You are the administrator of 10 Windows XP Professional computers for your company. The computers are members of a Windows 2000 domain. Because the computers are used in a public area in the cafeteria, you audit all security events on the computers. A us

第1题：

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create a security update scan procedure for client computers. You need to choose a security tool that supports all the client computers.  Which tool should you choose？ （）

• A、 UrlScan Security Tool
• B、 Enterprise Scan Tool （EST）
• C、 Malicious Removal Tool （MRT）
• D、 Microsoft Baseline Security Analyzer （MBSA）

第2题：

You are a security administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional.    You install Software Update Services （SUS） on a server named Server1. The company’s written security policy states that all updates must be tested and approved before they are installed on network computers.    You need to ensure that SUS uses the minimum amount of disk space on Server1.  What should you do？（）

• A、 Configure Server1 to redirect client computers to the Microsoft Windows Update servers.
• B、 Compress the folder in which the downloaded updates are stored.
• C、 Configure Server1 to store only the locales that are needed.
• D、 Download the updates， and then delete updates that are not approved for client computers.

第3题：

Your company has client computers that run Windows 7 and client computers that run Windows XP Professional. You enable the Network Discovery feature on the Windows 7 computers. You discover that the Windows XP computers do not appear on the network map. You need to ensure that all client computers appear on the network map. What should you do?（）

• A、Configure the IPv6 protocol on the Windows 7 computers.
• B、Configure the network shares on the Windows 7 computers to include the user names of all employees.
• C、Configure the network shares on the Windows XP computers to include the user names of all employees.
• D、Install the Link Layer Topology Discovery (LLTD) Responder on the Windows XP computers.

第4题：

your company has servers that run windows server 2008. All client computers run windows XP service pack 2 (SP2.). windows 2000 professional, or windows vista. You need to ensure all computers can use the IPv6 protocol. What should you do?（）

• A、Install service pack 4 on all windows 2000 professional computers.
• B、Upgrade the windows 2000 professional computers to windows XP SP2.
• C、Run the IPv6.exe tool on the windows 2000 professional and windows XP computers.
• D、Install active directory client extenticon. (DSClient.exe) on the windows 2000 professional and windows XP computers.

第5题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional. All client computer accounts are located in an organizational unit （OU） named Workstation. A written company policy states that the Windows 2000 Professional computers must not use offline folders. You create a Group Policy object （GPO） to enforce this requirement. The settings in the GPO exist for both Windows 2000 Professional computers and Windows XP Professional computers. You need to configure the GPO to apply only to Windows 2000 Professional computers.  What are two possible ways to achieve this goal？（）

• A、 Create a WMI filter that will apply the GPO to computers that are running Windows 2000 Professional. 
• B、 Create a WMI filter that will apply the GPO to computers that are not running Windows XP Professional.
• C、 Create two OUs under the Workstation OU. Place the computer accounts for the Windows XP Professional computers in one OU， and place the computer accounts for the Windows 2000 Professional computers in the other OU. Link the GPO to the Workstation OU.
• D、 Create a group that includes the Windows XP Professional computers. Assign the group the Deny - Generate Resultant Set of Policy（Logging） permission.
• E、 Create a group that includes the Windows 2000 Professional computers. Assign the group the Deny - Apply Group Policy permission.

第6题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional.  You are planning a security update infrastructure.   You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically.  What should you do？ （）

• A、 Schedule the secedit command to run every night.
• B、 Schedule the mbsacli.exe command to run every night.
• C、 Install Microsoft Baseline Security Analyzer （MBSA） on one of the servers. Configure Automatic Updates on all other computers to use that server.
• D、 Install Software Update Services （SUS） on one of the servers. Configure the SUS server to update every night.

第7题：

You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All client computers run Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Software Update Services (SUS) on a computer named TestKing1. You create a GPO that configures all client computers to receive their software update from TestKing1. One week later, you run Microsoft Baseline Security Analyzer (MBSA) on all client computers to find out whether all updates are being applied. You discover that all the Windows 2000 Professional client computer received updates, but the Windows XP Professional client computers do not receive updates. You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from TestKing1. What should you do?（）

• A、Make all users of the Windows XP Professional client computers members of the Administrators local group.
• B、On all Windows XP Professional client computers, install Service Pack 1.
• C、On all Windows XP Professional client computers, restart Automatic Updates.
• D、On all Windows XP Professional client computers, delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.

第8题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Windows Server Update Services （WSUS） on a computer named Server2. You create a Group Policy object （GPO） that configures all client computers to receive software updates from Server2. One week later， you run Microsoft Baseline Security Analyzer （MBSA） on all client computers to find out whether all updates are being applied. You discover that all of the Windows 2000 Professional client computers receive updates， but the Windows XP Professional client computers do not receive updates.  You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from Server2.   What should you do？（）

• A、Make all users of Windows XP Professional client computers members of the Administrators local group.
• B、On all Windows XP Professional client computers， install the latest service pack.
• C、On all Windows XP Professional client computers， use the gpupdate /force command.
• D、On all Windows XP Professional client computers， delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.

第9题：

You are the administrator of your company’s network. The software department is preparing to rewrite an accounting application so that it will run on Windows 2000 Professional computers. All of the computers in the software department currently use Windows 98.  You want to configure the computers in the software department so that the users can use both Windows 98 and Windows 2000 Professional during the project. You also want to ensure that the computers are configured for optimal disk performance. In addition you want to ensure that users in the software department can access all of the files on their computers by using either operating system.  What should you do? （）

• A、 Create and format a FAT 32 partition.
• B、 Create and format an NTFS volume.
• C、 Configure Windows 2000 Professional to enable disk compression.
• D、 Configure Windows 2000 Professional to enable dynamic volume

第10题：

You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers， 300 Windows 2000 Professional computers， and 150 Windows XP Professional computers.   According to the network design specification， the Kerberos version 5 authentication protocol must be used for all client computers on the internal network.   You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network.  What should you do？ （）

• A、 On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic.  
• B、 Replace all Windows 98 computers with new Windows XP Professional computers.  
• C、 Install the Active Directory Client Extensions software on the Windows 98 computers. 
• D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.

第11题：

第12题：

第13题：

You are the administrator of Company.com's Windows 2000 Network. The routed TCP/IP network that you administer consists of 10 Windows 2000 Server computers and 75 Windows 2000 Professional computers. All computers are members of a single Windows 2000 domain named Company.com. TCP/IP is the only network protocol used at Company's office. You have recently installed 10 new Windows 2000 Professional computers and you want to enable the new computers to use host names to connect to shared resources on the network. You configure a TCP/IP address and a gateway address on each new computer. You want to complete the configuration to allow the computers to communicate on the network.  What should you do?（）

• A、Configure a DNS suffix.
• B、Configure a subnet mask.
• C、Configure an LMHOSTS file.
• D、Configure an Interface metric.
• E、Configure at least one DNS address.

第14题：

You are the network administrator for Company.  Your network consists of one Windows NT Server 4.0 domain and 35 Windows 2000 Professional computers. The network consists of five interconnected TCP/IP subnets. All of the computers use TCP/IP as the only network protocol. You are adding 15 Windows 2000 Professional computers  to the network.   You configure each of the new computers to use DHCP. The computers can communicate with each other but are unable to communicate outside their own subnet.    You run the ipconfig command to examine the UP address on one of the new computers. The IP address is 169.254.101.72   You want to enable the Windows 2000 Professional computers to communicate outside their own subnet.   What should you do?（）

• A、Install a DHCP server.
• B、Install a WINS server. Configure each computer to use WINS.
• C、Create an Lmhost file on each computer.
• D、Create a Hosts file on each computer.

第15题：

You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers， 300 Windows 2000 Professional computers， and 150 Windows XP Professional computers.   According to the network design specification， the Kerberos version 5 authentication protocol must be used for all client computers on the internal network.   You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network.   What should you do？  （）

• A、 On each domain controller， disable Server Message Block （SMB） signing and encryption of the secure channel traffic.
• B、 Replace all Windows 98 computers with new Windows XP Professional computers.
• C、 Install the Active Directory Client Extensions software on the Windows 98 computers.
• D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.

第16题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers； 3，000 Windows XP Professional computers； and 2，200 Windows 2000 Professional computers.  The written company security policy states that all computers in the domain must be examined， with the following goals：  （1）to find out whether all available security updates are present   （2）to find out whether shared folders are present  to record the file system type on each hard disk   You need to provide this security assessment of every computer and verify that the requirementsof the written security policy are met.  What should you do？（）

• A、Open the Default Domain Policy and enable the Configure Automatic Updates policy.
• B、Open the Default Domain Policy and enable the Audit object access policy， the Audit account management policy， and the Audit system events policy.
• C、On a server， install and run mbsacli.exe with the appropriate configuration switches.
• D、On a server， install and run HFNetChk.exe with the appropriate configuration switches.

第17题：

You are the administrator of Company.com’s Windows 2000 Network.  Your routed TCP/IP network consists of 10 Windows 2000 Server computers and 75 Windows 2000 Professional computers. All computers are in the Company.com domain. Your network uses TCP/IP as the only network protocol. You are installing 10 new Windows 2000 Professional computers. You want to enable the new computers to use host names to connect to shared resources on the network. You configure a TCP/IP address, a gateway address and a subnet mask on each new computer.   You want to complete the configuration to allow the computers to communicate on the network.  What should you do?（）

• A、Configure a HOSTS file.
• B、Configure a LMHOSTS file.
• C、Configure a WINS server database.
• D、Configure a DHCP server address.
• E、Configure at least one DNS address.

第18题：

You are the administrator of your company’s network. Ten Windows 2000 Professional computers are located in the Research department. The computers contain highly confidential information. You want the 10 computers to be able to communicate with other Windows 2000 Professional computers on the network. However, you do not want them to communicate with computers that are not running Windows 2000, including those that are running Windows 95, Windows 98 and Windows NT.  You want to configure a security policy on each computer to ensure that the confidential information is secure. What should you do?（）

• A、Use Security Configuration and Analysis to import the Hisecws.inf security template file to modify the default security settings.
• B、Use security templates to create a security template file and import the security settings to modify the default security settings.
• C、Use the local computer policy to disable the access to this computer from the network option.
• D、Use Secedit.exe to reconfigure the computers’ default security settings to not allow anonymous access to the computers.

第19题：

You are the network administrator for ExamSheet.  Computers on your network run Windows 2000 Professional, Windows NT Workstation 4.0 and Windows 98. Ten Windows 2000 Professional computers are located in the research department. These computers contain highly confidential information. You want the 10 Windows 2000 Professional computers to be able to communicate only with other Windows 2000 computers.  What should you do?（）

• A、On the research computers use the Local Computer Policy to disable theAccess this computer  from the networkoption.
• B、Use Security Configuration and Analysis to apply the Highly Secure security template to the research computers.
• C、Add the users of the research computers to the Power Users group on each computer.
• D、On the research computers configure the security settings to prevent anonymous access.

第20题：

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows 2003 Server. All client computers run Windows XP Professional.    All computers are configured to use Automatic Updates to install updates without user intervention. Updates are scheduled to occur during o peak hours. During a security audit，you notice some client computers are not receiving updates on a regular basis. You verify that Automatic Updates is running on All client computers， and you verify that users cannot modify the Automatic Updates settings.    You need to ensure that computers on your network receive all updates.  What should you do？（）

• A、 Enable the No auto-restart for scheduled Automatic Updates installations setting.
• B、 Disable the Specify intranet Microsoft update service location setting.
• C、 Enable the Remove access to use all Windows Update features setting.
• D、 Enable the Reschedule Automatic Updates scheduled installations setting.

第21题：

You are the administrator of your company's network. Your network has 20 Windows 2000 server computers in the contoso.com domain. Your network also has 250 Windows 98 computers. You want to perform a clean installation of Windows 2000 Professional on all of the Windows 98 computers. All of the Windows 98 computers are identical models and are PXE complaint.   You want to accomplish the following goals:   • An unattended installation of Windows 2000 Professional will be performed.  • An unattended installation of company's standard applications will be performed during the     installation of Windows 2000 Professional.  • Each computer will be assigned a unique security identifier description.  • The unattended installation script will be modified so that the computers automatically join the    contoso.com domain.   You take the following actions:  • Install Windows 2000 Professional on a Windows 98 computer named computer1. • Install and configure computer standard applications on computer1.  • Use Setup Manager on computer1 to create an unattended.txt file based on the current    configuration including domain membership.  • Start the remaining Windows 98 computers and then install Windows 2000 Professional. Use    the unattended.txt file to provide the setting for the installation.   Which result or results do these actions produce?（）

• A、 An unattended installation of Windows 2000 Professional will be performed.
• B、 An unattended installation of company’s standard applications will be performed during the   Installation of Windows 2000 Professional.
• C、 Each computer will be assigned a unique security identifier description.
• D、 The unattended installation script will be modified so that the computers automatically join the  contoso.com domain.

第22题：

第23题：