默认题库 - MCSE(70-294)

单选题

You are the network administrator for your company. The network consists of a single Active Directory domain. User and group objects for the sales department are located in an organizational unit （OU） named Sales. Peter and Mary are administrators for your company. Peter is responsible for managing Sales user objects. Mary is responsible for managing Sales group objects. You need to delegate Peter and Mary control over only the objects for which they are responsible. What should you do？（）

A. In the Sales OU， create two new OUs. Name one OU SalesUsers and place all user objects for the sales department in this OName the other OU SalesGroups and place all group objects for the sales department in this OGrant Peter and Mary full control over the Sales O
B. On the Sales OU， grant Peter the right to manage user objects. On the Sales OU， grant Mary the right to manage group objects.
C. In the Sales OU， create a new OName this OU SalesGroups. Place all Sales groups in theSalesGroups OGrant Peter the right to manage all objects in the Sales OGrant Mary the right to manage all objects in the SalesGroups O
D. On the Sales OU， deny Peter the right to manage group objects. On the Sales OU， deny Mary the right to manage user objects.

查看答案

单选题

You are the network administrator for Adventure Works. The network consists of a single Active Directory forest that contains a forest root domain named adventureworks.com and a child domain named child1.adventureworks.com. The functional level of the forest is Windows Server 2003.The company uses universal groups to prevent temporary employees from accessing confidential information on computers in the forest. The child1.adventureworks.com domain contains a Windows 2000 Server computer named Server1. Server1 runs an application that makes frequent LDAP queries to the global catalog. Server1 is located on a subnet associated with an Active Directory site named Site2 that has no global catalog servers. Site2 is connected to another site by a WAN connection. You need to enable the application on Server1 to run at high performance levels and to continue operating if a WAN connection fails. You also need to minimize traffic over the WAN connection. What should you do？（）

A. Enable universal group membership caching in Site2.
B. Configure at least one global catalog server in Site2.
C. Add the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\IgnoreGCFailures key to the registry on all domain controllers in Site2.
D. Remove Server1 from the child1.adventureworks.com domain and add it to a workgroup.

查看答案

单选题

You have a single Active Directory directory service domain. You plan to use a server named Server1 to deliver Microsoft updates to all your companys workstations. The workstations are located in an organizational unit （OU） named Workstations. Server1 is located in an OU named Servers. You need to ensure that all workstations receive Microsoft updates from Server1 and that the updates are installed at 3：00 AM each day. What should you do？（）

A. Create a GPO and enable the Configure Automatic Updates and Enable recommended updates via automatic Updates options. Link the GPO to the Workstations O
B. Create a GPO and enable the Configure Automatic Updates and Automatic Updates detection frequency options. Link the GPO to the Workstations O
Create a GPO and enable the Configure Automatic Updates and Specify intranet Microsoft update service location options. Link the GPO to the domain.
D. Create a GPO enable the Configure Automatic Updates and Specify intranet Microsoft update service location options. Link the GPO to the Servers O

查看答案

多选题

Your company has offices in Toronto and Chicago. Both offices belong to an Active Directory directory service site named Site1. There is only one domain controller in Site1. Users in the Chicago office are experiencing slow logon times. You create a new Active Directory site for the Chicago office named Site2. You promote a new domain controller and create a site link between Site1 and Site2. You need to improve logon times for the Chicago users and enable Active Directory replication between the Site1 and Site2 domain controllers. Which two actions should you perform？（）

A. Designate the new domain controller as a preferred bridgehead server for Site1.
B. Create a subnet object and associate it with Site2.
C. Place the new domain controller in Site2.
D. Configure a new site link bridge object.

查看答案

单选题

You have a single Active Directory directory service domain. All domain controllers run Windows Server 2003. All client computers run Windows Vista. The computers in the sales department are located in an organizational unit （OU） named Sales. You use a Default Domain Policy to configure company user and computer settings. You configure a software restriction policy for the domain. The policy prevents users from running software that is not approved. You need to allow computers in the Sales OU to run software that is not approved while maintaining other required settings. What should you do？（）

A. Configure the Sales OU to block inheritance.
B. Create a new software restriction policy that reverses the settings in the Default Domain Policy. Link the new software restriction policy to the Sales O
C. Link the software restriction policy to the Sales ODisable the user configuration settings of this policy.
D. Link the software restriction policy to the Sales ODisable the computer configuration settings of this policy.

查看答案

单选题

You are the network administrator for your company. The network consists of a single Active Directory domain with three sites. There is a domain controller at each site. All servers run Windows Server 2003. Each client computer runs either Windows 2000 Professional or Windows XP Professional. The IT staff is organized into four groups. The IT staff works at the three different sites. The computers for the IT staff must be configured by using scripts. The script or scripts must run differently based on which site the IT staff user is logging on to and which of the four groups the IT staff user is a member of. You need toensure that the correct logon script is applied to the IT staff users based on group membership and site location. What should you do？（）

A. Create four Group Policy objects （GPOs）. Create a script in each GPO that corresponds to one of the four groups. Link the four new GPOs to all three sites. Grant each group permissions to apply only the GPO that was created for the group.
B. Create a single script that performs the appropriate configuration based on the user’s group membership. Place the script in the Netlogon shared folders on the domain controllers.
Configure a Group Policy object （GPO） with a startup script that configures computers based on IT staff group. Link the GPO to the three sites.
D. Create a script that configures the computers based on IT staff group membership and site. Create and link a GPO to the Domain Controllers OU to run the script.

查看答案

单选题

You have a single Active Directory directory service domain. You use a Group Policy object （GPO） to apply security settings to your client computers. You configure the startup type for system services settings in a new GPO， and you link the GPO to an organizational unit （OU）. You discover that the startup type for system services on one of the client computers has not been updated. You need to ensure that the Group Policy settings are applied to the client computer. What should you do？（）

A. Restart the client computer.
B. Instruct the user to log off and then log on to the client computer.
C. On the client computer， run the Gpupdate.exe command with the /Force parameter.
D. On the client computer， run the Gpupdate.exe command with the /Target：computer parameter.

查看答案

单选题

You are the network administrator for your company. The network consists of a single Active Directory forest. The forest consists of 19 Active Directory domains. Fifteen of the domains contain Windows Server 2003 domain controllers. The functional level of all the domains is Windows 2000 native. The network also consists of a single Microsoft Exchange 2000 Server organization. You need to create groups that can be used only to send e-mail messages to user accounts throughout the company. You want to achieve this goal by using the minimum amount of replication traffic and minimizing the size of the Active Directory database. You need to create a plan for creating e-mail groups for your company. What should you do？（）

A. Create global distribution groups in each domain. Make the appropriate users from each domain members of the global distribution group in the same domain. Create universal distribution groups. Make the global distribution groups in each domain members of the universal distribution groups.
B. Create global security groups in each domain. Make the appropriate users from each domain members of the security group in the same domain. Create universal security groups. Make the global security groups in each domain members of the universal security groups.
Create universal distribution groups. Make the appropriate users from each domain members of a universal distribution group.
D. Create universal security groups. Make the appropriate users from each domain members of a universal security group.

查看答案

单选题

You are the network administrator for your company. Your network consists of a single Active Directory domain. Three security groups named Accountants， Processors， and Management are located in an organizational unit （OU） named Accounting. All of the user accounts that belong to these three groups are also in the Accounting OU. You create a Group Policy object （GPO） and link it to the Accounting OU. You configure the GPO to disable the display options under the User Configuration section of the GPO. You need to achieve the following goals： You need to ensure that the GPO applies to all user accounts that are members of the Processors group. You need to prevent the GPO fromapplying to any user account that is a member of the Accountants group. You need to prevent the GPO from applying to any user account that is a member of the Management group， unless the user account is also a member of the Processors group. What should you do？（）

A. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL of the GPO to assign the users who are in both the Accountants and Management security groups the Allow - Read and the Allow - Apply Group Policy permissions.
B. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Create a new security group named Mixed that contains all the user accounts from the Processors group and the specific user accounts from the Management group to which you want the GPO to apply. Modify the DACL of the GPO to assign the Mixed security group the Allow - Read and the Allow - Apply Group Policy permissions.
C. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL settings of the GPO to remove the Authenticated Users special group. Modify the DACL settings of the GPO to add the Processors group and assign the Allow - Read and the Allow - Apply Group Policy permissions.
D. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Allow - Apply Group Policy permissions. Modify the DACL settings of the GPO to assign the Management security group the Deny - Read and the Deny - Apply Group Policy permissions.

查看答案

单选题

You have a single Active Directory directory service forest with two domains named contoso.com and corp.contoso.com. You need to grant a user in the contoso.com domain the permission to create Group Policy objects （GPOs） in the corp.contoso.com domain. What should you do？（）

A. Delegate the Manage Group Policy links permission in the corp.contoso.com domain to the user.
B. Add the user to a domain local group in the corp.contoso.com domain， and grant the domain local group the permission to create GPOs in the corp.contoso.com domain.
C. Add the users user account to the Group Policy Creator Owners group in the contoso.com domain.
D. Grant the Group Policy Creator Owners group in the corp.contoso.com domain the Full Control permission for the GPOs in the corp.contoso.com domain.

查看答案