IBM仍然是当今世界极具声望的计算机公司之一。IBM根据其产品分类设置了相应的专业认证项目,那么IBM认证是什么呢?IBM认证的考试题库是什么?下面一起来看看吧!
Exam : Microsoft 70-293
Title : Plan. and Maint. a MSWin Srvr2003 Net. Infrastructure
1. You are the network administrator for your company. The network consists of a single Active Directory domain. The
network contains 50 application servers that run Windows Server 2003.
The security configuration of the application servers is not uniform. The application servers were deployed by local
administrators who configured the settings for each of the application servers differently based on their knowledge and
skills. The application servers are configured with different authentication methods, audit settings, and account policy
settings.
The security team recently completed a new network security design. The design includes a baseline configuration for
security settings on all servers. The baseline security settings use the predefined security template. The
design also requires modified settings for servers in an application role. These settings include system service startup
requirements, renaming the administrator account, and more stringent account lockout policies. The security team
created a security template named that contains the modified settings.
You need to plan the deployment of the new security design. You need to ensure that all security settings for the
application servers are standardized, and that after the deployment, the security settings on all application servers
meet the design requirements.
What should you do?
A. Apply the Setup template first, the template next, and then the template.
B. Apply the template and then the template.
C. Apply the template first, the Setup template next, and then the template.
D. Apply the Setup template and then the template.
Answer: A
2. You are the network administrator for your company. The network consists of a single Active Directory domain. All
domain controllers run Windows Server 2003. All client computers run Windows XP Professional.
The company has legacy applications that run on UNIX servers. The legacy applications use the LDAP protocol to
query Active Directory for employee information.
The domain controllers are currently configured with the default security settings. You need to configure enhanced
security for the domain controllers. In particular, you want to configure stronger password settings, audit settings, and
lockout settings. You want to minimize interference with the proper functioning of the legacy applications.
You decide to use the predefined security templates. You need to choose the appropriate predefined security
template to apply to the domain controllers.
What should you do?
A. Apply the Setup template to the domain controllers.
B. Apply the DC template to the domain controllers.
C. Apply the template to the domain controllers.
D. Apply the template to the domain controllers.
Answer: C
3. You are the network administrator for your company. The network consists of a single Active Directory domain. The
network contains 10 domain controllers and 50 servers in application server roles. All servers run Windows Server
2003.
The application servers are configured with custom security settings that are specific to their roles as application
servers. Application servers are required to audit account logon events, object access events, and system events.
Application servers are required to have passwords that meet complexity requirements, to enforce password history,
and to enforce password aging. Application servers must also be protected against man-in-the-middle attacks during
authentication.
You need to deploy and refresh the custom security settings on a routine basis. You also need to be able to verify the
custom security settings during audits.
What should you do?
A. Create a custom security template and apply it by using Group Policy.
B. Create a custom IPSec policy and assign it by using Group Policy.
C. Create and apply a custom Administrative Template.
D. Create a custom application server image and deploy it by using RIS.
Answer: A
4. You are the network administrator for your company. The network consists of a single Active Directory domain. The
network contains two Windows Server 2003 domain controllers, two Windows 2000 Server domain controllers, and
two Windows NT Server 4.0 domain controllers.
All file servers for the finance department are located in an organizational unit (OU) named Finance Servers. All file
servers for the payroll department are located in an OU named Payroll Servers. The Payroll Servers OU is a child OU
of the Finance Servers OU.
The company’s written security policy for the finance department states that departmental servers must have security
settings that are enhanced from the default settings. The written security policy for the payroll department states that
departmental servers must have enhanced security settings from the default settings, and auditing must be enabled
for file or folder deletion.
You need to plan the security policy settings for the finance and payroll departments.
What should you do?
A. Create a Group Policy object (GPO) to apply the security template to computer objects, and link it
to the Finance Servers OU.
Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the Payroll
Servers OU.
B. Create a Group Policy object (GPO) to apply the security template to computer objects, and link it to
the Finance Servers OU.
Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the Payroll
Servers OU.
C. Create a Group Policy object (GPO) to apply the security template to computer objects, and link it
to the Finance Servers OU.
Create a second GPO to apply the security template to computer objects, and link it to the Payroll
Servers OU.
D. Create a Group Policy object (GPO) to apply the security template to computer objects, and link it to
the Finance Servers and to the Payroll Servers OUs.
Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the Payroll
Servers OU.
Answer: B
5. You are a network administrator for your company. The network consists of a single Active Directory domain. The
network contains 80 Web servers that run Windows 2000 Server. The IIS Lockdown Wizard is run on all Web servers
as they are deployed.
Your company is planning to upgrade its Web servers to Windows Server 2003. You move all Web servers into an
organizational unit (OU) named Web Servers.
You are planning a baseline security configuration for the Web servers. The company’s written security policy states
that all unnecessary services must be disabled on servers. Testing shows that the server upgrade process leaves the
following unnecessary services enabled:
* SMTP
* Telnet
Your plan for the baseline security configuration for Web servers must comply with the written security policy.
You need to ensure that unnecessary services are always disabled on the Web servers.
What should you do?
A. Create a Group Policy object (GPO) to apply a logon script that disables the unnecessary services. Link the GPO
to the Web Servers OU.
B. Create a Group Policy object (GPO) and import the security template. Link the GPO to the Web
Servers OU.
C. Create a Group Policy object (GPO) to set the startup type of the unnecessary services to Disabled. Link the GPO
to the Web Servers OU.
D. Create a Group Policy object (GPO) to apply a startup script to stop the unnecessary services. Link the GPO to
the Web Servers OU.
Answer: C
6. You are the network administrator for your company. The network consists of a single Active Directory domain. The
functional level of the domain is Windows Server 2003. The domain contains an organizational unit (OU) named
Servers that contains all of the company’s Windows Server 2003 resource servers. The domain also contains an OU
named Workstations that contains all of the company’s Windows XP Professional client computers.
You configure a baseline security template for resource servers named and a baseline security template for
client computers named . The template contains hundreds of settings, including file and
registry permission settings that have inheritance propagation enabled. The template contains 20
security settings, none of which contain file or registry permissions settings.
The resource servers operate at near capacity during business hours.
You need to apply the baseline security templates so that the settings will be periodically enforced. You need to
accomplish this task by using the minimum amount of administrative effort and while minimizing the performance
impact on the resource servers.
What should you do?
A. Create a Group Policy object (GPO) and link it to the domain. Import both the and the
templates into the GPO.
B. Import both the and the templates into the Default Domain Policy Group Policy object
(GPO).
C. On each resource server, create a weekly scheduled task to apply the settings during off-peak hours by
using the secedit command. Create a Group Policy object (GPO) and link it to the Workstations OU. Import the
template into the GPO.
D. On each resource server, create a weekly scheduled task to apply the settings during off-peak hours by
using the secedit command. Import the template into the Default Domain Policy Group Policy object
(GPO).
Answer: C
7. You are the network administrator for your company. The network consists of a single Active Directory domain.
The company’s written security policy requires that computers in a file server role must have a minimum file size for
event log settings. In the past, logged events were lost because the size of the event log files was too small. You want
to ensure that the event log files are large enough to hold history. You also want the security event log to be cleared
manually to ensure that no security information is lost. The application log must clear events as needed.
You create a security template named to meet the requirements. You need to test each file server and
take the appropriate corrective action if needed. You audit a file server by using and receive the results
shown in the exhibit. (Click the Exhibit button.)
You want to make only the changes that are required to meet the requirements.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A. Correct the Maximum application log size setting on the file server.
B. Correct the Maximum security log size setting on the file server.
C. Correct the Maximum system log size setting on the file server.
D. Correct the Retention method for application log setting on the file server.
E. Correct the Retention method for security log setting on the file server.
F. Correct the Retention method for system log setting for the file server.
Answer: BE
8. You are a network administrator for your company. The network consists of a single Active Directory domain. All
servers run Windows Server 2003. All client computers run Windows XP Professional.
The Active Directory domain contains three organizational units (OUs): Payroll Users, Payroll Servers, and Finance
Servers. The Windows XP Professional computers used by the users in the payroll department are in the Payroll
Users OU. The Windows Server 2003 computers used by the payroll department are in the Payroll Servers OU. The
Windows Server 2003 computers used by the finance department are in the Finance Servers OU.
You are planning the baseline security configuration for the payroll department. The company’s written security policy
requires that all network communications with servers in the Payroll Servers OU must be secured by using IPsec. The
written security policy states that IPSec must not be used on any other servers in the company.
You need to ensure that the baseline security configuration for the payroll department complies with the written
security policy. You also need to ensure that members of the Payroll Users OU can access resources in the Payroll
Servers OU and in the Finance Servers OU.
What should you do?
A. Create a Group Policy object (GPO) and assign the Secure Server (Require Security) IPSec policy setting. Link
the GPO to only the Payroll Servers OU.
Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second GPO to the
Payroll Users OU.
B. Create a Group Policy object (GPO) and assign the Secure Server (Require Security) IPSec policy setting. Link
the GPO to the Payroll Servers OU and to the Finance Servers OU.
Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second GPO to the
Payroll Users OU.
C. Create a Group Policy object (GPO) and assign the Server (Request Security) IPSec policy setting. Link the GPO
to only the Payroll Servers OU.
Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second GPO to the
Payroll Users OU.
D. Create a Group Policy object (GPO) and assign the Server (Request Security) IPSec policy setting. Link the GPO
to the Payroll Servers OU and to the Finance Servers OU.
Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second GPO to the
Payroll Users OU.
Answer: A
9. You are the network administrator for your company. The network consists of a single Active Directory domain. All
servers run Windows Server 2003.
The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that
currently require users to be members of the Power Users group.
A new requirement in the company’s written security policy states that the Power Users group must be empty on all
resource servers.
You need to maintain the ability to run the legacy applications on the terminal servers when the new security
requirement is implemented.
What should you do?
A. Add the Domain Users global group to the Remote Desktop Users built-in group in the domain.
B. Add the Domain Users global group to the Remote Desktop Users local group on each terminal server.
C. Modify the security template settings to allow members of the local Users group to run the
applications. Import the security template into the Default Domain Controllers Policy Group Policy object (GPO).
D. Modify the security template settings to allow members of the local Users group to run the
applications. Apply the modified template to each terminal server.
Answer: D
10. You are the network administrator for your company. All servers run Windows Server 2003.
You configure a baseline security template named . Several operations groups are responsible for creating
templates containing settings that satisfy operational requirements. You receive the templates shown in the following
table.
Operations group
Template name
Applies to
File and Print
File servers
Database
Database servers
Security
All resource servers
The operations groups agree that in the case of conflicting settings, the priority order listed in the following table
establishes the resultant setting.
Template
Priority
1
2
Specific server role template
3
You need to create one or more Group Policy objects (GPOs) to implement the security settings. You want to
minimize the amount of administrative effort required when changes are requested by the various operations groups.
What should you do?
A. Create a GPO and import the following templates in the following order: , . Create a GPO for
each server role and import only the specific template for that role into each respective GPO.
B. Create a GPO and import the following templates in the following order: , . Create a GPO for
each server role and import only the specific template for that role into each respective GPO.
C. Create a GPO for each server role and import the following templates in the following order: , specific
server role template, .
D. Create a GPO and import the following templates in the following order: , , , .
Answer: A
书香门第
