Quản Lý và Bảo Trì Windows Sever 2003 (Tiếng Anh) - Bài 11
1-
You have a server that runs Windows Server 2003 Service Pack 2 (SP2).
A server application creates report files. The application saves the report files in a folder named Report. A service account is listed as the owner of all report files.
You need to assign ownership of the report files to a user in a department named Audit. You must achieve this goal by using the minimum amount of administrative effort.
What should you do?
A -
Rewrite the application.
B -
Create a scheduled task to run Attrib.exe.
C -
Create a scheduled task to run Icacls.exe.
D -
Use the Advanced Security settings to change the owner of each file.
2-
Your network consists of a single Active Directory domain. All network servers run Windows Server 2003 Service Pack
2 (SP2).
You share a folder named Research. A user named User1 reports that he cannot access files in the Research share. You confirm that the Domain Users group is granted the Change permission for the Research share.
You run the Cacls command as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that User1 can modify files in the Research share. You must prevent User1 from modifying permissions for the Research folder.
To which group should you add User1?
A -
Administrators
B -
IT
C -
Research
D -
ResearchManagers
3-
Your network consists of a single Active Directory domain. All network servers run Windows Server 2003 Service Pack
2 (SP2).
You create a folder named CorporateData. You share the folder as CorpData and assign the Change permission to the Domain Users group.
In the CorporateData folder, you create a folder named HumanResources. On the HumanResources folder, you assign the Modify permission to a global group named HRUsers. You share the HumanResources folder as HRData.
You confirm that all users in the domain can view the files in the HRData share.
You need to ensure that only HRUsers and administrators can access files in the HRData share. The solution must maintain user access to the CorpData share.
What should you do?
A -
On the CorpData share, assign the Read permission to Domain Users.
B -
On the CorpData share, remove Domain Users and assign the Change permission to HRUsers.
C -
On the CorporateData folder, disable permission inheritance and remove the inherited permissions.
D -
On the HumanResources folder, disable permission inheritance and remove the inherited permissions.
4-
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Service Pack 3 (SP3).
A user named User1 attempts to delete a file from a share named Marketing and receives the following error message.
You verify that the file is not currently in use.
You examine the effective permissions on the file as shown in the exhibit. (Click the Exhibit button.) You need to ensure that User1 can delete the file in the Marketing share.
What should you do?
A -
Add User1 to the Server Operators group.
B -
Assign User1 the Change permission for the Marketing share.
C -
Delete some files on the hard disk that contains the Marketing share.
D -
Modify the Quota settings for User1 on the hard disk that contains the Marketing share.
5-
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Service Pack 3 (SP3).
A user named User1 is responsible for deleting old, unused files from departmental shared folders. User1 performs the task by using a Remote Desktop connection to each file server.
User1 is a member of a global group named IT.
User1 attempts to delete a file from the Marketing folder and receives an access denied message.
The share permissions for the Marketing folder are shown in the Share exhibit. (Click the Exhibit button.) The NTFS permissions for the Marketing folder are shown in the Folder exhibit. (Click the Exhibit button.) You need to ensure that User1 can delete the file from the Marketing folder.
Which permission should you grant to User1?
(Exhibit):
(Exhibit):
A -
Allow-Write permissions on the Marketing folder.
B -
Allow-Modify permissions on the Marketing folder.
C -
Allow-Change permissions on the Marketing share.
D -
Allow-Full Control permissions on the Marketing share.
6-
Your network consists of a single Active Directory domain. All network servers run Windows Server 2003 Service Pack
2 (SP2).
The domain includes two global groups named ResearchManagers and ResearchUsers.
You create a share named ResearchData. On the ResearchData share, you assign the Change permission to ResearchUsers and ResearchManagers.
The ResearchData folder contains a file named ResearchConfidential.rtf. The permissions for ResearchConfidential.rtf are configured as shown in the exhibit. (Click the Exhibit button.)
Members of ResearchUsers report that when they try to open ResearchConfidential.rtf, they receive an access denied message. Users report that they can add and modify other files in ResearchData.
You need to ensure that ResearchUsers members can open ResearchConfidential.rtf. The solution must prevent ResearchUsers members from modifying the file.
What should you do?
A -
On ResearchData, enable permission inheritance.
B -
On ResearchConfidential.rtf, enable permission inheritance.
C -
On ResearchData, assign the Read permission to ResearchUsers.
D -
On ResearchConfidential.rtf, assign the Read permission to ResearchUsers.
7-
Your network consists of a single Active Directory domain. You have a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You create a shared folder named Home. Permissions for the Home shared folder are configured as shown in the following table.
From Active Directory Users and Computers, you define a home folder for each user and specify the path \\server1 \home\%username%.
Users report that they can access their home folders, but they can also access everyone else's home folders.
You need to ensure that users can view and save files in their home folders. You must prevent users from viewing any other home folders.
What should you do?
A -
On the Home share, remove the share permissions for Domain Users.
B -
On the Home share, deny the Read share permission for Domain Users.
C -
In the Home folder, remove the NTFS permissions for Domain Users.
D -
In the Home folder, change the NTFS permission for Domain Users to Allow - Read.
8-
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
You enable auditing for failed logon attempts on all domain controllers.
You need to ensure that a record of failed logon attempts is retained for 90 days on all domain controllers. What should you do?
A -
From the Security Templates snap-in, open the hisecdc template. Modify the Retain System Log setting.
B -
From the Security Templates snap-in, open the securedc template. Modify the Retain Security Log setting.
C -
Open the Default Domain Policy. Modify the Retain System Log setting.
D -
Open the Default Domain Controller Policy. Modify the Retain Security Log setting.
9-
Your network consists of a single Active Directory domain that contains two domain controllers. Both domain controllers run Windows Server 2003 Service Pack 2(SP2).
Auditing of successful account logon events is enabled on all computers in the domain.
You need to identify the last time a specific user logged on to the domain.
What should you do?
A -
Examine the System Event Log on the user's computer.
B -
Examine the System Event Log on both domain controllers.
C -
Examine the Security Event Log on both domain controllers.
D -
Examine the Application Event Log on the user's computer.
10-
Your network consists of a single Active Directory forest that contains two domains named contoso.com and EU. contoso.com. All network servers run Windows Server 2003 Service Pack 2 (SP2).
The contoso.com domain contains a domain local group named Contoso-HR. The EU.contoso.com domain contains a domain local group name EU-HR.
On a server named Server1 in the contoso.com domain, you create a shared folder named Share1. You assign the Contoso-HR group the Read permission for Share1.
You discover that you cannot assign permissions on Share1 to the EU-HR group.
You need to ensure that the members of the EU-HR group have the Read permission on Share1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A -
Add the EU-HR group to Contoso-HR.
B -
Change the scope of the EU-HR group to global.
C -
Change the scope of the Contoso-HR group to universal.
D -
Configure a shortcut trust between the EU and the Contoso domains.