发信人: hikehilter()
整理人: reynolds(2001-08-22 09:03:08), 站内信件
|
36. You want to configure auditing so that you are notified of anytime a
user logs on to the computer or logs off of the computer. Which of the
following auditing policies must be enabled?
A. Audit Account Logon Events
B. Audit Process Tracking
C. Audit Logon Events
D. Audit System Events
Answer: A ( Audit Account Logon Events is used to track when a user logs
on, logs off, or makes a network connection.
37. You have recently hired Bill as an assistant for network
administration. You have not decided how much responsibility you want Bill
to have. While you are deciding, you want Bill to be able to update
drivers on the Windows 2000 Professional computers in your network. What
is the minimum assignment that will allow Bill to complete this task?
A. Add Bill to the Administrators group.
B. Add Bill to the Server Operators group.
C. Add Bill to the Manage Devices group.
D. Grant Bill the user right Load and Unload Device Drivers on each
computer he will manage.
Answer: D ( The Load and Unload Device Drivers user right allows a user to
dynamically unload and load Plug-and-Play device drivers.
38. You have just decided to install the XYZ Virus Scanner application.
The scanner runs as a service. You create a user account called VirScan
that will be used to run the service. What user right does this account
need to be granted?
A. Log On as a Batch Job
B. Log On as a Service
C. Process Service Requests
D. Manage Services and Security
Answer: B ( The Log On as a Service user right allows a service to log on
in order to run the specific service.
39. You have a computer that is shared by many users. You want to ensure
that when users press Ctrl+Alt+Delete to log on, they do not see the name
of the last user.
What do you configure?
A. Set the security option Clear User Settings When Users Log Off
B. Set the security option Do Not Display Last User Name in Logon Screen
C. Set the security option Prevent Users from Seeing Last User Name
D. Configure nothing; this is the default setting
Answer: B ( The security option Do Not Display Last User Name is used to
prevent the last username in the logon screen from being displayed in the
logon dialog box.
40. You have configured auditing so that you can track events such as
account management tasks and system events. Where can you view the results
of the audit?
A. Audit Manager
B. \Windir\audit.log
C. Event Viewer, System log
D. Event Viewer, Security log
Answer: D ( Once auditing has been configured, you can see the results of
the audit through the Security log in the Event Viewer utility.
41. You have recently hired Al as an assistant for network administration.
You have not decided how much responsibility you want Al to have. While
you are deciding, you want Al to be able to restore files on Windows 2000
Professional computers in your network, but you do not want Al to be able
to run the backups. What is the minimum assignment that will allow Al to
complete this task?
A. Add Al to the Administrators group.
B. Grant Al the Read right to the root of each volume he will back up.
C. Add Al to the Backup Operators group.
D. Grant Al the user right Restore Files and Directories.
Answer: D ( The Restore Files and Directories user right allows a user to
restore files and directories, regardless of file and directory
permissions.
42. Which password policy would you implement if you did not want users to
reuse passwords that they had previously used?
A. Passwords Must Be Advanced
B. Enforce Password History
C. Passwords Must Be Unique
D. Passwords Must Meet the Complexity Requirements of the Installed
Password Filters
Answer: B ( The Enforce Password History policy allows the system to keep
track of a user's password history for up to 24 passwords.
43. What is the default account lockout policy that is configured on
Windows 2000 computers?
A. Account Lockout Threshold = 3, Account Lockout Duration = 15 minutes
B. Account Lockout Threshold = 5, Account Lockout Duration = 30 minutes
C. Account Lockout Threshold = 7, Account Lockout Duration = 45 minutes
D. Account lockout policy is not set by default
Answer: D ( By default, account lockout policy is not enabled.
44. Which built-in group would you add a user to if you wanted the user to
be able to create users and groups, but not manage properties of users and
groups that user did not create?
A. Administrators
B. Power Users
C. Server Operators
D. Power Operators
Answer: B ( Members of the Power Users group can create users and groups,
but can only manage the users and groups that they have created.
Administrators can manage all users and groups. The Server Operators group
only exists on Windows 2000 domain controllers. The Power Operators group
does not exist by default on Windows 2000 computers.
45. Which of the following groups are default built-in local groups that
can be managed through the Local Users and Groups utility? Choose all that
apply.
A. Backup Operators
B. Everyone
C. Replicator
D. Dialup
Answer: A, C 8 You can manage the Backup Operators and Replicator local
groups through the Local Users and Groups utility. The Everyone and Dialup
groups are considered special groups, and their membership is determined
by computer and network access.
46. Which of the following statements about the Backup Operators group is
true?
A. By default, only Administrators and Power Users are members of the
Backup Operators group.
B. Backup Operators do not require any permissions to NTFS file systems in
order to back up and restore the file system.
C. Backup Operators have full access to the NTFS file system.
D. Backup Operators can modify any services that relate to system backup.
Answer: B ( There are no members of the Backup Operators group by default.
Members of the Backup Operators group have access to the file system
during the backup process, but not normal file access. Backup Operators
group me mbers have no special permissions to modify system services.
47. Which types of groups can exist on a Windows 2000 Professional
computer?
A. Security group
B. Distribution group
C. Source group
D. Local group
Answer: D ( The only type of group that can exist on a Windows 2000
Professional computer is a local group.
48. Which default local group has the most limited access to the computer
by default?
a. Users
B. Guests
C. Replicator
D. Peons
Answer: B ( The Guests group has the most limited access to computer
resources.
49. What is the primary purpose of the Replicator group?
A. To replicate user accounts to the domain controller
B. For replication if you have configured DFS on the network
C. To replicate and manage concurrent time across the network
D. To support directory replication, which is set up on domain controllers
Answer: D ( The Replicator group is used to support directory replication,
which is a feature used by domain controllers. If this feature is not
used, there should be no members of the Replicator group.
50. Which of the following tasks can be completed by a member of the Power
Users group? Choose all that apply.
A. Create local users and groups.
B. Create and delete all network shares.
C. Stop and start all network services.
D. Create, manage, and delete local printers.
Answer: A, D ( Members of the Power Users group can create local users and
groups, but they can only manage the users and groups that they have
created. Power Users can create and delete network shares, except
administrative shares. Power Users can stop and start network services,
except services that are configured to start automatically.
Power Users can create, manage, and delete local printers.
51. If you logged on as user Brad to a Windows 2000 Professional computer
that contained the user account Brad, which of the following groups would
you belong to by default? Choose all that apply.
A. Users
B. Authenticated Users
C. Everyone
D. Interactive
Answer: A, B, C, D ( By default, all users who exist on a Windows 2000
Professional computer are added to the computer's Users group. Users who
log on with a valid username and password automatically become a member of
the Authenticated Users special group. By default, anyone who can use the
computer becomes a member of the special group Everyone. Because Brad is
using the computer where his user account resides, he automatically
becomes a member of the special group Interactive.
52. Which of following statements regarding local groups is true?
A. You cannot rename a group.
B. You can add users and other local groups to an existing local group.
C. The local group's properties can contain a description.
D. You manage groups through the User Manager utility.
Answer: C ( In Windows NT, you cannot rename groups. In Windows 2000, you
can rename groups. You cannot add a local group to another local group.
Local group properties can contain a description. Windows NT used the User
Manager utility. Windows 2000 uses the Local Users and Groups utility for
user and group management.
53. Which of the following are considered to be special groups in Windows
2000 Professional? Choose all that apply.
A. Creator Owner
B. Creator Group
C. Dialup
D. Local User
Answer: A, B, C ( Creator Owner, Creator Group, and Dialup are all special
groups in Windows 2000. There is no Local User group, but there is a
special group called Interactive, which has local users as members.
54 . You have a logon script that is used to partially configure the
Windows Explorer interface. You want to ensure that the entire script is
processed before the Windows Explorer interface is run. What group policy
setting should you use?
A. Run Logon Scripts Synchronously
B. Run Startup Scripts Asynchronously
C. Minimum Wait Time for Group Policy Scripts
D. Wait for Logon Scripts to Complete
Answer: A ( Run Logon Scripts Synchronously is the computer configuration
system policy option that specifies that logon scripts should finish
running before the Windows Explorer interface is run. Configuring this
option can cause a delay in the Desktop appearance.
55. You log on to multiple network environments. It takes a long time for
your logon scripts to be processed. What group policy setting can be used
to process your multiple logon scripts more quickly?
A. Run Logon Scripts Synchronously
B. Run Startup Scripts Asynchronously
C. Process Logon Scripts High Priority
D. Run Logon Scripts Simultaneously
Answer: B ( Run Startup Scripts Asynchronously is the computer
configuration system policy option that allows the system to run startup
scripts simultaneously. If you don't enable this policy, a startup script
can't run until the previous script is complete.
56. You want to configure your computer so that test.samplecorp.com is the
primary DNS suffix that will be used for DNS name registration and DNS
name resolution. What group policy setting can be used to configure this
option?
A. Set DNS Suffix
B. Enable DNS Name Resolution
C. Apply DNS Configuration
D. Primary DNS Suffix
Answer: D ( Primary DNS Suffix is the local group policy that is used to
specify the primary Domain Name Service (DNS) suffix that will be used for
DNS name registration and DNS name resolution.
57. You want to configure a Windows 2000 computer so that all users see an
option for logoff on the Start menu. Which of the following options can be
used to set this configuration?
A. Create custom logon scripts
B. Create a custom local group policy
C. Set this option in the Profile tab of the user Properties dialog box
D. Create a custom local group object that is configured with this
attribute
Answer: B ( Start menu and Taskbar local group policies allow you to
configure options such as whether users see a Logoff option on the Start
menu.
58. Rick has been added to the Administrators group. You suspect that Rick
may be abusing his administrative privileges. All he really needs to do is
create and manage local user accounts. You do not want Rick to be able to
look at any NTFS folders or files that he has not been granted explicit
permissions to access. Which group should you add Rick to so that he can
do his job, with the minimum level of administrative rights?
A. Administrators
B. Power Users
C. Account Operators
D. Server Operators
Answer: B The members of the Power Users group have the rights to create
and manage the local users and groups that they create without being able
to look at NTFS folders and files that they have not been given access to.
Account Operators and Server Operators are not built-in groups on Windows
2000 Professional computers.
59 You are logged on as John, who is a member of the Power Users group.
When John accesses the Printers folder, he does not see an Add Printer
option. What is the most likely cause of this?
A. There are no Plug-and-Play printers attached to the computer.
B. There are no LPT ports defined in the computer's BIOS.
C. The group policy settings have disabled the addition of printers.
D. Members of the Power Users group do not have permissions to create new
printers.
Answer: C You do not need a Plug-and-Play printer attached to the computer
or to have LPT ports configured to create a printer. Members of the Power
Users group can create new printers. The most likely problem is that the
group policy settings have disabled the option to add new printers.
60. Which of the following options can be used to configure group
policies?
A. Administrative Tools > Group Policy Editor
B. Administrative Tools > System Policy Editor
C. The MMC snap-in Group Policy (local)
D. The MMC snap-in System Policy (local)
Answer: C You administer local group policies through the Group Policy MMC
snap-in. As a part of the configuration, you specify that you will manage
the local computer.
----
|
|