单项选择题

As the Certkiller administrator you had installed a read-only domain controller (RODC) server at remote location. 
The remote location doesn’t provide enough physical security for the server. 
What should you do to allow administrative accounts to replicate authentication information to Read-Only Domain Controllers()

A.Remove any administrative accounts from RODC’s group
B.Add administrative accounts to the domain Allowed RODC Password Replication group
C.Set the Deny on Receive as permission for administrative accounts on the RODC computer account security tab for the Group Policy Object (GPO)
D.Configure a new Group Policy Object (GPO) with the Account Lockout settings enabled. Link the GPO to the remote location. Activate the Read Allow and the Apply group policy Allow permissions for the administrators on the Security tab for the GPO.
E.None of the above

点击查看答案

您可能感兴趣的试卷

你可能感兴趣的试题

1.单项选择题Your company has an Active Directory forest. Each branch office has an organizational unit and a child organizational unit named Sales. The Sales organizational unit contains all users and computers of the sales department. You need to install an Office 2007 application only on the computers in the Sales organizational unit. You create a GPO named SalesApp GPO. What should you do next()

A.Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the domain.
B.Configure the GPO to assign the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
C.Configure the GPO to publish the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
D.Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the Sales organizational unit in each location.

点击查看答案
2.单项选择题Your network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008. You need to create multiple password policies for users in your domain. What should you do()

A.From the Schema snap-in, create multiple class schema objects.
B.From the ADSI Edit snap-in, create multiple Password Setting objects.
C.From the Security Configuration Wizard, create multiple security policies.
D.From the Group Policy Management snap-in, create multiple Group Policy objects.

点击查看答案
3.单项选择题Your company has a domain controller that runs Windows Server 2008. The server is a backup server. The server has a single 500-GB hard disk that has three partitions for the operating system, applications, and data. You perform daily backups of the server. The hard disk fails. You replace the hard disk with a new hard disk of the same capacity. You restart the computer on the installation media. You select the Repair your computer option. You need to restore the operating system and all files. What should you do()

A.Select the Startup repair option.
B.Select the System restore option.
C.Run the Rollback utility at the command prompt.
D.Run the Wbadmin utility at the command prompt.

点击查看答案
4.单项选择题You need to identify all failed logon attempts on the domain controllers. What should you do()

A.Run Event Viewer.
B.View the Netlogon.log file.
C.Run the Security and Configuration Wizard.
D.View the Security tab on the domain controller computer object.

点击查看答案
5.单项选择题Your company has an Active Directory domain that runs Windows Server 2008 The Sales OU contains an OU for Computers, an OU for Groups, and an OU for Users You perform nightly backups. An administrator deletes the Groups OU You need to restore the Groups OU without affecting users and computers in the Sales OU What should you do()

A.Perform an authoritative restore of the Sales OU.
B.Perform an authoritative restore of the Groups OU.
C.Perform a non-authoritative restore of the Groups OU.
D.Perform a non-authoritative restore of the Sales OU.

点击查看答案
6.单项选择题You need to remove the Active Directory Domain Services role from a domain controller named DC1. What should you do()

A.Run the netdom remove DC1 command
B.Run the nltest /remove_server: DC1 command
C.Run the Dcpromo utility. Remove the Active Directory Domain Services role.
D.Reset the Domain Controller computer account by using the Active Directory Users and Computers utility.

点击查看答案
7.单项选择题Your network consists of a single Active Directory domain All domain controllers run WIndows Server 2008. You need to capture all replication errors from all domain controllers to a central localion What should you do()

A.configure event log subscriptions.
B.Start the System Performance data collector set.
C.start the Active Directory Diagnostics data collector set.
D.Install Network Monitor and create a new a new capture.

点击查看答案
8.多项选择题Your company has a server that runs Windows Server 2008. Certification Services is configured as a stand-alone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform()

A.Configure auditing in the Certification Services snap-in.
B.Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32% \CertSrv directory.
C.Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D.Enable the Audit object access setting in the Local Security Policy for the Certification Services server.

点击查看答案
9.单项选择题Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do()

A.Archive the private key on the server.
B.Apply the Hisecdc security template to the domain controllers.
C.Configure the certificate for automatic enrollment for the computers that store encrypted files.
D.Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.

点击查看答案
10.单项选择题ou have a Windows Server 2008 Enterprise Root CA. Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA. You need to allow users to request certificates from a Web interface. You install the AD CS role. What should you do next()

A.Configure the Online Responder Role Service on a member server.
B.Configure the Online Responder Role Service on a domain controller.
C.Configure the Certification Authority Web Enrollment Role Service on a member server.
D.Configure the Certification Authority Web Enrollment Role Service on a domain controller.

点击查看答案

最新试题

Your network contains an Active Directory domain. All domain controller run Windows Server  2003.    You replace all domain controllers with domain controllers that run Windows Server 2008 R2.    You raise the functional level of the domain to Windows Server 2008 R2.    You need to minimize the amount of SYSVOL replication traffic on the network.    What should you do()

题型:单项选择题

Your network contains an Active Directory domain named contoso.com. The domain contains five  domain controllers.You add a logoff script to an existing Group Policy object (GPO). You need to verify that each  domain controller successfully replicates the updated group policy.    Which two objects should you verify on each domain controller()

题型:多项选择题

Your network contains an Active Directory forest. The forest contains an Acitve Directory site for a  remote office. The remote site contains a read-only domain controller (RODC).    You need to configure the RODC to store only the password of users in the remote site.    What should you do()

题型:单项选择题

Your network contains an Active Directory domain that has two sites.    You need to identify whether logon scripts are replicated to all domain controllers.    Which folder should you verify()

题型:单项选择题

Your network contains an Active Directory domain named contoso.com. Contoso.com contains a  member server that runs Windows Serever 2008 Standart.  You need to install an enterprise subordinate certification authority (CA) that support private key  archival. You must achieve this goal by using the minimum amount of administrative effort.What do you do first()

题型:单项选择题

Your network contains an Active Directory domain. The domain contains 1000 user accounts.  You have a list that contains the mobile phone number of each user  You need to add the mobile number of each user to Active Directory.    What should you do()

题型:单项选择题

You need to receive an e-mail message whenever a domain user account is locked out.    Which tool should you use()

题型:单项选择题

You have an enterprise subordinate certification authority (CA). You have a custom certificate  template that has a key length of 1,024 bits. The template is enabled for autoenrollment.    You increase the template key length to 2,048 bits.  You need to ensure that all current certificate holders automatically enroll for a certificate that  uses the new template.    Which console should you use()

题型:单项选择题

You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate  template.  You need to ensure that all of the users in the domain automatically enroll for a certificate based  on the custom certificate template.    Which two actions should you perform()

题型:多项选择题

Your network contains an Active Directory domain.  A user named User1 takes a leave of absence for one year.  You need to restrict access to the User1 user account while User1 is away.    What should you do()

题型:单项选择题