You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003, and all client computers run Windows XP Professional. A user named Peter uses a client computer nam

第1题：

ou are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.Two of the servers on the network contain highly confidential documents. The company’s written security policy states that all network connections with these servers must be encrypted by using an IPSec policy.You place the two servers in an organizational unit （OU） named SecureServers. You configure a Group Policy object （GPO） that requires encryption for all connections. You assign the GPO to the SecureServers OU.  You need to verify that users are connecting to the two servers by using encrypted connections.   What should you do？（）

• A、Run the net view command.
• B、Run the gpresult command.
• C、Use the IP Security Monitor console.
• D、Use the IPSec Policy Management console.

第2题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install Windows Server Update Services （WSUS） on a network server named Server1. When you attempt to synchronize Server1 with the Windows Update servers， you receive an error message. You open Internet Explorer and verify that you can communicate with an external Web site by using the proxy server. You need to ensure that Server1 can communicate with the Windows Update servers.  What should you do on Server1？（）

• A、Restart the IIS administration tool.
• B、Configure the Internet Explorer settings to bypass the proxy server.
• C、In the WSUS options， configure authentication to the proxy server.
• D、Install the ISA Firewall Client.

第3题：

You are the network administrator for your company. The network consists of a single Active Directorydomain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional with default settings. Some users have portable computers, and the rest have desktop computers.You need to ensure that all users are authenticated by a domain controller when they log on.How should you modify the local security policy? （）

• A、Require authentication by a domain controller to unlock the client computer.
• B、Cache zero interactive logons.
• C、Cache 50 interactive logons.
• D、Grant the Log on locally user right to the Users group.

第4题：

You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains three Windows Server 2003 domain controllers， 20 Windows Server 2003 member servers， and 750 Windows XP Professional computers. The domain is configured to use only Kerberos authentication for all server connections.A user reports that she receives an "Access denied" error message when she attempts to connect to one of the member servers. You want to test the functionality of Kerberos authentication on the user’s client computer.  Which command should you run from the command prompt on the user’s computer？（）

• A、netsh
• B、netdiag
• C、ktpass
• D、ksetup

第5题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install and configure a single server to run Windows Server Update Services （WSUS）. You configure the appropriate Group Policy settings to specify separate WSUS target groups for client and server computers. You need to ensure that computers automatically assign themselves to the correct computer group.  What should you do？（）

• A、In the WSUS console， configure Computer Options so that Use group policy or registry settings on computers is selected.
• B、In the WSUS console， configure Computer Options so that Use the Move Computers Task in Windows Server Update Services is selected.
• C、In the WSUS console， create the appropriate computer groups.
• D、Create organizational units （OUs） for each group.

第6题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 （SP2）.The network contains two DNS servers named Server1 and Server2.  You deploy a DHCP server named Server3 and configure all client computers to receive their IP configurations automatically.You discover that all client computers use Server2 for host name resolution.You need to ensure that all client computers use Server1 for host name resolution.  What should you do？（）

• A、On Server3， modify the DNS option.
• B、On Server3， modify the DNS domain name option.
• C、On Server2， modify the Preferred DNS server setting.
• D、On each client computer， modify the properties of the DNS Client service.

第7题：

You are the network administrator for your company. The network consists of a single Active Directory domain named . All domain controllers run Windows Server 2003, and all client computers run Windows XP Professional. All client computer accounts are stored in the Computer container. A user named Peter reports that he cannot log on to the domain from his computer. Peter receives the logon message shown in the exhibit. Exhibit: Logon Message Your account is configured to prevent you from using this computer. Please try another computer. You need to enable Peter to log on. What should you do?（）

• A、Create an account for Peter's computer in the Computers container.
• B、Grant the Log on locally user right to Peter's user account.
• C、Enable Peter's user account.
• D、Change the properties of Peter's user account so he can log on to any computer.

第8题：

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows 2003 Server. All client computers run Windows XP Professional.    All computers are configured to use Automatic Updates to install updates without user intervention. Updates are scheduled to occur during o peak hours. During a security audit，you notice some client computers are not receiving updates on a regular basis. You verify that Automatic Updates is running on All client computers， and you verify that users cannot modify the Automatic Updates settings.    You need to ensure that computers on your network receive all updates.  What should you do？（）

• A、 Enable the No auto-restart for scheduled Automatic Updates installations setting.
• B、 Disable the Specify intranet Microsoft update service location setting.
• C、 Enable the Remove access to use all Windows Update features setting.
• D、 Enable the Reschedule Automatic Updates scheduled installations setting.

第9题：

You are the network administrator for The network consists of a single Active Directory domain named Servers run either Windows 2000 Server or Windows Server 2003. Client computers run either Windows 2000 Professional Service Pack 2 or Windows XP Professional. You need to implement a new software update infrastructure. You discover that security patches, critical updates, and service packs have never been installed on any client computer on the network. You install Software Update Services (SUS) on a Windows Server 2003 computer named Testking5. You must ensure that all client computers receive all Microsoft security patches, critical updates, and service packs. You want to achieve this goal as quickly as possible. Which three actions should you perform? （）(Each correct answer presents part of the solution. Choose three)

• A、Install the Automatic Updates client on all Windows 2000 Professional client computers.
• B、Install the Automatic Updates client on all Windows XP Professional client computers.
• C、Install SUS on a Windows 2000 Server computer.
• D、Modify the Windows Update settings of the Default Domain Controller organizational unit (OU) Group Policy object (GPO) to point client computers to http://testking5.
• E、Modify the Windows Update settings of the Default Domain Policy Group Policy object (GPO) to point client computers to http://testking5.
• F、Upgrade all Windows 2000 Professional client computers to Windows XP Professional.

第10题：

第11题：

第12题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. You need to implement a new software update infrastructure.  You discover that security patches， critical updates， and service packs have never been installed on any client computer on the network. You install Windows Server Update Services （WSUS） on a Windows Server 2003 computer named Server5. You synchronize and approve all of the current security patches， critical updates， and service packs. You need to ensure that all client computers receive all Microsoft security patches， critical updates， and service packs.  Which two actions should you perform？（）

• A、Open the WSUS console. Select the option to automatically approve WSUS updates.
• B、Install the Automatic Updates client on all client computers.
• C、Modify the Microsoft Update settings of the Default Domain Controller organizational unit （OU） Group Policy object （GPO） to point client computers to http ：//server5.
• D、Modify the Microsoft Update settings of the Default Domain Policy Group Policy object （GPO） to point client computers to http： //server5.
• E、Open the WSUS console. Create a target group and assign all client computers to the group.

第13题：

You are the network administrator for . The network consists of a single Active Directory domain named All network servers run Windows Server 2003. All client computers run Windows XP Professional. Multiple users share the same client computer. A server named TestKing2 functions as a file and print server. You set the profile path for all user accounts to //TestKing2/Profiles/username. Some domain users were added to the local Administrators group on the Windows XP Professional computers. A user reports that other users can log on to client computers that he has previously used and gain access to files stored in his My Documents folder on the local hard disk. You need to permanently prevent users from being able to access the My Documents folder of other domain users on the client computers. What should you do?（）

• A、In Active Directory, modify the Default Domain Policy. Disable the Do not check for user ownership of Roaming Profile Folders setting.
• B、In Active Directory, modify the Default Domain Policy. Enable the Delete cached copies of roaming profiles setting.
• C、Log on to all client computers and delete all user profiles from the local hard disks.
• D、Log on to all client computers and configure the Number of previous logons to cache setting to 0.

第14题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional.  You are planning a security update infrastructure.   You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically.  What should you do？ （）

• A、 Schedule the secedit command to run every night.
• B、 Schedule the mbsacli.exe command to run every night.
• C、 Install Microsoft Baseline Security Analyzer （MBSA） on one of the servers. Configure Automatic Updates on all other computers to use that server.
• D、 Install Software Update Services （SUS） on one of the servers. Configure the SUS server to update every night.

第15题：

You are the network administrator for The network consists of a single Active Directory domain named All network servers run Windows Server 2003, and all client computers run Windows XP Professional. You create a shared folder named Client Docs on a member server named TestKing13. Client Docs will store project documents. You configure shadow copies for the volume containing Client Docs. You need to enable client computers to access previous version of the documents in Client Docs. What should you do?（）

• A、Create a Group Policy object (GPO) to enable Offline Files on all client computers.
• B、On each client computer, customize the view for Client Docs to use the Documents (for any file type) folder template.
• C、Create a Group Policy object (GPO) that installs the Previous Versions client software on all client computers.
• D、Assign the Allow - Full Control permission on Client Docs to all users.
• E、On each client computer, install the Backup utility and schedule a daily backup.

第16题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003, and all client computers run Windows XP Professional. A user named Peter uses a client computer named Client1. This computer has a locally attached tape device. You grant Peter the necessary permissions to perform backups of a member server named Server1. Peter runs the Backup utility on Client1 to back up the files located on Server1. You need use your client computer to view the most recent backup logs for Server1. What should you do? （）

• A、Use Notepad to view the contents of the backup report located on Server1.
• B、Use Notepad to view the contents of the backup report located on Client1.
• C、Use Event Viewer to view the contents of the application log located on Server1.
• D、Use Event Viewer to view the contents of the application log located on Client1.

第17题：

You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All client computers run Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Software Update Services (SUS) on a computer named TestKing1. You create a GPO that configures all client computers to receive their software update from TestKing1. One week later, you run Microsoft Baseline Security Analyzer (MBSA) on all client computers to find out whether all updates are being applied. You discover that all the Windows 2000 Professional client computer received updates, but the Windows XP Professional client computers do not receive updates. You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from TestKing1. What should you do?（）

• A、Make all users of the Windows XP Professional client computers members of the Administrators local group.
• B、On all Windows XP Professional client computers, install Service Pack 1.
• C、On all Windows XP Professional client computers, restart Automatic Updates.
• D、On all Windows XP Professional client computers, delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.

第18题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Windows Server Update Services （WSUS） on a computer named Server2. You create a Group Policy object （GPO） that configures all client computers to receive software updates from Server2. One week later， you run Microsoft Baseline Security Analyzer （MBSA） on all client computers to find out whether all updates are being applied. You discover that all of the Windows 2000 Professional client computers receive updates， but the Windows XP Professional client computers do not receive updates.  You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from Server2.   What should you do？（）

• A、Make all users of Windows XP Professional client computers members of the Administrators local group.
• B、On all Windows XP Professional client computers， install the latest service pack.
• C、On all Windows XP Professional client computers， use the gpupdate /force command.
• D、On all Windows XP Professional client computers， delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.

第19题：

You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003, and all client computers run Windows XP Professional. A user named Lilli receives a new computer named Client223. She successfully logs on to the domain. The next day, she tries to log on again. The domain name appears in the domain dropdown list in the dialog box. However, Lilli cannot log on. You try to log on by using Client223, but you are also unsuccessful. Then you use a local Administrator account to log on. You read the following error message in the system event log. "NETLOGON Event ID 3210: Failed to authenticate with //Server5, a Windows NT domain controller for domain TestKing". You search the computer account for Client223 in Active Directory Users and Computers, but the account does not appear. You need to ensure that Lilli can log on to the domain successfully. What should you do?（）

• A、Recreate the user account for Lilli and add her to all appropriate security groups.
• B、Run the netdom reset 'Client223' /domain:'testking' command and then restart Client223.
• C、Add Client223 to a workgroup. Then join Client223 to the domain.
• D、Reset the computer account for Server5 in Active Directory Users and Computers.

第20题：

You are the network administrator for your company. The network consists of a single Active Directorydomain. All network servers run Windows Server 2003. Three thousand client computers run Windows 2000Professional, and 1,500 client computers run Windows XP Professional.A new employee named Peter is hired to assist you in installing Windows XP Professional on 150 new client computers.You need to ensure that Peter has only the minimum permissions required to add new computer accounts to the domain and to own the accounts that he creates. Peter must not be able to delete computer accounts.What should you do（）?

• A、Add Peter's user account to the Server Operators group.
• B、Add Peter's user account to the Account Operators group.
• C、Use the Delegation of Control Wizard to permit Peter's user account to create new computer objects in the Computers container.
• D、Create a Group Policy object (GPO) and link it to the domain. Configure the GPO to permit Peter's user account to add client computers to the domain.

第21题：

第22题：