You have a single Active Directory directory service forest named contoso.com. You create baseline  security settings for a group of computers， and you store the settings in a database. You deploy thebaseline security settings. You need to confirm that t

第1题：

You are the network administrator for Humongous Insurance. The network consists of a single Active Directory domain named humongous.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers. You configure several Group Policy objects （GPOs） to enforce the use of IPSec for certain types of communication between specified computers.   A server named Server2 runs the Telnet service. A GPO is supposed to ensure that all Telnet connections to Server2 are encrypted by using IPSec. However， when you monitor network traffic， you notice that Telnet connections are not being encrypted.You need to view all of the IPSec settings that are applied to Server2 by GPOs. Which tool should you use？（）

• A、the IP Security Policy Management console
• B、the IP Security Monitor console
• C、the Resultant Set of Policy console
• D、Microsoft Baseline Security Analyzer （MBSA）

第2题：

You have an Exchange Server 2010 organization.You create a distribution group for all users in your company.You need to ensure that new users can add their mailboxes to the distribution group.What should you do？（）

• A、Modify the group scope of the distribution group.
• B、Modify the approval mode of the distribution group.
• C、Modify the security settings of the distribution group.
• D、Modify the authentication settings of the ECP virtual directory.

第3题：

Your network consists of Windows XP computers. All computers are joined to a single Active  Directory directory service domain and located in a single Active Directory site. You create a new Group  Policy object （GPO） and link it to the site. The policy configures default screensaver settings. User  accounts of users in the research department are located in an organizational unit （OU） named Research.  You need to allow users in the research department to configure a different screensaver setting on their  computers.  What should you do？（）

• A、 Move the user accounts of users in the research department to the Users container.
• B、 Configure a local security policy on all computers in the research department to allow users to modify their screensaver settings.
• C、 Add users in the research department to a domain group. Allow the group the Apply Group Policy permission for the GPO.
• D、 Add users in the research department to a domain group. Deny the group the Apply Group Policy permission to the GPO.

第4题：

You have a single Active Directory directory service domain. All servers run Windows Server 2003. You create several new Group Policies. You need to determine the end result of these Group Policies before applying the settings.  What should you do？（）

• A、 Use Resultant Set of Policy （RSoP） in Planning mode.
• B、 Use Resultant Set of Policy （RSoP） in Logging mode.
• C、 Use Event Viewer to view the system log.
• D、 Use Event Viewer to view the application log.

第5题：

Your network contains an Active Directory domain named contoso.com. All user accounts are in an organizational unit （OU） named Employees. You create a Group Policy object （GPO） named GP1.You link GP1 to the Employees OU.You need to ensure that GP1 does not apply to the members of a group named Managers. What should you configure？（）

• A、The Security settings of Employees
• B、The WMI filter for GP1
• C、The Block Inheritance option for Employees
• D、The Security settings of GP1

第6题：

Your network contains an Active Directory domain named contoso.com.You run nslookup.exe as shown in the following Command Prompt window. You need to ensure that you can use Nslookup to list all of the service location （SRV） resource records for  contoso.com. What should you modify（）

• A、the root hints of the DNS server
• B、the security settings of the zone
• C、the Windows Firewall settings on the DNS server
• D、the zone transfer settings of the zone

第7题：

You are a security administrator for your company. The network consists of three Active Directory domains. All Active Directory domains are running at a Windows Server 2003 mode functionality level.    Employees in the editorial department of your company need access to resources on file servers that are in each of the Active Directory domains. Each Active Directory domain in the company contains at least one editorial department employee user account.    You need to create a single group named Company Editors that contains all editorial department employee user accounts and that has access to the resources on file server computers.  What should you do？（）

• A、 Create a global distribution group in the forest root domain and name it Company Editors.
• B、 Create a global security group in the forest root domain and name it Company Editors.
• C、 Create a universal distribution group in the forest root domain and name it Company Editors. 
• D、 Create a universal security group in the forest root domain and name it Company Editors.

第8题：

Your company has a single Active Directory directory service domain. Servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create an internal centrally managed security update infrastructure for client computers. You need to choose a security update management tool that supports all the client computers.  Which tool should you choose？ （）

• A、 Microsoft Assessment and Planning （MAP） Toolkit
• B、 Microsoft Baseline Security Analyzer
• C、 Microsoft System Center Operations Manager
• D、 Windows Server Update Services （WSUS）

第9题：

Your network contains an Active Directory domain named contoso.com. All client computer accounts are in an organizational unit （OU） named AllComputers. Client computers run either Windows 7 or Windows 8.You create a Group Policy object （GPO） named GP1. You link GP1 to the AllComputers OU.You need to ensure that GP1 applies only to computers that have more than 8 GB of memory. What should you configure？（）

• A、The Security settings of AllComputers
• B、The Security settings of GP1
• C、The WMI filter for GP1
• D、The Block Inheritance option for AllComputers

第10题：

第11题：

第12题：

第13题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. You need to implement a new software update infrastructure.  You discover that security patches， critical updates， and service packs have never been installed on any client computer on the network. You install Windows Server Update Services （WSUS） on a Windows Server 2003 computer named Server5. You synchronize and approve all of the current security patches， critical updates， and service packs. You need to ensure that all client computers receive all Microsoft security patches， critical updates， and service packs.  Which two actions should you perform？（）

• A、Open the WSUS console. Select the option to automatically approve WSUS updates.
• B、Install the Automatic Updates client on all client computers.
• C、Modify the Microsoft Update settings of the Default Domain Controller organizational unit （OU） Group Policy object （GPO） to point client computers to http ：//server5.
• D、Modify the Microsoft Update settings of the Default Domain Policy Group Policy object （GPO） to point client computers to http： //server5.
• E、Open the WSUS console. Create a target group and assign all client computers to the group.

第14题：

You have a single Active Directory directory service domain. You use a Group Policy object （GPO） to apply security settings to your client computers. You configure the startup type for system services settings in a new GPO， and you link the GPO to an organizational unit （OU）.  You discover that the startup type for system services on one of the client computers has not been updated. You need to ensure that the Group Policy settings are applied to the client computer. What should you do？（）

• A、  Restart the client computer.
• B、 Instruct the user to log off and then log on to the client computer.
• C、 On the client computer， run the Gpupdate.exe command with the /Force parameter.
• D、 On the client computer， run the Gpupdate.exe command with the /Target：computer parameter.

第15题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3). You have a user account named User1. You need to identify which permissions User1 has on a file. What should you do? （）

• A、At a command prompt, run Net file.
• B、At a command prompt, run Attrib.exe.
• C、From the file properties, view the Summary settings.
• D、From the file properties, view the Advanced Security settings.

第16题：

You are the administrator of your company's network. You want to configure a Security Policy for the Windows 2000 Professional Computers that are in the sales department.   On one of the computers, you use Security Templates to configure the Security Policy based on the desired security settings. You then export those settings to an .inf file that will be used on all of the Computers in the sales department. You want to configure each Computer to have a customized Security Policy. What steps should you follow in order to achieve your goal?（）

• A、Use Secedit.exe to import the security settings from the .inf file to the computers in the sales department.
• B、Use a text editor to change the default security settings to the desired security settings. Then export those settings to the Computers in the sales department.
• C、Create an organizational unit （OU） named Sales. Add the users in the sales department to the Sales OU. Then apply the security template to the users in the Sales OU.
• D、Create an organizational unit （OU） named Sales. Add the computers in the sales department to the Sales OU. Then apply the security template to computers in the Sales OU.

第17题：

You have a single Active Directory directory service forest with one domain. You have an existing  top-level organizational unit （OU） named Sales. You are planning to create a new top-level OU named  Training. The Sales and Training OUs must have the same security and auditing settings. You need to  identify the security permissions and audit settings for the Sales OU so that you can delegate the same  permissions for the Training OU.  What should you do first？（）

• A、 Use the Delegation of Control Wizard.
• B、 Use the Security Configuration Wizard.
• C、 Run the dsacls command.
• D、 Run the xcacls command.

第18题：

Your network contains an Active Directory domain named contoso.com. You run nslookup.exe as  shown in the following Command Prompt window.     You need to ensure that you can use Nslookup to list all of the service location （SRV） resource  records for contoso.com.     What should you modify（）

• A、the root hints of the DNS server
• B、the security settings of the zone
• C、the Windows Firewall settings on the DNS server
• D、the zone transfer settings of the zone

第19题：

Your network consists of a single Active Directory domain. The remote access permission for all users is set to Control access through Remote Access Policy.You have a VPN server named Server1 that runs Windows Server 2003 Service Pack 2 （SP2）.  The current configuration allows all authenticated users to establish VPN connections to Server1. You create a global group named Group1.You need to prevent all members of Group1 from establishing VPN connections to Server1.  What should you do？（）

• A、From the local computer policy on Server1， modify the Account Policies settings.
• B、From Active Directory Users and Computers， modify the Security settings of Group1.
• C、From the Routing and Remote Access snap-in， create a new remote access policy.
• D、From the Routing and Remote Access snap-in， open the properties of Server1 and modify the security options.

第20题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional.   The company has legacy applications that run on UNIX servers. The legacy applications use the LDAP protocol to query Active Directory for employee information.  The domain controllers are currently configured with the default security settings. You need to configure enhanced security for the domain controllers. In particular， you want to configure stronger password settings， audit settings， and lockout settings. You want to minimize interference with the proper functioning of the legacy applications.   You decide to use the predefined security templates. You need to choose the appropriate predefined security template to apply to the domain controllers.  What should you do？（）

• A、 Apply the Setup security.inf template to the domain controllers.
• B、 Apply the DC security.inf template to the domain controllers.
• C、 Apply the Securedc.inf template to the domain controllers.
• D、 Apply the Rootsec.inf template to the domain controllers.

第21题：

第22题：

第23题：