单选题You encrypt three files to ensure the security of the files. You want to make a backup copy of these three files and maintain their security settings. You have the option of backing up to either the network or a floppy disk. What should you do？（）A Copy

第1题：

You are the network administrator for The network consists of a single Active Directory domain named The domain contains Windows Server 2003 computers and Windows XP Professional computers. All confidential company files are stored on a file server named TestKing1. The written company security states that all confidential data must be stored and transmitted in a secure manner. To comply with the security policy, you enable Encrypting File System (EFS) on the confidential files. You also add EFS certificates to the data decryption field (DDF) of the confidential files for the users who need to access them. While performing network monitoring, you notice that the confidential files that are stored on TestKing1 are being transmitted over the network without encryption. You must ensure that encryption is always used when the confidential files on TestKing1 are stored and transmitted over the network. What are two possible ways to accomplish this goal? （）(Each correct answer presents a complete solution. Choose two)

• A、Enable offline files for the confidential files that are stored on TestKing1, and select the Encrypt offline files to secure data check box on the client computers of the users who need to access the files.
• B、Use IPSec encryption between TestKing1 and the client computers of the users who need to access the confidential files.
• C、Use Server Message Block (SMB) signing between TestKing1 and the client computers of the users who need to access the confidential files.
• D、Disable all LM and NTLM authentication methods on TestKing1.
• E、Use IIS to publish the confidential files. Enable SSL on the IIS server. Open the files as a Web folder.

第2题：

Your company has a single active directory domain. All servers run windows server 2008. The company network has 10 servers that perform as web servers. All confidential files are located on a server named FSS1. The company security policy states that all confidential data must be transmitted in the most secure manner. When you monitor the network, you notice that the confidential files are stored on FSS1 server are being transmitted over the network without encryption. You need to ensure that encryption is always used when the confidential files on the FSS1 server are transmitted over the network. What are two possible ways to achieve this goal? （）

• A、Deactivate all LM and NTLM authentication methods on the FSS1 server.
• B、Use IIS to publish the confidentials files. Activate SSL on the ISS server, and then open the files as a web folder.
• C、Use IPSec encryption between the FSS 1 server and the computers of the users who need to access the confidential files.
• D、Use the server messager block (SMB) signing between the FSS1 server and the computers of the users who want to access the confidential files.
• E、Activate offline files for the confidential files that are stored on the FSS1 server. In the folder advanced properties dialog box, select the encrypt contents to secure data option.

第3题：

You are a help desk technician for your company. All users have Windows XP Professional computers. Ten users run a custom application named Finance on their computers. Finance stores user passwords in a file named Passwords.ini. By default, the Passwords.ini file is stored in a folder named C:/Winnt/App1.  The location and name of the file can be changed by an administrator. Each Passwords.ini file is unique. Each computer contains a single logical drive, which is drive C and is formatted as NTFS. In order to comply with a new company security policy, you need to ensure that the Passwords.ini files are encrypted. What should you do?（）

• A、In the properties of the C:/Winnt/App1 folder, use Windows Explorer to select the option to encrypt the contents of the folder. Accept the default settings on the Confirm Attributes Changes dialog box. 
• B、Ask a network administrator to share a new encrypted folder named PassFiles on a network server and to permit users to read the files contained within the folder. Copy the Passwords.ini file from each computer into the PassFiles folder. On each computer, configure Finance to use the Passwords.ini file in the PassFiles folder.
• C、Create a folder named C:/Files. Copy the Passwords.ini file to the C:/Files folder. In the properties of the C:/Files folder, select the option to encrypt the contents of the folder. Accept the default settings on the Confirm Attributes Changes dialog box. Configure Finance to use the C:/Files/Passwords.ini file. 
• D、Create a folder named C:/Files. Move the Passwords.ini file to the C:/Files folder. Instruct the user of each computer to open the properties of the C:/Files folder and select the option to encrypt the contents of the folder. Accept the default settings on the Confirm Attributes Changes dialog box. Configure Finance to use the C:/Files/Passwords.ini file. 

第4题：

Your computer is part of a workgroup. You share files with other users on the network. You configure exceptions in Microsoft Windows Firewall to allow file sharing. Users report that they are unable to connect to your computer.  You need to ensure that other users are able to access only the shared files.  What should you do？ （）

• A、Restart the Workstation service on your computer.
• B、Change all of your TCP port exceptions to UDP port exceptions.
• C、Ensure parental controls are not configured to block file sharing.
• D、Clear the Block all incoming connections check box in Windows Firewall.

第5题：

You have a combined Windows 2000 and Windows 98 network that contain sensitive data. You want to utilize as many new Windows 2000 security features as possible. You want to customize a security policy on each computer to ensure that data is kept confidential and secured. Allcomputers must still be able to communicate with each other over the network. What should you do？（）

• A、Use the security configuration and analysis console to improve the HISECWS security  template file.
• B、Use the local computer policy to disable the access this computer from the network option.
• C、Use SECEDIT to reconfigure the computer default security settings to not allow anonymous  access to the computer.
• D、Create a policy that excludes write access to the windows 2000 computers then apply the  policy to all non-windows 2000 computers.
• E、None of the above, Windows 9X systems cannot be secured using security template files.

第6题：

You are the administrator of your company’s network. A user named Peter runs Windows 2000 Professional on his portable computer. Peter wants to be able to work at home on files that were created in the office on the company network. Prior to logging off the network and leaving the office， Peter enables offline files. Peter wants to automatically download all the opened files to his computer and he should not manually define the offline files. What setting you will do in caching option？ （）

• A、Enable file and print sharing. Peter will be able to access his files at home immediately
• B、Synchronize all offline files. Peter will be able to access his files at home immediately
• C、In the cache settings, you should define the manual caching for documents
• D、In the cache settings, you should define the automatic caching for documents
• E、In the cache settings, you should define the automatic caching for programs. 

第7题：

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

You upgrade all client computers in your network to Windows 2000 Professional. Then you apply the basicwk.inf security template to the computers. Now， none of the users can run the company’s database application. What should you do？（）

• A、Apply the compactws.inf security template to the computers.
• B、Delete the basicwk.inf security template file from the computers.
• C、Use the system policy editor to configure a new security policy for the database application.
• D、For each user account， allow read permission to the database application and in associated files.

第14题：

You are planning to deploy two Windows Server 2008 R2 Hyper-V servers. You need to design the storage of VHD files for maximum security.    What should you do？（）

• A、Store the VHD files on a dedicated NTFS volume
• B、Store unencrypted VHD files on a volume that uses Windows BitLocker drive encryption
• C、Encrypt the VHD files by using EFS on a volume that uses Windows BitLocker drive encryption
• D、Encrypt the VHD files by using EFS on a volume that does not use Windows BitLocker drive encryption

第15题：

You have a server that runs Windows Server 2003 Service Pack 2 (SP2). A server application creates report files. The application saves the report files in a folder named Report. A service account is listed as the owner of all report files. You need to assign ownership of the report files to a user in a department named Audit. You must achieve this goal by using the minimum amount of administrative effort. What should you do? （）

• A、Rewrite the application.
• B、Create a scheduled task to run Attrib.exe.
• C、Create a scheduled task to run Icacls.exe.
• D、Use the Advanced Security settings to change the owner of each file.

第16题：

Your Windows 2000 Professionally computer belongs to the contoso.com domain. You need to encrypt a compressed file named C:/data. You successfully encrypt the file but discover that it is no longer compressed.   What is the most likely cause of this problem?（）

• A、Group Policy is preventing the compression of encrypted files.
• B、The file is stored on a FAT32 partition.
• C、Only members of the Administrators and the Power Users groups can compress and encrypt files.
• D、Encrypted files cannot be compressed.

第17题：

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.   The company occasionally experiences downtime because of malicious lnternet worms that arrive as Microsoft Visual Basic Scripting Edition （VBS） files. You examine several client computers and discover that VBS files are downloaded by using Microsoft Outlook，instant messaging，or peer-to-peer file sharing programs.    You need to prevent users from running VBS files regardless of how they arrive on client computers.  What should you do？（）

• A、 Use a software restriction policy to disable all unauthorized scripts.
• B、 Use an Administrative Template to ensure that Outlook and lnternet Explorer are in the Restricted Sites security zon
• C、 Use a centralized logon script to rename the Wscript.exe file on each computer to contain a nonexecutable extensio
• D、 Use a file system security policy to assign the Deny - Execute permission for the Wscript.exe file.

第18题：

You encrypt your files to ensure the security of the files. You want to make a backup copy of the files and maintain their security settings. You have the option of backing up to either the network or floppy disk.  What should you do？（）

• A、Copy the files to a network share on an NTFS volume and do nothing further.
• B、Copy the files to a network share on a FAT 32 volume and do nothing further.
• C、Copy the files to a floppy disk that has been formatted by using Windows 2000 Professional. 
• D、Place the files in an encrypted folder， and then copy the folder to floppy disk.

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：