Your company has an Active Directory domain. All computers are members of the domain. Your networkcontains an internal Web site that uses Integrated Windows Authentication. From a computer that runs Windows 7, you attempt to connect to the Web site and a

第1题：

Your company has an Active Directory forest. The company has servers that run Windows Server 2008 amd client computers that run Windows Vista. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements. Your partner company has an Active Directory forest that contains a single domain， The company has servers that run Windows Server 2008 and client computers that run Windows Vista. You need to configure your partner company’s domain to use the approved set of administrative templates. What should you do（）

• A、Use the Group Policy Management Console （GPMC） utility to back up the GPO to a file. In each site， import the GPO to the default domain policy.
• B、Copy the ADMX files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDC emulator
• C、Copy the ADML files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDC emulator
• D、Download the conf.adm， system.adm， wuau.adm， and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on thr partner company’s emulator.

第2题：

This question is the first in a series of questions that all present the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series. Start of repeated scenarioYou are an enterprise desktop support technician for Fabrikam, Inc. Active Directory InformationThe company has a main office and a branch office. The main office hosts all of the companys servers. The main office connects to the branch office by using a WAN link. The network contains a single Active Directory domain that has 500 users. The domain contains three domain controllers and an enterprise root certification authority (CA). All servers run Windows Server 2008 R2. All user accounts are in an organizational unit (OU) named Employees. The computer accounts for all desktop computers are in an OU named Desktops. The computer accounts for all portable computers are in an OU named Laptops. A startup script is deployed to all computers by using Group Policy objects (GPOs). Client ConfigurationsAll client computers run Windows 7 Enterprise. All users have desktop computers. All computers are members of the domain. All desktop computers use wired connections to connect to the network. All portable computers use wireless connections to connect to the network. The wireless network is secured by using EAP-TLS. Company policy states that all client computers must be configured by using DHCP. The company has an internal Web site. The Web site is configured to use SSL encryption and to require client certificates. All company users can access the internal Web site. End of repeated scenario The company hires a new desktop support technician. The technician is added to the Administrators group on all client computers and the DHCP Users group on all DHCP servers. The new technician reports that the DHCP snap-in is unavailable on his computer. You need to ensure that the technician can view the configurations of the DHCP servers. What should you do?（）

• A、Instruct the technician to customize the Start menu to display the administrative tools.
• B、Instruct the technician to install Remote Server Administration Tools (RSAT) and to modify the Windows Features.
• C、Request that the technician be added to the Server Operators group in Active Directory.
• D、Request that the technician be added to the Network Configuration Operators group in Active Directory and modify the Windows Features.

第3题：

Your company has a stand-alone server named Server2 that runs Windows Server 2003 Service Pack 2 (SP2). Server2 is a Web server.You monitor two client connections to your Web site on Server2 and obtain the results shown in the exhibit.(Click the Exhibit button.) You need to ensure that all connections to the Web server are encrypted. What should you do?（）

• A、Install a Web server certificate on Server2. 
• B、Configure the Web site to require a secure channel. 
• C、Configure the Web site to redirect all requests to https://Server2. 
• D、Configure the Web site to require integrated Windows authentication.

第4题：

You are an IIS Web server administrator implementing authentication settings for a new Web site.According to the requirements for the Human Resources Web site， users should be prompted forauthentication information when they attempt to access the site. The site will be accessed only by userswho have accounts in your organization’s Active Directory domain. You have already configured the filesystem permissions for the content based on the appropriate settings. You also want to maximize securityof the site. Which two actions should you take to meet these requirements？（）

• A、Enable Windows authentication.
• B、Enable basic authentication.
• C、Disable anonymous authentication.
• D、Enable anonymous authentication.

第5题：

You have 20 computers that run Windows XP Professional. You need to configure the computers to use your company’s internal Windows Server Update Services (WSUS) server.  What should you do?（）

• A、Create a scheduled task that runs wuauclt.exe. 
• B、Modify the Automatic Updates settings from Control Panel. 
• C、Modify the Automatic Updates settings in the Local Computer Policy.
• D、Connect to the Windows Update Web site and select Change settings.

第6题：

You have a public computer that runs Windows XP Professional. All users log on to the computer by using the same user account. You log on to the computer by using the local administrator account and attempt to access a secure Web site. You discover that you have automatically logged on to the secure Web site by using the credential of another user. You need to connect to the secure Web site by using your own credentials. What should you do?（）

• A、Run ipconfig /flushdns at the command prompt. 
• B、Reset the password for the local administrator user account. 
• C、From the Internet Options in Internet Explorer, clear the AutoComplete history.
• D、From the Internet Options in Internet Explorer, delete the Temporary Internet Files. 

第7题：

Your company has a single Active Directory directory service domain. Servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create an internal centrally managed security update infrastructure for client computers. You need to choose a security update management tool that supports all the client computers.  Which tool should you choose？ （）

• A、 Microsoft Assessment and Planning （MAP） Toolkit
• B、 Microsoft Baseline Security Analyzer
• C、 Microsoft System Center Operations Manager
• D、 Windows Server Update Services （WSUS）

第8题：

Your company has an internal Web site that requires HTTPS. The Web site s certificate is self-signed. Youhave a computer that runs Windows 7 and Windows Internet Explorer 8. You use HTTPS to browse to theWeb site and receive the following warning message: There is a problem with this website s security certificate. You need to prevent the warning message from appearing when you access the Web site.  What should you do?（）

• A、From Internet Explorer， enable InPrivate Browsing.
• B、From Internet Explorer， add the Web site to the Trusted sites zone.
• C、From Certificate Manager， import the Web site s certificate into your Personal store.
• D、From Certificate Manager， import the Web site s certificate into your Trusted Root CertificationAuthorities store.

第9题：

You have a server that runs Windows Server 2008. The server has the Web Server （IIS） server role installed.   The server contains a Web site that is configured to use only Windows Authentication. You have a security group named Group1 that contains several user accounts.  You need to prevent the members of Group1 from accessing a Web site. You must not prevent other users from accessing the Web site.  Which Web site feature should you configure？（）

• A、Authentication
• B、Authorization Rules
• C、IIS Manager Permissions
• D、SSL Settings

第10题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.The network contains a Web server named Server1 that runs IIS 6.0 and hosts a secure Web site. The Web site is accessible from the intranet， as well as from the Internet. All users must authenticate when they connect to Server1. All users on the Internet must use a secure protocol to connect to the Web site. Users on the intranet do not need to use a secure protocol.You need verify that all users are using a secure protocol to connect to Server1 from the Internet.   What are two possible ways to achieve this goal？（）

• A、Monitor the events in the application log on Server1.
• B、Monitor the events in the security log on Server1.
• C、Monitor the Web server connections on Server1 by using a performance log.
• D、Monitor network traffic to Server1 by using Network Monitor.
• E、Monitor the IIS logs on Server1.

第11题：

第12题：

第13题：

Start of repeated scenarioYou are an enterprise desktop support technician for Fabrikam, Inc. Active Directory InformationThe company has a main office and a branch office. The main office hosts all of the companys servers. The main office connects to the branch office by using a WAN link. The network contains a single Active Directory domain that has 500 users. The domain contains three domain controllers and an enterprise root certification authority (CA). All servers run Windows Server 2008 R2. All user accounts are in an organizational unit (OU) named Employees. The computer accounts for all desktop computers are in an OU named Desktops. The computer accounts for all portable computers are in an OU named Laptops. A startup script is deployed to all computers by using Group Policy objects (GPOs). Client ConfigurationsAll client computers run Windows 7 Enterprise. All users have desktop computers. All computers are members of the domain. All desktop computers use wired connections to connect to the network. All portable computers use wireless connections to connect to the network. The wireless network is secured by using EAP-TLS. Company policy states that all client computers must be configured by using DHCP. The company has an internal Web site. The Web site is configured to useSSL encryption and to require client certificates. All company users can access the internal Web site. End of repeated scenario Users in the branch office report slow network performance when they connect to the file shares in the main office. You need to recommend a solution to improve performance when users access the file shares from the branch office. The solution must minimize hardware costs. What should you recommend implementing?（）

• A、BranchCache
• B、DirectAccess
• C、Distributed File System Replication (DFSR)
• D、Universal Group Membership Caching

第14题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains a Web server that runs IIS 6.0 and hosts a secure intranet site. All users are required to connect to the intranet site by authenticating and using HTTPS. However， because an automated Web application must connect to the Web site by using HTTP， you cannot configure the intranet site to require HTTPS.  You need to collect information about which users are connecting to the Web site by using HTTPS.   What should you do？（）

• A、Check the application log on the Web server.
• B、Use Network Monitor to capture network traffic on the Web server.
• C、Review the log files created by IIS on the Web server.
• D、Configure a performance log to capture all Web service counters. Review the performance log data.

第15题：

Your network contains a server that runs Windows Server 2008 R2. The server is configured as an   enterprise root certification authority (CA).   You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a   many-to-one mapping.   You revoke a certificate issued to an external partner.   You need to prevent the external partner from accessing the Web site.  What should you do（）

• A、Run certutil.exe -crl.
• B、Run certutil.exe -delkey.
• C、From Active Directory Users and Computers， modify the membership of the IIS_IUSRS group.
• D、From Active Directory Users and Computers， modify the Contact object for the external partner.

第16题：

You are a network administrator for Alpine Ski House. The internal network has an Active Directory-integrated zone for the alpineskihouse.org domain. Computers on the internal network use the Active Directory-integrated DNS service for all host name resolution.   The Alpine Ski House Web site and DNS server are hosted at a local ISP. The public Web site for Alpine Ski House is accessed at www.alpineskihouse.com. The DNS server at the ISP hosts the alpineskihouse.com domain.   To improve support for the Web site， your company wants to move the Web site and DNS service from the ISP to the company’s perimeter network. The DNS server on the perimeter network must contain only the host （A） resource records for computers on the perimeter network.   You install a Windows Server 2003 computer on the perimeter network to host the DNS service for the alpineskihouse.com domain. You need to ensure that the computers on the internal network can properly resolve host names for all internal resources， all perimeter resources， and all Internet resources.   Which two actions should you take？ （）

• A、 On the DNS server that is on the perimeter network， install a primary zone for alpineskihouse.com.
• B、 On the DNS server that is on the perimeter network， install a stub zone for alpineskihouse.com.
• C、 Configure the DNS server that is on the internal network to conditionally forward lookup requests to the DNS server that is on the perimeter network.
• D、 Configure the computers on the internal network to use one of the internal DNS servers as the preferred DNS server. Configure the the TCP/IP settings on the computers on the internal network to use the DNS server on the perimeter network as an alternate DNS server.
• E、 On the DNS server that is on the perimeter network， configure a root zone.

第17题：

Your company has an Active Directory forest. The company has servers that run Windows Server   2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative  templates that have been approved to support regulatory compliance requirements.   Your partner company has an Active Directory forest that contains a single domain. The company has  servers that run Windows Server 2008 R2 and client computers that run Windows 7.   You need to configure your partner companys domain to use the approved set of administrative  templates.   What should you do（）

• A、Use the Group Policy Management Console （GPMC） utility to back up the GPO to a file. In each site，  import the GPO to the default domain policy.
• B、Copy the ADMX files from your companys PDC emulator to the PolicyDefinitions folder on the partner  companys PDC emulator.
• C、Copy the ADML files from your companys PDC emulator to the PolicyDefinitions folder on thepartner  companys PDC emulator.
• D、Download the conf.adm， system.adm， wuau.adm， and inetres.adm files from the Microsoft Updates  Web site. Copy the ADM files to the PolicyDefinitions folder on the partner companys PDC emulator.

第18题：

All client computers on your company network run Windows 7 and are members of an Active Directory Domain Services domain. Your company policy requires that all unnecessary services be disabled on the computers. The Sales department staff has been provided with new mobile broadband adapters that use the Global System for Mobile Communications (GSM) technology. You need to ensure that portable computers can connect to the broadband GSM network. Which service should be enabled on the portable computers?（）

• A、WLAN AutoConfig
• B、WWAN AutoConfig
• C、Computer Browser
• D、Portable Device Enumerator Service

第19题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003, and all are members of the domain. All client computers run Windows XP Professional. Five Web servers host the content for the internal network. Each one runs IIS and has Remote Desktop connections enabled. Web developers are frequently required to update content on the Web servers. You need to ensure that the Web developers can use Remote Desktop Connection to transfer Web documents from their client computers to the five Web servers. What should you do? （）

• A、Install the Terminal Server option on all five Web servers. Use Terminal Services Configuration Manager to modify the session directory setting.
• B、Install the Terminal Server option on all five Web servers. Use Terminal Services Configuration Manager to create a new Microsoft RDP 5.2 connection.
• C、On each Web developer's client computer, select the Disk Drives check box in the properties of Remote Desktop Connection.
• D、On each Web developer's client computer, select the Allow users to connect remotely to this computer check box in the System Properties dialog box.

第20题：

You are a systems administrator responsible for managing a Windows Server 2008 Web server. Recently，your organization set up a new IIS Web site that will be accessed by users outside of your organizations.Consultants should be able to connect to this Web site， using IIS Manager. Your organization’s securitypolicy prevents you from creating domain accounts or local user accounts for these users. You attempt touse the IIS Manager Permissions feature for the Web site. However， when you click Allow User， you areable to select only Windows users.  How can you resolve this problem？（）

• A、Verify that Management Service has been started.
• B、Reconfigure the file system permissions for the root folder of the Web site.
• C、Reconfigure Management Service to enable Windows And IIS Manager Credentials.
• D、Verify the Authentication settings for the Web site.

第21题：

Your company has an Active Directory forest. The company has servers that run Windows Server  2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative  templates that have been approved to support regulatory compliance requirements.     Your partner company has an Active Directory forest that contains a single domain. The company  has servers that run Windows Server 2008 R2 and client computers that run Windows 7.     You need to configure your partner company’s domain to use the approved set of administrative  templates.   What should you do（）

• A、Use the Group Policy Management Console （GPMC） utility to back up the GPO to a file. In each site， import the GP
• B、Copy the ADMX files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s P
• C、Copy the ADML files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s P
• D、Download the conf.adm， system.adm， wuau.adm， and inetres.adm files from the Microsoft Updates Web site. Copy

第22题：

第23题：