You are the network administrator for The network consists of a
single Active Directory domain named The domain contains Windows
Server 2003 computers and Windows XP Professional computers.
All confidential company files are stored on a file server named TestKing1. The
written company security states that all confidential data must be stored and
transmitted in a secure manner. To comply with the security policy, you enable
Encrypting File System (EFS) on the confidential files. You also add EFS
certificates to the data decryption field (DDF) of the confidential files for the users
who need to access them.
While performing network monitoring, you notice that the confidential files that are
stored on TestKing1 are being transmitted over the network without encryption.
You must ensure that encryption is always used when the confidential files on
TestKing1 are stored and transmitted over the network.
What are two possible ways to accomplish this goal?（） (Each correct answer presents
a complete solution. Choose two)

单项选择题You are the network administrator for TestKing. The network consists of a single Active Directory domain. All network servers run Windows Server 2003. A member server named TestkingA has a locally attached tape device. TestkingA contains several folders and files that are encrypted by using Encrypting File System (EFS). You create a new user account for a new employee named Victoria. Victorias user account is member of the Users group only. You need to ensure that Victoria can back up the encrypted folders and files on TestkingA. Victoria must be assigned the minimum administrative privileges needed to complete this task. What should you do?（）

A. Add Victoria's domain user account to the Administrators group.
B. Add Victoria's user account to the Backup Operators group.
C. Assign the Allow - Full Control permission on the encrypted folders and files to Victoria.
D. Designate Victoria as a recovery agent for the encrypted files.

单项选择题You are the network administrator for TestKing. The network consists of a single Active Directory domain. All network servers run Windows Server 2003. Half of the client computers run Windows XP Professional, and the other half run Windows NT 4.0 Workstation. You install Terminal Services on three member servers named Testking1, Testking2, and Testking3. Each server has a single Pentium III 600-Mhz CPU with 512 MB of RAM and a single-channel EIDE disk subsystem. You place all three terminal servers in an organizational unit (OU) named Terminal Server. You link a Group Policy Object (GPO) to the Terminal Server OU. Several days after the installation, users report that the performance of all three terminal servers is unacceptably slow. You discover that each server has at least 50 active sessions at once. You need to improve the performance of all three terminal servers. You must achieve this goal by using the minimum amount of administrative effort, without upgrading any hardware. What should you do?（）

A. Log on to the console of each terminal server. In the RDP-Tcp connection properties, set the Maximum connections option to 35.
B. Edit the GPO to set the Limit number of connections policy to 35.
C. Modify all domain user accounts to set the When a session limit is reached or broken user property to End session.
D. Edit the GPO to enable the Remove Disconnected option from shutdown dialog policy

单项选择题You are the administrator of a Windows Server 2003 computer named Testking1. An application on Testking1 gradually uses more and more memory until it causes Testking1 to stop responding. If you restart the application before it uses the available memory, there is no interruption of user services. You need to configure Testking1 to notify you when it encounters a low-memory condition. What should you do?（）

A. Using Task Scheduler, schedule a repeating task that runs the tracert command.
B. Using Performance Logs and Alerts, configure an alert for the appropriate performance object.
C. Using System Monitor, configure the appropriate performance object to display.
D. Using Startup and Recovery Settings, configure Testking1 to send an Administrative Alert.

单项选择题You are the network administrator for Test King. The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. The Default Domain Policy has been modified by importing a security template file, which contain several security settings. A server named TestKing1 cannot run a program that us functioning on other similarly configured servers. You need to find out whether additional security settings have been added to the local security policy on TestKing1. To troubleshoot, you want to use a tool to compare the current security settings on TestKing1 against the security template file in order to automatically identify any settings that might have been added to the local security policy. Which tool should you run on TestKing1?（）

A. Microsoft Baseline Security Analyzer (MBSA)
B. Security Configuration and Analysis console
C. gpresult.exe
D. Resultant Set of Policy console in planning mode

单项选择题You are the network administrator for The network consists of a single Active Directory domain named All network servers run Windows Server 2003. Three thousand client computers run Windows 2000 Professional, and 1,500 client computers run Windows XP Professional. A new employee named Dr King is hired to assist you in installing Windows XP Professional on 150 new client computers. You need to ensure that Dr King has only the minimum permissions required to add new computer accounts to the domain and to own the accounts that he creates. Dr King must not be able to delete computer accounts. What should you do?（）

A. Add Dr King's user account to the Server Operators group.
B. Add Dr King's user account to the Account Operators group.
C. Use the Delegation of Control Wizard to permit Dr King's user account to create new computer objects in the Computers container.
D. Create a Group Policy object (GPO) and link it to the domain. Configure the GPO to permit Dr King's user account to add client computers to the domain.