单选题You configure and deploy a Group Policy object (GPO) that contains AppLocker settings.  You need to identify whether a specific application file is allowed to run on a computer.   Which Windows PowerShell cmdlet should you use()A Get-AppLockerFileInfor

题目
单选题
You configure and deploy a Group Policy object (GPO) that contains AppLocker settings.  You need to identify whether a specific application file is allowed to run on a computer.   Which Windows PowerShell cmdlet should you use()
A

Get-AppLockerFileInformation

B

Get-GPOReport

C

Get-GPPermissions

D

Test-AppLockerPolicy

相似考题

1.Your company has deployed Network Access Protection (NAP) enforcement for VPNs.You need to ensure that the health of all clients can be monitored and reported. What should you do?()A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).

2.You configure a Group Policy Object for the Marketing organizational unit (OU) to prevent users from accessing My Network Places and from running System in Control Panel. You want the Managers domain local group to be able to access My Network Places, but you still want to prevent them from running System in Control Panel.What should you do?A.Add the managers group to the access control list of the GPO. Disable the permission of the managers group to read and apply the group policy.B.Add the managers group to the access control list of the GPO. Deny the permission of the managers group to read and apply the group policy.C.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to apply the group policy. Deny the authenticated users group permission to read and apply group policy. Configure the new GPO to deny the ability to run System in Control Panel. Give the original GPO a higher priority than the new GPO.D.Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to read and apply the group policy. Disable the permission of the authenticated user group to read and apply the group policy. Configure the new GPO to allow access to My Network Places. Give the new GPO a higher priority than the original GPO.

3. You configure and deploy a Group Policy object (GPO) that contains AppLocker settings.     You need to identify whether a specific application file is allowed to run on a computer.     Which Windows PowerShell cmdlet should you use()A、Get-AppLockerFileInformationB、Get-GPOReportC、Get-GPPermissionsD、Test-AppLockerPolicy

4.You are the administrator responsible for security and user desktop settings on your network. You need to configure a custom registry entry for all users. You want to add the custom registry entry into a Group Policy object (GPO) with the least amount of administrative effort.What should you do?A.Configure an ADM template and add the template to the GPO.B.Configure an INF policy and add the policy to the GPO.C.Configure a Microsoft Windows installer package and add the package to the GPO.D.Configure RIS to include the registry entry.

参考答案和解析
正确答案: D
解析: 暂无解析
更多“You configure and deploy a Group Policy object (GPO) that co”相关问题

  • 第1题:

    Your company has an Active Directory domain that has an organizational unit named Sales. The   Sales organizational unit contains two global security groups named sales managers and sales  executives.    You need to apply desktop restrictions to the sales executives group. You must not apply these desktop  restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the  Sales organizational unit.   What should you do next()

    • A、Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown  GPO.
    • B、Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown  GPO.
    • C、Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown  GPO.
    • D、Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown  GPO.

    正确答案:A

  • 第2题:

    You need to design a patch management strategy for Northwind Traders. What should you do?()

    • A、Configure the Default Domain Policy Group Policy object (GPO) for the northwindtraders.com domain to configure client computers to download updates from the SUS server in New York. Configure the Default Domain Policy GPO for the boston.northwindtraders.com domain to configure client computers to download updates from the SUS server in New York
    • B、Use Group Policy to configure client computers to download updates from a Windows Update server on the Internet. Configure the Default Domain Policy Group Policy object (GPO) with a startup script that runs Mbsacli.exe. Configure it to scan the computers in both of the branch offices
    • C、Install and configure a SUS server in the Boston branch office. Configure the server to download updates from a Windows Update server on the Internet. Configure Microsoft Baseline Security Analyzer (MBSA) to scan for updates and computers in the New York office
    • D、Install and configure a SUS server in each branch office. Configure the SUS servers to download updates from the New York SUS server. Configure Microsoft Baseline Security Analyzer (MBSA) to scan for updates on computers in the New York office

    正确答案:D

  • 第3题:

    You have Active Directory Certificate Services (AD CS) deployed.  You create a custom certificate template.   You need to ensure that all of the users in the domain automatically enroll for a certificate based on the  custom certificate template.   Which two actions should you perform()

    • A、In a Group Policy object (GPO), configure the autoenrollment settings
    • B、In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.
    • C、On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users  group.
    • D、On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users  group.

    正确答案:A,D

  • 第4题:

    Your company has deployed network access protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?()

    • A、Create a group policy object (GPO) that enabled security center and link the policy to the domain.
    • B、Create a group policy object (GPO) that enabled security center and link the policy to the domain controllers organizational unit (OU).
    • C、Create a group policy object (GPO) and set the require trusted path for credential entry option to enabled. Link the policy to the domain.
    • D、Create a group policy object (GPO) and set the require trusted path for credential entry option to Enabled. Link the policy to the domain controllers organizational unit (OU).

    正确答案:A

  • 第5题:

    You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain, which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit (OU) named Sales in your domain.   Users in the sales department use a public key infrastructure (PKI) enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers  running Windows Server 2003. You configure one server as an enterprise subordinate certification authority (CA) and the other server as a stand-alone root CA.   You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort.   What should you do?  ()

    • A、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll users for certificates.
    • B、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll computers for certificates.
    • C、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales users for certificates.
    • D、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales client computers for certificates.

    正确答案:C

  • 第6题:

    单选题
    You have a single Active Directory directory service domain. All servers run Windows Server 2003. You need to specify the list of applications that users are permitted to run. You create a new Group Policy object (GPO) and link it to the domain.  What should you do next?()
    A

     Configure Software Restriction Policies Group Policy settings.

    B

     Configure the Enable user control over installs Group Policy setting.

    C

     Assign all approved applications.

    D

     Publish all approved applications.


    正确答案: C
    解析: 暂无解析

  • 第7题:

    单选题
    You are the network administrator for The network consists of a single Active Directory domain named The domain contains 15 Windows Server 2003 computers and 3,000 Windows XP Professional computers. All client computers are running the most recent service pack. You install and configure Software Update Services (SUS) on a server named Testking1. You install the Automatic Updates client on all client computers. All client computer accounts are in the Clients organization unit (OU). Currently all client computers obtain their Windows security updates from Windows Update. You want all client computers, and no other computers, to obtain their updates from Testking1. You need to configure all client computers to obtain Windows security updates from Testking1. You need to accomplish this task with the minimum amount of administrative effort. What should you do?()
    A

    Create a Group Policy object (GPO) named SUS and link it to the Clients OU. Open the SUS GPO and enable the Configure Automatic Update policy to automatically download updates.

    B

    Create a Group Policy object (GPO) named SUS and link it to the Clients OU. Open the SUS GPO and enable the Specify intranet Microsoft updates service location policy to use http://Testking1 as the value for the update and statistics server.

    C

    Create a Group Policy object (GPO) named SUS and link to the domain. Open the SUS GPO and enable the Specify intranet Microsoft update service location policy to use http://Testking1 as the value for the update and statistics server.

    D

    Create a Group Policy object (GPO) named SUS and link it to the domain. Open the SUS GPO and enable the Configure Automatic Update policy to automatically download updates.


    正确答案: A
    解析: 暂无解析

  • 第8题:

    多选题
    You have Active Directory Certificate Services (AD CS) deployed.  You create a custom certificate template.   You need to ensure that all of the users in the domain automatically enroll for a certificate based on the  custom certificate template.   Which two actions should you perform()
    A

    In a Group Policy object (GPO), configure the autoenrollment settings

    B

    In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.

    C

    On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users  group.

    D

    On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users  group.


    正确答案: D,C
    解析: 暂无解析

  • 第9题:

    多选题
    You have a single Active Directory directory service domain. All users are located in an organizational unit (OU) named ContosoUsers. All client computer accounts are located in an OU named ContosoComputers. You need to deploy a new application to all users. The application shortcut must be available the next time the users log on. What are two possible ways to achieve this goal?()
    A

    Create a Group Policy object (GPO) to publish the application. Link the GPO to the ContosoComputers OU.

    B

    Create a Group Policy object (GPO) to assign the application. Link the GPO to the ContosoComputers OU.

    C

    Create a Group Policy object (GPO) to publish the application. Link the GPO to the ContosoUsers OU.

    D

    Create a Group Policy object (GPO) to assign the application. Link the GPO to the ContosoUsers OU.


    正确答案: A,B
    解析: 暂无解析

  • 第10题:

    单选题
    You are using windows installer to deploy an application to 750 Windows 2000 Professional computers on your network. The network includes organizational unit (OU) named sales. A Group Policy object (GPO) is created for the Sales OU. The software deployment of the application is successful. Now, you want to install that application in the customized form. What should you do? ()
    A

    Repackage and re-deploy the application’s .msi file to the Sales OU

    B

    Re-deploy the application’s .mst file to the Sales OU.

    C

    Re-deploy the application by using the Group Policy object (GPO for the Sales OU)

    D

    Restart Windows Installer service on the ten computers.


    正确答案: B
    解析: 暂无解析

  • 第11题:

    You have a single Active Directory directory service domain. You back up your domain controllers on a nightly basis. You perform Group Policy backups on a nightly basis. A Group Policy object (GPO) is accidentally deleted. You need to restore the GPO.  What should you do?()

    • A、 Perform a nonauthoritative restore of the Active Directory database.
    • B、 Perform an authoritative restore of the Active Directory database.
    • C、 Select the Import Policy option in the Group Policy Object Editor.
    • D、 Restore the GPO by using the Group Policy Management Console.

    正确答案:D

  • 第12题:

    Your company has an Active Directory forest. The company has three locations. Each location has an  organizational unit and a child organizational unit named Sales.   The Sales organizational unit contains all users and computers of the sales department.   The company plans to deploy a Microsoft Office 2007 application on all computers within the three Sales rganizational units.   You need to ensure that the Office 2007 application is installed only on the computers in the Sales  organizational units.  What should you do()

    • A、Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the  application to the computer account. Link the SalesAPP GPO to the domain.
    • B、Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the  application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
    • C、Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to publish the  application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
    • D、Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the  application to the computer account. Link the SalesAPP GPO to the Sales organizational unit in each  location.

    正确答案:D

  • 第13题:

    You need to configure the security settings for the new app servers. Which two actions should you perform?()

    • A、Create a Group policy object (GPO) for the web servers.
    • B、Create a Group policy object (GPO) for the database servers.
    • C、Modify the Default Domain Policy.
    • D、Modify the Default Domain Controllers Policy.

    正确答案:A,B

  • 第14题:

    You have a single Active Directory directory service domain. All servers run Windows Server 2003. You need to specify the list of applications that users are permitted to run. You create a new Group Policy object (GPO) and link it to the domain.  What should you do next?()

    • A、 Configure Software Restriction Policies Group Policy settings.
    • B、 Configure the Enable user control over installs Group Policy setting.
    • C、 Assign all approved applications.
    • D、 Publish all approved applications.

    正确答案:A

  • 第15题:

    You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional with themost recent service pack. All client computers have computer accounts in an organizational unit (OU) named CompanyComputers. The company requires all computers to be kept up-to-date with service packs and hotfixes from Microsoft. Administrators will manually update servers as required. You need to configure the network so that client computers are automatically updated as new critical updates are issued.  What are two possible ways to achieve this goal?()

    • A、 Create a Group Policy object (GPO) linked to the domain. Configure the GPO so that client computers automatically download and install updates from Microsoft update servers from the Internet.
    • B、 Create a Group Policy object (GPO) linked to the CompanyComputers OU. Configure the GPO so that client computers automatically download and install updates from Microsoft update servers from the Internet.
    • C、 Create a Group Policy object (GPO) linked to the domain. Configure the GPO so that client computers automatically download and install updates from an internal server on which you install and configure Software Update Services.
    • D、 Create a Group Policy object (GPO) linked to the CompanyComputers OU. Configure the GPO so that client computers automatically download and install updates from an internal server on which you install and configure Software Update Services.

    正确答案:B,D

  • 第16题:

    单选题
    You need to design a software usage policy for the employees of Southbridge Video. The policy must meet business requirements. What should you do?()
    A

    Configure the software restriction policy in the Default Domain Policy Group Policy object (GPO)

    B

    Create a new connection object by using the Connection Manager Administration Kit (CMAK), and install the new connection object on all client computers

    C

    Create and configure a local security policy on both of the ISA server computers

    D

    Configure the Internet Explorer settings in the Default Domain Policy Group Policy object (GPO)


    正确答案: C
    解析: 暂无解析

  • 第17题:

    单选题
    Your company has an Active Directory forest. The company has three locations. Each location   has an organizational unit and a child organizational unit named Sales.   The Sales organizational unit contains all users and computers of the sales department. The  company plans to deploy a Microsoft Office 2007 application on all computers within the three  Sales organizational units.     You need to ensure that the Office 2007 application is installed only on the computers in the  Sales organizational units.     What should you do()
    A

    Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the c

    B

    Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the us

    C

    Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to publish the application to the u

    D

    Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the co


    正确答案: A
    解析: 暂无解析

  • 第18题:

    单选题
    You are using windows installer to deploy an application to 750 Windows 2000 Professional computers on your network. The network includes organizational unit (OU) named sales. A Group Policy object (GPO) is created for the Sales OU. The application is successfully installed on the 740 out of 750 computers. The ten computers are unable to install the application what should you do to install that application on all the computers in the sales OU.What should you do?()
    A

    Repackage and re-deploy the application's .msi file to the Sales OU

    B

    Repackage and re-deploy the application's .mst file to the Sales OU

    C

    Re-deploy the application by using the Group Policy object (GPO for the Sales OU)

    D

    Restart Windows Installer service on the ten computers.


    正确答案: C
    解析: 暂无解析

  • 第19题:

    单选题
    You need to design a patch management strategy for Northwind Traders. What should you do?()
    A

    Configure the Default Domain Policy Group Policy object (GPO) for the northwindtraders.com domain to configure client computers to download updates from the SUS server in New York. Configure the Default Domain Policy GPO for the boston.northwindtraders.com domain to configure client computers to download updates from the SUS server in New York

    B

    Use Group Policy to configure client computers to download updates from a Windows Update server on the Internet. Configure the Default Domain Policy Group Policy object (GPO) with a startup script that runs Mbsacli.exe. Configure it to scan the computers in both of the branch offices

    C

    Install and configure a SUS server in the Boston branch office. Configure the server to download updates from a Windows Update server on the Internet. Configure Microsoft Baseline Security Analyzer (MBSA) to scan for updates and computers in the New York office

    D

    Install and configure a SUS server in each branch office. Configure the SUS servers to download updates from the New York SUS server. Configure Microsoft Baseline Security Analyzer (MBSA) to scan for updates on computers in the New York office


    正确答案: A
    解析: 暂无解析

相关内容