You are the administrator responsible for security and user desktop settings on your network. You need to configure a custom registry entry for all users. You want to add the custom registry entry into a Group Policy object (GPO) with the least amount of

第1题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains an organizational unit （OU） named Servers that contains all of the company’s Windows Server 2003 resource servers. The domain also contains an OU named Workstations that contains all of the company’s Windows XP Professional client computers.   You configure a baseline security template for resource servers named Server.inf and a baseline security template for client computers named Workstation.inf. The Server.inf template contains hundreds of settings， including file and registry permission settings that have inheritance propagation enabled. The Workstation.inf template contains 20 security settings， none of which contain file or registry permissions settings.  The resource servers operate at near capacity during business hours.   You need to apply the baseline security templates so that the settings will be periodically enforced. You need to accomplish this task by using the minimum amount of administrative effort and while minimizing the performance impact on the resource servers.   What should you do？  （）

• A、 Create a Group Policy object （GPO） and link it to the domain. Import both the Server.inf and the Workstation.inf templates into the GPO.
• B、 Import both the Server.inf and the Workstation.inf templates into the Default Domain Policy Group Policy object （GPO）.
• C、 On each resource server， create a weekly scheduled task to apply the Server.inf settings during off-peak hours by using the secedit command. Create a Group Policy object （GPO） and link it to the Workstations OU. Import the Workstation.inf template into the GPO.
• D、 On each resource server， create a weekly scheduled task to apply the Server.inf settings during off-peak hours by using the secedit command. Import the Workstation.inf template into the Default Domain Policy Group Policy object （GPO）.

第2题：

Your company has deployed Network Access Protection （NAP） enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do？（）

• A、Create a Group Policy object （GPO） that enabled Security Center and link the policy to the domain.
• B、Create a Group Policy object （GPO） that enabled Security Center and link the policy to the Domain controllers organizational unit （OU）
• C、Create a Group Policy object （GPO） and set the Require trusted path for credential entry option to eabled. Link the Policy to the domain.
• D、Create a Group Policy object （GPO） and set the Require trusted path for credential entry option to eabled. Link the Policy to the Domain Controllers organizational unit （OU）

第3题：

You have Active Directory Certificate Services （AD CS） deployed.  You create a custom certificate template.   You need to ensure that all of the users in the domain automatically enroll for a certificate based on the  custom certificate template.   Which two actions should you perform（）

• A、In a Group Policy object （GPO）， configure the autoenrollment settings
• B、In a Group Policy object （GPO）， configure the Automatic Certificate Request Settings.
• C、On the certificate template， assign the Read and Autoenroll permission to the Authenticated Users  group.
• D、On the certificate template， assign the Read， Enroll， and Autoenroll permission to the Domain Users  group.

第4题：

You are the administrator of your company’s network. You use Security Templates to configure a Security Policy on the Windows 2000 Professional Computers in the Sales organizational unit （OU）. You notice that the Computers in the Sales OU are not downloading the Security Policy settings. On each computer， the Security Policy appears in the Local Computer Policy， but is not listed as the effective policy. You want all computers in the Sales OU to have the Security Policy listed as the effective policy. How should you accomplish this task？ （）

• A、Use Security Templates to correct the setting and export the security file.
• B、Use Security Configuration and Analysis to import the security setting. Then create a Group policy object （GPO） for the Sales QU.
• C、Use Secedit /RefreshPolicy Machine_Policy command.
• D、Use the Basicwk.inf security file settings， save the security file， and then import the fileto theComputers.

第5题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 10 domain controllers and 50 servers in application server roles. All servers run Windows Server 2003.   The application servers are configured with custom security settings that are specific to their roles as application servers. Application servers are required to audit account logon events， object access events， and system events. Application servers are required to have passwords that meet complexity requirements， to enforce password history， and to enforce password aging. Application servers must also be protected against man-in-the-middle attacks during authentication.  You need to deploy and refresh the custom security settings on a routine basis. You also need to be able to verify the custom security settings during audits.   What should you do？ （）

• A、 Create a custom security template and apply it by using Group Policy.
• B、 Create a custom IPSec policy and assign it by using Group Policy.
• C、 Create and apply a custom Administrative Template.
• D、 Create a custom application server image and deploy it by using RIS.

第6题：

You are the desktop administrator for your company's sales department. The IT manager for the sales department creates a custom policy that will apply to a custom application that is loaded on the department's Windows XP Professional computers. He deploys this policy by using Group Policy. When you inspect the sales department's computers, you find out that the application has not been modified by the policy. You want to examine Windows XP Professional to find out whether the custom policy is affecting the correct location in the Registry. Which command should you run?（）

• A、Msinfo32. exe
• B、Gpresult.exe
• C、Gpedit.msc
• D、Rsop.msc

第7题：

You create a Windows 7 deployment image that includes custom Internet Explorer branding and search providers.  Your company decides to deploy all custom settings by using Group Policy.    You need to restore the Internet Explorer settings in the deployment image to the Microsoft default settings.   Which two actions should you perform？（）

• A、 Use the Reset Internet Explorer Settings （RIES） feature， and run the Reset process on the deployment image.
• B、 Use the Reset Internet Explorer Settings （RIES） feature， and run the Remove Branding process on the deploymentimage.
• C、 Update the Internet Explorer Maintenance policy processing Group Policy object （GPO） settings for all computers.
• D、 Update the Internet Explorer Manage Add-ons settings for all computers.

第8题：

第9题：

Your network consists of Windows XP computers. All computers are joined to a single Active  Directory directory service domain and located in a single Active Directory site. You create a new Group  Policy object （GPO） and link it to the site. The policy configures default screensaver settings. User  accounts of users in the research department are located in an organizational unit （OU） named Research.  You need to allow users in the research department to configure a different screensaver setting on their  computers.  What should you do？（）

• A、 Move the user accounts of users in the research department to the Users container.
• B、 Configure a local security policy on all computers in the research department to allow users to modify their screensaver settings.
• C、 Add users in the research department to a domain group. Allow the group the Apply Group Policy permission for the GPO.
• D、 Add users in the research department to a domain group. Deny the group the Apply Group Policy permission to the GPO.

第10题：

Your network contains an Active Directory domain named contoso.com. All user accounts are in an organizational unit （OU） named Employees. You create a Group Policy object （GPO） named GP1.You link GP1 to the Employees OU.You need to ensure that GP1 does not apply to the members of a group named Managers. What should you configure？（）

• A、The Security settings of Employees
• B、The WMI filter for GP1
• C、The Block Inheritance option for Employees
• D、The Security settings of GP1

第11题：

Your company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. You provide access to some applications through a virtual desktop infrastructure (VDI) environment. All Remote Desktop Session Host (RD Session Host) server objects are located in an organizational unit (OU) named RDServers. All virtual desktop computers are located in an organizational unit (OU) named VirtualDesktops. All other client computer objects are located in an OU named Desktops. The drive holding the user profile cache on each RD Session Host server is running out of free diskspace. You need to restrict the amount of disk space used by the roaming user profile cache. What should you do?（）

• A、Create a Group Policy object (GPO) that enables folder redirection for all users. Link the GPO to the RDServers OU.
• B、Create a Group Policy object (GPO) that enables folder redirection for all users. Link the GPO to the VirtualDesktops OU.
• C、Create a Group Policy object (GPO) that configures the Limit the size of the entire roaming user profile  cache setting. Link the GPO to the RDServers OU.
• D、Create a Group Policy object (GPO) that configures the Limit the size of the entire roaming user profile cache setting. Link the GPO to the VirtualDesktops OU.

第12题：

You need to configure the security settings for the new app servers. Which two actions should you perform?（）

• A、Create a Group policy object (GPO) for the web servers.
• B、Create a Group policy object (GPO) for the database servers.
• C、Modify the Default Domain Policy.
• D、Modify the Default Domain Controllers Policy.

第13题：

You create a Password Settings object （PSO）.   You need to apply the PSO to a domain user named User1.   What should you do（）

• A、Modify the properties of the PSO.
• B、Modify the account options of the User1 account.
• C、Modify the security settings of the User1 account.
• D、Modify the password policy of the Default Domain Policy Group Policy object （GPO）.

第14题：

You have a computer that runs Windows XP Professional. Multiple users share the computer. You log on to the computer by using the local administrator account and install a custom application. You need to add an application shortcut to the desktop of all new users who use the computer. The shortcut must appear on the desktop of new users only. What should you do?（）

• A、Copy the shortcut to %systemdrive%/documents and settings/default user/desktop/.
• B、Copy the shortcut to %systemdrive%/documents and settings/all users/desktop/.
• C、Copy the shortcut to your desktop. Modify the %comspec% system environment variable. 
• D、Copy the shortcut to the guest user’s desktop. Assign the Everyone group Read permission to the guest user profile.

第15题：

You have Active Directory Certificate Services （AD CS） deployed. You create a custom certificate  template.   You need to ensure that all of the users in the domain automatically enroll for a certificate based  on the custom certificate template.     Which two actions should you perform（）

• A、In a Group Policy object （GPO）， configure the autoenrollment settings.
• B、In a Group Policy object （GPO）， configure the Automatic Certificate Request Settings.
• C、On the certificate template， assign the Read and Autoenroll permission to the Authenticated Users group.
• D、On the certificate template， assign the Read， Enroll， and Autoenroll permission to the Domain Users group.

第16题：