Your network contains an Active Directory domain. The domain contains several domain  controllers.   All domain controllers run Windows Server 2008 R2.   You need to restore the Default Domain Controllers Policy Group Policy object （GPO） to the  Windows 

第1题：

Your network contains a single Active Directory domain. The functional level of the forest is Windows  Server 2008. The functional level of the domain is Windows Server 2008 R2.   All DNS servers run Windows Server 2008. All domain controllers run Windows Server 2008 R2.  You need to ensure that you can enable the Active Directory Recycle Bin.   What should you do（）

• A、Change the functional level of the forest.
• B、Change the functional level of the domain.
• C、Modify the Active Directory schema.
• D、Modify the Universal Group Membership Caching settings.

第2题：

Your network consists of a single Active Directory domain. All domain controllers run Windows  Server 2008 R2.     The Audit account management policy setting and Audit directory services access setting are  enabled for the entire domain.     You need to ensure that changes made to Active Directory objects can be logged. The logged  changes must include the old and new values of any attributes.     What should you do（）

• A、Enable the Audit account management policy in the Default Domain Controller Policy.
• B、Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.
• C、Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.
• D、From the Default Domain Controllers policy， enable the Audit directory service access setting and enable directory

第3题：

Your network contains an Active Directory domain named contoso.com. All domain controllers  and member servers run Windows Server 2008. All client computer run Windows 7.  From a client computer， you create an audit policy by using the Advanced Audit Policy  Configuration settings in the Default Domain Policy Group Policy object （GPO）.   You discover that the audit policy is not applied to the member servers.    The audit policy is  applied to the client computers.   You need to ensure that the audit policy is applied to all member servers and all client computers.     What should you do（）

• A、Add a WMI filter to the Default Domain Policy GPO
• B、Modify the security settings of the Default Domain Policy GPO
• C、Configure a startup script that runs auditpol.exe on the member servers.
• D、Configure a startup script that runs auditpol.exe on the domain controllers.

第4题：

Your company has an Active Directory forest that contains only Windows Server 2003 domain controllers. You need to prepare the Active Directory domain to install Windows Server 2008 domain controllers. Which two tasks should you perform（）

• A、Run the adprep /forestprep command.
• B、Run the adprep /domainprep command.
• C、Raise the forest functional level to Windows Server 2008.
• D、Raise the domain functional level to Windows Server 2008.

第5题：

Your network consists of a single Active Directory forest that contains a root domain and two child domains. All servers run Windows Server 2008 R2.  A corporate policy has the following requirements：   èAll local guest accounts must be renamed and disabled. èAll local administrator accounts must be renamed.   You need to recommend a solution that meets the requirements of the corporate policy. What should you recommend？（）

• A、Implement a Group Policy object（GPO） for each domain.
• B、Implement a Group Policy object（GPO） for the root domain.
• C、Deploy Network Policy and Access Services（NPAS）on all domain controllers in each domain. 
• D、Deploy Active Directory Rights Management Services（AD RMS）on the root domain controllers.

第6题：

Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003 You upgrade all domain controllers to Windows Server 2008 You need to configure the Active Directory environment to support the application of multiple password policies What should you do（）

• A、Create multiple Active Directory sites.
• B、On all domain controllers， run dcpromo /adv.
• C、On one domain controller， run dcpromo /adv.
• D、Raise the functional level of the domain to Windows Server 2008.

第7题：

Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain. You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes What should you do（）

• A、Enable the Audit account management policy in the Default Domain Controller Policy.
• B、Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.
• C、Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.
• D、From the Default Domain Controllers policy， enable the Audit directory service access setting and
• E、nable directory service changes.

第8题：

第9题：

第10题：

Your network contains an Active Directory domain. All domain controllers run Windows Server 2008  R2. Client computers run either Windows 7 or Windows Vista Service Pack 2 （SP2）.  You need to audit user access to the administrative shares on the client computers.   What should you do（）

• A、Deploy a logon script that runs Icacls.exe.
• B、Deploy a logon script that runs Auditpol.exe.
• C、From the Default Domain Policy， modify the Advanced Audit Policy Configuration.
• D、From the Default Domain Controllers Policy， modify the Advanced Audit Policy Configuration.

第11题：

Your company has several branch offices. Your network consists of a single Active Directory domain.   Each branch office contains domain controllers and member servers. The domain controllers run  Windows Server 2003 SP2. The member servers run Windows Server 2008 R2.  Physical security of the servers at the branch offices is a concern.   You plan to implement Windows BitLocker Drive Encryption （BitLocker） on the member servers.  You need to ensure that you can access the BitLocker volume if the BitLocker keys are corruptedon the member servers. The recovery information must be stored in a central location. What should you do？（）

• A、Upgrade all domain controllers to Windows Server 2008 R2.Use Group Policy to configure Public Key  policies.
• B、Upgrade all domain controllers to Windows Server 2008 R2. Use Group Policy to enable Trusted platform Module（TPM） backups to Active Directory.
• C、Upgrade the domain controller that has the schema master role to Windows Server 2008 R2. Use group Policy to enable a Data Recovery Agent （DRA）.
• D、Upgrade the domain controller that has the primary domain controller （PDC） emulator role to windows Server 2008 R2. Use Group Policy to enable a Data Recovery Agent （DRA）.

第12题：

Your network consists of a single Active Directory domain. All domain controllers run Windows Server  2008 R2.   You need to plan an auditing strategy that meets the following requirements： èAudits all changes to Active Directory Domain Services （AD？DS） èStores all auditing data in a central location. What should you include in your plan？（）

• A、Configure an audit policy for the domain. Configure Event Forwarding.
• B、Configure an audit policy for the domain controllers. Configure Data Collector Sets.
• C、Implement Windows Server Resource Manager （WSRM） in managing mode.
• D、Implement Windows Server Resource Manager （WSRM） in accounting mode.

第13题：

Your network consists of a single Active Directory forest. The forest contains one Active Directory domain. The domain contains eight domain controllers. The domain controllers run Windows Server 2003 Service Pack 2.   You upgrade one of the domain controllers to Windows Server 2008 R2.   You need to recommend an Active Directory recovery strategy that supports the recovery of deletedobjects. The solution must allow deleted objects to be recovered for up to one year after the date of  deletion. What should you recommend？（）

• A、Increase the tombstone lifetime for the forest.
• B、Increase the interval of the garbage collection process for the forest.
• C、Configure daily backups of the Windows Server 2008 R2 domain controller.
• D、Enable shadow copies of the drive that contains the Ntds.dit file on the Windows Server 2008 R2 domain controller.

第14题：

Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2008 R2. All domain controllers run Windows Server 2008 R2.   A corporate policy requires that the users from the research department have higher levels of account and password security than other users in the domain.   You need to recommend a solution that meets the requirements of the corporate policy. Your solution must minimize hardware and software costs. What should you recommend？（）

• A、Create a new Active Directory site. Deploy a Group Policy object （GPO） to the site.
• B、Create a new Password Settings Object （PSO） for the research department’s users
• C、Create a new organizational unit （OU） named Research in the existing domain. Deploy a Group Policy object （GPO） to the Research OU.
• D、Create a new domain in the forest.Add the research department’s user accounts to the new domain.Configure a new security policy in the new domain.

第15题：

Your network contains an Active Directory domain. The domain contains several domain controllers.   All domain controllers run Windows Server 2008 R2. You need to restore the Default Domain Controllers Policy Group Policy object （GPO） to the Windows  Server 2008 R2 default settings.   What should you do（）

• A、Run dcgpofix.exe /target：dc.
• B、Run dcgpofix.exe /target：domain.
• C、Delete the link for the Default Domain Controllers Policy， and then run gpupdate.exe /sync.
• D、Delete the link for the Default Domain Controllers Policy， and then run gpupdate.exe /force.

第16题：

第17题：