单项选择题Your company has a main office and a branch office. The company has a single-domain Active Directory forest. The main office has two domain controllers named DC1 and DC2 that run Windows Server 2008. The branch office has a Windows Server 2008 read-only domain controller (RODC) named DC3. All domain controllers hold the DNS Server role and are configured as Active Directory-integrated zones. The DNS zones only allow secure updates. You need to enable dynamic DNS updates on DC3. What should you do()

A.Run the Ntdsutil.exe > DS Behavior commands on DC3.
B.Run the Dnscmd.exe /ZoneResetType command on DC3.
C.Reinstall Active Directory Domain Services on DC3 as a writable domain controller.
D.Create a custom application directory partition on DC1. Configure the partition to store Active Directory- integrated zones.

点击查看答案

您可能感兴趣的试卷

你可能感兴趣的试题

1.多项选择题All consultants belong to a global group named TempWorkers. You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders. You need to record any failed attempts made by the consultants to access the confidential data. Which two actions should you perform()

A.Create and link a new GPO to the SecureServers organizational unit Configure the Audit privilege use Failure audit policy setting.
B.Create and link a new GPO to the SecureServers organizational unit Configure the Audit object access Failure audit policy setting.
C.Create and link a new GPO to the SecureServers organizational unit Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.
D.On each shared folder on the three file servers, add the three servers to the Auditing tab Configure the Failed Full control setting in the Auditing Entry dialog.
E.On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab Configure the Failed Full control setting in the Auditing Entry dialog box.

点击查看答案
2.单项选择题Your company has a single Active Directory domain named intranet.adatum.com. The domain controllers run Windows Server 2008 and the DNS server role. All computers, including non-domain members, dynamically register their DNS records. You need to configure the intranet.adatum.com zone to allow only domain members to dynamically register DNS records. What should you do()

A.Set dynamic updates to Secure Only.
B.Enable zone transfers to Name Servers.
C.Remove the Authenticated Users group.
D.Deny the Everyone group the Create All Child Objects permission.

点击查看答案
3.多项选择题Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D You create a GPO named Software Deployment and link it to the Production organizational unit. You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit. What are two possible ways to achieve this goal()

A.Configure the Enforce setting on the software deployment GPO.
B.Configure the Block Inheritance setting on the R&D organizational unit.
C.Configure the Block Inheritance setting on the Production organizational unit.
D.Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group.

点击查看答案
4.单项选择题

Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com. The ad. contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standardprimary zone. 
You install a new domain controller named DC2 in the branch office. You install DNS on DC2. You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails. What should you do()

A.Create a new stub zone named ad.contoso.com on DC2.
B.Configure the DNS server on DC2 to forward requests to DC1.
C.Create a new standard secondary zone named ad.contoso.com on DC2.
D.Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.

点击查看答案
5.单项选择题Your company has an Active Directory domain. A user attempts to log on to the domain from a client computer and receives the following message: "This user account has expired Ask your administrator to reactivate the account." You need to ensure that the user is able to log on to the domain. What should you do()

A.Modify the properties of the user account to set the account to never expire.
B.Modify the properties of the user account to extend the Logon Hours setting.
C.Modify the properties of the user account to set the password to never expire.
D.Modify the default domain policy to decrease the account lockout duration.

点击查看答案
6.单项选择题Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees the Allow Read and Allow Execute permissions to shared resources in the main office. The new employees are unable to access shared resources in the main office. You need to ensure that users are able to establish a VPN connection to the main office What should you do()

A.Grant the new employees the Allow Full control permission.
B.Grant the new employees the Allow Access Dial-in permission.
C.Add the new employees to the Remote Desktop Users security group.
D.Add the new employees to the Windows Authorization Access security group.

点击查看答案
7.单项选择题Your company has an Active Directory forest that contains eight linked Group Policy Objects (GPOs). One of these GPOs publishes applications to user objects. A user reports that the application is not available for installation. You need to identify whether the GPO has been applied What should you do()

A.Run the Group Policy Results utility for the user.
B.Run the Group Policy Results utility for the computer.
C.Run the GPRESULT /SCOPE COMPUTER command at the command prompt.
D.Run the GPRESULT /S  /Z command at the command prompt.

点击查看答案
8.单项选择题Your company has an Active Directory forest that contains Windows Server 2008 domain controllers and DNS servers. All client computers run Windows XP. You need to use your client computers to edit domain- based GPOs by using the ADMX files that are stored in the ADMX central store. What should you do()

A.Add your account to the Domain Admins group.
B.Upgrade your client computers to Windows Vista.
C.Install .NET Framework 3.0 on your client computer
D.Create a folder on the Primary Domain Controller (PDC) emulator for the domain in the PolicyDefinitions path. Copy the ADMX files to the PolicyDefinitions folder.

点击查看答案
9.单项选择题Your company has an Active Directory domain. A user attempts to log on to a computer that was turned off for twelve weeks. The administrator receives an error message that authentication has failed. You need to ensure that the user is able to log on to the computer. What should you do()

A.Run the netdom TRUST /reset command.
B.Run the netsh command with the set and machine options.
C.Run the Active Directory Users and Computers console to disable, and then enable the computer account.
D.Reset the computer account. Disjoin the computer from the domain, and then rejoin the computer to the domain.

点击查看答案
10.单项选择题Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain. You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes What should you do()

A.Enable the Audit account management policy in the Default Domain Controller Policy.
B.Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.
C.Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.
D.From the Default Domain Controllers policy, enable the Audit directory service access setting and
E.nable directory service changes.

点击查看答案

最新试题

Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each  forest contains three domains.  A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between  Forest2 and Forest3.     You need to configure the forest to meet the following requirements    Users in Forest3 must be able to access resources in Forest1.  Users in Forest1 must be able to access resources in Forest3.  The number of trusts must be minimized.    What should you do()

题型:单项选择题

You have an enterprise subordinate certification authority (CA) configured for key archival. Three  key recovery agent certificates are issued.  The CA is configured to use two recovery agents.    You need to ensure that all of the recovery agent certificates can be used to recover all new  private keys.    What should you do()

题型:单项选择题

You need to receive an e-mail message whenever a domain user account is locked out.    Which tool should you use()

题型:单项选择题

Your network contains an Active Directory domain named contoso.com. All domain controllers  and member servers run Windows Server 2008. All client computer run Windows 7.  From a client computer, you create an audit policy by using the Advanced Audit Policy  Configuration settings in the Default Domain Policy Group Policy object (GPO).  You discover that the audit policy is not applied to the member servers.    The audit policy is  applied to the client computers.  You need to ensure that the audit policy is applied to all member servers and all client computers.    What should you do()

题型:单项选择题

Your network contains an Active Directory domain that contains five domain controllers. You have  a management computer that runs Windows 7.  From the Windows 7 computer, you need to view all account logon failures that occur in the  domain.    The information must be consolidated on one list.  Which command should you run on each domain controller()

题型:单项选择题

Active Directory Rights Management Services (AD RMS) is deployed on your network.    You need to configure AD RMS to use Kerberos authentication.  Which two actions should you perform()

题型:多项选择题

Your network contains two Active Directory forests named contoso.com and    nwtraders.com. A  two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is  configured to use selective authentication.  Contoso.com contains a server named Server1. Server1 contains a shared folder named  Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share  permission and the Modify NTFS permissions for the Marketing folder are assignes to the  G_Marketing group.  Members of G_Marketing report that they cannot accesss the Marketing folder.  You need to ensure that the G_Marketing members can accesss the folder from the network.    What should you do()

题型:单项选择题

Your network contains an Active Directory domain that has two sites.    You need to identify whether logon scripts are replicated to all domain controllers.    Which folder should you verify()

题型:单项选择题

You need to compact an Active Directory database on a domain controller that runs windows  Server 2008 R2.  What should you do()

题型:单项选择题

What should you do() 

题型:单项选择题