All client computers on your company network run Windows 7 and are members of a Windows Server 2008 R2 domain. The RD department staff are local administrators on their computers and are members of the RD global security group. A new version of a business software application is available on the network. You plan to apply an AppLocker security policy to the RD group. You need to ensure that members of the RD group are not allowed to upgrade the software. What should you do?()A、Create an Audit only restriction based on the version of the software.B、Create an Audit only restriction based on the publisher of the software.C、Create an Enforce rule restriction based on the version of the software.D、Create an Enforce rule restriction based on the publisher of the software.
All client computers on your company network run Windows 7 and are members of a Windows Server 2008 R2 domain. The R&D department staff are local administrators on their computers and are members of the R&D global security group. A new version of a business software application is available on the network. You plan to apply an AppLocker security policy to the R&D group. You need to ensure that members of the R&D group are not allowed to upgrade the software. What should you do?()
- A、Create an Audit only restriction based on the version of the software.
- B、Create an Audit only restriction based on the publisher of the software.
- C、Create an Enforce rule restriction based on the version of the software.
- D、Create an Enforce rule restriction based on the publisher of the software.
相关考题:
All client computers on your company network run Windows 7 and are members of an Active Directory Domain Services domain. Your company policy requires that all unnecessary services be disabled on the computers. The Sales department staff has been provided with new mobile broadband adapters that use the Global System for Mobile Communications (GSM) technology. You need to ensure that portable computers can connect to the broadband GSM network. Which service should be enabled on the portable computers?()A.WLAN AutoConfigB.WWAN AutoConfigC.Computer BrowserD.Portable Device Enumerator Service
All client computers on your company network run Windows 7 and are members of a Windows Server 2008 R2 domain. The R&D department staff are local administrators on their computers and are members of the R&D global security group. A new version of a business software application is available on the network. You plan to apply an AppLocker security policy to the R&D group. You need to ensure that members of the R&D group are not allowed to upgrade the software. What should you do?()A.Create an Audit only restriction based on the version of the software.B.Create an Audit only restriction based on the publisher of the software.C.Create an Enforce rule restriction based on the version of the software.D.Create an Enforce rule restriction based on the publisher of the software.
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create a security update scan procedure for client computers. You need to choose a security tool that supports all the client computers. Which tool should you choose? ()A、 UrlScan Security ToolB、 Enterprise Scan Tool (EST)C、 Malicious Removal Tool (MRT)D、 Microsoft Baseline Security Analyzer (MBSA)
Your company has an Active Directory domain. A server named Server2 runs Windows Server 2008. All client computers run Windows Vista. You install the Terminal Services role,Terminal Services Web Access role service,and Terminal Services Gateway role service on Server2. You need to ensure that all client computers have compliant firewall, antivirus software,and antispyware. Which two actions should you perform?()A、Configure Network Access Protection (NAP) on a server in the domain.B、Add the Terminal Services servers to the Windows Authorization Access domain local security group.C、Add the Terminal Services client computers to the Windows Authorization Access domain local security group.D、Enable the Request clients to send a statement of health option in the Terminal Services client access policy.
Your network consists of a single Active Directory domain. The domain contains a server named Server1 that runs Windows Server 2008.All client computers run Windows Vista. All computers are members of the Active Directory domain. You assign the Secure Server (Require Security) IPsec policy to Server1 by using a Group Policy object(GPO). Users report that they fail to connect to Server1.You need to ensure that users can connect to Server1. All connections to Server1 must be encrypted. What should you do? ()A、Restart the IPsec Policy Agent service on Server1.B、Assign the Client (Respond Only) IPsec policy to Server1.C、Assign the Server (Request Security) IPsec policy to Server1.D、Assign the Client (Respond Only) IPsec policy to all client computers.
You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers. According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network. You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network. What should you do? ()A、 On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic.B、 Replace all Windows 98 computers with new Windows XP Professional computers.C、 Install the Active Directory Client Extensions software on the Windows 98 computers.D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company. You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group. What should you do?()A、 Add the Cert Administrators group to the Cert Publishers group in the domain.B、 Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow - Write permission.C、 Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow - Modify permission.D、 Assign the Certificate Managers role to the Cert Administrators group.
Your company has an Active Directory Domain Services (AD DS) domain. You install the Remote Desktop Session Host (RD Session Host) role service on a server that runs Windows Server 2008 R2. All client computers run Windows 7. You need to ensure that the current Libraries from users’ computers are available when they log on to the RD Session Host server. What should you do?()A、Redirect each userˉs Documents folder to a network shareB、Redirect each userˉs Links folder to the RD Session Host serverC、Use a startup script to copy .library-ms files from the client computers to the RD Session Host server.D、Use Group Policy Preferences to copy .library-ms files from the client computers to the RD Session Host server.
Your company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. All client computers run Windows 7. You have a Remote Desktop Session Host (RD Session Host) server and a Remote Desktop Gateway (RD Gateway) server. You use Windows Firewall on your servers. You need to ensure that users can connect to their virtual desktops. What should you do?()A、Create a Windows Firewall inbound rule for port 443 on the RD Gateway server.B、Create a Windows Firewall inbound rule for port 443 on the RD Session Host server.C、Create a Windows Firewall inbound rule for port 3389 on the RD Gateway server.D、Create a Windows Firewall inbound rule for port 3389 on the RD Session Host server.
You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All client computers run Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Software Update Services (SUS) on a computer named TestKing1. You create a GPO that configures all client computers to receive their software update from TestKing1. One week later, you run Microsoft Baseline Security Analyzer (MBSA) on all client computers to find out whether all updates are being applied. You discover that all the Windows 2000 Professional client computer received updates, but the Windows XP Professional client computers do not receive updates. You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from TestKing1. What should you do?()A、Make all users of the Windows XP Professional client computers members of the Administrators local group.B、On all Windows XP Professional client computers, install Service Pack 1.C、On all Windows XP Professional client computers, restart Automatic Updates.D、On all Windows XP Professional client computers, delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.
All client computers on your company network run Windows 7 and are members of an Active Directory Domain Services domain. Your company policy requires that all unnecessary services be disabled on the computers. The Sales department staff has been provided with new mobile broadband adapters that use the Global System for Mobile Communications (GSM) technology. You need to ensure that portable computers can connect to the broadband GSM network. Which service should be enabled on the portable computers?()A、WLAN AutoConfigB、WWAN AutoConfigC、Computer BrowserD、Portable Device Enumerator Service
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Windows Server Update Services (WSUS) on a computer named Server2. You create a Group Policy object (GPO) that configures all client computers to receive software updates from Server2. One week later, you run Microsoft Baseline Security Analyzer (MBSA) on all client computers to find out whether all updates are being applied. You discover that all of the Windows 2000 Professional client computers receive updates, but the Windows XP Professional client computers do not receive updates. You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from Server2. What should you do?()A、Make all users of Windows XP Professional client computers members of the Administrators local group.B、On all Windows XP Professional client computers, install the latest service pack.C、On all Windows XP Professional client computers, use the gpupdate /force command.D、On all Windows XP Professional client computers, delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.
Your network consists of a single Active Directory domain. The network contains a Terminal Server that runs Windows Server 2008, and client computers that run Windows Vista. All computers are members of the domain. You deploy an application by using the TS RemoteApp Manager. The Terminal Servers security layer is set to Negotiate. You need to ensure that domain users are not prompted for credentials when they access the application. What should you do?()A、On the server, modify the Password Policy settings in the local Group Policy.B、On the server, modify the Credential Delegation settings in the local Group Policy.C、On all client computers, modify the Password Policy settings in the local Group Policy.D、On all client computers, modify the Credential Delegation settings in the local Group Policy.
Your network contains two servers that run the Server Core installation of Windows Server 2008 R2. The two servers are part of a Network Load Balancing cluster. The cluster hosts a Web site. Administrators use client computers that run Windows 7. You need to recommend a strategy that allows the administrators to remotely manage the Network Load Balancing cluster. Your strategy must support automation. What should you recommend?()A、On the servers, enable Windows Remote Management (WinRM).B、On the servers, add the administrators to the Remote Desktop Users group.C、On the Windows 7 client computers,enable Windows Remote Management (WinRM).D、On the Windows 7 client computers,add the administrators to the Remote Desktop Users group.
Your network consists of a single Active Directory domain. Your network contains 10 servers and 500 client computers. All domain controllers run Windows Server 2008 R2. A Windows Server 2008 R2 server has Remote Desktop Services installed. All client computers run Windows XP Service Pack 3. Youplan to deploy a new line-of-business application. The application requires desktop themes to be enabled. You need to recommend a deployment strategy that meets the following requirements: èOnly authorized users must be allowed to access the application. èAuthorized users must be able to access the application from any client computer. èYour strategy must minimize changes to the client computers. èYour strategy must minimize software costs. What should you recommend?()A、Migrate all client computers to Windows 7. Deploy the application to all client computers by using a Group Policy object (GPO).B、Migrate all client computers to Windows 7. Deploy the application to the authorized users by using a Group Policy object (GPO).C、Deploy the Remote Desktop Connection (RDC) 7.0 software to the client computers. Install the application on the Remote Desktop Services server. Implement Remote Desktop Connection Broker (RD Connection Broker).D、Deploy the Remote Desktop Connection (RDC) 7.0 software to the client computers. Enable the Desktop Experience feature on the Remote Desktop Services server. Install the application on the Remote Desktop Services server.
Your company has an Active Directory Domain Services (AD DS) domain. You install the Remote Desktop Session Host (RD Session Host) role service on a server that runs Windows Server 2008 R2. Client computers run Windows Vista and Windows 7. You need to automate the migration of user settings from client computers to the RD Session Host server. Which tool should you use?()A、Windows Easy TransferB、User State Migration Tool (USMT)C、Windows System Image Manager (Windows SIM)D、Deployment Image Servicing and Management (DISM)
Your network contains an Active Directory domain. You have a server that runs Windows Server 2008 R2 and has the Remote Desktop Services server role enabled. All client computers run Windows 7. You need to plan the deployment of a new line-of-business application to all client computers. The deployment must meet the following requirements: èUsers must access the application from an icon on their desktops. èUsers must have access to the application when they are not connected to the network. What should you do?()A、Publish the application as a RemoteApp.B、Publish the application by using Remote Desktop Web Access (RD Web Access).C、Assign the application to the Remote Desktop Services server by using a Group Policy object (GPO).D、Assign the application to all client computers by using a Group Policy object (GPO).
You work as the IT professional in an international company which is named Wiikigo. You are experiencedin implementing and administering a network operating system.You are specialized in deploying servers,configuring Windows Server 2008 Terminal services and network application services,and configuring aweb services infrastructure. There is a single Active Directory domain in your network. The networkcontains a Terminal Server that runs Windows Server 2008, and client computers that run Windows Vista.All computers are members of the domain. You use the TS RemoteApp Manager to deploy an application.The Terminal Servers security layer is set to Negotiate. You have to make sure that domain users are notprompted for credentials when they access the application. What action should you perform to make sureof this?()A、The Credential Delegation settings in the local Group Policy should be modified on the server.B、The Password Policy settings in the local Group Policy should be modified on the server.C、The Credential Delegation settings in the local Group Policy should be modified on all client computers.D、The Password Policy settings in the local Group Policy should be modified on all client computers.
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group. A new requirement in the company’s written security policy states that the Power Users group must be empty on all resource servers. You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented. What should you do? ()A、 Add the Domain Users global group to the Remote Desktop Users built-in group in the domain. B、 Add the Domain Users global group to the Remote Desktop Users local group on each terminal server.C、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Import the security template into the Default Domain Controllers Policy Group Policy object (GPO).D、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Apply the modified template to each terminal server.
Your company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. All client computers run Windows 7. Remote client computers are not members of the domain. Your environment includes a Remote Desktop Gateway (RD Gateway) server. You install an application on a Remote Desktop Session Host (RD Session Host) server. You need to ensure that remote users can run the application. What should you do?()A、On each remote client computer, configure the Remote Desktop Connection client to connect to the RD Gateway server.B、On each remote client computer, configure the Remote Desktop Connection client to connect without warning if server authentication fails.C、On the RD Session Host server, configure the Remote Desktop Connection client to connect to the RD Gateway server.D、On the RD Gateway server, add the Guests local group to the Remote Desktop Users local group.
Your company has an Active Directory Domain Services (AD DS) domain. All servers run Wind ows Server 2008 R2. All client computers run Windows 7. You have a Remote Desktop Session Host (RD Session Host) server and a Remote Desktop Gateway (RD Gateway) server. You use Windows Firewall on your servers. You need to ensure that users can connect to their virtual desktops. What should you do?()A、Create a Windows Firewall inbound rule for port 443 on the RD Gateway server.B、Create a Windows Firewall inbound rule for port 443 on the RD Se ssion Host server.C、Create a Windows Firewall inbound rule for port 3389 on the RD Gateway server.D、Create a Windows Firewall inbound rule for port 3389 on the RD Session Host server.
All client computers on your company network run Windows XP and are members of an Active Directory Domain Services domain. You plan to migrate all computers to Windows 7. You also plan to deploy a new VPN server to support remote network access for the computers. You need to ensure that all computers will be supported for remote access during the migration to Windows 7. What should you do?()A、Set the VPN server to Layer 2 Tunneling Protocol.B、Set the VPN server to Secure Socket Tunneling Protocol.C、Set the VPN server to Internet Key Exchange version 2.D、Configure the Direct Access feature on the VPN server.
Your network consists of a single Active Directory domain. The domain contains a server named Server1 that runs Windows Server 2008 R2. All client computers run Windows 7. All computers are members of the Active Directory domain. You assign the Secure Server (Require Security) IPsec policy to Server1 by using a Group Policy object (GPO). Users report that they fail to connect to Server1. You need to ensure that users can connect to Server1. All connections to Server1 must be encrypted. What should you do?()A、Restart the IPsec Policy Agent service on Server1.B、Assign the Client (Respond Only) IPsec policy to Server1.C、Assign the Server (Request Security) IPsec policy to Server1.D、Assign the Client (Respond Only) IPsec policy to all client computers.
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company. You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group. What should you do?()A Add the Cert Administrators group to the Cert Publishers group in the domain.B Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow - Write permission.C Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow - Modify permission.D Assign the Certificate Managers role to the Cert Administrators group.
单选题You need to improve the company’s security patch management process. Your solution must meet existing business requirements and it cannot increase the number of employees or unnecessarily increase ongoing administrative effort. What should you do?()AProvide all users with the ability to access and use the Windows Update Web siteBUpgrade all client computers to either Windows 2000 Professional or Windows XP Professional. Implement Software Update Services (SUS)CUpgrade all client computers to either Windows 2000 Professional or Windows XP Professional.Make all users members of the Power Users group on their client computersDInstall the Active Directory Client Extensions on all Windows 95, Windows 98, and Windows NT Workstation 4.0 computers. Manually download all security patches to a Distributed File System (DFS) replica. Instruct all users to use the DFS replica to install security patchesEInstall the Active Directory Client Extensions on all Windows 95, Windows 98, and Windows NT Workstation 4.0 computers. Install a Software Update Services (SUS) server and make all users local administrators on their client computers
单选题Your network consists of a single Active Directory domain. The network contains a Terminal Server that runs Windows Server 2008, and client computers that run Windows Vista. All computers are members of the domain. You deploy an application by using the TS RemoteApp Manager. The Terminal Servers security layer is set to Negotiate. You need to ensure that domain users are not prompted for credentials when they access the application. What should you do?()AOn the server, modify the Password Policy settings in the local Group Policy.BOn the server, modify the Credential Delegation settings in the local Group Policy.COn all client computers, modify the Password Policy settings in the local Group Policy.DOn all client computers, modify the Credential Delegation settings in the local Group Policy.
单选题You work as the IT professional in an international company which is named Wiikigo. You are experiencedin implementing and administering a network operating system.You are specialized in deploying servers,configuring Windows Server 2008 Terminal services and network application services,and configuring aweb services infrastructure. There is a single Active Directory domain in your network. The networkcontains a Terminal Server that runs Windows Server 2008, and client computers that run Windows Vista.All computers are members of the domain. You use the TS RemoteApp Manager to deploy an application.The Terminal Servers security layer is set to Negotiate. You have to make sure that domain users are notprompted for credentials when they access the application. What action should you perform to make sureof this?()AThe Credential Delegation settings in the local Group Policy should be modified on the server.BThe Password Policy settings in the local Group Policy should be modified on the server.CThe Credential Delegation settings in the local Group Policy should be modified on all client computers.DThe Password Policy settings in the local Group Policy should be modified on all client computers.