Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain.
You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes.
What should you do()
A.Enable the Audit account management policy in the Default Domain Controller Policy.
B.Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.
C.Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.
D.From the Default Domain Controllers policy, enable the Audit directory service access setting and enable directory
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has file servers located in an organizational unit named Payroll. The file servers contain payroll files located in a folder named Payroll.
You create a GPO. You need to track which employees access the Payroll files on the file servers.
What should you do()
A.Enable the Audit object access option. Link the GPO to the Payroll organizational unit. On the file servers, configure
B.Enable the Audit object access option. Link the GPO to the domain. On the domain controllers, configure Auditing f
C.Enable the Audit process tracking option. Link the GPO to the Domain Controllers organizational unit. On the file se
D.Enable the Audit process tracking option. Link the GPO to the Payroll organizational unit. On the file servers, config
Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering.
You need to create a password policy for the engineering department that is different from your domain password policy.
What should you do()
A.Create a new GPO. Link the GPO to the Engineering OU.
B.Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the Engineering OU
C.Create a global security group and add all the user accounts for the engineering department to the group. Create a
D.Create a domain local security group and add all the user accounts for the engineering department to the group. Fr
Your company has an Active Directory domain.
A user attempts to log on to the domain from a client computer and receives the following message: "This user account has expired. Ask your administrator to reactivate the account."
You need to ensure that the user is able to log on to the domain.
What should you do()
A.Modify the properties of the user account to set the account to never expire.
B.Modify the properties of the user account to extend the Logon Hours setting.
C.Modify the properties of the user account to set the password to never expire.
D.Modify the default domain policy to decrease the account lockout duration.
You need to ensure that users who enter three successive invalid passwords within 5 minutes are locked out for 5 minutes.
Which three actions should you perform()
A.Set the Minimum password age setting to one day.
B.Set the Maximum password age setting to one day.
C.Set the Account lockout duration setting to 5 minutes.
D.Set the Reset account lockout counter after setting to 5 minutes.
E.Set the Account lockout threshold setting to 3 invalid logon attempts.
F.Set the Enforce password history setting to 3 passwords remembered.
The default domain GPO in your company is configured by using the following account policy settings:
- Minimum password length: 8 characters
- Maximum password age: 30 days
- Enforce password history: 12 passwords remembered
- Account lockout threshold: 3 invalid logon attempts .Account lockout duration: 30 minutes
You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008 R2. The SQL Server application uses a service account named SQLSrv. The SQLSrv account has domain user rights.
The SQL Server computer fails after running successfully for several weeks. The SQLSrv user account is not locked out.
You need to resolve the server failure and prevent recurrence of the failure.
Which two actions should you perform()
A.Reset the password of the SQLSrv user account.
B.Configure the local security policy on Server1 to grant the Logon as a service right on the SQLSrv user account.
C.Configure the properties of the SQLSrv account to Password never expires.
D.Configure the properties of the SQLSrv account to User cannot change password.
E.Configure the local security policy on Server1 to explicitly grant the SQLSrv user account the Allow logon locally us
Your company has an Active Directory forest. The company has three locations. Each location
has an organizational unit and a child organizational unit named Sales.
The Sales organizational unit contains all users and computers of the sales department. The company plans to deploy a Microsoft Office 2007 application on all computers within the three Sales organizational units.
You need to ensure that the Office 2007 application is installed only on the computers in the Sales organizational units.
What should you do()
A.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the c
B.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the us
C.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to publish the application to the u
D.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the co
Your company has an Active Directory forest. The forest includes organizational units corresponding to the following four locations:
- London - Chicago - New York - Madrid
Each location has a child organizational unit named Sales. The Sales organizational unit contains all the users and computers from the sales department.
The offices in London, Chicago, and New York are connected by T1 connections. The office in Madrid is connected by a 256-Kbps ISDN connection.
You need to install an application on all the computers in the sales department.
Which two actions should you perform()
A.Disable the slow link detection setting in the Group Policy Object (GPO).
B.Configure the slow link detection threshold setting to 1,544 Kbps (T1) in the Group Policy Object (GPO).
C.Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to users. Link the GPO to eac
D.Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to the computers. Link the GP
Your company has an Active Directory forest. Each branch office has an organizational unit and a child organizational unit named Sales.
The Sales organizational unit contains all users and computers of the sales department.
You need to install a Microsoft Office 2007 application only on the computers in the Sales organizational unit.
You create a GPO named SalesApp GPO.
What should you do next()
A.Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the domain.
B.Configure the GPO to assign the application to the user account. Link the SalesAPP GPO to the Sales organization
C.Configure the GPO to publish the application to the user account. Link the SalesAPP GPO to the Sales organization
D.Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the Sales organiz
Your company has an Active Directory forest that contains client computers that run Windows Vista and Windows XP.
You need to ensure that users are able to install approved application updates on their computers.
Which two actions should you perform()
A.Set up Automatic Updates through Control Panel on the client computers.
B.Create a GPO and link it to the Domain Controllers organizational unit. Configure the GPO to automatically search
C.Create a GPO and link it to the domain. Configure the GPO to direct the client computers to the Windows Server Up
D.Install the Windows Server Update Services (WSUS). Configure the server to search for new updates on the Intern
Your company has an Active Directory domain and an organizational unit. The organizational unit is named Web. You configure and test new security settings for Internet Information Service (IIS) servers on a server named IISServerA.
You need to deploy the new security settings only on the IIS servers that are members of the Web organizational unit.
What should you do()
A.Run secedit /configure /db iis.inf from the command prompt on IISServera, and then run secedit /configure /db web
B.Export the settings on IISServerato create a security template. Import the security template into a GPO and link the
C.Export the settings on IISServerA to create a security template. Run secedit /configure /db webou.inf from the comm
D.Import the hisecws.inf file template into a GPO and link the GPO to the Web organizational unit.
最新试题
What should you do()
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do()
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()
Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify()
Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password lenght for the domain is set to six characters. you need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long. What should you do first()
Your network contains an Active Directory forest. The forest contains an Acitve Directory site for a remote office. The remote site contains a read-only domain controller (RODC). You need to configure the RODC to store only the password of users in the remote site. What should you do()
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do()
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group. Members of G_Marketing report that they cannot accesss the Marketing folder. You need to ensure that the G_Marketing members can accesss the folder from the network. What should you do()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort.What do you do first()