Designate a data recovery agent and issue an EFS certificate to the data recovery agent. Export the private key and restrict access to the exported key
Make the data recovery agent a local administrator on all client computers
Remove the default data recovery agent from the Default Domain Policy GPO. Then, include the new data recovery agent instead
Delete the Default Domain Policy GPO. Configure a new GPO linked to the domain that does not specify a data recovery agent
第1题:
You need to design desktop and security settings for the client computers in the Seattle call center. Your solution must be implemented by using the minimum amount of administrative effort.Which two actions should you perform?()
第2题:
You are the network administrator for your company. Your network consists of a single Active Directory domain. Three security groups named Accountants, Processors, and Management are located in an organizational unit (OU) named Accounting. All of the user accounts that belong to these three groups are also in the Accounting OU. You create a Group Policy object (GPO) and link it to the Accounting OU. You configure the GPO to disable the display options under the User Configuration section of the GPO. You need to achieve the following goals: You need to ensure that the GPO applies to all user accounts that are members of the Processors group. You need to prevent the GPO fromapplying to any user account that is a member of the Accountants group. You need to prevent the GPO from applying to any user account that is a member of the Management group, unless the user account is also a member of the Processors group. What should you do?()
第3题:
A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.
B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).
C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.
D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).
第4题:
You need to configure the security settings for the new app servers. Which two actions should you perform?()
第5题:
You have a single Active Directory directory service domain. You back up your domain controllers on a nightly basis. You perform Group Policy backups on a nightly basis. A Group Policy object (GPO) is accidentally deleted. You need to restore the GPO. What should you do?()
第6题:
You configure and deploy a Group Policy object (GPO) that contains AppLocker settings. You need to identify whether a specific application file is allowed to run on a computer. Which Windows PowerShell cmdlet should you use()
第7题:
You have a single Active Directory directory service domain. You use a Group Policy object (GPO) to apply security settings to your client computers. You configure the startup type for system services settings in a new GPO, and you link the GPO to an organizational unit (OU). You discover that the startup type for system services on one of the client computers has not been updated. You need to ensure that the Group Policy settings are applied to the client computer. What should you do?()
第8题:
You are the administrator responsible for security and user desktop settings on your network. You need to configure a custom registry entry for all users. You want to add the custom registry entry into a Group Policy object (GPO) with the least amount of administrative effort.
What should you do?
A.Configure an ADM template and add the template to the GPO.
B.Configure an INF policy and add the policy to the GPO.
C.Configure a Microsoft Windows installer package and add the package to the GPO.
D.Configure RIS to include the registry entry.
第9题:
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()
第10题:
Your company has deployed network access protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?()