You are the network administrator for The network consists of a single Active Directory domain named . For security reasons,management decides that a particular user must not be able to log on to the domain
after 5:00 P.M. If the user is logged on to the domain at 5:00 P.M., he must be logged off automatically.
You configure the Logon Hours setting for the appropriate user account. Thatnight, you verify that the user cannot log on to the domain after 5:00 P.M. The nextday, you notice that the user is still accessing domain resources at 6:00 P.M. Youverify that the time on the user's computer and on the domain controller arecorrect.
You need to ensure that the user is logged off automatically if he is still working onthe domain after 5:00 P.M.
What should you do?()
A. In Active Directory Users and Computers, on the Sessions tab, configure the End Session setting for the user account. Instruct the user to log off from the domain and log on again.
B. Modify the Default Domain Policy GPO to enforce logoff when logon hours expire. Ensure that the user's computer has the latest Group Policy settings applied.
C. Remove the user's domain account from the local Administrators group on the user's client computer. Instruct the user to log off from the domain and log on again.
D. Use Computer Management on the domain controller. Restart the Net Logon service.
您可能感兴趣的试卷
你可能感兴趣的试题
You are the administrator of a Windows 2003 domain The domain contains 20 Windows 2000 Professional computers and two Windows 2003 Server computers.
For the domain, you want to set an account policy that locks any user's account after three consecutive failed logon attempts. You also want to ensure that only administrators will be able to unlock the account.
Which two actions should you take?() (Each correct answer presents part of the solution. Choose two)
A. Set the Account lockout duration value to 0.
B. Set the Account lockout duration value to 3.
C. Set the Account lockout threshold value to 0.
D. Set the Account lockout threshold value to 3.
E. Set the Reset account lockout counter after value to 0.
F. Set the Reset account lockout counter after value to 3.
You are the network administrator for Your network consists of a single Active Directory domain named All network servers run Windows Server 2003, and all client computers run Windows XP Professional.
TestKing has 16 different office locations. Each office is a separate Active Directory site. You work in the main office.
A user named Anne works in a branch office. Every morning for one week, Anne reports that her user account is locked out. Each time, you are obliged to unlock her account. You suspect that Anne's account is being misused or attacked outside of regular business hours.
You need to investigate the cause of the account lockout.
Where should you search for security events?()
A. Only in the event log of a domain controller in your site.
B. Only in the event logs of the domain controllers in Anne's site.
C. In the event logs of all domain controllers in all sites.
D. Only in the event log of Anne's computer.
You are the administrator of an Active Directory domain named A user reports that he forgot his password and cannot log on to the domain. You discover that yesterday morning the user reset his password and successfully logged on to the domain.
You need to enable the user to log on to the domain.
What should you do? ()(Choose two)
A. Use Active Directory Users and Computers to move the account to the default organizational unit (OU) named Users. Instruct the user to restart his computer.
B. Use Active Directory Users and Computers to open the account properties for the user's user account. Clear the Account is locked out check box, and select the User must change password at next logon check box.
C. Use Active Directory Users and Computers to reset the user's password. Give the user the new password.
D. Use Computer Management to reset the password for the local Administrator account.
You are the network administrator for .Your network consists of a single Active Directory domain named . The Default Domain Group Policy object (GPO) uses all default settings.
The network contains five servers running Windows Server 2003 and 800 client computers. Half of the client computers are portable computers. The other half are desktop computers. Users of portable computers often work offline, but users of desktop computers do not.
You install Windows XP Professional on all client computers with default settings.
Then you configure user profiles and store them on the network.
Some users of portable computers now report that they cannot log on to their computers. Other users of portable computers do not experience this problem.
You need to ensure that all users of portable computers can log on successfully,whether they are working online or offline.
What should you do?()
A. Configure all portable computers to cache user credentials locally.
B. Ensure that all users of portable computers log on to the network at least once before working offline.
C. In all portable computers, rename Ntuser.dat to Ntuser.man.
D. For all portable computers, configure the Loopback policy setting.
You are the network administrator for . The network consists of single Active directory domain.
The domain contains a Windows Server 2003 domain controller named TestKing3.
The securews.inf security policy has been applied to the domain. A network application requires a service account. The network application runs constantly.
You create and configure a service account named SrvAcct for the network application. The software functions properly using the new account and service.
You discover an ongoing brute force attack against the SrvAcct account. The intruder appears to be attempting a distributed attack from several Windows XP Professional domain member computers on the LAN. The account has not been compromised and you are able to stop the attack, you restart Server6 and attempt
to run the network application, but the application does not respond.()
A. Reset the SrvAcct password,
B. Configure the default Domain Controllers policy to assign the SrvAcct account the right to log on locally.
C. Unlock the SrvAcct account.
D. Restart the NetAppService service.
You are the domain administrator for . Active Directory domain. All client computers run Windows XP Professional.
A user reports that she attempted to log on six times unsuccessfully. She reports that she logged on successfully yesterday. You discover that the user reset her password three days ago to comply with a new security policy that requires strong passwords.
The account policies that are applied in the Domain Security Group Policy object (GPO) as shown in the following table.
You need to ensure that the user can log on to the domain.
What should you do?()
A. Reset the password for the computer account.
B. Unlock the user account.
C. In the user account properties, select the Password never expires check box for the user account.
D. In the user account properties, select the User must change password on next logon check box for the user account.
You are the network administrator for . Your network consists of a single Active Directory domain named . All network servers run Windows Server 2003, and all client computers run Windows XP Professional.
You install a new file and print server named File1. You configure standard company policies and other local options. You use third-party software to create and save an image of the server. Then you join File1 to the domain.
Six weeks later, you reapply the saved image to File1 and restart the server. You try to log on to the domain by using domain credentials. However, you are unsuccessful.
You need to log on to File1 and re-establish its domain membership. Your solution must require the minimum amount of administrative effort.
Which two actions should you perform? ()(Each correct answer presents part of the solution. Choose two)
A. Reset the computer account for File1 in Active Directory Users and Computers.
B. Reset the password for Administrator account by logging on locally to File1 as a member of the local Power Users group.
C. Reinstall and reconfigure File1.
D. Join File1 to the domain.
E. Remove File1 from the domain.
You are the network administrator for . Your network consists of asingle Active Directory domain. All network servers run Windows Server 2003.
TestKing has offices in Chicago, New York and Los Angeles. Each office has one domain controller. Each office also has its own organization unit (OU), which contains all user accounts and computer accounts in that office.
The Chicago OU is accidentally deleted from Active Directory. You perform an authoritative restoration of that OU.
Some users in Chicago now report that they receive the following error message when they try to log on to the domain.
"The session setup from the computer DOMAINMEMBER failed to authenticate.
The name of the account referenced is the security database in DOMAINMEMBER$. The following error occurred: Access is denied".
How should you solve this problem?()
A. Reset the computer accounts of the computers that receive the error message. Instruct the affected users to restart their computers.
B. Perform a nonauthoritative restoration of Active Directory. Force directory replication on all domain controllers.
C. Restart the Kerberos Key Distribution Center service on each domain controller.
D. Run Nltest.exe on the computers that receive the error message. Restart the Net Logon service on the domain controller on Chicago.
You are the network administrator for . All network servers run Windows server 20003, and all client computers run Windows XP Professional.
A user named King manages an application server named Server25. One morning,
King tries to log on to the network from Server 25. He receives the message shown in the Logon message exhibit.
King notifies you of the problem. You open Active Directory Users and Computers and see the display shown in the Active Directory exhibit.
You need to enable King to log on to Server 25. Your solution must require the minimum amount of administrative effort.
What should you do?()
A. Enable the computer account for Server 25
B. Reset the computer account for Server 25.
C. Remove Server 25 from the domain, and then rejoin Server25 to the domain.
D. Delete the computer account for Server25, and then create a new account with the same name.
You are the network administrator for . The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003, and all client computers run Windows XP Professional.
TestKing acquires a subsidiary. You receive a comma delimited file that contains the names of all user accounts at the subsidiary.
You need to import these accounts into your domain.
Which command should you use?()
A. ldifde
B. csvde
C. ntdsutil with the authoritative restore option
D. dsadd user
最新试题
You are the administrator of a Windows Server 2003 computer named Testking1.Backups of the System State data of Testking1 occur each day by using the localAdministrator account.A new requirement restricts you from running services by using theAdministrator account. To meet the requirement, you create a new service accountnamed BackupTestking1 to be used for backups. You want this account to have theminimum permissions necessary to perform backups.You need to grant the appropriate permissions to the BackupTestking1 account andto configure the backup job to use the BackupTestking1 account.What should you do?()
You are the network administrator for The network consists of asingle Active Directory domain named All network servers runWindows Server 2003, and all client computers run Windows XP Professional.You use the Backup utility to schedule a full backup of TESTKINGDC1 everynight. You ensure that the Active Directory configuration is also backed up.One week later, TESTKINGDC1 stops accepting logon requests. On investigation,you discover that the Active Directory configuration is corrupt.You need to restore TESTKINGDC1 as a functioning domain controller.Which two actions should you perform? ()(Each correct answer presents part of thesolution. Choose two)
You are the network administrator for The network consists of asingle Active Directory domain named All network servers runWindows Server 2003.Confidential files are stored on a member server named TK1. The computer objectfor TK1 resides in an organizational unit (OU) named Confidential. A Group Policyobject (GPO) named GPO1 is linked to the Confidential OU.To audit access to the confidential files, you enable auditing on all private folders onTK1.Several days later, you review the audit logs. You discover that auditing is notsuccessful.You need to ensure that auditing occurs successfully.What should you do?()
You are the network administrator for The network consists of a single Active Directory domain named All network servers run Windows Server 2003, and all client computers run Windows XP Professional.You are required to implement a backup strategy for all five servers on the network. You use the Backup Utility to schedule nightly backup jobs. You create a domain user account named BackupSvc, and add it to the local Backup Operators group on all file servers. The scheduled backup jobs will use BackupSvc to log on to the network Nightly backups occur successfully for six weeks. Then, nightly backups fail on all servers. When you examine the event log of one server, you discover that thepassword for BackupSvc is expired. You reset the password and select the Password never expires option for BackupSvc.The next day, you discover that the previous night's backup failed on all file servers.You need to ensure that the next night's backup is successful.Which two actions should you perform? (Each correct answer presents part of thesolution.() Choose two)
You are the network administrator for TestKing. Your network consists of a singleActive Directory domain. You manage a Terminal Server farm that includes fiveterminal servers and a Terminal Services Licensing server named testking9. Allservers run Windows 2000 Server. There are 2,500 users who log on to the terminalservers to access a custom human resource (HR) application.You install Windows Server 2003 on a new server named testking10. Testking10 isconfigured with all default settings enabled. You install Terminal Services and theHR application on testking10. You instruct some users to access the HR applicationon testking10.Four months later, users report that they can no longer establish Terminal Servicessessions to testking10. You verify that users can connect to the other terminalservers in your Terminal Server farm.You need to ensure that users can run the HR application on all terminal servers onthe network.What should you do?()
You are the network administrator in the New York office of TestKing.The company network consists of a single Active Directory domain The New York office currently contains one Windows Server 2003 file server named TestKingA.All file servers in the New York office are in an organizational unit (OU) namedNew York Servers. You have been assigned the Allow - Change permission for aGroup Policy object (GPO) named NYServersGPO, which is linked to the NewYork Servers OU.The written company security policy states that all new servers must be configuredwith specified predefined security settings when the servers join the domain. Thesesettings differ slightly for the various company offices.You plan to install Windows Sever 2003, on 15 new computers, which all functionsas file servers. You will need to configure the specified security settings on the newfile servers.TestKingA currently has the specified security settings configured in its localsecurity policy. You need to ensure that the security configuration of the new fileservers is identical to that of TestKingA. You export a copy of TestKingA's localsecurity policy settings to a template file.You need to configure the security settings of the new servers, and you want to usethe minimum amount of administrative effort.What should you do?()
You are the network administrator for TestKing. The network consists of a singleActive Directory domain. All servers run Windows Server 2003.The domain contains two domain controllers named Testking1 and Testking2. Youuse a Windows XP Professional client computer named Client1.In Active Directory, the domain administrator creates two new user accountsnamed NetAdmin1 and AdminUser1. The NetAdmin1 account is a member of theDomain Admins global group. The AdminUser1 account is a member of only theUsers local group. You assign the AdminUser1 logon account the Allow log onlocally user right in the Default Domain Controller Group Policy object (GPO).A new written security policy states that user accounts that are member of theDomain Admins global group should not be used to log on to the console of adomain controller. It also states that administrative tasks should be performed byusing the Secondary Logon service.You need to create a new computer account in Active Directory, and you mustcomply with the new company security policy.What should you do?()
You are the network administrator for TestKing. The network contains a WindowsServer 2003 computer named testking1, which hosts a critical business applicationnamed Salesapp. Testking1 has one disk that contains a single NTFS volume.Five days ago, the System State of testking1 was backed up, and an AutomatedSystem Recovery (ASR) backup was created. No additional backups wereperformed. Subsequently, many changes were made to the Salesapp data files.You apply an update to the application, which requires you to restart testking1.Windows startup terminates with a Stop error. You restart the computer and bootto a floppy disk. A utility on this disk gives you read-only access to the NTFS filesystem. You discover that one of the .dll files for the Salesapp application iscorrupted. The corrupted file is stored in the C.\Windows\System32 folder.You need to restore the corrupted file. You need to avoid losing any changes madeto the data files on testking1.What should you do onTestKing1?()
You are the network administrator for TestKing. The network consists of a singleActive Directory domain. All network servers run Windows Server 2003.A member server named TestkingA has a locally attached tape device. TestkingAcontains several folders and files that are encrypted by using Encrypting FileSystem (EFS).You create a new user account for a new employee named Victoria. Victoria's useraccount is member of the Users group only.You need to ensure that Victoria can back up the encrypted folders and files onTestkingA. Victoria must be assigned the minimum administrative privilegesneeded to complete this task.What should you do?()
You are the network administrator for The network consists of asingle DNS domain named.You replace a UNIX server with a Windows Server 2003 computer namedTestKing1.TestKing1 is the DNS server and start authority (SOA) for testking.com. A UNIXserver named TestKing2 is the mail server for testking.com.You receive reports that Internet users cannot send e-mail to the testking.comdomain. The host addresses are shown in the following window.You need to ensure that Internet users can send e-mail to the testking.com domain.What should you do?()