Your company has two Active Directory forests as shown in the following table. Forest name Forest functional level Domain(s) contoso.com Windows Server 2008 contoso.com fabrikam.com Windows Server 2008 fabrikam.com eng.fabrikam.com
The forests are connected by using a two-way forest trust. Each trust direction is configured with forest-wide authentication. The new security policy of the company prohibits users from the eng.fabrikam.com domain to access resources in the contoso.com domain.
You need to configure the forest trust to meet the new security policy requirement.
What should you do()
A.Delete the outgoing forest trust in the contoso.com domain.
B.Delete the incoming forest trust in the contoso.com domain.
C.Change the properties of the existing incoming forest trust in the contoso.com domain from Forest-wide authentication to Selective authentication.
D.Change the properties of the existing outgoing forest trust in the contoso.com domain to Exclude *.eng.fabrikam.com from the Name Suffix Routing trust properties
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has a single Active Directory domain. All domain controllers run Windows Server 2003.
You install Windows Server 2008 R2 on a server.
You need to add the new server as a domain controller in your domain.
What should you do first()
A.On the new server, run dcpromo /adv.
B.On the new server, run dcpromo /createdcaccount.
C.On a domain controller run adprep /rodcprep.
D.On a domain controller, run adprep /forestprep.
Your company has an Active Directory forest that contains only Windows Server 2008 domain controllers.
You need to prepare the Active Directory domain to install Windows Server 2008 R2 domain controllers.
Which two tasks should you perform()
A.Run the adprep /forestprep command.
B.Run the adprep /domainprep command.
C.Raise the forest functional level to Windows Server 2008.
D.Raise the domain functional level to Windows Server 2008.
A.Remove the Authenticated Users account from the Security tab of the intranet.adatum.com DNS zone properties.
B.Assign the SELF Account Deny on Write permission on the Security tab of the intranet.adatum.com DNS zone properties.
C.Assign the server computer accounts the Allow on Write All Properties permission on the Security tab of the intranet.adatum.com DNS zone properties.
D.Assign the server computer accounts the Allow on Create All Child Objects permission on the Security tab of the intranet.adatum.com DNS zone properties.
Your company has a single Active Directory domain named intranet.contoso.com. All domain controllers run Windows Server 2008 R2. The domain functional level is Windows 2000 native and the forest functional level is Windows 2000.
You need to ensure the UPN suffix for contoso.com is available for user accounts.
What should you do first()
A.Raise the intranet.contoso.com forest functional level to Windows Server 2003 or higher.
B.Raise the intranet.contoso.com domain functional level to Windows Server 2003 or higher.
C.Add the new UPN suffix to the forest.
D.Change the Primary DNS Suffix option in the Default Domain Controllers Group Policy Object (GPO) to contoso.com.
You need to deploy a read-only domain controller (RODC) that runs Windows Server 2008 R2.
What is the minimal forest functional level that you should use()
A.Windows Server 2008 R2
B.Windows Server 2008
C.Windows Server 2003
D.Windows 2000
Your company has an Active Directory domain. The main office has a DNS server named DNS1 that is configured with Active Directory-integrated DNS. The branch office has a DNS server named DNS2 that contains a secondary copy of the zone from DNS1. The two offices are connected with an unreliable WAN link.
You add a new server to the main office. Five minutes after adding the server, a user from the branch office reports that he is unable to connect to the new server. You need to ensure that the user is able to connect to the new server. What should you do()
A.Clear the cache on DNS2.
B.Reload the zone on DNS1.
C.Refresh the zone on DNS2.
D.Export the zone from DNS1 and import the zone to DNS2.
Your network consists of a single Active Directory domain. You have a domain controller and a
member server that run Windows Server 2008 R2. Both servers are configured as DNS servers. Client computers run either Windows XP Service Pack 3 or Windows 7.
You have a standard primary zone on the domain controller. The member server hosts a secondary copy of the zone.You need to ensure that only authenticated users are allowed to update host (A) records in the DNS zone.
What should you do first()
A.On the member server, add a conditional forwarder.
B.On the member server, install Active Directory Domain Services.
C.Add all computer accounts to the DNSUpdateProxy group.
D.Convert the standard primary zone to an Active Directory-integrated zone.
Your network consists of a single Active Directory domain. The domain contains 10 domain controllers.
The domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You plan to create a new Active Directory-integrated zone.
You need to ensure that the new zone is only replicated to four of your domain controllers. What should you do first()
A.Create a new delegation in the ForestDnsZones application directory partition.
B.Create a new delegation in the DomainDnsZones application directory partition.
C.From the command prompt, run dnscmd and specify the /enlistdirectorypartition parameter.
D.From the command prompt, run dnscmd and specify the /createdirectorypartition parameter.
A.On both servers, modify the interface that the DNS server listens on.
B.Convert the primary zone into an Active Directory-integrated zone. Delete the secondary zone.
C.Convert the primary zone into an Active Directory-integrated stub zone. Delete the secondary zone.
D.Configure the zone transfer settings of the standard primary zone. Modify the Master Servers lists on the secondary zone.
You have a domain controller named DC1 that runs Windows Server 2008 R2. DC1 is configured as a
DNS server for contoso.com.
You install the DNS Server server role on a member server named Server1 and then you create a standard secondary zone for contoso.com. You configure DC1 as the master server for the zone. You need to ensure that Server1 receives zone updates from DC1.
What should you do()
A.On Server1, add a conditional forwarder.
B.On DC1, modify the permissions of contoso.com zone.
C.On DC1, modify the zone transfer settings for the contoso.com zone.
D.Add the Server1 computer account to the DNSUpdateProxy group.
最新试题
Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do()
Your network contains an Active Directory domain. The domain contains 1000 user accounts. You have a list that contains the mobile phone number of each user You need to add the mobile number of each user to Active Directory. What should you do()
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
What should you do()
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()
Your network contains an Active Directory forest. The forest contains an Acitve Directory site for a remote office. The remote site contains a read-only domain controller (RODC). You need to configure the RODC to store only the password of users in the remote site. What should you do()
Your company has four offices. The network contains a single Active Directory domain. Each office has domain controller. Each office has an organitational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the password for the user accounts in their respective office only. The solution must prevent the thechnicians from creating user accounts. What shoul you do()
Your network contains a single Active Directory domain named contoso.com. An administrator accidentally deletes the _msdsc.contoso.com zone. You recreate the _msdsc.contoso.com zone. You need to ensure that the _msdsc.contoso.com zone contains all of the required DNS records. What should you do on each domain controller()