单项选择题
Certkiller .com boosts a main office and 20 branch offices. Configured as a separate site, each branch office has a Read-Only Domain Controller (RODC) server installed.
Users in remote offices complain that they are unable to log on to their accounts.
What should you do to make sure that the cached credentials for user accounts are only stored in their local branch office RODC server()
A.Open the RODC computer account security tab and set Allow on the Receive as permission only for the users that are unable to log on to their accounts
B.Add a password replication policy to the main Domain RODC and add user accounts in the security group
C.Configure a unique security group for each branch office and add user accounts to the respective security group. Add the security groups to the password replication allowed group on the main RODC server
D.Configure and add a separate password replication policy on each RODC computer account
相关考题
-
单项选择题
Certkiller .com has a network that is comprise of a single Active Directory Domain. As an administrator at Certkiller .com, you install Active Directory Lightweight Directory Services (AD LDS) on a server that runs Windows Server 2008. To enable Secure Sockets Layer (SSL) based connections to the AD LDS server, you install certificates from a trusted Certification Authority (CA) on the AD LDS server and client computers. Which tool should you use to test the certificate with AD LDS()
A.Ldp.exe
B.Active Directory Domain services
C.ntdsutil.exe
D.Lds.exe
E.wsamain.exe
F.None of the above -
单项选择题
YouareanadministratoratCertkiller.com.CertkillerhasaRODC(read-onlydomaincontroller)serverataremotelocation.Theremotelocationdoesn’thaveproperphysicalsecurity.Youneedtoactivatenon-administrativeaccountspasswordsonthatRODCserver.WhichofthefollowingactionshouldbeconsideredtopopulatetheRODCserverwithnon-administrativeaccountspasswords()
A.Delete all administrative accounts from the RODC’s group
B.Configure the permission to Deny on Receive for administrative accounts on the security tab for Group Policy Object (GPO)
C.Configure the administrative accounts to be added in the Domain RODC Password Replication Denied group
D.Add a new GPO and enable Account Lockout settings. Link it to the remote RODC server and on the security tab on GPO, check the Read Allow and the Apply group policy permissions for the administrators.
E.None of the above -
单项选择题
Certkiller.comhasorganizationalunitsintheActiveDirectorydomain.Thereare10serversintheorganizationalunitcalledSecurity.AsanadministratoratCertkiller.com,yougenerateaGroupPolicyObject(GPO)andlinkittotheSecurityorganizationalunit.WhatshouldyoudotomonitorthenetworkconnectionstotheserversinSecurityorganizationalunit()
A.Start the Audit Object Access option
B.Start the Audit System Events option
C.Start the Audit Logon Events option
D.Start the Audit process tracking option
E.All of the above
