单项选择题
You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. All client computers in the domain run Windows XP Professional. An application named Inventory.exe is installed on all computers in the domain to remotely gather software inventory information. The application runs as a service in the security context of the Local System. The startup type of the service is set to Automatic.In the Default Domain Policy Group Policy object (GPO), the security administrator has configured a software restriction policy that is applied to all computers in the domain. The policy contains a hash rule for the Inventory.exe application, and the hash rule is configured with a security level of Unrestricted. The client computers on the network are attacked by a worm that is distributed by e-mail messages received over the Internet. The worm detects the presence of Inventory.exe on a computer, then starts a new instance of the application in the security context of the logged-on user. The worm exploits a bug in the application to cause the computer to fail.You need to ensure that Inventory.exe cannot be started by the worm, while still allowing the application to run as a service.
What should you do?()
A.In the computer settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a zone rule for the Internet zone. Configure the zone rule with a security level of Disallowed.
B.In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a zone rule for the Internet zone. Configure the zone rule with a security level of Disallowed.
C.In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a hash rule for the Inventory.exe application. Configure the hash rule with a security level of Disallowed.
D.In the computer settings section of the Default Domain Policy GPO, modify the existing software restriction policy hash rule for the Inventory.exe application so that the hash rule has a security level of Disallowed.
相关考题
-
单项选择题
You are a network administrator for A. Datum Corporation. The network consists of a single Active Directory domain named adatum.net. Users regularly browse the internal network and the Internet from their client computers. All Web and e-mail hosting for a separate DNS domain named adatum.com is outsourced to an ISP. All name resolution requests for adatum.com are resolved by the ISP. You have no administrative control over the DNS servers at the ISP. You cannot list the contents of adatum.com by using the nslookup command on the DNS servers at the ISP.A Windows Server 2003 computer named Server1 is configured with a primary zone for adatum.net. All root hints have been removed from Server1. All client computers refer to this DNS server for name resolution.You need to configure DNS resolution to ensure that all client computers can locate and access resources in adatum.net, adatum.com, and the Internet. What should you do?()
A.Configure a secondary zone for adatum.com on Server1.
B.Configure a primary zone for adatum.com on Server1.
C.Configure conditional forwarding for adatum.com with the IP address of the DNS server at the ISP.
D.Configure simple forwarding with the default settings with the IP address of the DNS server at the ISP. -
单项选择题
You are the network administrator for Fabrikam, Inc. The network contains a DNS server named Server1. Server1 is configured to resolve queries for external internet resources. Server1 also hosts the fabrikam.com internal zone for Active Directory. Users report that they are directed to the wrong Web site when browsing for well-known Internet Web sites. You need to minimize the occurrence of unexpected results when users browse the Internet in the future. You also need to minimize disruption to users. What should you do?()
A.Enable the Disable recursion setting in the advanced properties of Server1.
B.Enable Fail on load if bad zone data setting in the advanced properties of Server1.
C.Enable the Secure cache against pollution setting in the advanced properties of Server1.
D.Enable the Enable automatic scavenging of stale resource records setting in the advanced properties of Server1 and set it to 7 days. -
多项选择题
You are the network administrator for your company. All servers run Windows Server 2003. The company’s main office is located in New York City, and four branch offices are located in various North American cities. The network is configured as shown in the exhibit. (Click the Exhibit button.) Access to the Internet is provided by a Network Address Translation (NAT) server located in the Montreal office. The IP address of the NAT server is 192.168.10.254. Users in the Los Angeles office report that they cannot connect to the Internet. Users in the New York office report that they can successfully connect to the Internet. From a computer in the Los Angeles office, you cannot connect to servers located in the Montreal office by using their IP address. You want to find out where the communication failure resides by running a command prompt on a computer in the Los Angeles office. What are two possible ways to achieve this goal?()
A.Run the pathping 192.168.10.254 command.
B.Run the net view \\192.168.10.254 command.
C.Run the tracert 192.168.10.254 command.
D.Run the nslookup 192.168.10.254 command.
