多选题The default domain GPO in your company is configured by using the following account policy settings: ( Minimum password length: 8 characters .Maximum password age: 30 days. Enforce password history: 12 passwords remembered .Account lockout threshold: 3 invalid logon attempts .Account lockout duration: 30 minutes You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008 R2. The SQL Server application uses a service account named SQLSrv. The SQLSrv account has domain user rights. The SQL Server computer fails after running successfully for several weeks. The SQLSrv user account is not locked out. You need to resolve the server failure and prevent recurrence of the failure. Which two actions should you perform()AReset the password of the SQLSrv user account.BConfigure the local security policy on Server1 to grant the Logon as a service right on the SQLSrv userCConfigure the properties of the SQLSrv account to Password never expires.DConfigure the properties of the SQLSrv account to User cannot change password.EConfigure the local security policy on Server1 to explicitly grant the SQLSrv user account the allow logon locally user right.
多选题
The default domain GPO in your company is configured by using the following account policy settings: ( Minimum password length: 8 characters .Maximum password age: 30 days. Enforce password history: 12 passwords remembered .Account lockout threshold: 3 invalid logon attempts .Account lockout duration: 30 minutes You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008 R2. The SQL Server application uses a service account named SQLSrv. The SQLSrv account has domain user rights. The SQL Server computer fails after running successfully for several weeks. The SQLSrv user account is not locked out. You need to resolve the server failure and prevent recurrence of the failure. Which two actions should you perform()
A
Reset the password of the SQLSrv user account.
B
Configure the local security policy on Server1 to grant the Logon as a service right on the SQLSrv user
C
Configure the properties of the SQLSrv account to Password never expires.
D
Configure the properties of the SQLSrv account to User cannot change password.
E
Configure the local security policy on Server1 to explicitly grant the SQLSrv user account the allow logon locally user right.
参考解析
解析:
暂无解析
相关考题:
Which two static routes are typically configured on your router when a Routed 1483 network is grouping ATM PVCs intoalarge subnet?() A.host routeB.default routeC.customer networkD.ISP’s routing domain
Which two static routes are typically configured on your router when a Routed 1483 network is grouping ATM PVCs intoalarge subnet?()A、host routeB、default routeC、customer networkD、ISP’s routing domain
Your company has an Active Directory domain. The company has a main office and a branch office. Both the offices have domain controllers that run Active Directory-integrated DNS zones. All client computers are configured to use the local domain controllers for DNS resolution. The domain controllers at the branch office location are configured as Read-Only Domain Controllers (RODC). You change the IP address of an exisiting server named SRV2 in the main office. You need the branch office DNS servers to reflect the change immediately. What should you do?() A、 Run the dnscmd /ZoneUpdateFromDs command on the branch office servers.B、 Run the dnscmd /ZoneUpdateFromDs command on a domain controller in the main office.C、 Change the domain controllers at the branch offices from RODCs to standard domain controllers.D、 Decrease the Minimum (default) TTL option to 15 minutes on the Start of Authority (SOA) record for thezone.
Your company has an Active Directory domain. AlI servers run Windows Server 2008. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do()A、Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.B、Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.C、Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).D、Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
You need to design a method to implement account policies that meets the requirements in the written security policy. What should you do?()A、Create a GPO and link it to the New York OU, to the Denver OU, and to the Dallas OU.Configure the GPO with the required account policy settingsB、On all computers in the domain, configure the Local Security Policy7 with the required account policy settingsC、Configure the Default Domain Policy GPO with the required account policy settingsD、Configure the Default Domain Controllers Policy GPO with the required account policy settings
Your company has an Active Directory forest. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements. Your partner company has an Active Directory forest that contains a single domain. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. You need to configure your partner companys domain to use the approved set of administrative templates. What should you do()A、Use the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPO to the default domain policy.B、Copy the ADMX files from your companys PDC emulator to the PolicyDefinitions folder on the partner companys PDC emulator.C、Copy the ADML files from your companys PDC emulator to the PolicyDefinitions folder on thepartner companys PDC emulator.D、Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on the partner companys PDC emulator.
Your company has deployed network access protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?()A、Create a group policy object (GPO) that enabled security center and link the policy to the domain.B、Create a group policy object (GPO) that enabled security center and link the policy to the domain controllers organizational unit (OU).C、Create a group policy object (GPO) and set the require trusted path for credential entry option to enabled. Link the policy to the domain.D、Create a group policy object (GPO) and set the require trusted path for credential entry option to Enabled. Link the policy to the domain controllers organizational unit (OU).
You need to design a security strategy that will ensure that unauthorized users cannot access personnel data. Your solution must comply with security requirements and the company’s new administrative model.What should you do?()A、In the Default Domain Policy Group Policy object (GPO) for the corp.woodgrovebank.com domain, add the LA/HRUsers group to the Restricted Groups list. Add only the HR department user accounts to the Allowed Members listB、In the Default Domain Policy Group Policy object (GPO) for the la.corp.woodgrovebank.com domain, add the LA/HRUsers group to the Restricted Groups list. Add only the HR department user accounts to the Allowed Members listC、In the Default Domain Policy Group Policy object (GPO) for the corp.woodgrovebank.com domain, add the LA/HRUsers group and the CORP/Backup Operators group to the Restricted Groups list. Add only the HR department user accounts and the administrator user accounts to the Allowed Members list for each groupD、In the Default Domain Policy Group Policy object (GPO) for the la.corp.woodgrovebank.com domain, add the LA/HRUsers group and the CORP/Backup Operators group to the Restricted Groups list. Add only the HR department user accounts to the Allowed Members list for the LA/HRUsers group. Add only the administrator user accounts to the Allowed Members list for the CORP/Backup Operators group
You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. All client computers in the domain run Windows XP Professional. An application named Inventory.exe is installed on all computers in the domain to remotely gather software inventory information. The application runs as a service in the security context of the Local System. The startup type of the service is set to Automatic.In the Default Domain Policy Group Policy object (GPO), the security administrator has configured a software restriction policy that is applied to all computers in the domain. The policy contains a hash rule for the Inventory.exe application, and the hash rule is configured with a security level of Unrestricted. The client computers on the network are attacked by a worm that is distributed by e-mail messages received over the Internet. The worm detects the presence of Inventory.exe on a computer, then starts a new instance of the application in the security context of the logged-on user. The worm exploits a bug in the application to cause the computer to fail.You need to ensure that Inventory.exe cannot be started by the worm, while still allowing the application to run as a service. What should you do?()A、In the computer settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a zone rule for the Internet zone. Configure the zone rule with a security level of Disallowed.B、In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a zone rule for the Internet zone. Configure the zone rule with a security level of Disallowed.C、In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a hash rule for the Inventory.exe application. Configure the hash rule with a security level of Disallowed.D、In the computer settings section of the Default Domain Policy GPO, modify the existing software restriction policy hash rule for the Inventory.exe application so that the hash rule has a security level of Disallowed.
单选题Your company has an Active Directory forest. The company has servers that run Windows Server 2008 amd client computers that run Windows Vista. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements. Your partner company has an Active Directory forest that contains a single domain, The company has servers that run Windows Server 2008 and client computers that run Windows Vista. You need to configure your partner company’s domain to use the approved set of administrative templates. What should you do()AUse the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPO to the default domain policy.BCopy the ADMX files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDC emulatorCCopy the ADML files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDC emulatorDDownload the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on thr partner company’s emulator.
单选题Your company has an Active Directory domain. The company runs Terminal Services. You configure the main office printer as the default printer on the Terminal Server. The company policy states that all remote client computers must meet the following requirements: The main office printer must be the default printer of the client computers. Users must be able to access their local printers during a terminal session. You need to create a Group Policy Object by using the Terminal Services Printer Redirection template to meet the company policy. What should you do?()ASet the Easy Print driver first option to Disabled. Apply the GPO to the Terminal Server.BSet the Use Terminal Services Easy Print driver first option to Disabled. Apply the GPO to all the client computers.CSet the Do not set default client printer to be default printer in a session option to Enabled. Apply the GPO to the Terminal Server.DSet the Do not set default client printer to be default printer in a session option to Enabled. Apply the GPO to all the client computers.
单选题You work as the IT professional in an international company which is named Wiikigo. You are experiencedin implementing and administering a network operating system. You are specialized in deploying servers,configuring Windows Server 2008 Terminal services and network application services, and configuring aweb services infrastructure. There is an Active Directory domain in your company. The company runsTerminal Services. You have the head office printer configured as the default printer on the TerminalServer. According to the requirements of the company policy, all remote client computers must meet thefollowing requirements: Users must be able to access their local printers during a terminal session. The head office printer must bethe default printer of the client computers. A Group Policy object (GPO) needs to be created by using theTerminal Services Printer Redirection template to meet the company policy. What action should you perform?()AThe Do not set default client printer should be set to be default printer in a session option to Enabled.The GPO should be applied to all the client computers.BThe Easy Print driver first option should be set to Disabled. The GPO should be applied to the Terminal Server.CThe Use Terminal Services Easy Print driver first option should be set to Disabled. The GPO should be applied to all the client computers.DThe Do not set default client printer should be set to be default printer in a session option to Enabled.The GPO should be applied to the Terminal Server.
单选题Your company has an Active Directory forest. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements. Your partner company has an Active Directory forest that contains a single domain. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. You need to configure your partner company’s domain to use the approved set of administrative templates. What should you do()AUse the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPBCopy the ADMX files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDCCCopy the ADML files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDC DDownload the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site.
单选题You are a security administrator for your company. The network consists of a single Active Directory domain. Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows XP Professional. The company’s written security policy states that user accounts must be locked if an unauthorized user attempts to guess the users, passwords. The current account policy locks out a user after two invalid password attempts in five minutes. The user remains locked out until the account is reset by an administrator. Users frequently call the help desk to have their account unlocked. Calls related to account lockout constitute 25 percent of help desk calls. You need to reduce the number of help desk calls related to account lockout. What should you do?()A Modify the Default Domain Controllers Policy Group Policy object(GPO). Increase the maximum lifetime for serviceB Modify the Default Domain Policy Group Policy object(GPO). Configure an account lockout threshold of 10.C Modify the Default Domain Controllers Policy Group Policy object(GPO). Disable the enforcement of user logon resD Modify the Default Domain Policy Group Policy object(GPO). Increase the minimum password age.
单选题Your company has a single Active Directory Domain Services (AD DS) forest with a single domain named PassGuide.com. All client computers run Windows 7. All client computer accounts are located in the Computers container in the PassGuide.com domain. You discover that multiple client computers were automatically shut down because the security log was full. You need to ensure that client computers are not shut down when the security log becomes full. What should you do?()AConfigure an Event Viewer subscription.BIncrease the maximum log size.CModify the event log policy settings in the Default Domain Policy Group Policy object (GPO).DModify the event log policy settings in the Default Domain Controllers Policy Group Policy object(GPO).
单选题Your network contains an Active Directory domain. The domain contains several domain controllers. All domain controllers run Windows Server 2008 R2. You need to restore the Default Domain Controllers Policy Group Policy object (GPO) to the Windows Server 2008 R2 default settings. What should you do()ARun dcgpofix.exe /target:dc.BRun dcgpofix.exe /target:domain.CDelete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /sync. DDelete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /force.
单选题You need to design a method to ensure that only scripts that are approved by the IT department can run on company computers. Your solution must meet business requirements. What should you do?()ACreate a new software restriction policy in the Default Domain Policy GPO that removes the Microsoft Visual Basic Scripting Edition and the Windows Script Component file types from the File Types listBCreate a new software restriction policy in the Default Domain Policy GPO that disables the use of Wscript.exe and Cscript.exeCConfigure Windows Script Host to not execute Windows Script Component file typesDConfigure Windows Script Host to execute only scripts that are signed by a certificate issued by an approved certification authority (CA)
多选题You need to design Group Policy object (GPO) settings to support the use of the Encrypting File System (EFS). Your solution must meet business and security requirements. Which two actions should you perform?()ADesignate a data recovery agent and issue an EFS certificate to the data recovery agent. Export the private key and restrict access to the exported keyBMake the data recovery agent a local administrator on all client computersCRemove the default data recovery agent from the Default Domain Policy GPO. Then, include the new data recovery agent insteadDDelete the Default Domain Policy GPO. Configure a new GPO linked to the domain that does not specify a data recovery agent