江浙沪招生考试网

certificate into the Intermediate Certification Store in the Default Domain group policy object.

　　Answers: D

　　40: Single

　　You have a Windows Server 2008 that has the Active Directory Certificate Services server role installed. You need to minimize the amount of time it takes for client computers to download a

　　certificate revocation list (CRL). What should you do?

　　A.

　　Install and configure an Online Responder.

　　B.

　　Install and configure an additional domain controller.

　　C.

　　Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.

　　D.

　　Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.

　　Answers: A

　　exam: B

　　1: Single

　　Your network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008. You need to create multiple password policies for users in your domain. What should you do?

　　A.

　　From the Schema snap-in, create multiple class schema objects.

　　B.

　　From the ADSI Edit snap-in, create multiple Password Setting objects.

　　C.

　　From the Security Configuration Wizard, create multiple security policies.

　　D.

　　From the Group Policy Management snap-in, create multiple Group Policy objects.

　　Answers: B

　　2: Single

　　You want users to log on to Active Directory by using a new User Principal Name (UPN). You need to modify the UPN suffix for all user accounts. Which tool should you use?

　　A.

　　Dsmod

　　B.

　　Netdom

　　C.

　　Redirusr

　　D.

　　Active Directory Domains and Trusts

　　Answers: A

　　3: Single

　　Your company has an Active Directory domain. All consultants belong to a global group named TempWorkers. The TempWorkers group is not nested in any other groups.

　　You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders.

　　You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources.

　　What should you do?

　　A.

　　Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

　　B.

　　Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

　　C.

　　Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.

　　D.

　　Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group.

　　Answers: A

　　4: Single

　　Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering. You need to create a password policy for the engineering department that is different from your domain password policy. What should you do?

　　A.

　　Create a new GPO. Link the GPO to the Engineering OU.

　　B.

　　Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the Engineering OU.

　　C.

　　Create a global security group and add all the user accounts for the engineering department to the group. Create a new Password Policy Object (PSO) and apply it to the group.

　　D.

　　Create a domain local security group and add all the user accounts for the engineering department to the group. From the Active Directory Users and Computer console, select the group and run the Delegation of Control Wizard.

　　Answers: C

　　5: Multiple

　　Your company has an Active Directory forest that contains client computers that run Windows Vista and Windows XP. You need to ensure that users are able to install approved application updates on their computers. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

　　A.

　　Set up Automatic Updates through Control Panel on the client computers.

　　B.

　　Create a GPO and link it to the Domain Controllers organizational unit. Configure the GPO to automatically search for updates on the Microsoft Update site.

　　C.

　　Create a GPO and link it to the domain. Configure the GPO to direct the client computers to the Microsoft WSUS server for approved updates.

　　D.

　　Install the Microsoft WSUS application on a server in the environment. Configure the server to search for new updates on the Internet. Approve all required updates.

　　Answers: C D

　　6: Single

　　Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives. You need to apply desktop restrictions to the sales executives group. You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit. What should you do next?

　　A.

　　Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.

　　B.

　　Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.

　　C.

　　Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.

　　D.

　　Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.

　　Answers: A

　　7: Single

　　Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008. Auditing is configured to log changes made to the Managed By attribute on group objects in an organizational unit named OU1. You need to log changes made to the Description attribute on all group objects in OU1 only. What should you do?

　　A.

　　Run auditpol.exe.

　　B.

　　Modify the auditing entry for OU1.

　　C.

　　Modify the auditing entry for the domain.

　　D.

　　Create a new Group Policy object (GPO). Enable the Audit account management policy setting. Link the GPO to OU1.

　　Answers: B

　　8: Single

　　Your company has a single-domain Active Directory forest. The functional level of the domain is Windows Server 2008.

　　You perform the following activities:

　　Create a global distribution group.

　　Add users to the global distribution group.

　　Create a shared folder on a Windows Server 2008 member server.

　　Place the global distribution group in a domain local group that has access to the shared folder.

　　You need to ensure that the users have access to the shared folder.

　　What should you do?

　　A.

　　Raise the forest functional level to Windows Server 2008.

　　B.

　　Add the global distribution group to the Domain Administrators group.

　　C.

　　Change the group type of the global distribution group to a security group.

　　D.

　　Change the scope of the global distribution group to a Universal distribution group.

　　Answers: C

　　9: Single

　　Your company uses shared folders. Users are granted access to the shared folders by using domain

　　local groups. One of t

上一页  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]  ... 下一页  >>