多选题You are the senior systems engineer for your company. The network consists of a single Active Directory domain.  All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Clie

题目
多选题
You are the senior systems engineer for your company. The network consists of a single Active Directory domain.  All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Client Extensions software installed. All other client computers run Windows XP Professional. All servers are located in an organizational unit (OU) named Servers. All client computers are located in an OU named Desktops.   Four servers contain confidential company information that is used by users in either the finance department or the research department. Users in the sales department also store files and applications on these servers. The company’s written security policy states that for auditing purposes, all network connections to these resources must require authentication at the protocol level. The written security policy also states that all network connections to these resources must be encrypted. The company budget does not allow for the purchase of any new hardware or software. The applications and data located on these servers may not be moved to any other server in the network.   You define and assign the appropriate permissions to ensure that only authorized users can access the resources on the servers.   You now need to ensure that all connections made to these servers by the users in the finance department and in the research department meet the security guidelines stated by the written security policy. You also need to ensure that all users in the sales department can continue to access their resources.   Which two actions should you take?()
A

Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Secure Server (Require Security) IPSec policy in the GPO.

B

Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Server (Request Security) IPSec policy in the GPO.

C

Create a new Group Policy object (GPO) and link it to the Desktops OU. Enable the Client (Respond only) IPSec policy in the GPO.

D

Create a new Group Policy object (GPO). Edit the GPO to enable the Registry Policy Processing option and the IP Security Policy Processing option. Copy the GPO files to the Netlogon shared folder.

E

Use System Policy Editor to open the System.adm file and enable the Registry Policy Processing option and the IP Security Policy Processing option. Save the system policy as NTConfig.pol.

相似考题

1.You are the network administrator for your company. The network originally consists of a single Windows NT 4.0 domain.You upgrade the domain to a single Active Directory domain. All network servers now run Windows Server 2003, and all client computers run Windows XP Professional.Your staff provides technical support to the network. They frequently establish Remote Desktop connections with a domain controller named DC1.You hire 25 new support specialists for your staff. You use Csvde.exe to create Active Directory user accounts for all 25.A new support specialist named Paul reports that he cannot establish a Remote Desktop connection with DC1. He receives the message shown in the Logon Message exhibit. (Click the Exhibit button.)You open Gpedit.msc on DC1. You see the display shown in the Security Policy exhibit. (Click the Exhibit button.)You need to ensure that Paul can establish Remote Desktop connections with DC1.What should you do? ()

2.You are the administrator of a Windows 2000 Active Directory network. The network consists of a single domain. The domain includes 20 Windows NT Workstation 4.0 client computers. All other client computers are Windows 2000 Professional computers.You create a Windows NT 4.0 default user policy on the Windows 2000 Server computer that is configured as the PDC emulator. This default user policy denies access to Network Neighborhood. You then install Terminal Services on one of the servers and Terminal Services Client on the 20 Windows NT Workstation client computers.You find that the users of the Terminal Server can still browse the network when they open My Network Places. You want to prevent all users from browsing the network.What should you do?A.Modify the Windows NT policy template file so that you can restrict access to both My Network Places and Network Neighborhood. Save the policy file on the Terminal Server.B.Copy the Windows NT policy file to the 20 Windows NT Workstation computers.C.Create a Windows 2000 Group Policy that denies user access to My Network Places.D.Edit the local registry on the Windows NT Workstation computers to deny access to Entire Network in Network Neighborhood.

3. Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create a security update scan procedure for client computers. You need to choose a security tool that supports all the client computers.  Which tool should you choose? ()A、 UrlScan Security ToolB、 Enterprise Scan Tool (EST)C、 Malicious Removal Tool (MRT)D、 Microsoft Baseline Security Analyzer (MBSA)

4.You are the administrator of a network that consists of a single Windows NT 4.0 domain. The network contains five Windows NT Server domain controllers and 1,000 Windows NT Workstation client computers.You want to install Windows 2000 Server on a new computer. You want the new computer to act as domain controller in the existing domain.What should you do?A.On the new computer, install Windows NT Server 4.0 and designate the computer as a BDC in the existing domain. Promote the computer to the PDC of the domain. Upgrade the computer to Windows 2000 Server.B.On the new computer, install Windows NT Server 4.0 and designate the computer as a PDC in a new domain that has the same NetBIOS name as the existing Windows NT domain. Upgrade the computer to Windows 2000 Server. Use the Active Directory sites and services to force synchronization of the domain controllers.C.Shut down the PDC of the existing Windows NT domain from the network. On the new computer, install Windows 2000 Server, and then run the Active Directory installation wizard to install Active Directory, specifying the same NetBIOS name for the Windows 2000 domain as the existing Windows NT domain. Restart the Windows NT PDC on the network and demote it to a BDC.D.Shut down the PDC of the existing Windows NT domain from the network. On the new computer, install Windows 2000 Server, and then run the Active Directory installation wizard to install Active Directory as a replica in the existing Windows NT domain. Promote the new computer to the PDC of the domain. Restart Windows NT PDC on the network and demote it to a BDC.

更多“多选题You are the senior systems engineer for your company. The network consists of a single Active Directory domain.  All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Clie”相关问题

  • 第1题:

    Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).You need to provide a user named User1 the required permissions to reset passwords in the domain. What should you do?()

    • A、Install and run the Security Configuration Wizard (SCW).
    • B、From the Authorization Manager snap-in, modify the authorization store type.
    • C、From Active Directory Sites and Services, run the Delegation of Control Wizard.
    • D、From Active Directory Users and Computers, run the Delegation of Control Wizard.

    正确答案:D

  • 第2题:

    Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3). You need to ensure that locked out user accounts remain locked out until an administrator unlocks the accounts. What should you do? ()

    • A、In the Default Domain Policy, set the Account lockout duration to 0.
    • B、In the Default Domain Policy, set the Account lockout duration to 99999.
    • C、From Active Directory Users and Computers, select the Account is trusted for delegation option for all user accounts.
    • D、From Active Directory Users and Computers, select the Account is sensitive and cannot be delegated option for all user accounts.

    正确答案:A

  • 第3题:

    You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers.   According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network.   You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network.   What should you do?  ()

    • A、 On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic.
    • B、 Replace all Windows 98 computers with new Windows XP Professional computers.
    • C、 Install the Active Directory Client Extensions software on the Windows 98 computers.
    • D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.

    正确答案:B

  • 第4题:

    You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install Windows Server Update Services (WSUS) on a network server named Server1. When you attempt to synchronize Server1 with the Windows Update servers, you receive an error message. You open Internet Explorer and verify that you can communicate with an external Web site by using the proxy server. You need to ensure that Server1 can communicate with the Windows Update servers.  What should you do on Server1?()

    • A、Restart the IIS administration tool.
    • B、Configure the Internet Explorer settings to bypass the proxy server.
    • C、In the WSUS options, configure authentication to the proxy server.
    • D、Install the ISA Firewall Client.

    正确答案:C

  • 第5题:

    Your network consists of a single Active Directory domain. You have a domain controller and a   member server that run Windows Server 2008 R2. Both servers are configured as DNS servers. Client  computers run either Windows XP Service Pack 3 or Windows 7.   You have a standard primary zone on the domain controller. The member server hosts a secondary copy  of the zone.You need to ensure that only authenticated users are allowed to update host (A) records in the DNS zone.   What should you do first()

    • A、On the member server, add a conditional forwarder.
    • B、On the member server, install Active Directory Domain Services.
    • C、Add all computer accounts to the DNSUpdateProxy group.
    • D、Convert the standard primary zone to an Active Directory-integrated zone.

    正确答案:D

  • 第6题:

    You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install and configure a single server to run Windows Server Update Services (WSUS). You configure the appropriate Group Policy settings to specify separate WSUS target groups for client and server computers. You need to ensure that computers automatically assign themselves to the correct computer group.  What should you do?()

    • A、In the WSUS console, configure Computer Options so that Use group policy or registry settings on computers is selected.
    • B、In the WSUS console, configure Computer Options so that Use the Move Computers Task in Windows Server Update Services is selected.
    • C、In the WSUS console, create the appropriate computer groups.
    • D、Create organizational units (OUs) for each group.

    正确答案:A,C

  • 第7题:

    Your company has a single Active Directory directory service domain. Servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create an internal centrally managed security update infrastructure for client computers. You need to choose a security update management tool that supports all the client computers.  Which tool should you choose? ()

    • A、 Microsoft Assessment and Planning (MAP) Toolkit
    • B、 Microsoft Baseline Security Analyzer
    • C、 Microsoft System Center Operations Manager
    • D、 Windows Server Update Services (WSUS)

    正确答案:D

  • 第8题:

    Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003 You upgrade all domain controllers to Windows Server 2008 You need to configure the Active Directory environment to support the application of multiple password policies What should you do()

    • A、Create multiple Active Directory sites.
    • B、On all domain controllers, run dcpromo /adv.
    • C、On one domain controller, run dcpromo /adv.
    • D、Raise the functional level of the domain to Windows Server 2008.

    正确答案:D

  • 第9题:

    单选题
    You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003. Half of the client computers run Windows XP Professional, and the other half run Windows NT 4.0 Workstation. You install Terminal Server on five member servers named Server1 through Server5. You place all five terminal servers in an organizational unit (OU) named Terminal Server. You link a Group Policy object (GPO) to the Terminal Server OU. Two days later, users notify you that the performance of Server4 is unacceptably slow. You discover that Server4 has 75 disconnected Terminal Server sessions. You need to configure all five terminal servers to end disconnected sessions after 15 minutes of inactivity. You must achieve this goal by using the minimum amount of administrative effort. What should you do()?
    A

    Log on to the console of each terminal server. In the RDP-Tcp connection properties, set the End a disconnected session option to 15 minutes.

    B

    Edit the GPO to set the time limit for disconnected sessions to 15 minutes.

    C

    On Server1, run the tsdiscon command to disconnect all 75 users from Server4.

    D

    In Active Directory Users and Computers, set the End a disconnected session option for all domain user accounts to 15 minutes.


    正确答案: D
    解析: 暂无解析

  • 第10题:

    单选题
    Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. All domain controllers run Active DirectoryCintegrated DNS. You create several static host (A) resource records. You need to verify that the DNS server is sending the correct host records to all client computers.  Which command-line tool should you use?()
    A

     netsh

    B

     tracert

    C

     ntdsutil

    D

     nslookup


    正确答案: D
    解析: 暂无解析

  • 第11题:

    单选题
    Your company has a single Active Directory directory service domain. Servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create an internal centrally managed security update infrastructure for client computers. You need to choose a security update management tool that supports all the client computers.  Which tool should you choose? ()
    A

     Microsoft Assessment and Planning (MAP) Toolkit

    B

     Microsoft Baseline Security Analyzer

    C

     Microsoft System Center Operations Manager

    D

     Windows Server Update Services (WSUS)


    正确答案: C
    解析: 暂无解析

  • 第12题:

    多选题
    You are the network administrator for TestKing, which employs 1,500 users. The network consists of a single Active Directory domain named All network servers run Windows Server 2003. Most client computers run Windows XP Professional, and the rest run Windows NT 4.0 Workstation. Two terminal servers are available to network users. You install a new application on both terminal servers. Everyone who uses the new application to create data must save the data directly to a folder on the local hard disk. You need to ensure that client disk drives are always available when employees connect to the terminal servers. Which two actions should you perform?() (Each correct answer presents part of the solution. Choose two)
    A

    Create a client connection object with default settings and deploy the object to each terminal server.

    B

    Edit the RDP-Tcp properties by selecting the Connect client drives at logon options.

    C

    Install NetMeeting on all client computers. Configure Remote Desktop Sharing.

    D

    Install the default Windows 2000 Terminal Server Client software on the Windows NT 4.0 workstations.

    E

    Install Remote Desktop Connections on the Windows NT 4.0 workstations.


    正确答案: A,B
    解析: 暂无解析

  • 第13题:

    You are the network administrator for . The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003, and all client computers run Windows XP Professional. TestKing acquires a subsidiary. You receive a comma delimited file that contains the names of all user accounts at the subsidiary. You need to import these accounts into your domain. Which command should you use?()

    • A、ldifde
    • B、csvde
    • C、ntdsutil with the authoritative restore option
    • D、dsadd user

    正确答案:B

  • 第14题:

    ou are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.Two of the servers on the network contain highly confidential documents. The company’s written security policy states that all network connections with these servers must be encrypted by using an IPSec policy.You place the two servers in an organizational unit (OU) named SecureServers. You configure a Group Policy object (GPO) that requires encryption for all connections. You assign the GPO to the SecureServers OU.  You need to verify that users are connecting to the two servers by using encrypted connections.   What should you do?()

    • A、Run the net view command.
    • B、Run the gpresult command.
    • C、Use the IP Security Monitor console.
    • D、Use the IPSec Policy Management console.

    正确答案:C

  • 第15题:

    You are the senior systems engineer for your company. The network consists of a single Active Directory domain.  All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Client Extensions software installed. All other client computers run Windows XP Professional. All servers are located in an organizational unit (OU) named Servers. All client computers are located in an OU named Desktops.   Four servers contain confidential company information that is used by users in either the finance department or the research department. Users in the sales department also store files and applications on these servers. The company’s written security policy states that for auditing purposes, all network connections to these resources must require authentication at the protocol level. The written security policy also states that all network connections to these resources must be encrypted. The company budget does not allow for the purchase of any new hardware or software. The applications and data located on these servers may not be moved to any other server in the network.   You define and assign the appropriate permissions to ensure that only authorized users can access the resources on the servers.   You now need to ensure that all connections made to these servers by the users in the finance department and in the research department meet the security guidelines stated by the written security policy. You also need to ensure that all users in the sales department can continue to access their resources.   Which two actions should you take?()

    • A、 Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Secure Server (Require Security) IPSec policy in the GPO.
    • B、 Create a new Group Policy object (GPO) and link it to the Servers OU. Enable the Server (Request Security) IPSec policy in the GPO.
    • C、 Create a new Group Policy object (GPO) and link it to the Desktops OU. Enable the Client (Respond only) IPSec policy in the GPO.
    • D、 Create a new Group Policy object (GPO). Edit the GPO to enable the Registry Policy Processing option and the IP Security Policy Processing option. Copy the GPO files to the Netlogon shared folder.
    • E、 Use System Policy Editor to open the System.adm file and enable the Registry Policy Processing option and the IP Security Policy Processing option. Save the system policy as NTConfig.pol.

    正确答案:B,C

  • 第16题:

    You are the network administrator for your company, which employs 1,500 users. The network consists of a single Active Directory domain. All network servers run Windows Server 2003. Most client computers run Windows XP Professional, and the rest run Windows NT 4.0 Workstation.Two terminal servers are available to network users. You install a new application on both terminal servers.Everyone who uses the new application to create data must save the data directly in a folder on the local hard disk.You need to ensure that client disk drives are always available when employees connect to the terminal servers.Which two actions should you perform? ()(Each correct answer presents part of the solution. Choose two.)

    • A、Create a client connection object with default settings and deploy the object to each terminal server.
    • B、Edit the RDP-Tcp properties by selecting the Connect client drives at logon option.
    • C、Install NetMeeting on all client computers. Configure Remote Desktop Sharing.
    • D、Install the default Windows 2000 Terminal Server Client software on the Windows NT 4.0 workstations.
    • E、Install Remote Desktop Connection on the Windows NT 4.0 workstations.

    正确答案:C,F

  • 第17题:

    You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional.  You are planning a security update infrastructure.   You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically.  What should you do? ()

    • A、 Schedule the secedit command to run every night.
    • B、 Schedule the mbsacli.exe command to run every night.
    • C、 Install Microsoft Baseline Security Analyzer (MBSA) on one of the servers. Configure Automatic Updates on all other computers to use that server.
    • D、 Install Software Update Services (SUS) on one of the servers. Configure the SUS server to update every night.

    正确答案:B

  • 第18题:

    You network consists of a single Active Directory domain. All domain controllers run Windows Server 2008. You need to reset the Directory Services Recovery Mode (DSRM) password on a domain controller. What tool should you use()

    • A、dsmod
    • B、ntdsutil
    • C、Local Users and Groups snap-in
    • D、Active Directory Users and Computers snap-in

    正确答案:B

  • 第19题:

    You are the network administrator for TestKing, which employs 1,500 users. The network consists of a single Active Directory domain named All network servers run Windows Server 2003. Most client computers run Windows XP Professional, and the rest run Windows NT 4.0 Workstation. Two terminal servers are available to network users. You install a new application on both terminal servers. Everyone who uses the new application to create data must save the data directly to a folder on the local hard disk. You need to ensure that client disk drives are always available when employees connect to the terminal servers. Which two actions should you perform?() (Each correct answer presents part of the solution. Choose two)

    • A、Create a client connection object with default settings and deploy the object to each terminal server.
    • B、Edit the RDP-Tcp properties by selecting the Connect client drives at logon options.
    • C、Install NetMeeting on all client computers. Configure Remote Desktop Sharing.
    • D、Install the default Windows 2000 Terminal Server Client software on the Windows NT 4.0 workstations.
    • E、Install Remote Desktop Connections on the Windows NT 4.0 workstations.

    正确答案:B,E

  • 第20题:

    多选题
    You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install and configure a single server to run Windows Server Update Services (WSUS). You configure the appropriate Group Policy settings to specify separate WSUS target groups for client and server computers. You need to ensure that computers automatically assign themselves to the correct computer group.  What should you do?()
    A

    In the WSUS console, configure Computer Options so that Use group policy or registry settings on computers is selected.

    B

    In the WSUS console, configure Computer Options so that Use the Move Computers Task in Windows Server Update Services is selected.

    C

    In the WSUS console, create the appropriate computer groups.

    D

    Create organizational units (OUs) for each group.


    正确答案: A,D
    解析: 暂无解析

  • 第21题:

    单选题
    Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create a security update scan procedure for client computers. You need to choose a security tool that supports all the client computers.  Which tool should you choose? ()
    A

     UrlScan Security Tool

    B

     Enterprise Scan Tool (EST)

    C

     Malicious Removal Tool (MRT)

    D

     Microsoft Baseline Security Analyzer (MBSA)


    正确答案: B
    解析: 暂无解析

  • 第22题:

    单选题
    You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. A new low-priority update, Q318138, is released and is synchronized with the Windows Server Update Services (WSUS) server on the network. You decide to approve the update without testing.  After the update is applied to client computers, users report that they can no longer run an accounting application.You need to remove the update from all client computers until you can test the update.  What should you do?()
    A

    Clear the Automatically approve new versions of previously approved updates option on the WSUS server. Resynchronize the server with the Windows Update server.

    B

    Clear the update for approval on the WSUS server. Resynchronize the server with the Windows Update servers.

    C

    Clear the update for approval on the WSUS server. Run the spuninst command from the Systemroot/$NtUninstallQ318138$/spuninst directory on each client computer.

    D

    Clear the Automatically approve new versions of previously approved updates option on the WSUS server. Delete the Systemroot/$NtUninstallQ318138$ directory on each client computer.


    正确答案: C
    解析: 暂无解析

  • 第23题:

    多选题
    You are the network administrator for your company, which employs 1,500 users. The network consists of a single Active Directory domain. All network servers run Windows Server 2003. Most client computers run Windows XP Professional, and the rest run Windows NT 4.0 Workstation.Two terminal servers are available to network users. You install a new application on both terminal servers.Everyone who uses the new application to create data must save the data directly in a folder on the local hard disk.You need to ensure that client disk drives are always available when employees connect to the terminal servers.Which two actions should you perform? ()(Each correct answer presents part of the solution. Choose two.)
    A

    Create a client connection object with default settings and deploy the object to each terminal server.

    B

    Edit the RDP-Tcp properties by selecting the Connect client drives at logon option.

    C

    Install NetMeeting on all client computers. Configure Remote Desktop Sharing.

    D

    Install the default Windows 2000 Terminal Server Client software on the Windows NT 4.0 workstations.

    E

    Install Remote Desktop Connection on the Windows NT 4.0 workstations.


    正确答案: D,E
    解析: 暂无解析

相关内容