Your network contains an Active Directory domain named contoso.com.
The network has a branch office site that contains a read-only domain controller (RODC) named RODC1.
RODC1 runs Windows Server 2008 R2.
A user named User1 logs on to a computer in the branch office site.
You discover that the password of User1 is not stored on RODC1.
You need to ensure that User1’s password is stored on RODC1.
What should you modify()
A.the Member Of properties of RODC1
B.the Member Of properties of User1
C.the Security properties of RODC1
D.the Security properties of User1
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has a main office and a branch office. The network contains an Active Directory domain.
The main office contains a writable domain controller named DC1. The branch office contains a read-only domain controller (RODC) named DC2.
You discover that the password of an administrator named Admin1 is cached on DC2. You need to prevent Admin1s password from being cached on DC2.
What should you do()
A.Modify the NTDS Site Settings.
B.Modify the properties of the domain.
C.Create a Password Setting object (PSO).
D.Modify the properties of DC2s computer account.
Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site1 contains four domain controllers. Site2 contains a read-only domain controller (RODC).
You add a user named User1 to the Allowed RODC Password Replication Group.
The WAN link between Site1 and Site2 fails.
User1 restarts his computer and reports that he is unable to log on to the domain.
The WAN link is restored and User1 reports that he is able to log on to the domain. You need to prevent the problem from reoccurring if the WAN link fails.
What should you do()
A.Create a Password Settings object (PSO) and link the PSO to User1’s user account.
B.Create a Password Settings object (PSO) and link the PSO to the Domain Users group.
C.Add the computer account of the RODC to the Allowed RODC Password Replication Group.
D.Add the computer account of User1’s computer to the Allowed RODC Password Replication Group.
You install a read-only domain controller (RODC) named RODC1.
You need to ensure that a user named User1 can administer RODC1. The solution must minimize the number of permissions assigned to User1.
Which tool should you use()
A.Active Directory Administrative Center
B.Active Directory Users and Computers
C.Dsadd
D.Dsmgmt
Your company has a main office and a branch office. The branch office contains a read-only domain controller named RODC1.
You need to ensure that a user named Admin1 can install updates on RODC1. The solution must prevent Admin1 from logging on to other domain controllers.
What should you do()
A.Run ntdsutil.exe and use the Roles option.
B.Run dsmgmt.exe and use the Local Roles option.
C.From Active Directory Sites and Services, modify the NTDS Site Settings.
D.From Active Directory Users and Computers, add the user to the Server Operators group.
Your network contains an Active Directory Rights Management Services (AD RMS) cluster.
You have several custom policy templates. The custom policy templates are updated frequently.
Some users report that it takes as many as 30 days to receive the updated policy templates.
You need to ensure that users receive the updated custom policy templates within seven days.
What should you do()
A.Modify the registry on the AD RMS servers.
B.Modify the registry on the users computers.
C.Change the schedule of the AD RMS Rights Policy Template Management (Manual) scheduled task.
D.Change the schedule of the AD RMS Rights Policy Template Management (Automated) scheduled task.
Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS) server role is installed on Server1.
An administrator changes the password of the user account that is used by AD RMS. You need to update AD RMS to use the new password.
Which console should you use()
A.Active Directory Rights Management Services
B.Active Directory Users and Computers
C.Component Services
D.Services
Active Directory Rights Management Services (AD RMS) is deployed on your network. Users who have Windows Mobile 6 devices report that they cannot access documents that areprotected by AD RMS. You need to ensure that all users can access AD RMS protected content by using Windows Mobile 6 devices.
What should you do()
A.Modify the security of the ServerCertification.asmx file.
B.Modify the security of the MobileDeviceCertification.asmx file.
C.Enable anonymous authentication for the _wmcs virtual directory.
D.Enable anonymous authentication for the certification virtual directory.
Your network contains an Active Directory domain named contoso.com. The network contains client computers that run either Windows Vista or Windows 7.
Active Directory Rights Management Services (AD RMS) is deployed on the network.
You create a new AD RMS template that is distributed by using the AD RMS pipeline. The template is updated every month.
You need to ensure that all the computers can use the most up-to-date version of the AD RMS template.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do()
A.Upgrade all of the Windows Vista computers to Windows 7.
B.Upgrade all of the Windows Vista computers to Windows Vista Service Pack 2 (SP2).
C.Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2 (SP2) to all users by using a Software Installation extension of Group Policy.
D.Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2 (SP2) to all computers by using a Software Installation extension of Group Policy.
Your network contains two Active Directory forests named contoso.com and adatum.com. Active Directory Rights Management Services (AD RMS) is deployed in contoso.com.
An AD RMS trusted user domain (TUD) exists between contoso.com and adatum.com.
From the AD RMS logs, you discover that some clients that have IP addresses in the adatum.com forest are authenticating as users from contoso.com.
You need to prevent users from impersonating contoso.com users.
What should you do()
A.Configure trusted e-mail domains.
B.Enable lockbox exclusion in AD RMS.
C.Create a forest trust between adatum.com and contoso.com.
D.Add a certificate from a third-party trusted certification authority (CA).
Your network contains a single Active Directory domain.
Active Directory Rights Management Services (AD RMS) is deployed on the network.
A user named User1 is a member of only the AD RMS Enterprise Administrators group.
You need to ensure that User1 can change the service connection point (SCP) for the AD RMS installation. The solution must minimize the administrative rights of User1.
To which group should you add User1()
A.AD RMS Auditors
B.AD RMS Service Group
C.Domain Admins
D.Schema Admins
最新试题
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run()
Your network contains an Active Directory domain. A user named User1 takes a leave of absence for one year. You need to restrict access to the User1 user account while User1 is away. What should you do()
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller()
Your network contains an Active Directory forest. The forest contains an Acitve Directory site for a remote office. The remote site contains a read-only domain controller (RODC). You need to configure the RODC to store only the password of users in the remote site. What should you do()
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group. Members of G_Marketing report that they cannot accesss the Marketing folder. You need to ensure that the G_Marketing members can accesss the folder from the network. What should you do()
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort.What do you do first()
Your network contains an Active Directory domain controller named DC1. DDC1 runs Windows Server 2008 R2. You need to defragment the Active Directory database on DC1. The solution must minimize downtime on DC1. What should you do first()
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()