Quản Lý và Bảo Trì Windows Sever 2003 (Tiếng Anh) - Bài 07
1-
Your network consists of a single Active Directory domain named contoso.com. The functional level of the domain is Windows Server 2003.
You need to schedule a task to find all user accounts whose passwords have remained unchanged during the past 60 days.
Which tool should the scheduled task run?
A -
Dsget.exe
B -
Dsquery.exe
C -
Active Directory Users and Computers
D -
Find.exe
2-
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
You restore the system state on a member server.
You attempt to log on to the server and receive the following error message: "The system cannot log you on to this
domain because the system's computer account in its primary domain is missing or the password on that account is
incorrect."
You need to ensure that you can successfully log on to the domain from the server. What should you do on the server?
A -
Modify the password policy.
B -
Run the Dsrm.exe command.
C -
Restart the Netlogon service.
D -
Run the Netdom.exe reset command.
3-
Your network consists of a single Active Directory domain. All network servers run Windows Server 2003 Service Pack
2 (SP2).
You have a computer named ACCT5 that runs Windows XP Professional Service Pack 3 (SP3). Users report that they cannot log onto ACCT5 by using their domain credentials.
You view the properties of the computer account as shown in the exhibit. (Click the Exhibit button.) You need to need to ensure that users can log on to ACCT5 by using their domain credentials.
What should you do?
A -
At the command prompt, run the Dsrm command.
B -
At the command prompt, run the Netdom reset command.
C -
From Active Directory Users and Computers, reset the computer account.
D -
From Active Directory Users and Computers, enable the computer account.
4-
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).
You have an organizational unit (OU) named Accounting. You create a Group Policy object (GPO) and link it to the Accounting OU.
You join a new client computer to the domain.
You discover that the new client computer fails to receive the settings from the new GPO. You need to ensure that the new GPO is applied to the new computer.
What should you do?
A -
Enable the Trust computer for delegation option on the computer account.
B -
Modify the Managed By attribute of the computer account.
C -
Move the computer account to the Accounting OU.
D -
Modify the Location attribute of the computer account.
5-
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
You create a new domain user account named User1 and assign the account a password of P@ssw0rd. On the new account, you enable the User must change password at next logon option.
A week later, you discover that User1 is still using the password P@ssw0rd to log on to the domain.
You need to ensure that User1 is forced to use a different password the next time she changes her password.
What should you do first?
A -
In the Default Domain Policy, select Enforce password history.
B -
In the Default Domain Policy, select Passwords must meet complexity requirements.
C -
From the User's account properties, select Account is sensitive and cannot be delegated.
D -
From the User's account properties, select Store password using reversible encryption.
6-
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).
You need to ensure that locked out user accounts remain locked out until an administrator unlocks the accounts. What should you do?
A -
In the Default Domain Policy, set the Account lockout duration to 0.
B -
In the Default Domain Policy, set the Account lockout duration to 99999.
C -
From Active Directory Users and Computers, select the Account is trusted for delegation option for all user accounts.
D -
From Active Directory Users and Computers, select the Account is sensitive and cannot be delegated option for all
user accounts.
7-
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).
A user named User1 attempts to log on to a computer named Computer1 and receives the following error message.
You need to ensure that User1 can log on to Computer1.
What should you do?
A -
From the properties of the User1 account, modify the Logon Hours setting.
B -
From the properties of the User1 account, modify the Log On To setting.
C -
From the properties of the Computer1 account, modify the Managed By setting.
D -
From the local security policy of Computer1, modify the Deny log on locally setting.
8-
You have a stand-alone server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
A user named User1 is a member of the Administrators group on Server1.
User1 attempts to log on to Server1 and receives the following error message.
Other members of the Administrators group can log on to Server1. You need to ensure that User1 can log on to Server1.
What should you do?
A -
From the properties of the User1 account, modify the Session settings.
B -
From the properties of the User1 account, modify Environment settings.
C -
From the local security policy on Computer1, modify the Deny log on locally setting.
D -
From the local security policy on Server1, modify the Impersonate a client after authentication setting.
9-
Your network consists of a single Active Directory domain. You have a member server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You need to track all authentication attempts on Server1. What should you do?
A -
Enable auditing of logon event events in the Default Domain Controller Policy.
B -
Enable auditing of logon event events in Server1's local policy.
C -
Enable auditing of account logon event events in Server1's local policy.
D -
Enable auditing of account logon event events in the Default Domain Controller Policy.
10-
Your network consists of a single Active Directory Domain. You have a VPN server that runs Windows Server 2003 Service Pack 2 (SP2).
On the VPN server, you create several remote access policies. You view the properties of an account as shown in the exhibit. (Click the Exhibit button.)
You need to select the Control access through Remote Access Policy remote access permission for User1. What should you do?
A -
Add User1 to the Remote Desktop Users group.
B -
Enable RADIUS authentication on the VPN server.
C -
Raise the functional level of the domain to Windows 2000 native.
D -
Select the Store password using reversible encryption option for User1.