单选题For security reasons， an administrator is asked to modify the system to prevent someone from leaving a terminal logged in. To enable a five minute timeout for all users， what would need to be done to accomplish this task？（）A Add the following line to /

第1题：

A system administrator wants to configure a system so that all new users will be put into the database group by default. How would this be accomplished？（）

• A、remove all other groups from the system
• B、run the command mkuser -default "GROUP=database"
• C、change the default group in /usr/lib/security/mkuser.default
• D、edit /etc/security/group to move all users to the database stanza

第2题：

For security reasons， an administrator is asked to modify the system to prevent someone from  leaving a terminal logged in.  Which of the following options would enable a five minute timeout for all users（）

• A、Add the following line to /etc/environment： TMOUT=300
• B、Add the following lines to /.profile TMOUT=5 export TMOUT
• C、Run the following command： chuser -u ALL -a TIMEOUT=5M
• D、Run the following command： chsec -u ALL -a TIMEOUT=600

第3题：

You need to prevent users from storing cookies that come from the www.contoso.com Web site. The solution must allow users to browse to the www.contoso.com Web site. What should you do?（）

• A、Add an entry to the Lmhosts file. 
• B、From the local area connection, add a DNS suffix.
• C、From Internet Explorer, modify the Privacy settings.
• D、From Internet Explorer, modify the Manage Add-ons settings. 

第4题：

You are the domain administrator for TestKing's Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. A newly installed server was added to your domain. You need to administer this server remotely from your client computer. You need to configure the new server to ensure that it can be administered remotely. What should you do?（）

• A、Install Terminal Server Licensing. Restart the server.
• B、Modify the system properties for the server. Enable Remote Desktop for the server by selecting the Allow users to connect remotely to this system check box.
• C、Start the Remote Access Connection Manager service and then configure the service to start automatically.
• D、Modify your user account properties to enable you to connect to the terminal server

第5题：

You have a portable computer that runs Windows 7. The computer is joined to a domain. Multiple users logon to the computer. You need to prevent the computer from displaying the username of the last user whologged on. What should you do？（）

• A、From Control Panel， modify the User Profiles settings.
• B、From Control Panel， modify the Personalization settings.
• C、From the local computer policy， add a policy template.
• D、From the local computer policy， modify the local security policy.

第6题：

You have a server that runs the Terminal Services Gateway （TS Gateway） role service. Users need to connect remotely through the gateway to desktop computers located in their offices.  You create a security group named Remote1 for the users who need to connect to computers in their offices.  You need to enable the users to connect to the TS Gateway. What should you do？（）

• A、Add the Remote1 security group to the local remote desktop users group on the TS Gateway server.
• B、Create a client authorization policy. Add the Remote1 security group and enable Device redirection.
• C、Create a resource authorization policy. Add the Remote1 security group and enable Users to connect to any resource.
• D、Create a Group Policy object and enable the Set TS Gateway authentication method properties to Ask for credentials， use Basic protocol. Apply the policy to the TS Gateway server.

第7题：

You are the network administrator for The network consists of a single Active Directory domain named All network servers run Windows Server 2003, and all client computers run Windows XP Professional. Terminal Services is installed on a member server named Terminal1 with default settings. Users in the editing department are members of a group named Editors. When these users try to make a Terminal Services connection to Terminal1, they receive the following error message: "The local policy of this system does not permit you to logon interactively". You need to enable members of the Editors group to establish Terminal Services sessions on Terminal1. What should you do?（）

• A、Enable the Allow users to connect remotely to this computer option on Terminal1.
• B、Add the Editors group to the Remote Desktop Users group on Terminal1.
• C、Configure the RDP-Tcp connection properties on Terminal1 to assign the Allow - Full Control permission to the Editors group.
• D、Add the Editors group to the Remote Desktop Users group in Active Directory.

第8题：

You have a server that runs Windows Server 2003 Service Pack 2 (SP2). You enable Remote Desktop on the server and add 10 users to the Remote Desktop Users group. Users report that they occasionally receive an error message indicating that Terminal Server has reached the maximum number of connections. You need to ensure that all 10 users can establish Remote Desktop connections to the server concurrently. What should you do?（）

• A、From Add or Remove Programs, add the Terminal Server component.
• B、From Add or Remove Programs, add the Connection Point Services component.
• C、From the Terminal Services Configuration console, modify the Maximum connections setting.
• D、From the Terminal Services Configuration console, modify the Restrict each user to one session setting.

第9题：

第10题：

第11题：

第12题：

第13题：

For security reasons， an administrator is asked to modify the system to prevent someone from leaving a terminal logged in. To enable a five minute timeout for all users， what would need to be done to accomplish this task？（）

• A、Add the following line to /etc/environment：  TMOUT=300
• B、Add the following lines to /.profile  TMOUT=5  export TMOUT
• C、Execute the following command：  chuser -u ALL -a TIMEOUT=5M
• D、Execute the following command：  chsec -u ALL -a TIMEOUT=600

第14题：

A System p administrator needs to set the default password length for all users to six characters.  Which of the following files needs to be edited to accomplish this （）

• A、/etc/security/limits
• B、/etc/security/mkuser.sys
• C、/etc/security/priv
• D、/etc/security/user

第15题：

You have a server that runs Windows Server 2008. You need to prevent the server from establishing communication sessions to other computers by using TCP port 25. What should you do（）

• A、 From Windows Firewall， add an exception
• B、 From windows Firewall enable the block all incoming connections option
• C、 From the Windows Firewall with Advanced Security snap-in， create an inbound rule
• D、 From the Windows Firewall with Advanced Security snap-in， create an outbound rule.

第16题：

You are an enterprise administrator for Cer-tech .com. The company runs Windows Server 2008 on all theservers on the network. The company has many remote users One of the servers on the network calledServer01 has the Terminal Services Gateway （TS Gateway） role installed on it. The remote users of thecompany need to connect remotely to desktop computers located in their offices through the gateway. Toensure secure connection to the gateway， you created a security group named RemoteUsersGrp1 for theremote users who need to connect to computers in their offices. Which of the following options would youchoose to enable the remote users to connect to the TS Gateway？ （）

• A、Create a resource authorization policy.
• B、Create a client authorization policy.
• C、Create a Group Policy object enable the Set TS Gateway authentication method properties to Ask forcredentials，use Basic protocol.
• D、Add the RemoteUsersGrp1 security group and enable Device redirection.

第17题：

Your network consists of a single Active Directory domain. You have a terminal server that runs Windows Server 2003 Service Pack 2 (SP2). You need to prevent users from establishing multiple Remote Desktop connections to the server. What should you do? （）

• A、Install and configure Terminal Server Licensing.
• B、From Terminal Services Manager, modify the user sessions.
• C、From Terminal Services Configuration, modify the server settings.
• D、From Active Directory Users and Computers, modify the Sessions settings for each user account.

第18题：

You have a computer named Computer1 that runs Windows XP Professional. Computer1 is a member of a workgroup. You need to prevent all users from encrypting files on Computer1. What should you do?（） 

• A、For all files, deny the Take ownership permission to the Everyone group. 
• B、From the Local Security Policy, modify the Encrypting File System (EFS) properties.
• C、From the Certificates snap-in, delete the recovery agent certificate. 
• D、From the Certificates snap-in, delete all trusted root certification authority (CA) certificates. 

第19题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.   The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group.   A new requirement in the company’s written security policy states that the Power Users group must be empty on all resource servers.   You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented.   What should you do？  （）

• A、 Add the Domain Users global group to the Remote Desktop Users built-in group in the domain.  
• B、 Add the Domain Users global group to the Remote Desktop Users local group on each terminal server.
• C、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Import the security template into the Default Domain Controllers Policy Group Policy object （GPO）.
• D、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Apply the modified template to each terminal server.

第20题：

第21题：

第22题：

第23题：