Your network contains two Active Directory forests named contoso.com and adatum.com. Active Directory Rights Management Services (AD RMS) is deployed in contoso.com.
An AD RMS trusted user domain (TUD) exists between contoso.com and adatum.com.
From the AD RMS logs, you discover that some clients that have IP addresses in the adatum.com forest are authenticating as users from contoso.com.
You need to prevent users from impersonating contoso.com users.
What should you do()
A.Configure trusted e-mail domains.
B.Enable lockbox exclusion in AD RMS.
C.Create a forest trust between adatum.com and contoso.com.
D.Add a certificate from a third-party trusted certification authority (CA).
您可能感兴趣的试卷
你可能感兴趣的试题
Your network contains a single Active Directory domain.
Active Directory Rights Management Services (AD RMS) is deployed on the network.
A user named User1 is a member of only the AD RMS Enterprise Administrators group.
You need to ensure that User1 can change the service connection point (SCP) for the AD RMS installation. The solution must minimize the administrative rights of User1.
To which group should you add User1()
A.AD RMS Auditors
B.AD RMS Service Group
C.Domain Admins
D.Schema Admins
Your network contains an Active Directory domain. The domain contains a server named Server1.
Server1 runs Windows Server 2008 R2.
You need to mount an Active Directory Lightweight Directory Services (AD LDS) snapshot from Server1.
What should you do()
A.Run ldp.exe and use the Bind option.
B.Run diskpart.exe and use the Attach option.
C.Run dsdbutil.exe and use the snapshot option.
D.Run imagex.exe and specify the /mount parameter.
Your network contains a server named Server1 that runs Windows Server 2008 R2. On Server1, you create an Active Directory Lightweight Directory Services (AD LDS) instance named Instance1.
You connect to Instance1 by using ADSI Edit.
You run the Create Object wizard and you discover that there is no User object class.
You need to ensure that you can create user objects in Instance1.
What should you do()
A.Run the AD LDS Setup Wizard.
B.Modify the schema of Instance1.
C.Modify the properties of the Instance1 service.
D.Install the Remote Server Administration Tools (RSAT).
Your network contains a server named Server1 that runs Windows Server 2008 R2.
You create an Active Directory Lightweight Directory Services (AD LDS) instance on Server1.
You need to create an additional AD LDS application directory partition in the existing instance.
Which tool should you use()
A.Adaminstall
B.Dsadd
C.Dsmod
D.Ldp
Your network contains two standalone servers named Server1 and Server2 that have Active Directory Lightweight Directory Services (AD LDS) installed.Server1 has an AD LDS instance. You need to ensure that you can replicate the instance from Server1 to Server2.
What should you do on both servers()
A.Obtain a server certificate.
B.Import the MS-User.ldf file.
C.Create a service user account for AD LDS.
D.Register the service location (SRV) resource records.
Your network contains an Active Directory domain. The domain contains three domain controllers.
One of the domain controllers fails.
Seven days later, the help desk reports that it can no longer create user accounts. You need to ensure that the help desk can create new user accounts.
Which operations master role should you seize()
A.domain naming master
B.infrastructure master
C.primary domain controller (PDC) emulator
D.RID master
E.schema master
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and woodgrovebank.com.
You have a custom attribute named Attibute1 in Active Directory. Attribute1 is associated to User objects.
You need to ensure that Attribute1 is replicated to the global catalog.
What should you do()
A.In Active Directory Sites and Services, configure the NTDS Settings.
B.In Active Directory Sites and Services, configure the universal group membership caching.
C.From the Active Directory Schema snap-in, modify the properties of the User class schema object.
D.From the Active Directory Schema snap-in, modify the properties of the Attibute1 class schema attribute.
Your network contains a single Active Directory domain that has two sites named Site1 and Site2.
Site1 has two domain controllers named DC1 and DC2. Site2 has two domain controllers named DC3 and DC4. DC3 fails.
You discover that replication no longer occurs between the sites.
You verify the connectivity between DC4 and the domain controllers in Site1. On DC4, you run repadmin.exe /kcc.
Replication between the sites continues to fail.
You need to ensure that Active Directory data replicates between the sites.
What should you do()
A.From Active Directory Sites and Services, modify the properties of DC3.
B.From Active Directory Sites and Services, modify the NTDS Site Settings of Site2.
C.From Active Directory Users and Computers, modify the location settings of DC4.
D.From Active Directory Users and Computers, modify the delegation settings of DC4.
Your network contains an Active Directory domain. The domain is configured as shown in the following table.
Active Directory site Domain controllers Main DC1 and DC2 Branch1 DC3
Branch2 None
Users in Branch2 sometimes authenticate to a domain controller in Branch1.
You need to ensure that users in Branch2 only authenticate to the domain controllers in Main.
What should you do()
A.On DC3, set the AutoSiteCoverage value to 0.
B.On DC3, set the AutoSiteCoverage value to 1.
C.On DC1 and DC2, set the AutoSiteCoverage value to 0.
D.On DC1 and DC2, set the AutoSiteCoverage value to 1.
Your company has a main office and a branch office.
You discover that when you disable IPv4 on a computer in the branch office, the computer authenticates by using a domain controller in the main office.
You need to ensure that IPv6-only computers authenticate to domain controllers in the same site. What should you do()
A.Configure the NTDS Site Settings object.
B.Create Active Directory subnet objects.
C.Create Active Directory Domain Services connection objects.
D.Install an Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) router.
最新试题
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()
Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7. You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do()
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table. All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller()
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
You remotely monitor several domain controllers. You run winrm.exe quickconfig on each domain controller. You need to create a WMI script query to retrieve information from the bios of each domain controller. Which format should you use to write the query()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use()