Certkiller .com boosts a main office and 20 branch offices. Configured as a separate site, each branch office has a Read-Only Domain Controller (RODC) server installed.
Users in remote offices complain that they are unable to log on to their accounts.
What should you do to make sure that the cached credentials for user accounts are only stored in their local branch office RODC server()
A.Open the RODC computer account security tab and set Allow on the Receive as permission only for the users that are unable to log on to their accounts
B.Add a password replication policy to the main Domain RODC and add user accounts in the security group
C.Configure a unique security group for each branch office and add user accounts to the respective security group. Add the security groups to the password replication allowed group on the main RODC server
D.Configure and add a separate password replication policy on each RODC computer account
您可能感兴趣的试卷
你可能感兴趣的试题
Certkiller .com has a network that is comprise of a single Active Directory Domain.
As an administrator at Certkiller .com, you install Active Directory Lightweight Directory Services (AD LDS) on a server that runs Windows Server 2008. To enable Secure Sockets Layer (SSL) based connections to the AD LDS server, you install certificates from a trusted Certification Authority (CA) on the AD LDS server and client computers.
Which tool should you use to test the certificate with AD LDS()
A.Ldp.exe
B.Active Directory Domain services
C.ntdsutil.exe
D.Lds.exe
E.wsamain.exe
F.None of the above
A.Delete all administrative accounts from the RODC’s group
B.Configure the permission to Deny on Receive for administrative accounts on the security tab for Group Policy Object (GPO)
C.Configure the administrative accounts to be added in the Domain RODC Password Replication Denied group
D.Add a new GPO and enable Account Lockout settings. Link it to the remote RODC server and on the security tab on GPO, check the Read Allow and the Apply group policy permissions for the administrators.
E.None of the above
A.Start the Audit Object Access option
B.Start the Audit System Events option
C.Start the Audit Logon Events option
D.Start the Audit process tracking option
E.All of the above
Certkiller is having an Active Directory Rights Management Service (AD RMS) server.
Users machines are running Windows Vista and an Active Directory domain is configured at Microsoft Windows Server 2003 functional level. Users are complaining that they cannot protect their documents. You need to configure AD RMS so that users are able to protect their documents.
What should you do()
A.Use a group policy to install the AD RMS client computers
B.Add the ADRMSADMIN account to the local administrators group on the computers
C.Add the ADRMSSRVC account to the local administrators on the AD RMS server
D.Establish an e-mail account in Active Directory Domain Services (AD DS) for each user
E.Upgrade the active directory domain to the functional level of Windows 2008 server
A.Raise the forest functional level of Forest2 to Windows Server 2003 Interim mode.
B.Raise the forest functional level of Forest2 to Windows Server 2003.
C.Upgrade the domain controllers in Forest2 to Windows Server 2008.
D.Upgrade the domain controllers in Forest2 to Windows Server 2003.
A.Clear the cache on DNS2.
B.Reload the zone on DNS1.
C.Refresh the zone on DNS2.
D.Export the zone from DNS1 and import the zone to DNS2
A.Run the DSget command.
B.Run the Dsquery command.
C.Run the RepAdmin command.
D.Run the Windows System Resource Manager.
Certkiller .com has a server that runs on Windows Server 2008. The server also has an instance of Active Directory Lightweight Directory Services (AD LDS) running.
In order to test AD LDS, you need to replicate the AD LDS instance on a test computer located on the network.
What should you do to achieve this objective()
A.Execute AD LDS Setup wizard on the test computer to create and install a replica of AD LDS.
B.Execute repadmin/bs
C.Install and configure a new AD LDS instance on the test computer by copy and pasting the entire partition on the test computer
D.Execute the Dsmgmt command on the test computer and create a naming context
Certkiller .com has a main office and branch office in another city. You are assigned to deploy and implement a Read-only Domain Controller (RODC) at the branch office. You deploy a RODC that runs Windows Server 2008.
What should you do to ensure that the users at the branch office can log on to the domain using RODC()
A.Use Password Replication Policy on the RODC
B.Add RODC to the main office
C.Deploy and configure a new bridgehead server in the branch office
D.Deploy and configure a Password Replication Policy on the RODC in the main office
Critical services are running on CKD20, a domain controller. You have completed restructuring the organizational unit hierarchy for the domain and deleted the needless objects.
What would you do to perform an offline defragmentation of the Active Directory database on CKD20 while ensuring that the critical services remain online()
A.Open the Microsoft Management Console (MMC) and stop the Domain Controller service. After that, run the defrag tool
B.Start the domain controller in the Directory Service restore mode and run the Ntdsutil tool
C.Start the domain controller and then use the Defrag tool to start defragmentation
D.Open the MMC and stop the Domain Controller service. After that, run the Ntdsutil tool.
E.All of the above
最新试题
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use()
What should you do()
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table. All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do()
Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify()
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group. Members of G_Marketing report that they cannot accesss the Marketing folder. You need to ensure that the G_Marketing members can accesss the folder from the network. What should you do()
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()