You are the network administrator for your company. The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional.
The company has legacy applications that run on UNIX servers. The legacy applications use the LDAP protocol to query Active Directory for employee information.
The domain controllers are currently configured with the default security settings. You need to configure enhanced security for the domain controllers. In particular, you want to configure stronger password settings, audit settings, and lockout settings. You want to minimize interference with the proper functioning of the legacy applications.
You decide to use the predefined security templates. You need to choose the appropriate predefined security template to apply to the domain controllers.
What should you do?()
A. Apply the Setup security.inf template to the domain controllers.
B. Apply the DC security.inf template to the domain controllers.
C. Apply the Securedc.inf template to the domain controllers.
D. Apply the Rootsec.inf template to the domain controllers.
您可能感兴趣的试卷
你可能感兴趣的试题
You are the network administrator for your company. The network consists of a single Active Directory domain. The company’s written security policy requires that computers in a file server role must have a minimum file size for event log settings. In the past, logged events were lost because the size of the event log files was too small. You want to ensure that the event log files are large enough to hold history. You also want the security event log to be cleared manually to ensure that no security information is lost. The application log must clear events as needed.
You create a security template named Fileserver.inf to meet the requirements. You need to test each file server and take the appropriate corrective action if needed. You audit a file server by using Fileserver.inf and receive the results shown in the exhibit. (Click the Exhibit button.)
You want to make only the changes that are required to meet the requirements.
Which two actions should you take? ()
A. Correct the Maximum application log size setting on the file server.
B. Correct the Maximum security log size setting on the file server.
C. Correct the Maximum system log size setting on the file server.
D. Correct the Retention method for application log setting on the file server.
E. Correct the Retention method for security log setting on the file server.
F. Correct the Retention method for system log setting for the file server.
You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains an organizational unit (OU) named Servers that contains all of the company’s Windows Server 2003 resource servers. The domain also contains an OU named Workstations that contains all of the company’s Windows XP Professional client computers.
You configure a baseline security template for resource servers named Server.inf and a baseline security template for client computers named Workstation.inf. The Server.inf template contains hundreds of settings, including file and registry permission settings that have inheritance propagation enabled. The Workstation.inf template contains 20 security settings, none of which contain file or registry permissions settings.
The resource servers operate at near capacity during business hours.
You need to apply the baseline security templates so that the settings will be periodically enforced. You need to accomplish this task by using the minimum amount of administrative effort and while minimizing the performance impact on the resource servers.
What should you do? ()
A. Create a Group Policy object (GPO) and link it to the domain. Import both the Server.inf and the Workstation.inf templates into the GPO.
B. Import both the Server.inf and the Workstation.inf templates into the Default Domain Policy Group Policy object (GPO).
C. On each resource server, create a weekly scheduled task to apply the Server.inf settings during off-peak hours by using the secedit command. Create a Group Policy object (GPO) and link it to the Workstations OU. Import the Workstation.inf template into the GPO.
D. On each resource server, create a weekly scheduled task to apply the Server.inf settings during off-peak hours by using the secedit command. Import the Workstation.inf template into the Default Domain Policy Group Policy object (GPO).
You are a network administrator for your company. The network consists of a single Active Directory domain. The network contains 80 Web servers that run Windows 2000 Server. The IIS Lockdown Wizard is run on all Web servers as they are deployed.
Your company is planning to upgrade its Web servers to Windows Server 2003. You move all Web servers into an organizational unit (OU) named Web Servers.
You are planning a baseline security configuration for the Web servers. The company’s written security policy states that all unnecessary services must be disabled on servers. Testing shows that the server upgrade process leaves the following unnecessary services enabled:
Your plan for the baseline security configuration for Web servers must comply with the written security policy. You need to ensure that unnecessary services are always disabled on the Web servers.
What should you do? ()
A. Create a Group Policy object (GPO) to apply a logon script that disables the unnecessary services. Link the GPO to the Web Servers OU.
B. Create a Group Policy object (GPO) and import the Hisecws.inf security template. Link the GPO to the Web Servers OU.
C. Create a Group Policy object (GPO) to set the startup type of the unnecessary services to Disabled. Link the GPO to the Web Servers OU.
D. Create a Group Policy object (GPO) to apply a startup script to stop the unnecessary services. Link the GPO to the Web Servers OU.
You are a network administrator for Alpine Ski House. The network consists of a single Active Directory domain. The network contains 50 Windows Server 2003 computers and 200 Windows XP Professional computers. Alpine Ski House does not use wireless networking. The network at Alpine Ski House is shown in the exhibit. (Click the Exhibit button.) Alpine Ski House enters into a strategic partnership with Adventure Works. Under the strategic partnership, Adventure Works will regularly send employees to Alpine Ski House. Your design team interviews Adventure Works administrators and discovers the following. Adventure Works employees require access to the Internet to retrieve e-mail messages and to browse the Internet. Adventure Works employees do not need access to the internal network at Alpine Ski House. Adventure Works employees all have portable computers that run Windows XP Professional, and they use a wireless network in their home office. The wireless network client computers of Adventure Works employees must be protected from Internet-based attacks.Adventure Works sends you a wireless access point that its employees will use to access the Internet through your network. You are not allowed to change the configuration of the wireless access point because any change will require changes to all of the wireless client computers. You need to develop a plan that will meet the requirements of Adventure Works employees and the security requirements of Alpine Ski House.
Your solution must be secure and must minimize administrative effort.
What should you do? ()
A. Install the wireless access point on a separate subnet inside the Alpine Ski House network. Configure a router to allow only HTTP, IMAP4, and SMTP traffic out of the wireless network.
B. Install the wireless access point on a separate subnet inside the Alpine Ski House network. Configure a VPN from the wireless network to the Adventure Works office network.
C. Install the wireless access point on the Alpine Ski House perimeter network. Configure Firewall1 to allow wireless network traffic to and from the Internet. Configure Firewall2 to not allow wireless traffic into the Alpine Ski House network.
D. Install the wireless access point outside Firewall1 at Alpine Ski House. Obtain IP addresses from your ISP to support all wireless users.
Your company has an Active Directory directory service domain. All servers run Windows Server 2003. All domain controllers are configured to audit specific events. You are developing a security monitoring plan for the domain controllers. You must back up the following information. Local logon attemptsDomain logon attemptsSecurity update installation attempts You need to specify the appropriate log files to back up.
Which files should you specify? ()
A. AppEvent.Evt and NTDS.Evt
B. NTDS.Evt and SecEvent.Evt
C. SecEvent.Evt and SysEvent.Evt
D. AppEvent.Evt and SysEvent.Evt
Your company has 250 client computers connected to the office LAN. The company has a pool of five public IP addresses. All client computers have dynamically assigned IP addresses. You need to provide all client computers with Internet access.
What should you use?()
A. DHCP Relay Agent
B. Routing Information Protocol (RIP)
C. Internet Group Management Protocol (IGMP)
D. Network Address Translation (NAT)/Basic Firewall
All servers in your environment run Windows Server 2003. Your companys network includes multiple network segments and multiple routers. A member server that has the Routing and Remote Access service (RRAS) installed provides Internet connectivity for all client computers. The RRAS server is located in a perimeter network (also known as DMZ). A client computer named Client1 is unable to connect to the Internet. The RRAS server is able to connect to the Internet. You need to pinpoint the location of the network issue.
What should you do?()
A. Use the nbtstat command-line tool on Client1.
B. Use the pathping command-line tool on Client1.
C. Run the nbtstat -r command on the RRAS server.
D. Run the ping -a Client1 command on the RRAS server.
All servers and client computers in your company are configured to use WINS for name resolution. The internal network is separated from a perimeter network (also known as DMZ) by a third-party firewall. Firewall rules do not allow name resolution between the internal network and the perimeter network. You move a Windows Server 2003 server named Server1 to the perimeter network. You need to ensure that all computers on the internal network can connect to Server1 by name.
What should you do?()
A. Create an LMHOSTS file on Server1.
B. Create a static WINS entry for Server1.
C. Configure Server1 to use Broadcast (B-node) mode.
D. Configure Server1 to use Peer-to-Peer (P-node) mode.
Your company has an Active Directory directory service domain. The domain functional level is Windows Server 2003. The company has a main office with two domain controllers (DCs). Users log on to client computers by using user principal names (UPNs). You plan to set up a new branch office with one domain controller. You need to ensure that when the branch office domain controllers connection to the main office is unavailable, users in the branch office can log on to the domain.
What should you do?()
A. Add a new domain controller in the branch office.
B. Configure the branch office domain controller as a global catalog server.
C. Transfer the RID Master role to the branch office domain controller.
D. Transfer the Infrastructure Master role to the branch office domain controller.
You are a network administrator for Alpine Ski House. The network consists of a single Active Directory domain. The domain name is alpineskihouse.com. The network contains three Windows Server 2003 domain controllers. You are creating the recovery plan for the company. According to the existing backup plan, domain controllers are backed up by using normal backups each night. The normal backups of the domain controllers include the system state of each domain controller. Your recovery plan must incorporate the following organizational requirements. Active Directory objects that are accidentally or maliciously deleted must be recoverable. Active Directory must be restored to its most recent state as quickly as possible. Active Directory database replication must be minimized.You need to create a plan to restore a deleted organizational unit (OU).
Which two actions should you include in your plan?()
A. Restart a domain controller in Directory Services Restore Mode.
B. Restart a domain controller in Safe Mode.
C. Use the Ntdsutil utility to perform an authoritative restore operation of the Active Directory database.
D. Restore the system state by using the Always replace the file on my computer option.
E. Use the Ntdsutil utility to perform an authoritative restore operation of the appropriate subtree.
最新试题
You are the systems engineer for your company. The network consists of three physical networks connected by hardware-based routers. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Each physical network contains at least one domain controller and at least one DNS server. One physical network contains a Microsoft Internet Security and Acceleration (ISA) Server array that provides Internet access for the entire company. The network also contains a certificate server. Company management wants to ensure that all data is encrypted on the network and that all computers transmitting data on the network are authenticated. You decide to implement IPSec on all computers on the network. You edit the Default Domain Policy Group Policy object (GPO) to apply the Secure Server (Require Security) IPSec policy. Users immediately report that they cannot access resources located in remote networks. You investigate and discover that all packets are being dropped by the routers. You also discover that Active Directory replication is not functioning between domain controllers in different networks. You need to revise your design and implementation to allow computers to communicate across the entire network. You also need to ensure that the authentication keys are stored encrypted. Which two actions should you take?()
You are a network administrator for your company. The network consists of a single Active Directory domain and contains 10 Windows Server 2003 computers. You install a new service on a server named Server1. The new service requires that you restart Server1. When you attempt to restart Server1, the logon screen does not appear. You turn off and then turn on the power for Server1. The logon screen does not appear. You attempt to recover the failed server by using the Last Known Good Configuration startup option. It is unsuccessful. You attempt to recover Server1 by using the Safe Mode startup options. All Safe Mode options are unsuccessful. You restore Server1. Server1 restarts successfully. You discover that Server1 failed because the new service is not compatible with a security patch. You want to configure all servers so that you can recover from this type of failure by using the minimum amount of time and by minimizing data loss. You need to ensure that in the future, other services that fail do not result in the same type of failure. What should you do? ()
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains an application server running Windows Server 2003. Users report intermittent slow performance when they access the application server throughout the day. You find out that the network interface on the application server is being heavily used during the periods of slow performance. You suspect that a single computer is causing the problem.You need to create a plan to identify the problem computer. What should you do?()
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains a Windows Server 2003 computer named Server1 that is located in an organizational unit (OU) named Servers. Server1 contains confidential data, and all network communications with Server1 must be encrypted by using IPSec. The default Client (Respond Only) IPSec policy is enabled in the Default Domain Policy Group Policy object (GPO). You create a new GPO and link it to the Servers OU. You configure the new GPO by creating and enabling a custom IPSec policy. You monitor and discover that network communications with Server1 are not being encrypted. You need to view all IPSec policies that are being applied to Server1. What should you do? ()
You are the systems engineer for Contoso, Ltd. The internal network consists of a Windows NT 4.0 domain. The company maintains a separate network that contains publicly accessible Web and mail servers. These Web and mail servers are members of a DNS domain named contoso.com. The contoso.com zone is hosted by a UNIX-based DNS server running BIND 4.8.1. Contoso, Ltd., is planning to migrate to a Windows Server 2003 Active Directory domain-based network. The migration plan states that all client computers will be upgraded to Windows XP Professional and that all servers will be replaced with new computers running Windows Server 2003. The migration plan specifies the following requirements for DNS in the new environment:• Active Directory data must not be accessible from the Internet.• The DNS namespace must be contiguous to minimize confusion for users and administrators. • Users must be able to connect to resources in the contoso.com domain.• Users must be able to connect to resources located on the Internet. • The existing UNIX-based DNS server will continue to host the contoso.com domain. • The existing UNIX-based DNS server cannot be upgraded or replaced.You plan to install a Windows Server 2003 DNS server on the internal network. You need to configure this Windows-based DNS server to meet the requirements specified in the migration plan. What should you do? ()
You are the network administrator for your company. The network contains an application server running Windows Server 2003. Users report that the application server intermittently responds slowly. When the application server is responding slowly, requests that normally take 1 second to complete take more than 30 seconds to complete. You suspect that the slow server response is because of high broadcast traffic on the network. You need to plan how to monitor the application server and to have a message generated when broadcast traffic is high. You also want to minimize the creation of false alarms when nonbroadcast traffic is high. What should you do? ()
You are a network administrator for your company. The network consists of a single Active Directory domain. All domain controllers and member servers run Windows Server 2003, Enterprise Edition. All client computers run Windows XP Professional. The company has one main office and one branch office. The two offices are connected by a T1 WAN connection. There is a hardware router at each end of the connection. The main office contains 10,000 client computers, and the branch office contains 5,000 client computers. You need to use DHCP to provide IP addresses to the Windows XP Professional computers in both offices. You need to minimize network configuration traffic on the WAN connection. Your solution needs to prevent any component involved in the DHCP architecture from becoming a single point of failure. What should you do? ()
You are a network adminstrator for your company. You install an intranet application on three Windows Server 2003 computers. You configure the servers as a Network Load Balancing cluster. You configure each server with two network adapters. One network adapter provides client computers access to the servers. The second network adapter is for cluster communications. Cluster communications is on a separate network segment. The network team wants to reduce the cluster’s vulnerability to attack. These servers need to be highly available. The network team decides that the Network Load Balancing cluster needs to filter IP ports. The team wants the cluster to allow only the ports that are required for the intranet application. You need to implement filtering so that only the intranet application ports are available on the cluster. You need to achieve this goal by using the minimum amount of administrative effort. What should you do? ()
You are the senior systems engineer for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Client Extensions software installed. All other client computers run Windows XP Professional. All servers are located in an organizational unit (OU) named Servers. All client computers are located in an OU named Desktops. Four servers contain confidential company information that is used by users in either the finance department or the research department. Users in the sales department also store files and applications on these servers. The company’s written security policy states that for auditing purposes, all network connections to these resources must require authentication at the protocol level. The written security policy also states that all network connections to these resources must be encrypted. The company budget does not allow for the purchase of any new hardware or software. The applications and data located on these servers may not be moved to any other server in the network. You define and assign the appropriate permissions to ensure that only authorized users can access the resources on the servers. You now need to ensure that all connections made to these servers by the users in the finance department and in the research department meet the security guidelines stated by the written security policy. You also need to ensure that all users in the sales department can continue to access their resources. Which two actions should you take?()
You are a network administrator for Alpine Ski House. The internal network has an Active Directory-integrated zone for the alpineskihouse.org domain. Computers on the internal network use the Active Directory-integrated DNS service for all host name resolution. The Alpine Ski House Web site and DNS server are hosted at a local ISP. The public Web site for Alpine Ski House is accessed at www.alpineskihouse.com. The DNS server at the ISP hosts the alpineskihouse.com domain. To improve support for the Web site, your company wants to move the Web site and DNS service from the ISP to the company’s perimeter network. The DNS server on the perimeter network must contain only the host (A) resource records for computers on the perimeter network. You install a Windows Server 2003 computer on the perimeter network to host the DNS service for the alpineskihouse.com domain. You need to ensure that the computers on the internal network can properly resolve host names for all internal resources, all perimeter resources, and all Internet resources. Which two actions should you take? ()