多选题Your manager has informed you that only specific users can have access to the Preferred Members role, and that these users are restricted to the Preferred Members role. The Preferred Members role-mapping rule is currently set as the last rule in your r

第1题：

You have a stand-alone computer named Computer1 that runs Windows 7. Several users share Computer1. You need to prevent all users who are members of a group named Group1 from runningWindows Media Player. All other users must be allowed to run Windows Media Player. You must achievethis goal by using the least amount of administrative effort.  What should you do?（）

• A、From Software Restriction Policies， create a path rule.
• B、From Software Restriction Policies， create a hash rule.
• C、From Application Control Policies， create the default rules.
• D、From Application Control Policies， create an executable rule.

第2题：

You executed this command to create a password file: $ orapwd file = orapworcl entries = 10 ignorecase = N Which two statements are true about the password file?（）

• A、It will permit the use of uppercase passwords for database users who have been granted the SYSOPER role.
• B、It contains username and passwords of database users who are members of the OSOPER operating system group.
• C、It contains usernames and passwords of database users who are members of the OSDBA operating system group.
• D、It will permit the use of lowercase passwords for database users who have granted the SYSDBA role.
• E、It will not permit the use of mixed case passwords for the database users who have been granted the SYSDBA role.

第3题：

All client computers on your company network run Windows 7 and are members of a Windows Server 2008 R2 domain. The R&D department staff are local administrators on their computers and are members of the R&D global security group. A new version of a business software application is available on the network. You plan to apply an AppLocker security policy to the R&D group. You need to ensure that members of the R&D group are not allowed to upgrade the software. What should you do?（）

• A、Create an Audit only restriction based on the version of the software.
• B、Create an Audit only restriction based on the publisher of the software.
• C、Create an Enforce rule restriction based on the version of the software.
• D、Create an Enforce rule restriction based on the publisher of the software.

第4题：

Your corporate network has a member server named RAS1 that runs Windows Server 2008 R2. You configure RAS1 to use the Routing and Remote Access Services (RRAS).The companys remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees.You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection.What should you do？（）

• A、Install the Network Policy Server (NPS) server role on RAS1.
• B、Create a remote access policy that requires users to authenticate by using SPAP.
• C、Create a remote access policy that requires users to authenticate by using EAP-TLS.
• D、Create a remote access policy that requires users to authenticate by using MS-CHAP v2.

第5题：

Your company has an Active Directory Domain Services （AD DS） domain that includes an AD security group named Development. You have a member server that runs Windows Server 2008 R2 with the Hyper-V role installed. You need to ensure that Development group members can only manage virtual machines （VMs）. Development group members must not have administrative privileges on the host server. What should you use？（）

• A、Authorization Manager
• B、Local Users and Groups
• C、the net localgroup command
• D、Active Directory Administrative Center

第6题：

Your company has a main office and a branch office.The branch office administrators are the only members of a custom management role group.The role group is configured to allow members to manage recipients. You notice that the branch office administrators can manage recipients in both offices.You need to ensure that the branch office administrators can manage recipients in the branch office only. What should you do？（）

• A、Create and associate a management scope to the role group.
• B、Create and associate a management role assignment policy to the role group.
• C、Create a new linked role group， and then add the branch office administrators to the role group.
• D、Create a new role， and then add management role entries to the role.

第7题：

Your company has a single Active Directory domain named intranet.adatum.com. The domain controllers run Windows Server 2008 and the DNS server role. All computers， including non-domain members， dynamically register their DNS records. You need to configure the intranet.adatum.com zone to allow only domain members to dynamically register DNS records. What should you do（）

• A、Set dynamic updates to Secure Only.
• B、Enable zone transfers to Name Servers.
• C、Remove the Authenticated Users group.
• D、Deny the Everyone group the Create All Child Objects permission.

第8题：

You work as the Exchange administrator at Company.com.The Company.com network contains an Exchange Server 2010 Organization.Company.com has its headquarters in Paris where you are located.you are responsible for managing two exchange servers named -ex01 and -ex02.both exchange servers are configured to host the client access server role， the hub transport server role as well as the mailbox server role.terstkingex01 and -ex02 are members of a database availability group.during the course of the week you receive an instruction from management to ensure that users are able to make a connection to the client access server in the event of a single server failure. What should you do？（）

• A、Your best option would be to have the Network Load Balancing feature installed on every server.Thereafter a second IP address should be assigned to every network adapter.
• B、Your best option would be to have two new records created for the Client Access server from the DNS manager.
• C、Your best option would be to have a hardware load balancer deployed. Then a DNS record should be created for the virtual IP address. Thereafter a Client Access server array should be configured.
• D、Your best option would e to have a new service named Client Access Server created and a new IP address allocated from the Failover Cluster Manager.

第9题：

Your company has an Active Directory Domain Services （AD DS） domain that includes an AD security group named Monitoring. You are configuring a Windows Server 2008 R2 Hyper-V server that hosts several virtual machines （VMs）. You need to ensure that members of the Monitoring group can only stop and start VMs on the host server. What should you do？（）

• A、Add the Monitoring group to the Server Operators AD security group.
• B、In Authorization Manager， add the Monitoring group to the Administrator role in the default scope.
• C、In Authorization Manager， create a task that includes the Stop Virtual Machine and Start Virtual Machine operations. Add the task to the Administrator role.
• D、In Authorization Manager， create a role in the default scope. Add the Stop Virtual Machine and Start Virtual Machine operations to the role. Assign the Monitoring group to the role.

第10题：

Your company has a main office and a branch office. All branch office administrators are members of a custom management role group.The role group is configured to allow members to manage recipients.The branch office administrators are also members of The Domain Admins security group. The organization contains one Exchange Server 2010 server. You discover that the branch office administrators can manage recipients in both offices. You need to ensure that the branch office administrators can manage recipients in their assigned branch office only.What should you do？（）

• A、Create a new management role entry for the role group.
• B、Create a management role assignment policy and associate the policy to the role group.
• C、Create a management scope and associate the scope to the role group.Set a recipient filter for the management scope.
• D、Remove the branch office administrators from the Domain Admins group.Add the branch office recipients to the role group.

第11题：

第12题：

第13题：

Your manager has informed you that only specific users can have access to the Preferred Members role, and that these users are restricted to the Preferred Members role. The Preferred Members role-mapping rule is currently set as the last rule in your role-mapping rules and is based on username. Currently all users are assigned to the Preferred Members role-mapping rule. Which three changes in the admin GUI will enforce your managers change request?（）

• A、Move the Preferred Members role-mapping rule to the top of the list.
• B、Remove the Preferred Members role from the role-mapping rule.
• C、Edit the Preferred Members role-mapping rule so that the username is equal to *.
• D、Edit the Preferred Members role-mapping rule so that only the select users are assigned to the role-mapping rule.
• E、Edit the Preferred Members role-mapping rule and select "Stop processing rules when this rule matches".

第14题：

You are a help desk technician for your company. Your company’s network includes an Active Directory domain and Windows XP Professional computers that are configured as members of the domain. Company policy prohibits users from accessing their computers unless they are authenticated by a domain controller. However, users report that they can log on to their computers, even though a network administrator has told them that a domain controller is not available. As a test, you log off of your computer and disconnect it from the network. You discover that you can log on by using your domain user account. You need to ensure that users cannot access their computers unless they are authenticated by a domain controller. How should you configure the local computer policy on these computers? （） 

• A、Enable the Require domain controller to unlock policy.
• B、Set the Number of previous logons to cache policy to 0.  
• C、Remove all user and group accounts from the Log on locally user right. 
• D、Remove all user and group accounts from the Access this computer from the network user right. 

第15题：

You manage Hyper-V host servers and virtual machines （VMs） by using Microsoft System Center Virtual Machine Manager （VMM） 2008 R2. Developers are members of an AD security group named  Development. You need to ensure that on a specific host server， members of the Development group can perform only the Create，Modify，and Remove VM management tasks. What should you do？（）

• A、Create a Self-Service user role and add the Development group to this role.
• B、Create a Delegated Administrator user role and add the Development group to this role.
• C、In Authorization Manager， create a role on the client computer of each member of the Development group， and add the Development group to this role.
• D、Install Hyper-V Manager on the client computer of each member of the Development group，and grant the Development group administrative privileges on the specific server.

第16题：

You are employed as the exchange administrator at Company.com.the Company.com network contains an exchange server 2010 organization.Company.com has its headquarters in chicago where you are located.The organization contains a single server named -ex01.you receive numerous complaints from users stating that they receive a vast amount of spam messages.management wants you to decrease the amount of spam users in the organization receive. What should you do？（）

• A、Your best option would be to have a Transport Protection Rule created.Thereafter a journal rule can be created.
• B、Your best option would be to run the Install-AntispamAgents.ps1 script.Thereafter the transport agents can be configured.
• C、Your best option would be to have a journal rule created.Thereafter an Outlook Protection Rule can be created.
• D、Your best option would be to run the AntispamCommon.ps1 script.Thereafter a Transport Protection Rule can be created.

第17题：

All client computers on your company network run Windows 7 and are members of an Active Directory Domain Services domain. AppLocker is configured to allow only approved applications to run. Employees with standard user account permissions are able to run applications that install into the user profile folder. You need to prevent standard users from running unauthorized applications. What should you do?（）

• A、Create Executable Rules by selecting the Create Default Rules option.
• B、Create Windows Installer Rules by selecting the Create Default Rules option.
• C、Create the following Windows Installer Rule.Deny C Everyone - %OSDRIVE%/Users//Downloads/*
• D、Create the following Executable Rule.Deny - Everyone - %OSDRIVE%/Users//Documents/*

第18题：

Your network contains an Exchange Server 2010 server.All users access their mailboxes by using only Microsoft Office Outlook 2007.You configure a policy to archive all e-mail messages located in the Entire Mailbox 365 days after they are received.You need to ensure that all members of a department named Sales can retain some e-mail messages for five years. What should you create first？（）

• A、a linked mailbox
• B、a managed custom folder
• C、a message classification
• D、an Outlook Protection Rule

第19题：

You are the network administrator for Your network consists of two Active Directory domains in a single forest. All network servers run Windows Server 2003. Currently, you use more than 1,000 security groups. A member server named TK1 contains a folder named Testing. This folder contains resources required by users in the engineering department. A written security policy states that engineering users must have the approval of the management group before they can be assigned the Full Control NTFS permission on Testing. You need to discover whether any engineering users currently have the Full Control NTFS permission on Testing. You must complete this task by using the minimum amount of administrative effort. What should you do?（）

• A、Use Active Directory Users and Computers to view the access level available to engineering users.
• B、Use the Find Users, Contacts, and Groups utility to view the membership of each group that has access to Testing.
• C、In the properties of Testing, view the Effective Permissions tab.
• D、Write an ADSI script to search for members of all groups that have access to testing

第20题：

Your network contains two Active Directory sites named Site1 and Site2. Site1 contains a server named Server1. Server1 runs a custom application named App1.Users in Site2 report that they cannot access App1 on Server1. Users in Site1 can access App1.Server1 has a Windows Firewall with Advanced Security rule named Rule1.You discover that Rule1 blocks the connection to App1.You verify that Server1 has no connection security rules.You need to ensure that the Site2 users can connect to Server1.What should you modify in Rule1？（）

• A、the authorized computers list
• B、the authorized users list
• C、the edge traversal settings
• D、the scope

第21题：

You create a Web site that is for members only. The Web site allows members to create lists of users that have access to information about member profiles. The name of the list is stored in the listName variable. The user name of the user to whom access is given is stored in the username variable. You need to enable members to manage their lists of users. Which code segment should you use? （）

• A、Roles.CreateRole(listName);User.InInRole(listName);
• B、Roles.CreateRole(listName);Roles.AddUserToRole(useName, listName);
• C、Roles.RoleExists(listName);Roles.AddUserToRole(useName, listName);
• D、Roles.RoleExists(listName);User.InInRole(listName);

第22题：

第23题：