-
You need to design Group Policy object (GPO) settings to support the use of the Encrypting File System (EFS). Your solution must meet business and security requirements. Which two actions should you perform?()
A . Designate a data recovery agent and issue an EFS certificate to the data recovery agent. Export the private key and restrict access to the exported key
B . Make the data recovery agent a local administrator on all client computers
C . Remove the default data recovery agent from the Default Domain Policy GPO. Then, include the new data recovery agent instead
D . Delete the Default Domain Policy GPO. Configure a new GPO linked to the domain that does not specify a data recovery agent
-
Your network contains an Active Directory domain named contoso.com. You need to create a central store for the Group Policy Administrative templates. What should you do()
A . Run dfsrmig.exe /createglobalobjects.
B . Run adprep.exe /domainprep /gpprep.
C . Copy the %SystemRoot%\PolicyDefinitions folder to the \\contoso.com\SYSVOL\contoso.com\Policies folder.
D . Copy the %SystemRoot%\System32\GroupPolicy folder to the\\contoso.com\SYSVOL\contoso.com\Policies folder.
-
Your network contains a server that runs Windows Server 2008. The server has the Network Policy Server (NPS) service role installed. You need to allow only members of a global group named Group1 VPN access to the network. What should you do?()
A . Add Group1 to the RAS and IAS Servers Group
B . Add Group1 to the Network Configuration Operators group
C . Create a new network policy and define a group-based connection for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 1
D . Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access Granted. Set the processing of the policy to 3.
-
Your network contains a server that runs Windows Server 2008 R2. The server has the Network Policy and Access Services server role installed. You need to allow only members of a global group named Group1 VPN access to the network. What should you do? ()
A . Add Group1 to the RAS and IAS Servers group.
B . Add Group1 to the Network Configuration Operators group.
C . Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 1.
D . Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 3.
-
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 is a member of a workgroup. You need to configure a local Group Policy on Server1 that will apply only to non- administrators. Which tool should you use?()
A . Server Manager
B . Group Policy Management Editor
C . Group Policy Management
D . Group Policy Object Editor
-
You configure and deploy a Group Policy object (GPO) that contains AppLocker settings. You need to identify whether a specific application file is allowed to run on a computer. Which Windows PowerShell cmdlet should you use()
A . Get-AppLockerFileInformation
B . Get-GPOReport
C . Get-GPPermissions
D . Test-AppLockerPolicy
-
our network contains a server that runs window server 2008. The serve has the network policy server(NPS) service role installed. You need to allow only members of a global group named group1 VPN access to the network. What should you do?()
A . Add group1 to the RAS and IAS servers group.
B . Add group1 to the network configuration operators group..
C . Create a new network policy and define a group-based connection for group1. Set the access permission of the policy to access granted. Set the processing order of the policy to 1.
D . Create a new network policy and define a group-based condition for group1. Set the access permission of the policy to acces granted. Set the processing of the policy to 3.
-
You are designing for implementing Group Policy objects (GPOs) to meet the business and technical requirement. What should you do?()
A . Create one new GPO to enforce software restriction policies. Link this GPO to the domain.
B . Create one new GPO to enforce software restriction policies. Link this GPO to the appropriate organizational unit (OU).
C . Create one new GPO to enforce software restriction policies. Link this GPO to all organizational units (OUs).
D . Create new GPOs to match the number of organizational units (OUs).configure these GPOs to enforce software restriction policies. Link this GPO to its respective OU.
-
You need to recommend a Group Policy strategy for the Remote Desktop servers. What should you include in the recommendation?()
A . block inheritance
B . loopback processing
C . security filtering
D . WMI filtering
-
Your network contains an Active Directory domain named contoso.com. You need to create a central store for the Group Policy Administrative templates. What should you do()
A . Run dfsrmig.exe /createglobalobjects.
B . Run adprep.exe /domainprep /gpprep.
C . Copy the %SystemRoot%\PolicyDefinitions folder to the \\contoso.com\SYSVOL\contoso.com\Policies folder.
D . Copy the %SystemRoot%\System32\GroupPolicy folder to the \\contoso.com\SYSVOL\contoso.com\Policies folder
-
Your network contains a single Active Directory domain. All client computers run Windows Vista Service Pack 2 (SP2). You need to prevent all users from running an application named App1.exe. Which Group Policy settings should you configure()
A . Application Compatibility
B . AppLocker
C . Software Installation
D . Software Restriction Policie
-
You configure and deploy a Group Policy object (GPO) that contains AppLocker settings. You need to identify whether a specific application file is allowed to run on a computer. Which Windows PowerShell cmdlet should you use()
A . Get-AppLockerFileInformation
B . Get-GPOReport
C . Get-GPPermissions
D . Test-AppLockerPolicy
-
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use()
A . Dfsrdiag
B . Fsutil
C . Ntdsutil
D . Ntfrsutl
-
Your network contains a single Active Directory domain. All client computers run Windows Vista Service Pack 2 (SP2). You need to prevent all users from running an application named App1.exe. Which Group Policy settings should you configure()
A . Application Compatibility
B . AppLocker
C . Software Installation
D . Software Restriction Policie
-
You have a computer that runs Windows 7. You need to provide standard users the ability to update thedrivers for display adapters. What should you modify from the Local Group Policy?()
A . device installation settings for the computer.
B . display settings for the user.
C . driver installation settings for the computer.
D . driver installation settings for the user.
-
You are designing for implementing Group Policy objects (GPOs) to meet the business and technical requirement. What should you do? ()
A . Create one new GPO to enforce software restriction policies. Link this GPO to the domain.
B . Create one new GPO to enforce software restriction policies. Link this GPO to the appropriate organizational unit (OU).
C . Create one new GPO to enforce software restriction policies. Link this GPO to all organizational units (OUs).
D . Create new GPOs to match the number of organizational units (OUs).configure these GPOs to enforce software restriction policies. Link this GPO to its respective OU.
-
下列哪些Internet Exploerer选项可以通过Group Policy被配置()
A . 代理服务器
B . 主页
C . 常用文件夹
D . 标题条
-
You need to recommend a solution for managing Group Policy that meets the company’s technical requirements. What should you recommend?()
A . Implement a central store.
B . Upgrade DC3 to Windows Server 2008 R2.
C . Create starter Group Policy objects (GPOs).
D . Deploy Advanced Group Policy Management (AGPM).
-
下列哪一项不是Group Policy的段()
A . Software Settings
B . Windows Settings
C . Administrative Templates
D . Computer Setting
-
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use()
A . Dfsrdiag
B . Fsutil
C . Ntdsutil
D . Ntfrsutl
-
在命令Aggregate ipv4-address{maskm ask-length}【as-setatribute-policy route-policy-name1ldetail-suppressedlorigin-policyroute-policy-name2suppress-policy route-policy-name3】中,多个参数可以用来影响汇总路由及其结果。关于该命令描述正确是()
A.如果配置了Suppress policy也会产生聚合路由, Route-policy的if-match子句用来挑选抑制的明细路由,匹配Rou te- policy的明细路由仍然会被通告给其他BGP邻居
B.如果配置了Origin-policy了,只有与Route-policy 匹配的明细路由才能参加聚合
C.如果配置了Attribute-policy,可以更改聚合路由的属性
D.如果配置了As-set,汇总路由的AS_ ATH包含所有具体路由的AS路径信息,以防止路由 环路
此题为多项选择题。
-
Your network contains a Windows Server Update Services (WSUS) server. A Group Policy objec
Your network contains a Windows Server Update Services (WSUS) server. A Group Policy object (GPO) configures all WSUS client computers to detect updates hourly and install updates weekly.You download a critical update.You need to ensure that the WSUS client computers install the critical update during the next detection interval.What should you do?()
A. From the client computers, run wuauclt.exe /force.
B. From the client computers, run gpupdate.exe /force.
C. From the server, configure the deadline settings.
D. From the server, configure the Synchronization Schedule options.
-
Your network consists of a single Active Directory domain. All servers run Windows Server 2003Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).You have an organizational unit (OU) named Accounting. You create a Group Policy object (GPO) and linkit to the Accounting OU.You join a new client computer to the domain.You discover that the new client computer fails to receive the settings from the new GPO.You need to ensure that the new GPO is applied to the new computer.What should you do? ()
A. Move the computer account to the Accounting OU.
B. Modify the Location attribute of the computer account.
C. Modify the Managed By attribute of the computer account.
D. Enable the Trust computer for delegation option on the computer account.
-
You are a network administrator for your company. The network consists of a single Active Directorydomain.A user named Mary works in the information technology security department. Mary is a member of theITSecurity global group. Mary reports that no one in the ITSecurity global group can access the securitylog from the console of a computer named Server1.You need to grant the ITSecurity global group the minimum rights necessary to view the security log onServer1.How should you modify the local security policy?()
A. Assign the Generate security audits user right to the ITSecurity global group.
B. Assign the Manage auditing and security logs user right to the ITSecurity global group.
C. Assign the Allow logon through Terminal Services user right to the ITSecurity global group.
D. Assign the Act as part of the operating system user right to the ITSecurity global group.
