You need to design an access control strategy that meets business and security requirements. Your solution must minimize forestwide replication. What should you do?()A、Create a global group for each department and a global group for each location. Add users to their respective departmental groups as members. Place the departmental global groups within the location global groups. Assign the location global groups to file and printer resources in their respective domains, and then assign permissions for the file and printer resources by using the location global groupsB、Create a global group for each department, and add the respective users as members. Create domain local groups for file and printer resources. Add the global groups to the respective domain local groups. Then, assign permissions to the file and printer resources by using the domain local groupsC、Create a local group on each server and add the authorized users as members. Assign appropriate permissions for the file and printer resources to the local groupsD、Create a universal group for each location, and add the respective users as members. Assign the universal groups to file and printer resources. Then, assign permissions by using the universal groups
You need to design an access control strategy that meets business and security requirements. Your solution must minimize forestwide replication. What should you do?()
- A、Create a global group for each department and a global group for each location. Add users to their respective departmental groups as members. Place the departmental global groups within the location global groups. Assign the location global groups to file and printer resources in their respective domains, and then assign permissions for the file and printer resources by using the location global groups
- B、Create a global group for each department, and add the respective users as members. Create domain local groups for file and printer resources. Add the global groups to the respective domain local groups. Then, assign permissions to the file and printer resources by using the domain local groups
- C、Create a local group on each server and add the authorized users as members. Assign appropriate permissions for the file and printer resources to the local groups
- D、Create a universal group for each location, and add the respective users as members. Assign the universal groups to file and printer resources. Then, assign permissions by using the universal groups
相关考题:
Your company has a single-domain Active Directory forest. The functional level of the domain is Windows Server 2008. You perform the following activities. Create a global distribution group. Add users to the global distribution group. Create a shared folder on a Windows Server 2008 member server. Place the global distribution group in a domain local group that has access to the shared folder. You need to ensure that the users have access to the shared folder. What should you do()A、Raise the forest functional level to Windows Server 2008.B、Add the global distribution group to the Domain Administrators group.C、Change the group type of the global distribution group to a security group.D、Change the scope of the global distribution group to a Universal distribution group.
Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering. You need to create a password policy for the engineering department that is different from your domain password policy. What should you do()A、Create a new GPO. Link the GPO to the Engineering OU.B、Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the Engineering OU.C、Create a global security group and add all the user accounts for the engineering department to the group. Create a new Password Policy Object (PSO) and apply it to the group.D、Create a domain local security group and add all the user accounts for the engineering department to the group. From the Active Directory Users and Computer console, select the group and run the Delegation of Control Wizard.
You need to design a monitoring strategy to meet business requirements for data on servers in the production department. What should you do?()A、Use the Microsoft Baseline Security Analyzer (MBSA) to scan for Windows vulnerabilities on all servers in the production departmentB、Run Security and Configuration Analysis to analyze the security settings of all servers in the production departmentC、Enable auditing for data on each server in the production department. Run System Monitor on all servers in the production department to create a counter log that tracks activity for the Objects performance objectD、Create a Group Policy Object (GPO) that enables auditing for object access and link it to the product department’s Servers OU. Enable auditing for data on each server in the production department
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All company data is stored in shared folders on network file servers. The data for each department is stored in a departmental shared folder. Users in each department are members of the departmental global group. Each departmental global group is assigned the Allow - Full Control permission for the corresponding departmental shared folder. Company requirements state that all access to shared folders must be configured by using global groups. A user named Richard works in the sales department. Richard needs to be able to modify files in the Marketing shared folder. You need to ensure that Richard has the minimum permissions for the Marketing shared folder that he needs to do his job. You need to achieve this goal while meeting company requirements and without granting unnecessary permissions. What should you do? ()A、Add Richard's user account to the Marketing global group.B、Assign the Sales global group the Allow - Change permission for the Marketing shared folder.C、Create a new global group. Add Richard's user account to the group. Assign the new global group the Allow - Change permission for the Marketing shared folder.D、Assign Richard's user account the Allow - Change permission for the Marketing shared folder.
You need to design a method to standardize and deploy a baseline security configuration for servers. You solution must meet business requirements. What should you do?()A、Create a script that installs the Hisecdc.inf security templateB、Use a GPO to distribute and apply the Hisec.inf security templateC、Use the System Policy Editor to configure each server’s security settingsD、Use a GPO to distribute and apply a custom security template
Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering. You need to create a password policy for the engineering department that is different from your domain password policy. What should you do()A、Create a new GPO. Link the GPO to the Engineering OU.B、Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the Engineering OUC、Create a global security group and add all the user accounts for the engineering department to the group. Create aD、Create a domain local security group and add all the user accounts for the engineering department to the group. Fr
You need to design a method for junior IT administrators to perform more IT support tasks. Your solution must meet business and security requirements. What should you do?()A、Delegate appropriate Active Directory permissions to the junior IT administratorsB、Add the junior IT administrators’ user accounts to the Domain Admins user groupC、Create a custom Microsoft Management Console (MMC) that uses taskpad views to enable the appropriate tasks for the junior IT administratorsD、Make the junior IT administrators’ domain user accounts member of the local Administrators group on all client computersE、Create new domain user accounts for each junior IT administrator. Make the new accounts members of the Domain Admins group and instruct junior IT administrators to use the new accounts only for appropriate administrative tasks
You have an Exchange Server 2010 organization. The organization contains a global security group named Group1. You plan to deploy a monitoring solution for the Exchange servers in your organization. You need to recommend a solution that allows members of Group1 to monitor the performance of Exchange Server 2010 servers. Your solution must prevent members of Group1 from modifying the configurations of the Exchanges Server 2010 organization. What should you include in the solution?()A、Delegation of Control WizardB、Federation TrustsC、Reliability MonitorD、Role Based Access Control (RBAC)
Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. All servers run Windows Server 2003 Service Pack 2 (SP2). The network contains 10 file servers. Each file server hosts a share named Apps.On each file server, a local group named App-install-local has permissions to the Apps share. A global group named App-install-global belongs to the App-install-local group on each file server. App-install-global is used only to control permissions for the Apps share.You create a global group named Helpdesk.You need to provide the Helpdesk group access to the Apps share on each file server. The Helpdesk group must have the same permissions as the App-install-global group. You must achieve this goal by using the minimum amount of administrative effort.What should you do? ()A、Add the Helpdesk group to the App-install-global group.B、Add the Helpdesk group to the App-install-local group on each file server.C、Convert the App-install-global group to a universal group. Add the App-install-global group to the Helpdesk group.D、Convert the Helpdesk group to a universal group. Add the Helpdesk group to the App-install-local group on each file server.
You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All TestKing data is stored in shared folders on network file servers. The data for each department is stored in a departmental shared folder. Users in each department are members of the departmental global group. Each departmental global group is assigned the Allow - Full Control permission for the corresponding departmental shared folder. TestKing requirements state that all access to shared folders must be configured by using global groups. A user named Dr King works in the sales department. Dr King needs to be able to modify files in the Marketing shared folder. You need to ensure that Dr King has the minimum permissions for the Marketing shared folder that he needs to do his job. You need to achieve this goal while meeting TestKing requirements and without granting unnecessary permissions. What should you do?()A、Add Dr King's user account to the Marketing global group.B、Assign the Sales global group the Allow - Change permission for the Marketing shared folder.C、Create a new global group. Add Dr King' user account to the group.Assign the new global group the Allow - Change permission for the Marketing shared folder.D、Assign Dr King's user account the Allow - Change permission for the Marketing shared folder.
You are the network administrator for Testking.com. The network consists of a single Active Directory forest that contains three domains. The functional level of the forest is Windows Server 2003. The domain names are testking.com, europe.testking.com, and asia.testking.com. Each domain contains 500 user accounts. TestKing.com is in the process of acquiring several other companies whose networks will be add to the testking.com Windows Server 2003 domain. These acquisitions will entail the addition of several new offices, which will be connected to TestKing's network by means of dedicated 56-Kbps WAN connections. You create a new shared folder named NewProjects on a file server in testking.com. Several users in each existing domain need access to the NewProjects folder. These users are not in the same group in any domain. All users who need access to the NewProjects folder must be able to add, delete, and modify files and folders in the NewProjects folder. Users in the acquired companies also will require access to this folder. You need to create the required Active Directory groups and configure the required permissions for the NewProjects folder. Your solution must minimize ongoing administrative effort as you add new companies to the network. You must also minimize unnecessary traffic across the WAN connections. What should you do?()A、Create a single universal security group. Add all users that require access to the folder to the group. Create a domain local group in the testking.com domain. Add the universal group to the domain local group. Assign permissions to the shared folder by using the domain local group.B、Create a global security group in each domain. Add all users that require access to the folder to the global group in their domain. Create a domain local group in testking.com domain. Add the global groups to the domain local group. Assign permissions to the shared folder by using the domain local group.C、Create a universal security group in each domain. Add all users that require access to the folder to the group in their domain. Assign permissions to the shared folder by using the universal groups.D、Create a global security group in each domain. Add all users that require access to the folder to the group in their domain. Assign permissions to the shared folder by using the global groups.
You are a security administrator for your company. The network consists of three Active Directory domains. All Active Directory domains are running at a Windows Server 2003 mode functionality level. Employees in the editorial department of your company need access to resources on file servers that are in each of the Active Directory domains. Each Active Directory domain in the company contains at least one editorial department employee user account. You need to create a single group named Company Editors that contains all editorial department employee user accounts and that has access to the resources on file server computers. What should you do?()A、 Create a global distribution group in the forest root domain and name it Company Editors.B、 Create a global security group in the forest root domain and name it Company Editors.C、 Create a universal distribution group in the forest root domain and name it Company Editors. D、 Create a universal security group in the forest root domain and name it Company Editors.
You need to design an administrative control strategy for Denver administrators. What should you do?()A、Create a security group named HelpDesk. Add the HelpDesk group to the Enterprise Admins group in both domainsB、Create a security group named HelpDesk. Add the HelpDesk group to the Domain Admins groups in both domainsC、Add the Domain Admins group in the litwareinc.com domain to the Domain Admins group in the contoso.com domain. Delegate full control of the litwareinc.com domain to the Domain Admins group in the contoso.com domainD、Create a security group named HelpDesk for each office. Delegate administrative tasks to their respective OU or domain.Delegate full control of the contoso.com domain to the Domain Admins group from the litwareinc.com domain
You need to design an access control and permission strategy for user objects in Active Directory.What should you do?()A、Make the members of the AdvancedSupport security group members of the Domain Admins security groupB、Give each desktop support technician permission to reset passwords for the top-level OU that contains user accounts at their own locationC、Delegate full control over all OUs that contain user accounts to all AllSupport security groupD、Change the permissions on the domain object and its child objects so that the BasicSupport security group is denied permissions. Then, add a permission to each OU that contains user accounts that allows AllSupport security group members to reset passwords in that OU
Your network consists of a single Active Directory domain. The functional level of the domain isWindows Server 2003. All servers run Windows Server 2003 Service Pack 2 (SP2).The network contains 10 file servers. Each file server hosts a share named Apps. On each file server, a local group named App-install-local has permissions to the Apps share. A globalgroup named App-install-global belongs to the App-install-local group on each file server.App-install-global is used only to control permissions for the Apps share.You create a global group named Helpdesk.You need to provide the Helpdesk group access to the Apps share on each file server. The Helpdeskgroup must have the same permissions as the App-install-global group. You must achieve this goal byusing the minimum amount of administrative effort.What should you do? ()A、Add the Helpdesk group to the App-install-global group.B、Add the Helpdesk group to the App-install-local group on each file server.C、Convert the App-install-global group to a universal group. Add the App-install-global group to the Helpdesk group.D、Convert the Helpdesk group to a universal group. Add the Helpdesk group to the App-install-local group on each file server.
Your environment includes multiple Windows Server 2008 R2 Hyper-V servers. You are designing an administrative strategy for virtual machines (VMs). You need to ensure that members of the Security Compliance Active Directory Domain Services (AD DS) security group can monitor failed logon events on the VMs. What should you do?()A、Add the Security Compliance group to the local administrators group of each VMB、Add the Security Compliance group to the local administrators group of each Hyper-V serverC、In the InitialStore.xml file of each VM, define an access policy for the Security Compliance groupD、in the InitialStore.xml file of each Hyper-V server, define an access policy for the Security Compliance group
单选题You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All TestKing data is stored in shared folders on network file servers. The data for each department is stored in a departmental shared folder. Users in each department are members of the departmental global group. Each departmental global group is assigned the Allow - Full Control permission for the corresponding departmental shared folder. TestKing requirements state that all access to shared folders must be configured by using global groups. A user named Dr King works in the sales department. Dr King needs to be able to modify files in the Marketing shared folder. You need to ensure that Dr King has the minimum permissions for the Marketing shared folder that he needs to do his job. You need to achieve this goal while meeting TestKing requirements and without granting unnecessary permissions. What should you do?()AAdd Dr King's user account to the Marketing global group.BAssign the Sales global group the Allow - Change permission for the Marketing shared folder.CCreate a new global group. Add Dr King' user account to the group.Assign the new global group the Allow - Change permission for the Marketing shared folder.DAssign Dr King's user account the Allow - Change permission for the Marketing shared folder.
单选题Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering. You need to create a password policy for the engineering department that is different from your domain password policy. What should you do()ACreate a new GPO. Link the GPO to the Engineering OU.BCreate a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the Engineering OUCCreate a global security group and add all the user accounts for the engineering department to the group. Create aDCreate a domain local security group and add all the user accounts for the engineering department to the group. Fr
单选题Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. All servers run Windows Server 2003 Service Pack 2 (SP2). The network contains 10 file servers. Each file server hosts a share named Apps.On each file server, a local group named App-install-local has permissions to the Apps share. A global group named App-install-global belongs to the App-install-local group on each file server. App-install-global is used only to control permissions for the Apps share.You create a global group named Helpdesk.You need to provide the Helpdesk group access to the Apps share on each file server. The Helpdesk group must have the same permissions as the App-install-global group. You must achieve this goal by using the minimum amount of administrative effort.What should you do? ()AAdd the Helpdesk group to the App-install-global group.BAdd the Helpdesk group to the App-install-local group on each file server.CConvert the App-install-global group to a universal group. Add the App-install-global group to the Helpdesk group.DConvert the Helpdesk group to a universal group. Add the Helpdesk group to the App-install-local group on each file server.
单选题You are the network administrator for Testking.com. The network consists of a single Active Directory forest that contains three domains. The functional level of the forest is Windows Server 2003. The domain names are testking.com, europe.testking.com, and asia.testking.com. Each domain contains 500 user accounts. TestKing.com is in the process of acquiring several other companies whose networks will be add to the testking.com Windows Server 2003 domain. These acquisitions will entail the addition of several new offices, which will be connected to TestKing's network by means of dedicated 56-Kbps WAN connections. You create a new shared folder named NewProjects on a file server in testking.com. Several users in each existing domain need access to the NewProjects folder. These users are not in the same group in any domain. All users who need access to the NewProjects folder must be able to add, delete, and modify files and folders in the NewProjects folder. Users in the acquired companies also will require access to this folder. You need to create the required Active Directory groups and configure the required permissions for the NewProjects folder. Your solution must minimize ongoing administrative effort as you add new companies to the network. You must also minimize unnecessary traffic across the WAN connections. What should you do?()ACreate a single universal security group. Add all users that require access to the folder to the group. Create a domain local group in the testking.com domain. Add the universal group to the domain local group. Assign permissions to the shared folder by using the domain local group.BCreate a global security group in each domain. Add all users that require access to the folder to the global group in their domain. Create a domain local group in testking.com domain. Add the global groups to the domain local group. Assign permissions to the shared folder by using the domain local group.CCreate a universal security group in each domain. Add all users that require access to the folder to the group in their domain. Assign permissions to the shared folder by using the universal groups.DCreate a global security group in each domain. Add all users that require access to the folder to the group in their domain. Assign permissions to the shared folder by using the global groups.
单选题You need to design a storage strategy that meets all business and technical requirements. What should you do?()ACreate a storage group for each office. Within each storage group, create a single databaseBCreate a storage group for each region. Within each storage group, create a single databaseCCreate a storage group for each region. Within each storage group, create separate databases for each office in that regionDCreate a single storage group. Within that storage group, create a separate database for each office
单选题You need to design a monitoring strategy to meet business requirements for data on servers in the production department. What should you do?()AUse the Microsoft Baseline Security Analyzer (MBSA) to scan for Windows vulnerabilities on all servers in the production departmentBRun Security and Configuration Analysis to analyze the security settings of all servers in the production departmentCEnable auditing for data on each server in the production department. Run System Monitor on all servers in the production department to create a counter log that tracks activity for the Objects performance objectDCreate a Group Policy Object (GPO) that enables auditing for object access and link it to the product department’s Servers OU. Enable auditing for data on each server in the production department
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All company data is stored in shared folders on network file servers. The data for each department is stored in a departmental shared folder. Users in each department are members of the departmental global group. Each departmental global group is assigned the Allow - Full Control permission for the corresponding departmental shared folder. Company requirements state that all access to shared folders must be configured by using global groups. A user named Richard works in the sales department. Richard needs to be able to modify files in the Marketing shared folder. You need to ensure that Richard has the minimum permissions for the Marketing shared folder that he needs to do his job. You need to achieve this goal while meeting company requirements and without granting unnecessary permissions. What should you do? ()AAdd Richard's user account to the Marketing global group.BAssign the Sales global group the Allow - Change permission for the Marketing shared folder.CCreate a new global group. Add Richard's user account to the group. Assign the new global group the Allow - Change permission for the Marketing shared folder.DAssign Richard's user account the Allow - Change permission for the Marketing shared folder.
单选题You need to design an access control strategy that meets business and security requirements. Your solution must minimize forestwide replication. What should you do?()ACreate a global group for each department and a global group for each location. Add users to their respective departmental groups as members. Place the departmental global groups within the location global groups. Assign the location global groups to file and printer resources in their respective domains, and then assign permissions for the file and printer resources by using the location global groupsBCreate a global group for each department, and add the respective users as members. Create domain local groups for file and printer resources. Add the global groups to the respective domain local groups. Then, assign permissions to the file and printer resources by using the domain local groupsCCreate a local group on each server and add the authorized users as members. Assign appropriate permissions for the file and printer resources to the local groupsDCreate a universal group for each location, and add the respective users as members. Assign the universal groups to file and printer resources. Then, assign permissions by using the universal groups
单选题Your network consists of a single Active Directory domain. The functional level of the domain isWindows Server 2003. All servers run Windows Server 2003 Service Pack 2 (SP2).The network contains 10 file servers. Each file server hosts a share named Apps. On each file server, a local group named App-install-local has permissions to the Apps share. A globalgroup named App-install-global belongs to the App-install-local group on each file server.App-install-global is used only to control permissions for the Apps share.You create a global group named Helpdesk.You need to provide the Helpdesk group access to the Apps share on each file server. The Helpdeskgroup must have the same permissions as the App-install-global group. You must achieve this goal byusing the minimum amount of administrative effort.What should you do? ()AAdd the Helpdesk group to the App-install-global group.BAdd the Helpdesk group to the App-install-local group on each file server.CConvert the App-install-global group to a universal group. Add the App-install-global group to the Helpdesk group.DConvert the Helpdesk group to a universal group. Add the Helpdesk group to the App-install-local group on each file server.
单选题You are a security administrator for your company. The network consists of three Active Directory domains. All Active Directory domains are running at a Windows Server 2003 mode functionality level. Employees in the editorial department of your company need access to resources on file servers that are in each of the Active Directory domains. Each Active Directory domain in the company contains at least one editorial department employee user account. You need to create a single group named Company Editors that contains all editorial department employee user accounts and that has access to the resources on file server computers. What should you do?()A Create a global distribution group in the forest root domain and name it Company Editors.B Create a global security group in the forest root domain and name it Company Editors.C Create a universal distribution group in the forest root domain and name it Company Editors. D Create a universal security group in the forest root domain and name it Company Editors.
单选题Your company has a single-domain Active Directory forest. The functional level of the domain is Windows Server 2008. You perform the following activities. Create a global distribution group. Add users to the global distribution group. Create a shared folder on a Windows Server 2008 member server. Place the global distribution group in a domain local group that has access to the shared folder. You need to ensure that the users have access to the shared folder. What should you do()ARaise the forest functional level to Windows Server 2008.BAdd the global distribution group to the Domain Administrators group.CChange the group type of the global distribution group to a security group.DChange the scope of the global distribution group to a Universal distribution group.