalid logon attempts.
• F、Change the Reset account lockout counter after setting to 1440 minutes.

第6题：

You are the network administrator for On a windows Server 2003 computer named TestKingF, you use the backup program to automatically back up eight servers. You use a schedule task named AutoBack. The task runs in the security context of a domain account named NightBackup. The Default Domain Policy Group Policy object (GPO) is configured with the following account policies settings: 1. Minimum password length: 8 characters 2. Password expiration: 30 days 3. Enforce password history: 12 passwords remembered 4. Account lockout threshold: 3 invalid logon attempts 5. Account lockout duration: 30 minutes The backup program runs successfully for four weeks. After four weeks, you notice that nightly backups no longer occur. A successful backup occurs when you log on the TestKingF with your own user account and perform a local backup. Your user account is member of the Domain Admins group. You want the AutoBack scheduled task to perform unattended backups every night at 11:00 P.M. Which two actions should you perform in order to resume the nightly backups by using the AutoBack scheduled task?（） (Each correct answer presents part of the solution. Choose two.)

• A、Unlock the NightBackup user account.
• B、Enable the NightBackup user account.
• C、One the properties sheet for the AutoBack. Job scheduled task, reset the password.
• D、Reset the password for the NightBackup user account.
• E、Configure the local security policy on TestKingF to grant the service account the Logon locally right.
• F、Configure the local security policy on TestKingF to grant the service account the Logon as a service right.

第7题：

You need to design a password policy that meets business requirements. What should you do？ Select all that apply.（）

• A、Increase the number of passwords that are remembered
• B、Disable reversible encryption
• C、Set the minimum password age to zero days
• D、Increase the maximum password age

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

Your network contains an Active Directory domain. The domain contains a group named Group1.  The minimum password lenght for the domain is set to six characters.   you need to ensure that the passwords for all users in Group1 are at least 10 characters long. All  other users must be able to use passwords that are six characters long.     What should you do first（）

• A、Run the New-ADFineGrainedPasswordPolicy cmdlet.
• B、Run the Add-ADFineGrainedPasswordPolicySubject cmdlet.
• C、From the Default Domain Policy， modify the password policy.
• D、From the Default Domain Controller Policy， modify the password policy.

第14题：

. Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You create a new domain user account named User1 and assign the account a password of P@ssw0rd. On the new account, you enable the User must change password at next logon option. A week later, you discover that User1 is still using the password P@ssw0rd to log on to the domain. You need to ensure that User1 is forced to use a different password the next time she changes her password. What should you do first? （）

• A、In the Default Domain Policy, select Enforce password history.
• B、In the Default Domain Policy, select Passwords must meet complexity requirements.
• C、From the User’s account properties, select Account is sensitive and cannot be delegated.
• D、From the User’s account properties, select Store password using reversible encryption.

第15题：

You are a security administrator for your company. The network consists of a single Active Directory domain. Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows XP Professional.    The company’s written security policy states that user accounts must be locked if an unauthorized user attempts to guess the users， passwords. The current account policy locks out a user after two invalid password attempts in five minutes. The user remains locked out until the account is reset by an administrator. Users frequently call the help desk to have their account unlocked. Calls related to account lockout constitute 25 percent of help desk calls.    You need to reduce the number of help desk calls related to account lockout.  What should you do？（）

• A、 Modify the Default Domain Controllers Policy Group Policy object（GPO）. Increase the maximum lifetime for service
• B、 Modify the Default Domain Policy Group Policy object（GPO）. Configure an account lockout threshold of 10.
• C、 Modify the Default Domain Controllers Policy Group Policy object（GPO）. Disable the enforcement of user logon res
• D、 Modify the Default Domain Policy Group Policy object（GPO）. Increase the minimum password age.

第16题：

You need to ensure that users who enter three successive invalid passwords within 5 minutes are   locked out for 5 minutes.   Which three actions should you perform（）

• A、Set the Minimum password age setting to one day.
• B、Set the Maximum password age setting to one day.
• C、Set the Account lockout duration setting to 5 minutes.
• D、Set the Reset account lockout counter after setting to 5 minutes.
• E、Set the Account lockout threshold setting to 3 invalid logon attempts.
• F、Set the Enforce password history setting to 3 passwords remembered.

第17题：

You create a Password Settings object （PSO）.   You need to apply the PSO to a domain user named User1.   What should you do（）

• A、Modify the properties of the PSO.
• B、Modify the account options of the User1 account.
• C、Modify the security settings of the User1 account.
• D、Modify the password policy of the Default Domain Policy Group Policy object （GPO）.

第18题：

The default domain GPO in your company is configured by using the following account policy settings：   （ Minimum password length： 8 characters  .Maximum password age： 30 days. Enforce password history： 12 passwords remembered  .Account lockout threshold： 3 invalid logon attempts  .Account lockout duration： 30 minutes   You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008 R2. The  SQL Server application uses a service account named SQLSrv. The SQLSrv account has domain user  rights.   The SQL Server computer fails after running successfully for several weeks. The SQLSrv user account is  not locked out.   You need to resolve the server failure and prevent recurrence of the failure.   Which two actions should you perform（）

• A、Reset the password of the SQLSrv user account.
• B、Configure the local security policy on Server1 to grant the Logon as a service right on the SQLSrv user
• C、Configure the properties of the SQLSrv account to Password never expires.
• D、Configure the properties of the SQLSrv account to User cannot change password.
• E、Configure the local security policy on Server1 to explicitly grant the SQLSrv user account the allow  logon locally user right.

第19题：

You are the network administrator for The network consists of a single Active Directory domain named All network servers run Windows Server 2003. The Default Domain Policy GPO is configured to prompt users to change their password 14 days before it expires. A user who returns from a two-week vacation reportes that she cannot log on to the domain. You discover that when she last logged on, she was prompted to change her password. She reports that she did not change her password before leaving on vacation. You need to ensure that the user can log on to the domain. What should you do?（）

• A、Enable the user account.
• B、Reset the password for the user account.
• C、Use Active Directory Users and Computers to select the Password never expires option.
• D、Configure the Prompt user to change password before expiration security policy option to 21 days.

第20题：

第21题：

第22题：

第23题：