单项选择题

Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain. You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes. What should you do（）

A.Enable the Audit account management policy in the Default Domain Controller Policy.
B.Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.
C.Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.
D.From the Default Domain Controllers policy， enable the Audit directory service access setting and enable directory service changes.

点击查看答案

上一题目录下一题

相关考题

单项选择题
Your company has file servers located in an organizational unit named Payroll. The file servers contain payroll files located in a folder named Payroll. You create a GPO. You need to track which employees access the Payroll files on the file servers. What should you do（）

A.Enable the Audit object access option. Link the GPO to the Payroll organizational unit. On the file servers， configure Auditing for the Everyone group in the Payroll folder.
B.Enable the Audit object access option. Link the GPO to the domain. On the domain controllers， configure Auditing for the Authenticated Users group in the Payroll folder.
C.Enable the Audit process tracking option. Link the GPO to the Domain Controllers organizational unit. On the file servers， configure Auditing for the Authenticated Users group in the Payroll folder.
D.Enable the Audit process tracking option. Link the GPO to the Payroll organizational unit. On the file servers， configure Auditing for the Everyone group in the Payroll folder.
单项选择题
Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering. You need to create a password policy for the engineering department that is different from your domain password policy. What should you do（）

A.Create a new GPO. Link the GPO to the Engineering OU.
B.Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the Engineering OU.
C.Create a global security group and add all the user accounts for the engineering department to the group. Create a new Password Policy Object （PSO） and apply it to the group.
D.Create a domain local security group and add all the user accounts for the engineering department to the group. From the Active Directory Users and Computer console， select the group and run the Delegation of Control Wizard.
单项选择题
YourcompanyhasanActiveDirectorydomain.Auserattemptstologontothedomainfromaclientcomputerandreceivesthefollowingmessage："Thisuseraccounthasexpired.Askyouradministratortoreactivatetheaccount."Youneedtoensurethattheuserisabletologontothedomain.Whatshouldyoudo（）

A.Modify the properties of the user account to set the account to never expire.
B.Modify the properties of the user account to extend the Logon Hours setting.
C.Modify the properties of the user account to set the password to never expire.
D.Modify the default domain policy to decrease the account lockout duration.