You are the administrator responsible for security and user desktop settings on your network. You need to configure a custom registry entry for all users. You want to add the custom registry entry into a Group Policy object (GPO) with the least amount of

第1题：

You need to design desktop and security settings for the client computers in the Seattle call center. Your solution must be implemented by using the minimum amount of administrative effort.Which two actions should you perform？（）

• A、On each client computer in the call center， configure a local policy that lists only authorized programs in the Allowed Windows Programs list
• B、Using NTFS permissions， assign the Deny – Read permission for all unauthorized executable files to the client computer domain accounts
• C、Design a Group Policy object （GPO） that enforces a software restriction policy on all client computers in the call center
• D、Design a Group Policy object （GPO） that implements an IPSec policy on all client computers in the call center. Ensure that the IPSec policy rejects connections to any Web servers that the company does not operate

第2题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains an organizational unit （OU） named Servers that contains all of the company’s Windows Server 2003 resource servers. The domain also contains an OU named Workstations that contains all of the company’s Windows XP Professional client computers.   You configure a baseline security template for resource servers named Server.inf and a baseline security template for client computers named Workstation.inf. The Server.inf template contains hundreds of settings， including file and registry permission settings that have inheritance propagation enabled. The Workstation.inf template contains 20 security settings， none of which contain file or registry permissions settings.  The resource servers operate at near capacity during business hours.   You need to apply the baseline security templates so that the settings will be periodically enforced. You need to accomplish this task by using the minimum amount of administrative effort and while minimizing the performance impact on the resource servers.   What should you do？  （）

• A、 Create a Group Policy object （GPO） and link it to the domain. Import both the Server.inf and the Workstation.inf templates into the GPO.
• B、 Import both the Server.inf and the Workstation.inf templates into the Default Domain Policy Group Policy object （GPO）.
• C、 On each resource server， create a weekly scheduled task to apply the Server.inf settings during off-peak hours by using the secedit command. Create a Group Policy object （GPO） and link it to the Workstations OU. Import the Workstation.inf template into the GPO.
• D、 On each resource server， create a weekly scheduled task to apply the Server.inf settings during off-peak hours by using the secedit command. Import the Workstation.inf template into the Default Domain Policy Group Policy object （GPO）.

第3题：

第4题：

You have Active Directory Certificate Services （AD CS） deployed.  You create a custom certificate template.   You need to ensure that all of the users in the domain automatically enroll for a certificate based on the  custom certificate template.   Which two actions should you perform（）

• A、In a Group Policy object （GPO）， configure the autoenrollment settings
• B、In a Group Policy object （GPO）， configure the Automatic Certificate Request Settings.
• C、On the certificate template， assign the Read and Autoenroll permission to the Authenticated Users  group.
• D、On the certificate template， assign the Read， Enroll， and Autoenroll permission to the Domain Users  group.

第5题：

Your company has deployed Network Access Protection （NAP） enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do？（）

• A、Create a Group Policy object （GPO） that enabled Security Center and link the policy to the domain.
• B、Create a Group Policy object （GPO） that enabled Security Center and link the policy to the Domain controllers organizational unit （OU）
• C、Create a Group Policy object （GPO） and set the Require trusted path for credential entry option to eabled. Link the Policy to the domain.
• D、Create a Group Policy object （GPO） and set the Require trusted path for credential entry option to eabled. Link the Policy to the Domain Controllers organizational unit （OU）

第6题：

You are the network administrator for your company. Your network consists of a single Active   Directory domain. Three security groups named Accountants， Processors， and Management are located in an organizational unit （OU） named Accounting. All of the user accounts that belong to these three  groups are also in the Accounting OU. You create a Group Policy object （GPO） and link it to the  Accounting OU. You configure the GPO to disable the display options under the User Configuration  section of the GPO. You need to achieve the following goals： You need to ensure that the GPO applies to  all user accounts that are members of the Processors group. You need to prevent the GPO fromapplying  to any user account that is a member of the Accountants group. You need to prevent the GPO from  applying to any user account that is a member of the Management group， unless the user account is also  a member of the Processors group. What should you do？（）

• A、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL of the GPO to assign the users who are in both the Accountants and Management security groups the Allow - Read and the Allow - Apply Group Policy permissions.
• B、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Create a new security group named Mixed that contains all the user accounts from the Processors group and the specific user accounts from the Management group to which you want the GPO to apply. Modify the DACL of the GPO to assign the Mixed security group the Allow - Read and the Allow - Apply Group Policy permissions.
• C、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL settings of the GPO to remove the Authenticated Users special group. Modify the DACL settings of the GPO to add the Processors group and assign the Allow - Read and the Allow - Apply Group Policy permissions.
• D、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Allow - Apply Group Policy permissions. Modify the DACL settings of the GPO to assign the Management security group the Deny - Read and the Deny - Apply Group Policy permissions.

第7题：

Your network consists of Windows XP computers. All computers are joined to a single Active  Directory directory service domain and located in a single Active Directory site. You create a new Group  Policy object （GPO） and link it to the site. The policy configures default screensaver settings. User  accounts of users in the research department are located in an organizational unit （OU） named Research.  You need to allow users in the research department to configure a different screensaver setting on their  computers.  What should you do？（）

• A、 Move the user accounts of users in the research department to the Users container.
• B、 Configure a local security policy on all computers in the research department to allow users to modify their screensaver settings.
• C、 Add users in the research department to a domain group. Allow the group the Apply Group Policy permission for the GPO.
• D、 Add users in the research department to a domain group. Deny the group the Apply Group Policy permission to the GPO.

第8题：

Your network consists of a single Active Directory domain. User accounts for engineering department  are located in an OU named Engineering.    You need to create a password policy for the engineering department that is different from your domain  password policy.    What should you do（）

• A、Create a new GPO. Link the GPO to the Engineering OU.
• B、Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the  Engineering OU.
• C、Create a global security group and add all the user accounts for the engineering department to the  group. Create a new Password Policy Object （PSO） and apply it to the group.
• D、Create a domain local security group and add all the user accounts for the engineering department to  the group. From the Active Directory Users and Computer console， select the group and run the  Delegation of Control Wizard.

第9题：

Your network contains an Active Directory domain named contoso.com. All user accounts are in an organizational unit （OU） named Employees. You create a Group Policy object （GPO） named GP1.You link GP1 to the Employees OU.You need to ensure that GP1 does not apply to the members of a group named Managers. What should you configure？（）

• A、The Security settings of Employees
• B、The WMI filter for GP1
• C、The Block Inheritance option for Employees
• D、The Security settings of GP1

第10题：

Your company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. You provide access to some applications through a virtual desktop infrastructure (VDI) environment. All Remote Desktop Session Host (RD Session Host) server objects are located in an organizational unit (OU) named RDServers. All virtual desktop computers are located in an organizational unit (OU) named VirtualDesktops. All other client computer objects are located in an OU named Desktops. The drive holding the user profile cache on each RD Session Host server is running out of free diskspace. You need to restrict the amount of disk space used by the roaming user profile cache. What should you do?（）

• A、Create a Group Policy object (GPO) that enables folder redirection for all users. Link the GPO to the RDServers OU.
• B、Create a Group Policy object (GPO) that enables folder redirection for all users. Link the GPO to the VirtualDesktops OU.
• C、Create a Group Policy object (GPO) that configures the Limit the size of the entire roaming user profile  cache setting. Link the GPO to the RDServers OU.
• D、Create a Group Policy object (GPO) that configures the Limit the size of the entire roaming user profile cache setting. Link the GPO to the VirtualDesktops OU.