You are the network administrator for Contoso Pharmaceuticals. Your network consists of a single  Active Directory forest that contains three domains. The forest root domain is named contoso.com. The domain contains two child domains named usa.contoso.com and europe.contoso.com. The functional level of the forest is Windows Server 2003. Each domain contains two Windows Server 2003 domain controllers named DC1 and DC2. DC1 in the contoso.com domain performs the following two operations master roles： schema master and domain naming master. DC1 in each child domain performs the following three operations master roles： PDC emulator master， relative ID （RID） master， and infrastructure master. DC1 in each domain is also a global catalog server. The user account for Nancy Buchanan in the europe.contoso.com domain is a member of the Medicine Students security group. Because of a name change， the domain administrator of europe.contoso.com changes the Last name field of Nancy’s user account from Buchanan to Anderson. The domain administrator of usa.contoso.com discovers that the user account for Nancy is still listed as Nancy Buchanan. You need to ensure that the user account for Nancy Anderson is correctly listed in the Medicine Students group. 
What should you do？（）

单项选择题Whyisadatasourcerequired？（）

A. Data source contains data required for impact event enrichment.
B. Data source contains data required for calculating server downtime.
C. Data source contains data required for services and other related service information.
D. Data source contains data required for LDAP configurations， including login attempts and errors.

单项选择题You have an Active Directory directory service forest with a forest root domain. The root domain has  two child domains named na.corp.contoso.com and asia.prod.contoso.com. You have an Active Directory  site for each domain. All sites are connected through the DEFAULTIPSITELINK site link. You need to  minimize the time that is required to authenticate users when they access resources in the other domain.   What should you do？（）

A. Create a shortcut trust between the child domains.
B. Create a shortcut trust from the forest root domain to each of the child domains.
C. Decrease the replication interval for the DEFAULTIPSITELINK site link.
D. Create a batch script to replicate changes between the sites. Schedule the script to run on a regular basis.

单项选择题You are the network administrator for your company. The network consists of a single Active   Directory forest. The forest consists of 19 Active Directory domains. Fifteen of the domains contain  Windows Server 2003 domain controllers. The functional level of all the domains is Windows 2000 native.  The network also consists of a single Microsoft Exchange 2000 Server organization. You need to create  groups that can be used only to send e-mail messages to user accounts throughout the company. You  want to achieve this goal by using the minimum amount of replication traffic and minimizing the size of the  Active Directory database. You need to create a plan for creating e-mail groups for your company.  What should you do？（）

A. Create global distribution groups in each domain. Make the appropriate users from each domain members of the global distribution group in the same domain. Create universal distribution groups. Make the global distribution groups in each domain members of the universal distribution groups.
B. Create global security groups in each domain. Make the appropriate users from each domain members of the security group in the same domain. Create universal security groups. Make the global security groups in each domain members of the universal security groups.
C. Create universal distribution groups. Make the appropriate users from each domain members of a universal distribution group.
D. Create universal security groups. Make the appropriate users from each domain members of a universal security group.

多项选择题Your company has a single Active Directory directory service forest. All user accounts are located in  the Users container. You need to create a number of organizational units （OUs） that will be used to store  user accounts.  What are two possible ways to achieve this goal？（）

A. Use the Active Directory Sites and Services snap-in.
B. Use the Active Directory Users and Computers snap-in.
C. Use the Dsadd command-line tool with the OU parameter.
D. Use the Dsmod command-line tool with the OU parameter.

单项选择题You are the network administrator for your company. Your network consists of a single Active   Directory domain. Three security groups named Accountants， Processors， and Management are located in an organizational unit （OU） named Accounting. All of the user accounts that belong to these three  groups are also in the Accounting OU. You create a Group Policy object （GPO） and link it to the  Accounting OU. You configure the GPO to disable the display options under the User Configuration  section of the GPO. You need to achieve the following goals： You need to ensure that the GPO applies to  all user accounts that are members of the Processors group. You need to prevent the GPO fromapplying  to any user account that is a member of the Accountants group. You need to prevent the GPO from  applying to any user account that is a member of the Management group， unless the user account is also  a member of the Processors group. What should you do？（）

A. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL of the GPO to assign the users who are in both the Accountants and Management security groups the Allow - Read and the Allow - Apply Group Policy permissions.
B. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Create a new security group named Mixed that contains all the user accounts from the Processors group and the specific user accounts from the Management group to which you want the GPO to apply. Modify the DACL of the GPO to assign the Mixed security group the Allow - Read and the Allow - Apply Group Policy permissions.
C. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL settings of the GPO to remove the Authenticated Users special group. Modify the DACL settings of the GPO to add the Processors group and assign the Allow - Read and the Allow - Apply Group Policy permissions.
D. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Allow - Apply Group Policy permissions. Modify the DACL settings of the GPO to assign the Management security group the Deny - Read and the Deny - Apply Group Policy permissions.