单选题Which menu option must be used to grant a user the authority to add or remove users to one or more Security Groups？（）ASecurity ControlsBDatabase AccessCSet Security ProfileDAuthorize Group Reassignment

第1题：

A System p administrator needs to set the default password length for all users to six characters.  Which of the following files needs to be edited to accomplish this （）

• A、/etc/security/limits
• B、/etc/security/mkuser.sys
• C、/etc/security/priv
• D、/etc/security/user

第2题：

Which statement describes a security zone?（）

• A、A security zone can contain one or more interfaces.
• B、A security zone can contain interfaces in multiple routing instances.
• C、A security zone must contain two or more interfaces.
• D、A security zone must contain bridge groups.

第3题：

You are the network administrator for your company. The network consists of a single Active   Directory forest. The forest consists of 19 Active Directory domains. Fifteen of the domains contain  Windows Server 2003 domain controllers. The functional level of all the domains is Windows 2000 native.  The network also consists of a single Microsoft Exchange 2000 Server organization. You need to create  groups that can be used only to send e-mail messages to user accounts throughout the company. You  want to achieve this goal by using the minimum amount of replication traffic and minimizing the size of the  Active Directory database. You need to create a plan for creating e-mail groups for your company.  What should you do？（）

• A、 Create global distribution groups in each domain. Make the appropriate users from each domain members of the global distribution group in the same domain. Create universal distribution groups. Make the global distribution groups in each domain members of the universal distribution groups.
• B、 Create global security groups in each domain. Make the appropriate users from each domain members of the security group in the same domain. Create universal security groups. Make the global security groups in each domain members of the universal security groups.
• C、 Create universal distribution groups. Make the appropriate users from each domain members of a universal distribution group.
• D、 Create universal security groups. Make the appropriate users from each domain members of a universal security group.

第4题：

You are the network administrator for your company. Your network consists of a single Active   Directory domain. Three security groups named Accountants， Processors， and Management are located in an organizational unit （OU） named Accounting. All of the user accounts that belong to these three  groups are also in the Accounting OU. You create a Group Policy object （GPO） and link it to the  Accounting OU. You configure the GPO to disable the display options under the User Configuration  section of the GPO. You need to achieve the following goals： You need to ensure that the GPO applies to  all user accounts that are members of the Processors group. You need to prevent the GPO fromapplying  to any user account that is a member of the Accountants group. You need to prevent the GPO from  applying to any user account that is a member of the Management group， unless the user account is also  a member of the Processors group. What should you do？（）

• A、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL of the GPO to assign the users who are in both the Accountants and Management security groups the Allow - Read and the Allow - Apply Group Policy permissions.
• B、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Create a new security group named Mixed that contains all the user accounts from the Processors group and the specific user accounts from the Management group to which you want the GPO to apply. Modify the DACL of the GPO to assign the Mixed security group the Allow - Read and the Allow - Apply Group Policy permissions.
• C、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL settings of the GPO to remove the Authenticated Users special group. Modify the DACL settings of the GPO to add the Processors group and assign the Allow - Read and the Allow - Apply Group Policy permissions.
• D、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Allow - Apply Group Policy permissions. Modify the DACL settings of the GPO to assign the Management security group the Deny - Read and the Deny - Apply Group Policy permissions.

第5题：

You are the network administrator for Testking.com. The network consists of a single Active Directory forest that contains three domains. The functional level of the forest is Windows Server 2003. The domain names are testking.com, europe.testking.com, and asia.testking.com. Each domain contains 500 user accounts. TestKing.com is in the process of acquiring several other companies whose networks will be add to the testking.com Windows Server 2003 domain. These acquisitions will entail the addition of several new offices, which will be connected to TestKing's network by means of dedicated 56-Kbps WAN connections. You create a new shared folder named NewProjects on a file server in testking.com. Several users in each existing domain need access to the NewProjects folder. These users are not in the same group in any domain. All users who need access to the NewProjects folder must be able to add, delete, and modify files and folders in the NewProjects folder. Users in the acquired companies also will require access to this folder. You need to create the required Active Directory groups and configure the required permissions for the NewProjects folder. Your solution must minimize ongoing administrative effort as you add new companies to the network. You must also minimize unnecessary traffic across the WAN connections. What should you do?（）

• A、Create a single universal security group. Add all users that require access to the folder to the group. Create a domain local group in the testking.com domain. Add the universal group to the domain local group. Assign permissions to the shared folder by using the domain local group.
• B、Create a global security group in each domain. Add all users that require access to the folder to the global group in their domain. Create a domain local group in testking.com domain. Add the global groups to the domain local group. Assign permissions to the shared folder by using the domain local group.
• C、Create a universal security group in each domain. Add all users that require access to the folder to the group in their domain. Assign permissions to the shared folder by using the universal groups.
• D、Create a global security group in each domain. Add all users that require access to the folder to the group in their domain. Assign permissions to the shared folder by using the global groups.

第6题：

Your company has an Active Directory domain. You install an Enterprise Root certification authority （CA） on a member server named Server1. You need to ensure that only the Security Manager is authorized to revoke certificates that are supplied by Server1. What should you do（）

• A、Remove the Request Certificates permission from the Domain Users group.
• B、Remove the Request Certificated permission from the Authenticated Users group.
• C、Assign the Allow - Manage CA permission toonly  the Security Manager user Account.
• D、Assign the Allow - Issue and Manage Certificates permission to only the Security Manger user account

第7题：

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

The user base of a three-node cluster has increased. In order to add clustered users to all nodes， which of the following steps should be performed？（）  

• A、 On one of the nodes，add the users via C-SPOC ’Add a User to the Cluster’smit menu.
• B、 Use C-SPOC to synchronize the password files between cluster nodes.
• C、 On all of the nodes，add the users to the /etc/passwd and system security files，and then synchronize the cluster.
• D、 On one of the nodes，add the users to the /tec/passwd and system security files，add home directories，and use cron to automate the movement of system security files between nodes.

第14题：

The database users are connecting to the PROD database from different applications， thereby degrading the database performance. The senior database administrator suspects the large number of concurrent connections to be the reason for low performance and asks you to restrict the number concurrent connections per database user to one. Which action would you take to achieve this objective？ （）

• A、set the SESSIONS to 1 in the parameter file
• B、grant SINGLE SESSION privilege to all of the users
• C、set the SESSIONS_PER_USER to 1 in the users’ profile
• D、grant RESTRICTED SESSION privilege to all of the database users
• E、create a role with SINGLE SESSION privilege and assign the role to the users

第15题：

Certkiller .com boosts a main office and 20 branch offices. Configured as a separate site， each branch office has a Read-Only Domain Controller （RODC） server installed.  Users in remote offices complain that they are unable to log on to their accounts.  What should you do to make sure that the cached credentials for user accounts are only stored in their local branch office RODC server（）

• A、Open the RODC computer account security tab and set Allow on the Receive as permission only for the users that are unable to log on to their accounts
• B、Add a password replication policy to the main Domain RODC and add user accounts in the security group
• C、Configure a unique security group for each branch office and add user accounts to the respective security group. Add the security groups to the password replication allowed group on the main RODC server
• D、Configure and add a separate password replication policy on each RODC computer account

第16题：

You manage a domain controller that runs Windows Server 2008 R2 and the DNS Server server role. The DNS server hosts an Active Directory-integrated zone for your domain.You need to provide a user with the ability to manage records in the zone. The user must not be able to modify the DNS server settings. What should you do?（）

• A、Add the user to the DNSUpdateProxy Global security group.
• B、Add the user to the DNSAdmins Domain Local security group.
• C、Grant the user permissions on the zone.
• D、Grant the user permissions on the DNS server.

第17题：

You need to design a security strategy that will ensure that unauthorized users cannot access personnel data. Your solution must comply with security requirements and the company’s new administrative model.What should you do？（）

• A、In the Default Domain Policy Group Policy object （GPO） for the corp.woodgrovebank.com domain， add the LA/HRUsers group to the Restricted Groups list. Add only the HR department user accounts to the Allowed Members list
• B、In the Default Domain Policy Group Policy object （GPO） for the la.corp.woodgrovebank.com domain， add the LA/HRUsers group to the Restricted Groups list. Add only the HR department user accounts to the Allowed Members list
• C、In the Default Domain Policy Group Policy object （GPO） for the corp.woodgrovebank.com domain， add the LA/HRUsers group and the CORP/Backup Operators group to the Restricted Groups list. Add only the HR department user accounts and the administrator user accounts to the Allowed Members list for each group
• D、In the Default Domain Policy Group Policy object （GPO） for the la.corp.woodgrovebank.com domain， add the LA/HRUsers group and the CORP/Backup Operators group to the Restricted Groups list. Add only the HR department user accounts to the Allowed Members list for the LA/HRUsers group. Add only the administrator user accounts to the Allowed Members list for the CORP/Backup Operators group

第18题：

You are the network administrator for TestKing. The network consists of a single Active Directory domain named testking.com. All domain controller run Windows Server 2003. employes three database administrators who administer seven databases servers that run Windows Server 2003. The database administrators occasionally restore a database server after a disaster. To restore a server, database administrators need the rights required to perform the following tasks: 1. Back up files and folders 2. Restore files and folders. 3. Restore the System State data. You need to assign the database administrators the rights that they require to perform the specified tasks. For security reasons, you must not assign the administrators more rights than they require to perform the tasks. What should you do?（）

• A、Add the database administrators' user accounts to the Administrators group on each of the database servers.
• B、Add the database administrators' user accounts to the Power Users group on each of the database servers.
• C、Add the database administrators' user accounts to the Backup Operators group on each of the database servers.
• D、Add the database administrators' user accounts to the Backup Operators group on one of the domain controllers.
• E、Add the database administrators' user accounts to the Server Operators group on one of the domain controllers.

第19题：

第20题：

第21题：

第22题：

第23题：