网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
You are a security administrator for your company. The network consists of a single Active Directory domain. Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows XP Professional. The company’s written security policy states that user accounts must be locked if an unauthorized user attempts to guess the users, passwords. The current account policy locks out a user after two invalid password attempts in five minutes. The user remains locked out until the account is reset by an administrator. Users frequently call the help desk to have their account unlocked. Calls related to account lockout constitute 25 percent of help desk calls. You need to reduce the number of help desk calls related to account lockout. What should you do?()
- A、 Modify the Default Domain Controllers Policy Group Policy object(GPO). Increase the maximum lifetime for service
- B、 Modify the Default Domain Policy Group Policy object(GPO). Configure an account lockout threshold of 10.
- C、 Modify the Default Domain Controllers Policy Group Policy object(GPO). Disable the enforcement of user logon res
- D、 Modify the Default Domain Policy Group Policy object(GPO). Increase the minimum password age.
参考答案
更多 “ You are a security administrator for your company. The network consists of a single Active Directory domain. Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows XP Professional. The company’s written security policy states that user accounts must be locked if an unauthorized user attempts to guess the users, passwords. The current account policy locks out a user after two invalid password attempts in five minutes. The user remains locked out until the account is reset by an administrator. Users frequently call the help desk to have their account unlocked. Calls related to account lockout constitute 25 percent of help desk calls. You need to reduce the number of help desk calls related to account lockout. What should you do?()A、 Modify the Default Domain Controllers Policy Group Policy object(GPO). Increase the maximum lifetime for serviceB、 Modify the Default Domain Policy Group Policy object(GPO). Configure an account lockout threshold of 10.C、 Modify the Default Domain Controllers Policy Group Policy object(GPO). Disable the enforcement of user logon resD、 Modify the Default Domain Policy Group Policy object(GPO). Increase the minimum password age.” 相关考题
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You need to implement a new software update infrastructure. You discover that security patches, critical updates, and service packs have never been installed on any client computer on the network.You install Windows Server Update Services (WSUS) on a Windows Server 2003 computer named Server5. You synchronize and approve all of the current security patches, critical updates, and service packs.You need to ensure that all client computers receive all Microsoft security patches, critical updates, and service packs. Which two actions should you perform?()A、Open the WSUS console. Select the option to automatically approve WSUS updates.B、Install the Automatic Updates client on all client computers.C、Modify the Microsoft Update settings of the Default Domain Controller organizational unit (OU) Group Policy object (GPO) to point client computers to http ://server5.D、Modify the Microsoft Update settings of the Default Domain Policy Group Policy object (GPO) to point client computers to http: //server5.E、Open the WSUS console. Create a target group and assign all client computers to the group.
考题
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create a security update scan procedure for client computers. You need to choose a security tool that supports all the client computers. Which tool should you choose? ()A、 UrlScan Security ToolB、 Enterprise Scan Tool (EST)C、 Malicious Removal Tool (MRT)D、 Microsoft Baseline Security Analyzer (MBSA)
考题
You are the network administrator for . The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003, and all client computers run Windows XP Professional. TestKing acquires a subsidiary. You receive a comma delimited file that contains the names of all user accounts at the subsidiary. You need to import these accounts into your domain. Which command should you use?()A、ldifdeB、csvdeC、ntdsutil with the authoritative restore optionD、dsadd user
考题
You are the network administrator for Your network consists of a single Active Directory domain named All network servers run Windows Server 2003. All client computers run Windows XP Professional. TK1 is your global catalog server. TK2 runs Software Update Services (SUS). The Set Options console on TK2 uses all default settings. You configure the client computers to access the service on TK1 and TK2. Three months later, Microsoft releases a critical security update for Windows XP Professional. From a test client computer, you use Windows Update to download the update. You test the update and receive no error messages. Now you need to deploy the update to all client computers as quickly as possible. You must ensure that the update is not deployed to any servers. Which two actions should you perform? ()(Each correct answer presents part of the solution. Choose two)A、On TK1, configure the Default Domain Group Policy object (GPO) to distribute the security update.B、On TK1, initiate replication.C、On TK2, initiate synchronization.D、On TK2, approve the security update.
考题
You are a security administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional. You install Software Update Services (SUS) on a server named Server1. The company’s written security policy states that all updates must be tested and approved before they are installed on network computers. You need to ensure that SUS uses the minimum amount of disk space on Server1. What should you do?()A、 Configure Server1 to redirect client computers to the Microsoft Windows Update servers.B、 Compress the folder in which the downloaded updates are stored.C、 Configure Server1 to store only the locales that are needed.D、 Download the updates, and then delete updates that are not approved for client computers.
考题
ou are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.Two of the servers on the network contain highly confidential documents. The company’s written security policy states that all network connections with these servers must be encrypted by using an IPSec policy.You place the two servers in an organizational unit (OU) named SecureServers. You configure a Group Policy object (GPO) that requires encryption for all connections. You assign the GPO to the SecureServers OU. You need to verify that users are connecting to the two servers by using encrypted connections. What should you do?()A、Run the net view command.B、Run the gpresult command.C、Use the IP Security Monitor console.D、Use the IPSec Policy Management console.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. You need to implement a new software update infrastructure. You discover that security patches, critical updates, and service packs have never been installed on any client computer on the network. You install Windows Server Update Services (WSUS) on a Windows Server 2003 computer named Server5. You synchronize and approve all of the current security patches, critical updates, and service packs. You need to ensure that all client computers receive all Microsoft security patches, critical updates, and service packs. Which two actions should you perform?()A、Open the WSUS console. Select the option to automatically approve WSUS updates.B、Install the Automatic Updates client on all client computers.C、Modify the Microsoft Update settings of the Default Domain Controller organizational unit (OU) Group Policy object (GPO) to point client computers to http ://server5.D、Modify the Microsoft Update settings of the Default Domain Policy Group Policy object (GPO) to point client computers to http: //server5.E、Open the WSUS console. Create a target group and assign all client computers to the group.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install Windows Server Update Services (WSUS) on a network server named Server1. When you attempt to synchronize Server1 with the Windows Update servers, you receive an error message. You open Internet Explorer and verify that you can communicate with an external Web site by using the proxy server. You need to ensure that Server1 can communicate with the Windows Update servers. What should you do on Server1?()A、Restart the IIS administration tool.B、Configure the Internet Explorer settings to bypass the proxy server.C、In the WSUS options, configure authentication to the proxy server.D、Install the ISA Firewall Client.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,200 Windows 2000 Professional computers. The written company security policy states that all computers in the domain must be examined, with the following goals: (1)to find out whether all available security updates are present (2)to find out whether shared folders are present to record the file system type on each hard disk You need to provide this security assessment of every computer and verify that the requirementsof the written security policy are met. What should you do?()A、Open the Default Domain Policy and enable the Configure Automatic Updates policy.B、Open the Default Domain Policy and enable the Audit object access policy, the Audit account management policy, and the Audit system events policy.C、On a server, install and run mbsacli.exe with the appropriate configuration switches.D、On a server, install and run HFNetChk.exe with the appropriate configuration switches.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional. All client computer accounts are located in an organizational unit (OU) named Workstation. A written company policy states that the Windows 2000 Professional computers must not use offline folders. You create a Group Policy object (GPO) to enforce this requirement. The settings in the GPO exist for both Windows 2000 Professional computers and Windows XP Professional computers. You need to configure the GPO to apply only to Windows 2000 Professional computers. What are two possible ways to achieve this goal?()A、 Create a WMI filter that will apply the GPO to computers that are running Windows 2000 Professional. B、 Create a WMI filter that will apply the GPO to computers that are not running Windows XP Professional.C、 Create two OUs under the Workstation OU. Place the computer accounts for the Windows XP Professional computers in one OU, and place the computer accounts for the Windows 2000 Professional computers in the other OU. Link the GPO to the Workstation OU.D、 Create a group that includes the Windows XP Professional computers. Assign the group the Deny - Generate Resultant Set of Policy(Logging) permission.E、 Create a group that includes the Windows 2000 Professional computers. Assign the group the Deny - Apply Group Policy permission.
考题
You are the network administrator for your company. The network consists of a single Active Directorydomain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional with default settings. Some users have portable computers, and the rest have desktop computers.You need to ensure that all users are authenticated by a domain controller when they log on.How should you modify the local security policy? ()A、Require authentication by a domain controller to unlock the client computer.B、Cache zero interactive logons.C、Cache 50 interactive logons.D、Grant the Log on locally user right to the Users group.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional. You are planning a security update infrastructure. You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically. What should you do? ()A、 Schedule the secedit command to run every night.B、 Schedule the mbsacli.exe command to run every night.C、 Install Microsoft Baseline Security Analyzer (MBSA) on one of the servers. Configure Automatic Updates on all other computers to use that server.D、 Install Software Update Services (SUS) on one of the servers. Configure the SUS server to update every night.
考题
You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains three Windows Server 2003 domain controllers, 20 Windows Server 2003 member servers, and 750 Windows XP Professional computers. The domain is configured to use only Kerberos authentication for all server connections.A user reports that she receives an "Access denied" error message when she attempts to connect to one of the member servers. You want to test the functionality of Kerberos authentication on the user’s client computer. Which command should you run from the command prompt on the user’s computer?()A、netshB、netdiagC、ktpassD、ksetup
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install and configure a single server to run Windows Server Update Services (WSUS). You configure the appropriate Group Policy settings to specify separate WSUS target groups for client and server computers. You need to ensure that computers automatically assign themselves to the correct computer group. What should you do?()A、In the WSUS console, configure Computer Options so that Use group policy or registry settings on computers is selected.B、In the WSUS console, configure Computer Options so that Use the Move Computers Task in Windows Server Update Services is selected.C、In the WSUS console, create the appropriate computer groups.D、Create organizational units (OUs) for each group.
考题
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The company occasionally experiences downtime because of malicious lnternet worms that arrive as Microsoft Visual Basic Scripting Edition (VBS) files. You examine several client computers and discover that VBS files are downloaded by using Microsoft Outlook,instant messaging,or peer-to-peer file sharing programs. You need to prevent users from running VBS files regardless of how they arrive on client computers. What should you do?()A、 Use a software restriction policy to disable all unauthorized scripts.B、 Use an Administrative Template to ensure that Outlook and lnternet Explorer are in the Restricted Sites security zonC、 Use a centralized logon script to rename the Wscript.exe file on each computer to contain a nonexecutable extensioD、 Use a file system security policy to assign the Deny - Execute permission for the Wscript.exe file.
考题
You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All client computers run Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Software Update Services (SUS) on a computer named TestKing1. You create a GPO that configures all client computers to receive their software update from TestKing1. One week later, you run Microsoft Baseline Security Analyzer (MBSA) on all client computers to find out whether all updates are being applied. You discover that all the Windows 2000 Professional client computer received updates, but the Windows XP Professional client computers do not receive updates. You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from TestKing1. What should you do?()A、Make all users of the Windows XP Professional client computers members of the Administrators local group.B、On all Windows XP Professional client computers, install Service Pack 1.C、On all Windows XP Professional client computers, restart Automatic Updates.D、On all Windows XP Professional client computers, delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Windows Server Update Services (WSUS) on a computer named Server2. You create a Group Policy object (GPO) that configures all client computers to receive software updates from Server2. One week later, you run Microsoft Baseline Security Analyzer (MBSA) on all client computers to find out whether all updates are being applied. You discover that all of the Windows 2000 Professional client computers receive updates, but the Windows XP Professional client computers do not receive updates. You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from Server2. What should you do?()A、Make all users of Windows XP Professional client computers members of the Administrators local group.B、On all Windows XP Professional client computers, install the latest service pack.C、On all Windows XP Professional client computers, use the gpupdate /force command.D、On all Windows XP Professional client computers, delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.
考题
Your company has a single Active Directory directory service domain. Servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create an internal centrally managed security update infrastructure for client computers. You need to choose a security update management tool that supports all the client computers. Which tool should you choose? ()A、 Microsoft Assessment and Planning (MAP) ToolkitB、 Microsoft Baseline Security AnalyzerC、 Microsoft System Center Operations ManagerD、 Windows Server Update Services (WSUS)
考题
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows 2003 Server. All client computers run Windows XP Professional. All computers are configured to use Automatic Updates to install updates without user intervention. Updates are scheduled to occur during o peak hours. During a security audit,you notice some client computers are not receiving updates on a regular basis. You verify that Automatic Updates is running on All client computers, and you verify that users cannot modify the Automatic Updates settings. You need to ensure that computers on your network receive all updates. What should you do?()A、 Enable the No auto-restart for scheduled Automatic Updates installations setting.B、 Disable the Specify intranet Microsoft update service location setting.C、 Enable the Remove access to use all Windows Update features setting.D、 Enable the Reschedule Automatic Updates scheduled installations setting.
考题
You are the network administrator for The network consists of a single Active Directory domain named Servers run either Windows 2000 Server or Windows Server 2003. Client computers run either Windows 2000 Professional Service Pack 2 or Windows XP Professional. You need to implement a new software update infrastructure. You discover that security patches, critical updates, and service packs have never been installed on any client computer on the network. You install Software Update Services (SUS) on a Windows Server 2003 computer named Testking5. You must ensure that all client computers receive all Microsoft security patches, critical updates, and service packs. You want to achieve this goal as quickly as possible. Which three actions should you perform? ()(Each correct answer presents part of the solution. Choose three)A、Install the Automatic Updates client on all Windows 2000 Professional client computers.B、Install the Automatic Updates client on all Windows XP Professional client computers.C、Install SUS on a Windows 2000 Server computer.D、Modify the Windows Update settings of the Default Domain Controller organizational unit (OU) Group Policy object (GPO) to point client computers to http://testking5.E、Modify the Windows Update settings of the Default Domain Policy Group Policy object (GPO) to point client computers to http://testking5.F、Upgrade all Windows 2000 Professional client computers to Windows XP Professional.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional. The company has legacy applications that run on UNIX servers. The legacy applications use the LDAP protocol to query Active Directory for employee information. The domain controllers are currently configured with the default security settings. You need to configure enhanced security for the domain controllers. In particular, you want to configure stronger password settings, audit settings, and lockout settings. You want to minimize interference with the proper functioning of the legacy applications. You decide to use the predefined security templates. You need to choose the appropriate predefined security template to apply to the domain controllers. What should you do?()A、 Apply the Setup security.inf template to the domain controllers.B、 Apply the DC security.inf template to the domain controllers.C、 Apply the Securedc.inf template to the domain controllers.D、 Apply the Rootsec.inf template to the domain controllers.
考题
单选题Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create a security update scan procedure for client computers. You need to choose a security tool that supports all the client computers. Which tool should you choose? ()A
UrlScan Security ToolB
Enterprise Scan Tool (EST)C
Malicious Removal Tool (MRT)D
Microsoft Baseline Security Analyzer (MBSA)
考题
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. A new low-priority update, Q318138, is released and is synchronized with the Windows Server Update Services (WSUS) server on the network. You decide to approve the update without testing. After the update is applied to client computers, users report that they can no longer run an accounting application.You need to remove the update from all client computers until you can test the update. What should you do?()A
Clear the Automatically approve new versions of previously approved updates option on the WSUS server. Resynchronize the server with the Windows Update server.B
Clear the update for approval on the WSUS server. Resynchronize the server with the Windows Update servers.C
Clear the update for approval on the WSUS server. Run the spuninst command from the Systemroot/$NtUninstallQ318138$/spuninst directory on each client computer.D
Clear the Automatically approve new versions of previously approved updates option on the WSUS server. Delete the Systemroot/$NtUninstallQ318138$ directory on each client computer.
考题
单选题You are a security administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional. You install Software Update Services (SUS) on a server named Server1. The company’s written security policy states that all updates must be tested and approved before they are installed on network computers. You need to ensure that SUS uses the minimum amount of disk space on Server1. What should you do?()A
Configure Server1 to redirect client computers to the Microsoft Windows Update servers.B
Compress the folder in which the downloaded updates are stored.C
Configure Server1 to store only the locales that are needed.D
Download the updates, and then delete updates that are not approved for client computers.
考题
单选题You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers run Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation. All client computers are configured with default settings.A server named Server1 functions as a DHCP and DNS server. All client computers are configured to use Server1 for name resolution. All DNS zones on Server1 are enabled for DNS dynamic updates. The company’s written security policy states that, when possible, the computer account for each client computer should be the owner of its own DNS host record.A server named Server18 contains antivirus server software. Server18 must be able to contact client computers by using fully qualified domain names (FQDNs) to propagate virus definition updates.You need to ensure that Server18 can resolve FQDNs for all client computers on the network. Which option should you modify on Server1?()A
the Dynamically update DNS A and PTR records only if requested by the DHCP clients check boxB
the Always dynamically update DNS A and PTR records check boxC
the Discard A and PTR records when lease is deleted check boxD
the Dynamically update DNS A and PTR records for DHCP clients that do not request dynamic updates (for example, clients running Windows NT 4.0) check box
考题
单选题ou are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.Two of the servers on the network contain highly confidential documents. The company’s written security policy states that all network connections with these servers must be encrypted by using an IPSec policy.You place the two servers in an organizational unit (OU) named SecureServers. You configure a Group Policy object (GPO) that requires encryption for all connections. You assign the GPO to the SecureServers OU. You need to verify that users are connecting to the two servers by using encrypted connections. What should you do?()A
Run the net view command.B
Run the gpresult command.C
Use the IP Security Monitor console.D
Use the IPSec Policy Management console.
考题
单选题Your company has a single Active Directory directory service domain. Servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create an internal centrally managed security update infrastructure for client computers. You need to choose a security update management tool that supports all the client computers. Which tool should you choose? ()A
Microsoft Assessment and Planning (MAP) ToolkitB
Microsoft Baseline Security AnalyzerC
Microsoft System Center Operations ManagerD
Windows Server Update Services (WSUS)
考题
多选题You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional. All client computer accounts are located in an organizational unit (OU) named Workstation. A written company policy states that the Windows 2000 Professional computers must not use offline folders. You create a Group Policy object (GPO) to enforce this requirement. The settings in the GPO exist for both Windows 2000 Professional computers and Windows XP Professional computers. You need to configure the GPO to apply only to Windows 2000 Professional computers. What are two possible ways to achieve this goal?()ACreate a WMI filter that will apply the GPO to computers that are running Windows 2000 Professional.BCreate a WMI filter that will apply the GPO to computers that are not running Windows XP Professional.CCreate two OUs under the Workstation OU. Place the computer accounts for the Windows XP Professional computers in one OU, and place the computer accounts for the Windows 2000 Professional computers in the other OU. Link the GPO to the Workstation OU.DCreate a group that includes the Windows XP Professional computers. Assign the group the Deny - Generate Resultant Set of Policy(Logging) permission.ECreate a group that includes the Windows 2000 Professional computers. Assign the group the Deny - Apply Group Policy permission.
热门标签
最新试卷
