单项选择题
Your company has two Active Directory forests as shown in the following table. Forest name Forest functional level Domain(s) contoso.com Windows Server 2008 contoso.com fabrikam.com Windows Server 2008 fabrikam.com eng.fabrikam.com
The forests are connected by using a two-way forest trust. Each trust direction is configured with forest-wide authentication. The new security policy of the company prohibits users from the eng.fabrikam.com domain to access resources in the contoso.com domain.
You need to configure the forest trust to meet the new security policy requirement.
What should you do()
A.Delete the outgoing forest trust in the contoso.com domain.
B.Delete the incoming forest trust in the contoso.com domain.
C.Change the properties of the existing incoming forest trust in the contoso.com domain from Forest-wide authentication to Selective authentication.
D.Change the properties of the existing outgoing forest trust in the contoso.com domain to Exclude *.eng.fabrikam.com from the Name Suffix Routing trust properties
相关考题
-
单项选择题
Your company has a single Active Directory domain. All domain controllers run Windows Server 2003. You install Windows Server 2008 R2 on a server. You need to add the new server as a domain controller in your domain. What should you do first()
A.On the new server, run dcpromo /adv.
B.On the new server, run dcpromo /createdcaccount.
C.On a domain controller run adprep /rodcprep.
D.On a domain controller, run adprep /forestprep. -
多项选择题
Your company has an Active Directory forest that contains only Windows Server 2008 domain controllers. You need to prepare the Active Directory domain to install Windows Server 2008 R2 domain controllers. Which two tasks should you perform()
A.Run the adprep /forestprep command.
B.Run the adprep /domainprep command.
C.Raise the forest functional level to Windows Server 2008.
D.Raise the domain functional level to Windows Server 2008. -
多项选择题
Yourcompany,A.DatumCorporation,hasasingleActiveDirectorydomainnamedintranet.adatum.com.ThedomainhastwodomaincontrollersthatrunWindowsServer2008R2operatingsystem.ThedomaincontrollersalsorunDNSservers.Theintranet.adatum.comDNSzoneisconfiguredasanActiveDirectoryintegratedzonewiththeDynamicupdatessettingconfiguredtoSecureonly.Anewcorporatesecuritypolicyrequiresthattheintranet.adatum.comDNSzonemustbeupdatedonlybydomaincontrollersormemberservers.Youneedtoconfiguretheintranet.adatum.comzonetomeetthenewsecuritypolicyrequirement.Whichtwoactionsshouldyouperform()
A.Remove the Authenticated Users account from the Security tab of the intranet.adatum.com DNS zone properties.
B.Assign the SELF Account Deny on Write permission on the Security tab of the intranet.adatum.com DNS zone properties.
C.Assign the server computer accounts the Allow on Write All Properties permission on the Security tab of the intranet.adatum.com DNS zone properties.
D.Assign the server computer accounts the Allow on Create All Child Objects permission on the Security tab of the intranet.adatum.com DNS zone properties.
