You need to identify all failed logon attempts on the domain

第1题：

Your company has an Active Directory directory service domain. All servers run Windows Server 2003. All domain controllers are configured to audit specific events. You are developing a security monitoring plan for the domain controllers. You must back up the following information. Local logon attemptsDomain logon attemptsSecurity update installation attempts You need to specify the appropriate log files to back up.  Which files should you specify？ （）

• A、 AppEvent.Evt and NTDS.Evt
• B、 NTDS.Evt and SecEvent.Evt
• C、 SecEvent.Evt and SysEvent.Evt
• D、 AppEvent.Evt and SysEvent.Evt

第2题：

You need to design an audit strategy for Southbridge Video. Your solution must meet business requirements.What should you do？（）

• A、Create a new security template that enables the Audit account logon events policy for successful and failed attempts. Create a new GPO， and link it to the domain. Import the new security template into the new GPO
• B、Create a new security template that enables the Audit account logon events policy for successful and failed attempts. Create a new GPO， and link it to the Domain Controllers OU. Import the new security template into the new GPO
• C、Create a new security template that enables the Audit logon events policy for successful and failed attempts. Create a new GPO， and link it to the Domain Controllers OU. Import the new security template into the new GPO
• D、Create a new security template that enables the Audit logon events policy for successful and failed attempts. Create a new GPO， and link it to the domain. Import the new security template into the new GPO

第3题：

第4题：

Your network consists of a single Active Directory domain that contains two domain controllers. Both domain controllers run Windows Server 2003 Service Pack 2 (SP2). Auditing of successful account logon events is enabled on all computers in the domain. You need to identify the last time a specific user logged on to the domain. What should you do? （）

• A、Examine the System Event Log on the user’s computer.
• B、Examine the System Event Log on both domain controllers.
• C、Examine the Security Event Log on both domain controllers.
• D、Examine the Application Event Log on the user’s computer.

第5题：

Your network contains an Active Directory domain that contains five domain controllers. You have  a management computer that runs Windows 7.   From the Windows 7 computer， you need to view all account logon failures that occur in the  domain.     The information must be consolidated on one list.   Which command should you run on each domain controller（）

• A、Wecutil.exe qc
• B、Wevtutil.exe gli
• C、Winrm.exe quickconfig
• D、Winrshost.exe

第6题：

You discover audit log entries that report attempts to log on to your computer. You need to be notified of all logon attempts that occur on your computer.  What should you do？（）

• A、Enable the Problem Reporting feature for all users.
• B、Configure a custom view to monitor failed logon events on your computer.
• C、Use the Computer Management console to connect to your computer from another computer and monitor the audit logs.
• D、In the Event Viewer window， attach a task to a failed logon event. Configure this task to send an e-mail message to your e-mail account.

第7题：

You need to design a method to log changes that are made to servers and domain controllers. You also need to track when administrators modify local security account manager objects on servers. What should you do？（）

• A、Enable failure audit for privilege user and object access on all servers and domain controllers
• B、Enable success audit for policy change and account management on all servers and domain controllers
• C、Enable success audit for process tracking and logon events on all servers and domain controllers
• D、Enable failure audit for system events and directory service access on all servers and domain controllers

第8题：

The company wants to evaluate making all business office users administrators on their client computers. You need to design a method to ensure that this change can be made in a manner that meets business and security requirements. What should you do？（）

• A、On all domain controllers， implement registry access auditing for all registry keys that are considered sensitive by the company’s written security policy
• B、On all client computers， implement logon auditing for all user account logons
• C、On all client computers， configure registry access auditing for all registry keys that are considered sensitive by the company’s written security policy
• D、On all domain controllers， implement logon auditing for all user account logons

第9题：

Your network contains an Active Directory domain that has two sites.    You need to identify whether logon scripts are replicated to all domain controllers.   Which folder should you verify（）

• A、GroupPolicy
• B、NTDS
• C、SoftwareDistribution
• D、SYSVOL

第10题：

You need to identify all failed logon attempts on the domain controllers.     What should you do（）

• A、Run Event Viewer.
• B、View the Netlogon.log file.
• C、Run the Security Configuration Wizard.
• D、View the Security tab on the domain controller computer object.