You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional

第1题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3). You need to ensure that locked out user accounts remain locked out until an administrator unlocks the accounts. What should you do? （）

• A、In the Default Domain Policy, set the Account lockout duration to 0.
• B、In the Default Domain Policy, set the Account lockout duration to 99999.
• C、From Active Directory Users and Computers, select the Account is trusted for delegation option for all user accounts.
• D、From Active Directory Users and Computers, select the Account is sensitive and cannot be delegated option for all user accounts.

第2题：

ou are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.Two of the servers on the network contain highly confidential documents. The company’s written security policy states that all network connections with these servers must be encrypted by using an IPSec policy.You place the two servers in an organizational unit （OU） named SecureServers. You configure a Group Policy object （GPO） that requires encryption for all connections. You assign the GPO to the SecureServers OU.  You need to verify that users are connecting to the two servers by using encrypted connections.   What should you do？（）

• A、Run the net view command.
• B、Run the gpresult command.
• C、Use the IP Security Monitor console.
• D、Use the IPSec Policy Management console.

第3题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. You need to implement a new software update infrastructure.  You discover that security patches， critical updates， and service packs have never been installed on any client computer on the network. You install Windows Server Update Services （WSUS） on a Windows Server 2003 computer named Server5. You synchronize and approve all of the current security patches， critical updates， and service packs. You need to ensure that all client computers receive all Microsoft security patches， critical updates， and service packs.  Which two actions should you perform？（）

• A、Open the WSUS console. Select the option to automatically approve WSUS updates.
• B、Install the Automatic Updates client on all client computers.
• C、Modify the Microsoft Update settings of the Default Domain Controller organizational unit （OU） Group Policy object （GPO） to point client computers to http ：//server5.
• D、Modify the Microsoft Update settings of the Default Domain Policy Group Policy object （GPO） to point client computers to http： //server5.
• E、Open the WSUS console. Create a target group and assign all client computers to the group.

第4题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install Windows Server Update Services （WSUS） on a network server named Server1. When you attempt to synchronize Server1 with the Windows Update servers， you receive an error message. You open Internet Explorer and verify that you can communicate with an external Web site by using the proxy server. You need to ensure that Server1 can communicate with the Windows Update servers.  What should you do on Server1？（）

• A、Restart the IIS administration tool.
• B、Configure the Internet Explorer settings to bypass the proxy server.
• C、In the WSUS options， configure authentication to the proxy server.
• D、Install the ISA Firewall Client.

第5题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.You install and configure a single server to run Windows Server Update Services （WSUS）. You configure the appropriate Group Policy settings to specify separate WSUS target groups for client and server computers. You need to ensure that computers automatically assign themselves to the correct computer group.  What should you do？（）

• A、In the WSUS console， configure Computer Options so that Use group policy or registry settings on computers is selected.
• B、In the WSUS console， configure Computer Options so that Use the Move Computers Task in Windows Server Update Services is selected.
• C、In the WSUS console， create the appropriate computer groups.
• D、Create organizational units （OUs） for each group.

第6题：

You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All client computers run Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Software Update Services (SUS) on a computer named TestKing1. You create a GPO that configures all client computers to receive their software update from TestKing1. One week later, you run Microsoft Baseline Security Analyzer (MBSA) on all client computers to find out whether all updates are being applied. You discover that all the Windows 2000 Professional client computer received updates, but the Windows XP Professional client computers do not receive updates. You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from TestKing1. What should you do?（）

• A、Make all users of the Windows XP Professional client computers members of the Administrators local group.
• B、On all Windows XP Professional client computers, install Service Pack 1.
• C、On all Windows XP Professional client computers, restart Automatic Updates.
• D、On all Windows XP Professional client computers, delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.

第7题：

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows 2003 Server. All client computers run Windows XP Professional.    All computers are configured to use Automatic Updates to install updates without user intervention. Updates are scheduled to occur during o peak hours. During a security audit，you notice some client computers are not receiving updates on a regular basis. You verify that Automatic Updates is running on All client computers， and you verify that users cannot modify the Automatic Updates settings.    You need to ensure that computers on your network receive all updates.  What should you do？（）

• A、 Enable the No auto-restart for scheduled Automatic Updates installations setting.
• B、 Disable the Specify intranet Microsoft update service location setting.
• C、 Enable the Remove access to use all Windows Update features setting.
• D、 Enable the Reschedule Automatic Updates scheduled installations setting.

第8题：

Your network consists of a single Active Directory domain. The network contains a Terminal Server that runs Windows Server 2008， and client computers that run Windows Vista. All computers are members of the domain.   You deploy an application by using the TS RemoteApp Manager. The Terminal Servers security layer is set to Negotiate.  You need to ensure that domain users are not prompted for credentials when they access the application. What should you do？（）

• A、On the server， modify the Password Policy settings in the local Group Policy.
• B、On the server， modify the Credential Delegation settings in the local Group Policy.
• C、On all client computers， modify the Password Policy settings in the local Group Policy.
• D、On all client computers， modify the Credential Delegation settings in the local Group Policy.

第9题：

第10题：

第11题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers； 3，000 Windows XP Professional computers； and 2，000 Windows 2000 Professional computers. Windows Server Update Services （WSUS） is installed on a server named Server1. The necessary Group Policy object （GPO） is configured.You need to confirm whether all computers in the domain have received all approved updates from Server1. What should you do on Server1？（）

• A、Install and configure Urlscan.exe.
• B、At the command prompt， type gpresult /scope COMPUTER.
• C、Open the WSUS console. Run the Status of Computers report.
• D、Open the WSUS console. Run the Synchronization Results report.

第12题：

Your network contains an Active Directory domain. All domain controllers run Windows Server 2008  R2. Client computers run either Windows XP Service Pack 3 （SP3） or Windows Vista.  You need to ensure that all client computers can apply Group Policy preferences.   What should you do（）

• A、Upgrade all Windows XP client computers to Windows 7.
• B、Create a central store that contains the Group Policy ADMX files.
• C、Install the Group Policy client-side extensions （CSEs） on all client computers.
• D、Upgrade all Windows Vista client computers to Windows Vista Service Pack 2 （SP2）.

第13题：

You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers， 300 Windows 2000 Professional computers， and 150 Windows XP Professional computers.   According to the network design specification， the Kerberos version 5 authentication protocol must be used for all client computers on the internal network.   You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network.   What should you do？  （）

• A、 On each domain controller， disable Server Message Block （SMB） signing and encryption of the secure channel traffic.
• B、 Replace all Windows 98 computers with new Windows XP Professional computers.
• C、 Install the Active Directory Client Extensions software on the Windows 98 computers.
• D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.

第14题：

You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains three Windows Server 2003 domain controllers， 20 Windows Server 2003 member servers， and 750 Windows XP Professional computers. The domain is configured to use only Kerberos authentication for all server connections.A user reports that she receives an "Access denied" error message when she attempts to connect to one of the member servers. You want to test the functionality of Kerberos authentication on the user’s client computer.  Which command should you run from the command prompt on the user’s computer？（）

• A、netsh
• B、netdiag
• C、ktpass
• D、ksetup

第15题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers； 3，000 Windows XP Professional computers； and 2，000 Windows 2000 Professional computers.Windows Server Update Services （WSUS） is installed on a server named Server1. The necessary Group Policy object （GPO） is configured.You need to confirm whether all computers in the domain have received all approved updates fromServer1. What should you do on Server1？（）

• A、Install and configure Urlscan.exe.
• B、At the command prompt， type gpresult /scope COMPUTER.
• C、Open the WSUS console. Run the Status of Computers report.
• D、Open the WSUS console. Run the Synchronization Results report.

第16题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Windows Server Update Services （WSUS） on a computer named Server2. You create a Group Policy object （GPO） that configures all client computers to receive software updates from Server2. One week later， you run Microsoft Baseline Security Analyzer （MBSA） on all client computers to find out whether all updates are being applied. You discover that all of the Windows 2000 Professional client computers receive updates， but the Windows XP Professional client computers do not receive updates.  You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from Server2.   What should you do？（）

• A、Make all users of Windows XP Professional client computers members of the Administrators local group.
• B、On all Windows XP Professional client computers， install the latest service pack.
• C、On all Windows XP Professional client computers， use the gpupdate /force command.
• D、On all Windows XP Professional client computers， delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.

第17题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003, and all are members of the domain. All client computers run Windows XP Professional. Five Web servers host the content for the internal network. Each one runs IIS and has Remote Desktop connections enabled. Web developers are frequently required to update content on the Web servers. You need to ensure that the Web developers can use Remote Desktop Connection to transfer Web documents from their client computers to the five Web servers. What should you do? （）

• A、Install the Terminal Server option on all five Web servers. Use Terminal Services Configuration Manager to modify the session directory setting.
• B、Install the Terminal Server option on all five Web servers. Use Terminal Services Configuration Manager to create a new Microsoft RDP 5.2 connection.
• C、On each Web developer's client computer, select the Disk Drives check box in the properties of Remote Desktop Connection.
• D、On each Web developer's client computer, select the Allow users to connect remotely to this computer check box in the System Properties dialog box.

第18题：

第19题：