You are the network administrator for Test King. The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. The Default Domain Policy has been modified by importing a security template file, which contain several security settings. A server named TestKing1 cannot run a program that us functioning on other similarly configured servers. You need to find out whether additional security settings have been added to the local security policy on TestKing1. To troubleshoot, you want to use a tool to compare the current security settings on TestKing1 against the security template file in order to automatically identify any settings that might have been added to the local security policy. Which tool should you run on TestKing1?()A、Microsoft Baseline Security Analyzer (MBSA)B、Security Configuration and Analysis consoleC、gpresult.exeD、Resultant Set of Policy console in planning mode
You are the network administrator for Test King. The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. The Default Domain Policy has been modified by importing a security template file, which contain several security settings. A server named TestKing1 cannot run a program that us functioning on other similarly configured servers. You need to find out whether additional security settings have been added to the local security policy on TestKing1. To troubleshoot, you want to use a tool to compare the current security settings on TestKing1 against the security template file in order to automatically identify any settings that might have been added to the local security policy. Which tool should you run on TestKing1?()
- A、Microsoft Baseline Security Analyzer (MBSA)
- B、Security Configuration and Analysis console
- C、gpresult.exe
- D、Resultant Set of Policy console in planning mode
相关考题:
You are the administrator of a Windows 2000 Active Directory network. The network consists of a single domain. The domain includes 20 Windows NT Workstation 4.0 client computers. All other client computers are Windows 2000 Professional computers.You create a Windows NT 4.0 default user policy on the Windows 2000 Server computer that is configured as the PDC emulator. This default user policy denies access to Network Neighborhood. You then install Terminal Services on one of the servers and Terminal Services Client on the 20 Windows NT Workstation client computers.You find that the users of the Terminal Server can still browse the network when they open My Network Places. You want to prevent all users from browsing the network.What should you do?A.Modify the Windows NT policy template file so that you can restrict access to both My Network Places and Network Neighborhood. Save the policy file on the Terminal Server.B.Copy the Windows NT policy file to the 20 Windows NT Workstation computers.C.Create a Windows 2000 Group Policy that denies user access to My Network Places.D.Edit the local registry on the Windows NT Workstation computers to deny access to Entire Network in Network Neighborhood.
You are the network administrator for The network consists of a single Active Directory domain named The domain contains 352,000 Windows 2000 Professional computers. You install and configure Software Update Services (SUS) on a server named TestKing3. You need to scan all computers in the domain to find out whether they have received all approved updates that are located on the SUS server. What should you do?()A、On a server, install and run the mbsacli.exe command with the appropriate configuration switches.B、On a server that runs IIS, install and configure urlscan.exe.C、Edit and configure the Default Domain Policy to enable the Configure Automatic Updates policy.D、From a command prompt on TestKing3, run the netsh.exe command to scan all computers in the domain.
You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. The domain contains a group named SalesAdmin. Members of the SalesAdmin group need the permission to add Group Policy links and create Group Policy objects (GPOs) for only the Sales organizational unit (OU). You need to configure the domain to provide the SalesAdmin group with the minimum permissions necessary to meet these requirements. What should you do?()A、Add the SalesAdmins group to the Group Policy Creator Owners group.B、Configure the discretionary access control list (DACL) on all of the Group Policy links for the Sales OU to assign the SalesAdmins group the Allow - Apply Group Policy permission.C、Run the Delegation of Control wizard on the domain to assign the SalesAdmin group the Manage Group Policy links task.D、Run the Delegation of Control wizard on the Sales OU to assign the SalesAdmins group the Manage Group Policy links task.
You are the network administrator for . The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003, and all client computers run Windows XP Professional. TestKing acquires a subsidiary. You receive a comma delimited file that contains the names of all user accounts at the subsidiary. You need to import these accounts into your domain. Which command should you use?()A、ldifdeB、csvdeC、ntdsutil with the authoritative restore optionD、dsadd user
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3). You need to ensure that locked out user accounts remain locked out until an administrator unlocks the accounts. What should you do? ()A、In the Default Domain Policy, set the Account lockout duration to 0.B、In the Default Domain Policy, set the Account lockout duration to 99999.C、From Active Directory Users and Computers, select the Account is trusted for delegation option for all user accounts.D、From Active Directory Users and Computers, select the Account is sensitive and cannot be delegated option for all user accounts.
You are the network administrator for .Your network consists of a single Active Directory domain named . The Default Domain Group Policy object (GPO) uses all default settings. The network contains five servers running Windows Server 2003 and 800 client computers. Half of the client computers are portable computers. The other half are desktop computers. Users of portable computers often work offline, but users of desktop computers do not. You install Windows XP Professional on all client computers with default settings. Then you configure user profiles and store them on the network. Some users of portable computers now report that they cannot log on to their computers. Other users of portable computers do not experience this problem. You need to ensure that all users of portable computers can log on successfully,whether they are working online or offline. What should you do?()A、Configure all portable computers to cache user credentials locally.B、Ensure that all users of portable computers log on to the network at least once before working offline.C、In all portable computers, rename Ntuser.dat to Ntuser.man.D、For all portable computers, configure the Loopback policy setting.
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3). You have a server named Server1 that has Windows Server Update Services (WSUS) 3.0 installed. You need to ensure that all WSUS clients download approved updates directly from the Windows Update site. What should you do?()A、From the Default Domain Policy, configure the Background Intelligence Transfer Service settings. B、From the Default Domain Policy, configure the Windows Update settings. C、From the Update Services console, create a new automatic approvals rule. D、From the Update Services console, configure the Update Files and Languages settings.
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers. Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO) is configured.You need to confirm whether all computers in the domain have received all approved updates from Server1. What should you do on Server1?()A、Install and configure Urlscan.exe.B、At the command prompt, type gpresult /scope COMPUTER.C、Open the WSUS console. Run the Status of Computers report.D、Open the WSUS console. Run the Synchronization Results report.
You are the network administrator for Humongous Insurance. The network consists of a single Active Directory domain named humongous.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers. You configure several Group Policy objects (GPOs) to enforce the use of IPSec for certain types of communication between specified computers. A server named Server2 runs the Telnet service. A GPO is supposed to ensure that all Telnet connections to Server2 are encrypted by using IPSec. However, when you monitor network traffic, you notice that Telnet connections are not being encrypted.You need to view all of the IPSec settings that are applied to Server2 by GPOs. Which tool should you use?()A、the IP Security Policy Management consoleB、the IP Security Monitor consoleC、the Resultant Set of Policy consoleD、Microsoft Baseline Security Analyzer (MBSA)
You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers. According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network. You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network. What should you do? ()A、 On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic.B、 Replace all Windows 98 computers with new Windows XP Professional computers.C、 Install the Active Directory Client Extensions software on the Windows 98 computers.D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,200 Windows 2000 Professional computers. The written company security policy states that all computers in the domain must be examined, with the following goals: (1)to find out whether all available security updates are present (2)to find out whether shared folders are present to record the file system type on each hard disk You need to provide this security assessment of every computer and verify that the requirementsof the written security policy are met. What should you do?()A、Open the Default Domain Policy and enable the Configure Automatic Updates policy.B、Open the Default Domain Policy and enable the Audit object access policy, the Audit account management policy, and the Audit system events policy.C、On a server, install and run mbsacli.exe with the appropriate configuration switches.D、On a server, install and run HFNetChk.exe with the appropriate configuration switches.
You are the network administrator for . The network consists of a single Active Directory domain named All network servers run Windows Server 2003. All client computers run Windows XP Professional. Multiple users share the same client computer. A server named TestKing2 functions as a file and print server. You set the profile path for all user accounts to //TestKing2/Profiles/username. Some domain users were added to the local Administrators group on the Windows XP Professional computers. A user reports that other users can log on to client computers that he has previously used and gain access to files stored in his My Documents folder on the local hard disk. You need to permanently prevent users from being able to access the My Documents folder of other domain users on the client computers. What should you do?()A、In Active Directory, modify the Default Domain Policy. Disable the Do not check for user ownership of Roaming Profile Folders setting.B、In Active Directory, modify the Default Domain Policy. Enable the Delete cached copies of roaming profiles setting.C、Log on to all client computers and delete all user profiles from the local hard disks.D、Log on to all client computers and configure the Number of previous logons to cache setting to 0.
You are the desktop administrator for one of your company's branch offices. The network in the branch office consists of a single network segment, which contains a domain controller, a DHCP server, 10 Windows 2000 Server computers, and 50 Windows 2000 Professional computers. All servers and client computers are members of the company's Active Directory domain. You purchase 50 new client computers for the branch office. Each new client computer contains a built-in PXE-compliant network adapter. You install and configure RIS on one of the Windows 2000 Server computers that is on the network in the branch office. You create a Windows XP Professional RIS image on the Windows 2000 Server computer. You connect the new client computers to the network in the office, and you turn on each computer. Each computer displays a message stating that it cannot contact a PXE boot server. You verify that the RIS server is connected to the network. You need to ensure that the new client computers can connect to the RIS server and can begin installing Windows XP Professional. What should you do?()A、Ask a domain administrator to authorize the RIS server. B、Grant the Everyone group Allow - Read NTFS permission on the RIS image.C、Install RIS on the domain controller. Copy the RIS image to the domain controller.D、Add a reservation for the RIS server to the DHCP server.
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers.Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO)is configured.You need to confirm whether all computers in the domain have received all approved updates from Server1. What should you do on Server1?()A、Install and configure Urlscan.exe.B、At the command prompt, type gpresult /scope COMPUTER.C、Open the WSUS console. Run the Status of Computers report.D、Open the WSUS console. Run the Synchronization Results report.
You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains three Windows Server 2003 domain controllers, 20 Windows Server 2003 member servers, and 750 Windows XP Professional computers. The domain is configured to use only Kerberos authentication for all server connections.A user reports that she receives an "Access denied" error message when she attempts to connect to one of the member servers. You want to test the functionality of Kerberos authentication on the user’s client computer. Which command should you run from the command prompt on the user’s computer?()A、netshB、netdiagC、ktpassD、ksetup
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers.Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO) is configured.You need to confirm whether all computers in the domain have received all approved updates fromServer1. What should you do on Server1?()A、Install and configure Urlscan.exe.B、At the command prompt, type gpresult /scope COMPUTER.C、Open the WSUS console. Run the Status of Computers report.D、Open the WSUS console. Run the Synchronization Results report.
You are the network administrator for . The network consists of single Active directory domain. The domain contains a Windows Server 2003 domain controller named TestKing3. The securews.inf security policy has been applied to the domain. A network application requires a service account. The network application runs constantly. You create and configure a service account named SrvAcct for the network application. The software functions properly using the new account and service. You discover an ongoing brute force attack against the SrvAcct account. The intruder appears to be attempting a distributed attack from several Windows XP Professional domain member computers on the LAN. The account has not been compromised and you are able to stop the attack, you restart Server6 and attempt to run the network application, but the application does not respond.()A、Reset the SrvAcct password,B、Configure the default Domain Controllers policy to assign the SrvAcct account the right to log on locally.C、Unlock the SrvAcct account.D、Restart the NetAppService service.
You are the network administrator for The network consists of a single Active Directory domain named Servers run either Windows 2000 Server or Windows Server 2003. Client computers run either Windows 2000 Professional Service Pack 2 or Windows XP Professional. You need to implement a new software update infrastructure. You discover that security patches, critical updates, and service packs have never been installed on any client computer on the network. You install Software Update Services (SUS) on a Windows Server 2003 computer named Testking5. You must ensure that all client computers receive all Microsoft security patches, critical updates, and service packs. You want to achieve this goal as quickly as possible. Which three actions should you perform? ()(Each correct answer presents part of the solution. Choose three)A、Install the Automatic Updates client on all Windows 2000 Professional client computers.B、Install the Automatic Updates client on all Windows XP Professional client computers.C、Install SUS on a Windows 2000 Server computer.D、Modify the Windows Update settings of the Default Domain Controller organizational unit (OU) Group Policy object (GPO) to point client computers to http://testking5.E、Modify the Windows Update settings of the Default Domain Policy Group Policy object (GPO) to point client computers to http://testking5.F、Upgrade all Windows 2000 Professional client computers to Windows XP Professional.
You are the network administrator for Humongous Insurance. The network consists of a single Active Directory domain named humongous.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers.You configure several Group Policy objects (GPOs) to enforce the use of IPSec for certain types of communication between specified computers. A server named Server2 runs the Telnet service. A GPO is supposed to ensure that all Telnet connections to Server2 are encrypted by using IPSec. However, when you monitor network traffic, you notice that Telnet connections are not being encrypted.You need to view all of the IPSec settings that are applied to Server2 by GPOs. Which tool should you use?()A、the IP Security Policy Management consoleB、the IP Security Monitor consoleC、the Resultant Set of Policy consoleD、Microsoft Baseline Security Analyzer (MBSA)
You are the network administrator for The network consists of a sing Active Directory domain named All domain controllers run Windows Server 2003. All client computers run Windows XP Professional with default settings. Some users have portable computers, and the rest have desktop computers. You need to ensure that all users are authenticated by a domain controller whenthey log on. How should you modify the local security policy?()A、Require authentication by a domain controller to unlock the client computer.B、Cache zero interactive logons.C、Cache 50 interactive logons.D、Grant the Log on locally user right to the Users group.
You are a security administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. All servers run Windows Server 2003. All computers on the network are members of the domain. Traffic on the network is encrypted by IPSec. The domain contains a custom IPSec policy named Lan Security that applies to all computers in the domain. The Lan Security policy does not allow unsecured communication with non-lPSec-aware computers. The company’s written security policy states that the configuration of the domain and the configuration of the Lan Security policy must not be changed. The domain contains a multihomed server named Server1. Server1 isconnected to the company network, and Server1 is also connected to a test network. Currently, the Lan Security IPSec policy applies to network traffic on both network adapters in Server1. You need to configure Server1 so that it communicates on the test network without IPSec security. Server1 must still use the Lan Security policy when it communicates on the company network. How should you configure Server1?()A、 Configure a packet filter for the network adapter on the test network to block the Internet Key Exchange (IKE) port.B、 Configure the network adapter on the test network to disable IEEE 802.1x authentication.C、 Configure the network adapter on the test network to enable TCP/IP filtering, and then permit all traffic.D、 Use the netsh command to assign a persistent IPSec policy that permits all traffic on the network adapter on the test.E、 Assign an IPSec policy in the local computer policy that permits all traffic on the network adapter on the test.
You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers. According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network. You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network. What should you do? ()A、 On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic. B、 Replace all Windows 98 computers with new Windows XP Professional computers. C、 Install the Active Directory Client Extensions software on the Windows 98 computers. D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.
单选题You are the network administrator for The network consists of a single Active Directory domain named The domain contains 352,000 Windows 2000 Professional computers. You install and configure Software Update Services (SUS) on a server named TestKing3. You need to scan all computers in the domain to find out whether they have received all approved updates that are located on the SUS server. What should you do?()AOn a server, install and run the mbsacli.exe command with the appropriate configuration switches.BOn a server that runs IIS, install and configure urlscan.exe.CEdit and configure the Default Domain Policy to enable the Configure Automatic Updates policy.DFrom a command prompt on TestKing3, run the netsh.exe command to scan all computers in the domain.
单选题You are the network administrator for The network consists of a sing Active Directory domain named All domain controllers run Windows Server 2003. All client computers run Windows XP Professional with default settings. Some users have portable computers, and the rest have desktop computers. You need to ensure that all users are authenticated by a domain controller whenthey log on. How should you modify the local security policy?()ARequire authentication by a domain controller to unlock the client computer.BCache zero interactive logons.CCache 50 interactive logons.DGrant the Log on locally user right to the Users group.
单选题You are the network administrator for The network consists of a single Active Directory domain named The domain contains 352,000 Windows 2000 Professional computers. You install and configure Software Update Services (SUS) on a server named TestKing3. You need to scan all computers in the domain to find out whether they have received all approved updates that are located on the SUS server. What should you do?()AOn a server, install and run the mbsacli.exe command with the appropriate configuration switches.BOn a server that runs IIS, install and configure urlscan.exe.CEdit and configure the Default Domain Policy to enable the Configure Automatic Updates policy.DFrom a command prompt on TestKing3, run the netsh.exe command to scan all computers in the domain.