单选题Your company security policy does not allow you to connect your servers directly to the internet. You would like to utilize some of theYour company？ security policy does not allow you to connect your servers directly to the internet. You would like to 

第1题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet.   You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in theperimeter network and will not be members of the domain. The servers will host only publicly available Web pages.  The network design requires that custom security settings must be applied to the application servers. These custom security settings must be automatically refreshed every day to ensure compliance with the design.   You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements.   What should you do？  （）

• A、 Import Baseline1.inf into the Default Domain Policy Group Policy object （GPO）.
• B、 Create a task on each application server that runs Security and Configuration Analysis with Baseline1.inf every day.
• C、 Create a task on each application server that runs the secedit command with Baseline1.inf every day.
• D、 Create a startup script in the Default Domain Policy Group Policy object （GPO） that runs the secedit command with Baseline1.inf.

第2题：

You are the senior systems engineer for your company. The network consists of a single Active Directory domain.  All servers run Windows Server 2003. Client computers in the sales department run Windows NT Workstation 4.0 with the Active Directory Client Extensions software installed. All other client computers run Windows XP Professional. All servers are located in an organizational unit （OU） named Servers. All client computers are located in an OU named Desktops.   Four servers contain confidential company information that is used by users in either the finance department or the research department. Users in the sales department also store files and applications on these servers. The company’s written security policy states that for auditing purposes， all network connections to these resources must require authentication at the protocol level. The written security policy also states that all network connections to these resources must be encrypted. The company budget does not allow for the purchase of any new hardware or software. The applications and data located on these servers may not be moved to any other server in the network.   You define and assign the appropriate permissions to ensure that only authorized users can access the resources on the servers.   You now need to ensure that all connections made to these servers by the users in the finance department and in the research department meet the security guidelines stated by the written security policy. You also need to ensure that all users in the sales department can continue to access their resources.   Which two actions should you take？（）

• A、 Create a new Group Policy object （GPO） and link it to the Servers OU. Enable the Secure Server （Require Security） IPSec policy in the GPO.
• B、 Create a new Group Policy object （GPO） and link it to the Servers OU. Enable the Server （Request Security） IPSec policy in the GPO.
• C、 Create a new Group Policy object （GPO） and link it to the Desktops OU. Enable the Client （Respond only） IPSec policy in the GPO.
• D、 Create a new Group Policy object （GPO）. Edit the GPO to enable the Registry Policy Processing option and the IP Security Policy Processing option. Copy the GPO files to the Netlogon shared folder.
• E、 Use System Policy Editor to open the System.adm file and enable the Registry Policy Processing option and the IP Security Policy Processing option. Save the system policy as NTConfig.pol.

第3题：

You work in a company which is named Wiikigo Corp. The company uses SQL Server 2008. You are the administrator of the company database. Now you are in charge of a SQL Server 2008 instance. There is an internal application which uses Analysis Services and Reporting Services. You use the application on the basis of SQL Server 2008. According to the requirement of company security policy, the surface area for all the deployed components of SQL Server 2008 should be configured. You have to implement the security policy and devise a method to evaluate the security policy against other database servers. What should you do?（）  

• A、You should create policies based on the appropriate facets. Apply the policies against a server group. The server group includes the database servers that need to be configured 
• B、You should create a Transact-SQL script based on the sp_configure stored procedure. Use a configuration server to run the script against a server group that includes the database servers that need to be configured 
• C、You should edit the RSReportServer.config configuration file. Distribute the file to all database servers that need to be configured 
• D、You should analyze your database servers by using the SQL Server Best Practices Analyzer (BPA). Implement the recommendations of the BPA

第4题：

Your company has an Active Directory domain. All servers run Windows Server 2008 R2.  Your  company runs an Enterprise Root certification authority （CA）.   You need to ensure that only administrators can sign code. Which two task should you perform（）

• A、Publish the code signing template.
• B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and  allow only administrators to apply the policy.
• C、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted  Publishers.
• D、Modify the security settings on the template to allow only administrators to request code signing  certificates.

第5题：

Your company has an Active Directory domain. You have a server that runs Windows Server 2008. The Terminal Services role is installed on the server.  The company security policy does not allow users to copy and paste information to a local computer during a Terminal Services session.  You deploy the remote application named APP1.  You need to configure Terminal Services to meet the security requirement. What should you do？（）

• A、Enable the Use temporary folders per session option.
• B、Change the Security Encryption Level to FIPS Compliant.
• C、Deselect the Clipboard option in the RDP Settings for the published application.
• D、Disable the Drive option in the RDP-Tcp Client Setting properties for the server.

第6题：

You work as the Exchange administrator at Company.com.The Company.com network contains an Exchange Server 2010 Organization.You are responsible for managing the Exchange network for Company.com.The network contains numerous Mailbox servers.During the course of the week you receive an instruction from the CIO to determine the message latency between the Mailbox servers in the organization.What should you do？（）

• A、Your best option would be to increase the MSExchangeMailSubmission diagnostic logging level to Expert.
• B、Your best option would be to run the Test-Mailflow cmdlet.
• C、Your best option would be to increase the MSExchangeTransport diagnostic logging level to Expert.
• D、Your best option would be to run the Test-OutlookConnectivity cmdlet.

第7题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.   The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group.   A new requirement in the company’s written security policy states that the Power Users group must be empty on all resource servers.   You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented.   What should you do？  （）

• A、 Add the Domain Users global group to the Remote Desktop Users built-in group in the domain.  
• B、 Add the Domain Users global group to the Remote Desktop Users local group on each terminal server.
• C、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Import the security template into the Default Domain Controllers Policy Group Policy object （GPO）.
• D、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Apply the modified template to each terminal server.

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

ou are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.Two of the servers on the network contain highly confidential documents. The company’s written security policy states that all network connections with these servers must be encrypted by using an IPSec policy.You place the two servers in an organizational unit （OU） named SecureServers. You configure a Group Policy object （GPO） that requires encryption for all connections. You assign the GPO to the SecureServers OU.  You need to verify that users are connecting to the two servers by using encrypted connections.   What should you do？（）

• A、Run the net view command.
• B、Run the gpresult command.
• C、Use the IP Security Monitor console.
• D、Use the IPSec Policy Management console.

第14题：

Company.com has employed you as their Exchange administrator.The Company.com network contains Mailbox servers that are configured to run either Exchange Server 2007 or Exchange Server 2010.During the course of the week you receive an instruction from the CIO to ensure that all e-mail messages stored for more than 90 days in the Inbox folder of clients be deleted. What should you do？（）

• A、Your best option would be to create a new retention policy.
• B、Your best option would be to create a new message classification.
• C、Your best option would be to create new managed content settings.
• D、Your best option would be to create a new managed custom folder.

第15题：

You need to design a remote access strategy for the customer support users when they work from home. Your solution must meet security requirements. What should you do？（）

• A、Deploy an L2TP/IPsec VPN server in each call center. Configure the portable computers as L2TP VPN clients
• B、Create IPSec tunnel mode connections between the customer support users home and the company’s Internet-facing routers
• C、Create IP packet filters on the company’s Internet-facing routers to allow the Remote Desktop Protocol （RDP）.Create IPSec filters on the terminal servers to allow only connections that use RDP
• D、Create IP packet filters on the company’s Internet-facing routers to allow the IPSec protocols. Assign the Secure Server （Require Security） IPSec policy to the terminal servers. Assign the Client （Respond only） IPSec policy to the portable computers

第16题：

You are a network administrator for your company. The company has a main office and one branch office. The network consists of a single Active Directory domain. All servers run Windows Server 2003.   The company needs to connect the main office network and the branch office network by using Routing and Remote Access servers at each office. The networks will be connected by a VPN connection over the Internet.   The company’s written security policy includes the following requirements for VPN connections over the Internet：  All data must be encrypted with end-to-end encryption.  VPN connection authentication must be at the computer level.   Credential information must not be transmitted over the Internet as part of the authentication process.   You need to configure security for VPN connection between the main office and the branch office. You need to comply with the written security policy.   What should you do？  （）

• A、 Use a PPTP connection with EAP-TLS authentication.
• B、 Use a PPTP connection with MS-CHAP v2 authentication.
• C、 Use an L2TP connection with EAP-TLS authentication.
• D、 Use an L2TP connection with MS-CHAP v2 authentication.

第17题：

Your network contains a single Active Directory domain.  You have an Exchange Server 2010 organization that contains a Hub Transport server named Hub1. Hub1 receives all e-mail messages that are sent to your organization from the Internet.  A new company security policy states that domain-joined servers must not be accessible directly from theInternet.  You need to create a message hygiene solution to meet the following requirements： .Comply with the new security policy .Minimize the amount of spam that is delivered to the internal Exchange servers in the organization  What should you do first？（）

• A、Deploy an Edge Transport server， and then configure EdgeSync synchronization.
• B、Deploy a new Hub Transport server， and then install the anti-spam transport agents.
• C、Deploy a new Hub Transport server， and then deploy Active Directory Federation Services （AD FS）.
• D、Deploy an Edge Transport server， and then disable Active Directory Lightweight Directory Services（AD LDS）.

第18题：

You are the network administrator in the New York office of TestKing. The company network consists of a single Active Directory domain The New York office currently contains one Windows Server 2003 file server named TestKingA. All file servers in the New York office are in an organizational unit (OU) named New York Servers. You have been assigned the Allow - Change permission for a Group Policy object (GPO) named NYServersGPO, which is linked to the New York Servers OU. The written company security policy states that all new servers must be configured with specified predefined security settings when the servers join the domain. These settings differ slightly for the various company offices. You plan to install Windows Sever 2003, on 15 new computers, which all functions as file servers. You will need to configure the specified security settings on the new file servers. TestKingA currently has the specified security settings configured in its local security policy. You need to ensure that the security configuration of the new file servers is identical to that of TestKingA. You export a copy of TestKingA's local security policy settings to a template file. You need to configure the security settings of the new servers, and you want to use the minimum amount of administrative effort. What should you do?（）

• A、Use the Security Configuration and Analysis tool on one of the new servers to import the template file.
• B、Use the default Domain Security Policy console on one of the new servers to import the template file.
• C、Use the Group Policy Editor console to open NYServersGPO and import the template file.
• D、Use the default Local Security Policy console on one of the new servers to import the template file.

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：