You discover audit log entries that report attempts to log on to your computer. You need to be notified of all logon attempts that occur on your computer.What should you do?()A.AB.BC.CD.D

第1题：

第2题：

You are the administrator of 10 Windows XP Professional computers for your company. The computers are members of a Windows 2000 domain. Because the computers are used in a public area in the cafeteria, you audit all security events on the computers. A user named Marc reports that he was using one of the Windows XP Professional computers when the computer suddenly shut down with a STOP error. When the computer restarted, Marc attempted to log on by using the same user name and password that he used before. Marc received the following error message: "Your account is configured to prevent you from using this computer. Please try another computer." Marc states that he did not do anything to cause the STOP error to occur. You want to ensure that Marc can use this computer. What should you do?（） 

• A、On the computer, save and clear the security log, set the CrashOnAuditFail setting to 1, and restart the computer. 
• B、On the computer, modify the local audit policy so that system events are not audited, set the CrashOnCtrlScroll setting to 1, and restart the computer. 
• C、In the domain, modify Marc's Logon Workstations list to include the name of the computer.
• D、In the domain, modify Marc's account properties to unlock the account. 

第3题：

You need to design an audit strategy for Southbridge Video. Your solution must meet business requirements.What should you do？（）

• A、Create a new security template that enables the Audit account logon events policy for successful and failed attempts. Create a new GPO， and link it to the domain. Import the new security template into the new GPO
• B、Create a new security template that enables the Audit account logon events policy for successful and failed attempts. Create a new GPO， and link it to the Domain Controllers OU. Import the new security template into the new GPO
• C、Create a new security template that enables the Audit logon events policy for successful and failed attempts. Create a new GPO， and link it to the Domain Controllers OU. Import the new security template into the new GPO
• D、Create a new security template that enables the Audit logon events policy for successful and failed attempts. Create a new GPO， and link it to the domain. Import the new security template into the new GPO

第4题：

Your company has an Active Directory domain. A user attempts to log on to the domain from a client computer and receives the following message： "This user account has expired Ask your administrator to reactivate the account." You need to ensure that the user is able to log on to the domain. What should you do（）

• A、Modify the properties of the user account to set the account to never expire.
• B、Modify the properties of the user account to extend the Logon Hours setting.
• C、Modify the properties of the user account to set the password to never expire.
• D、Modify the default domain policy to decrease the account lockout duration.

第5题：

You have a computer that runs Windows 7. Multiple users log on to your computer. You enable auditing ona folder stored on your computer. You need to ensure that each access to the folder is logged.  What should you do?（）

• A、Start the Problem Steps Recorder.
• B、From Event Viewer， modify the properties of the Security log.
• C、From the local Group Policy， configure the Audit object access setting.
• D、From the local Group Policy， configure the Audit directory service Access setting.

第6题：

You are the network administrator for your company. The network consists of a single Active Directory domain named . All domain controllers run Windows Server 2003, and all client computers run Windows XP Professional. All client computer accounts are stored in the Computer container. A user named Peter reports that he cannot log on to the domain from his computer. Peter receives the logon message shown in the exhibit. Exhibit: Logon Message Your account is configured to prevent you from using this computer. Please try another computer. You need to enable Peter to log on. What should you do?（）

• A、Create an account for Peter's computer in the Computers container.
• B、Grant the Log on locally user right to Peter's user account.
• C、Enable Peter's user account.
• D、Change the properties of Peter's user account so he can log on to any computer.

第7题：

You are the administrator of a SQL Server 2005 computer named SQL1. SQL1 is a member of a Microsoft Active Directory domain. You do not have any rights or privileges to perform domain administration. However， you have been granted membership in the local Administrators group on SQL1. You perform most of the management of SQL1 from your administrative workstation. However， for security reasons， you want to track all attempts for interactive logons and network connections to SQL1. What should you do？（）

• A、Create a Group Policy object （GPO） that is configured for success and failure auditing of the Audit account logon events setting. Ask the domain administrator to link the GPO to the object containing SQL1.
• B、Configure the SQL Server service on SQL1 to audit all successful and failed logon attempts.
• C、Edit the local security policy of SQL1. Then， configure success and failure auditing on the Audit logon events setting.
• D、Run the SQL Server Profiler and use a standard default template.

第8题：

第9题：

第10题：

第11题：

第12题：

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. All domain controllers are configured to audit specific events. You are developing a security monitoring plan for the domain controllers. You must back up the following information. Local logon attemptsDomain logon attemptsSecurity update installation attempts You need to specify the appropriate log files to back up.  Which files should you specify？ （）

• A、 AppEvent.Evt and NTDS.Evt
• B、 NTDS.Evt and SecEvent.Evt
• C、 SecEvent.Evt and SysEvent.Evt
• D、 AppEvent.Evt and SysEvent.Evt

第13题：

You discover audit log entries that report attempts to log on to your computer. You need to be notified of all logon attempts that occur on your computer.  What should you do？（）

• A、Enable the Problem Reporting feature for all users.
• B、Configure a custom view to monitor failed logon events on your computer.
• C、Use the Computer Management console to connect to your computer from another computer and monitor the audit logs.
• D、In the Event Viewer window， attach a task to a failed logon event. Configure this task to send an e-mail message to your e-mail account.

第14题：

You need to design a method to log changes that are made to servers and domain controllers. You also need to track when administrators modify local security account manager objects on servers. What should you do？（）

• A、Enable failure audit for privilege user and object access on all servers and domain controllers
• B、Enable success audit for policy change and account management on all servers and domain controllers
• C、Enable success audit for process tracking and logon events on all servers and domain controllers
• D、Enable failure audit for system events and directory service access on all servers and domain controllers

第15题：

Your network consists of a single Active Directory domain that contains two domain controllers. Both domain controllers run Windows Server 2003 Service Pack 2 (SP2). Auditing of successful account logon events is enabled on all computers in the domain. You need to identify the last time a specific user logged on to the domain. What should you do? （）

• A、Examine the System Event Log on the user’s computer.
• B、Examine the System Event Log on both domain controllers.
• C、Examine the Security Event Log on both domain controllers.
• D、Examine the Application Event Log on the user’s computer.

第16题：

You need to identify all failed logon attempts on the domain controllers.     What should you do（）

• A、Run Event Viewer.
• B、View the Netlogon.log file.
• C、Run the Security Configuration Wizard.
• D、View the Security tab on the domain controller computer object.

第17题：

A Windows Communication Foundation (WCF) service is required to log all authorization attempts to the Windows Event Log. You need to configure a behavior and apply it to the service to support this requirement. Which behavior should you configure and apply?（）

• A、service Authentication Manager
• B、service Authorization
• C、service Credentials
• D、service Security Audit

第18题：

Your network consists of a single Active Directory domain. You have a member server named Server1 that runs Windows Server 2003 Service Pack 2 （SP2）.You need to record all attempts by domain users and local users to log on to Server1. What should you do？（）

• A、In the Default Domain Controller Policy， enable success and failure for the Audit logon events policy setting.
• B、In the Default Domain Controller Policy， enable success and failure for the Audit account logon events policy setting.
• C、In the Local Security Policy on Server1， enable success and failure for the Audit logon events policy.
• D、In the Local Security Policy on Server1， enable success and failure for the Audit account logon events policy setting.

第19题：

第20题：

第21题：

第22题：