多选题You need to design Group Policy object (GPO) settings to support the use of the Encrypting File System (EFS). Your solution must meet business and security requirements. Which two actions should you perform?()ADesignate a data recovery agent and issue an EFS certificate to the data recovery agent. Export the private key and restrict access to the exported keyBMake the data recovery agent a local administrator on all client computersCRemove the default data recovery agent from the Default Domain Policy GPO. Then, include the new data recovery agent insteadDDelete the Default Domain Policy GPO. Configure a new GPO linked to the domain that does not specify a data recovery agent
多选题
You need to design Group Policy object (GPO) settings to support the use of the Encrypting File System (EFS). Your solution must meet business and security requirements. Which two actions should you perform?()
A
Designate a data recovery agent and issue an EFS certificate to the data recovery agent. Export the private key and restrict access to the exported key
B
Make the data recovery agent a local administrator on all client computers
C
Remove the default data recovery agent from the Default Domain Policy GPO. Then, include the new data recovery agent instead
D
Delete the Default Domain Policy GPO. Configure a new GPO linked to the domain that does not specify a data recovery agent
参考解析
解析:
暂无解析
相关考题:
Your company has deployed Network Access Protection (NAP) enforcement for VPNs.You need to ensure that the health of all clients can be monitored and reported. What should you do?() A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).
You are the administrator responsible for security and user desktop settings on your network. You need to configure a custom registry entry for all users. You want to add the custom registry entry into a Group Policy object (GPO) with the least amount of administrative effort.What should you do?A.Configure an ADM template and add the template to the GPO.B.Configure an INF policy and add the policy to the GPO.C.Configure a Microsoft Windows installer package and add the package to the GPO.D.Configure RIS to include the registry entry.
You need to design desktop and security settings for the client computers in the Seattle call center. Your solution must be implemented by using the minimum amount of administrative effort.Which two actions should you perform?()A、On each client computer in the call center, configure a local policy that lists only authorized programs in the Allowed Windows Programs listB、Using NTFS permissions, assign the Deny – Read permission for all unauthorized executable files to the client computer domain accountsC、Design a Group Policy object (GPO) that enforces a software restriction policy on all client computers in the call centerD、Design a Group Policy object (GPO) that implements an IPSec policy on all client computers in the call center. Ensure that the IPSec policy rejects connections to any Web servers that the company does not operate
You configure and deploy a Group Policy object (GPO) that contains AppLocker settings. You need to identify whether a specific application file is allowed to run on a computer. Which Windows PowerShell cmdlet should you use()A、Get-AppLockerFileInformationB、Get-GPOReportC、Get-GPPermissionsD、Test-AppLockerPolicy
You are the network administrator for your company. Your network consists of a single Active Directory domain. Three security groups named Accountants, Processors, and Management are located in an organizational unit (OU) named Accounting. All of the user accounts that belong to these three groups are also in the Accounting OU. You create a Group Policy object (GPO) and link it to the Accounting OU. You configure the GPO to disable the display options under the User Configuration section of the GPO. You need to achieve the following goals: You need to ensure that the GPO applies to all user accounts that are members of the Processors group. You need to prevent the GPO fromapplying to any user account that is a member of the Accountants group. You need to prevent the GPO from applying to any user account that is a member of the Management group, unless the user account is also a member of the Processors group. What should you do?()A、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL of the GPO to assign the users who are in both the Accountants and Management security groups the Allow - Read and the Allow - Apply Group Policy permissions.B、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Create a new security group named Mixed that contains all the user accounts from the Processors group and the specific user accounts from the Management group to which you want the GPO to apply. Modify the DACL of the GPO to assign the Mixed security group the Allow - Read and the Allow - Apply Group Policy permissions.C、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants security group the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL settings of the GPO to remove the Authenticated Users special group. Modify the DACL settings of the GPO to add the Processors group and assign the Allow - Read and the Allow - Apply Group Policy permissions.D、 Modify the discretionary access control list (DACL) settings of the GPO to assign the Accountants security group the Deny - Read and the Allow - Apply Group Policy permissions. Modify the DACL settings of the GPO to assign the Management security group the Deny - Read and the Deny - Apply Group Policy permissions.
You have a single Active Directory directory service domain. You use a Group Policy object (GPO) to apply security settings to your client computers. You configure the startup type for system services settings in a new GPO, and you link the GPO to an organizational unit (OU). You discover that the startup type for system services on one of the client computers has not been updated. You need to ensure that the Group Policy settings are applied to the client computer. What should you do?()A、 Restart the client computer.B、 Instruct the user to log off and then log on to the client computer.C、 On the client computer, run the Gpupdate.exe command with the /Force parameter.D、 On the client computer, run the Gpupdate.exe command with the /Target:computer parameter.
You have a single Active Directory directory service domain. You back up your domain controllers on a nightly basis. You perform Group Policy backups on a nightly basis. A Group Policy object (GPO) is accidentally deleted. You need to restore the GPO. What should you do?()A、 Perform a nonauthoritative restore of the Active Directory database.B、 Perform an authoritative restore of the Active Directory database.C、 Select the Import Policy option in the Group Policy Object Editor.D、 Restore the GPO by using the Group Policy Management Console.
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()A、In a Group Policy object (GPO), configure the autoenrollment settingsB、In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.C、On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.D、On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.
You need to configure the security settings for the new app servers. Which two actions should you perform?()A、Create a Group policy object (GPO) for the web servers.B、Create a Group policy object (GPO) for the database servers.C、Modify the Default Domain Policy.D、Modify the Default Domain Controllers Policy.
Your company has deployed network access protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?()A、Create a group policy object (GPO) that enabled security center and link the policy to the domain.B、Create a group policy object (GPO) that enabled security center and link the policy to the domain controllers organizational unit (OU).C、Create a group policy object (GPO) and set the require trusted path for credential entry option to enabled. Link the policy to the domain.D、Create a group policy object (GPO) and set the require trusted path for credential entry option to Enabled. Link the policy to the domain controllers organizational unit (OU).
You have a single Active Directory directory service domain. All servers run Windows Server 2003. You need to specify the list of applications that users are permitted to run. You create a new Group Policy object (GPO) and link it to the domain. What should you do next?()A、 Configure Software Restriction Policies Group Policy settings.B、 Configure the Enable user control over installs Group Policy setting.C、 Assign all approved applications.D、 Publish all approved applications.
You need to create a Password Settings object (PSO). Which tool should you use()A、Active Directory Users and ComputersB、ADSI EditC、Group Policy Management ConsoleD、Ntdsutil
You create a Password Settings object (PSO). You need to apply the PSO to a domain user named User1. What should you do()A、Modify the properties of the PSO.B、Modify the account options of the User1 account.C、Modify the security settings of the User1 account.D、Modify the password policy of the Default Domain Policy Group Policy object (GPO).
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()A、In a Group Policy object (GPO), configure the autoenrollment settings.B、In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.C、On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.D、On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.
多选题You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()AIn a Group Policy object (GPO), configure the autoenrollment settings.BIn a Group Policy object (GPO), configure the Automatic Certificate Request Settings.COn the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.DOn the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.
单选题You need to design a software usage policy for the employees of Southbridge Video. The policy must meet business requirements. What should you do?()AConfigure the software restriction policy in the Default Domain Policy Group Policy object (GPO)BCreate a new connection object by using the Connection Manager Administration Kit (CMAK), and install the new connection object on all client computersCCreate and configure a local security policy on both of the ISA server computersDConfigure the Internet Explorer settings in the Default Domain Policy Group Policy object (GPO)
单选题Your company has an Active Directory domain. The company runs Terminal Services. Standard users who connect to the Terminal Server are in the TSUsers organizational unit (OU). Administrative users are in the TSAdmins OU. No other users connect to the Terminal Server. You need to ensure that only members of the TSAdmins OU can run the Remote Desktop Protocol files. What should you do?()ACreate a Group Policy object (GPO) that configures the Allow .rdp files from unknown publishers policy setting in the Remote Desktop Client Connection template to Disabled. Apply the GPO to the TSUsers OU.BCreate a Group Policy object (GPO) that configures the Allow .rdp files from valid publishers and users default .rdp settings policy setting in the Remote Desktop Client Connection template to Disabled. Apply the GPO to the TSUsers OU.CCreate a Group Policy object (GPO) that configures the Allow .rdp files from valid publishers and users default .rdp settings policy setting in the Remote Desktop Client Connection template to Enabled. Apply the GPO to the TSAdmins OU.DCreate a Group Policy object (GPO) that configures the Specify SHA1 thumbprints of certificates representing trusted .rdp publishers policy setting in the Remote Desktop Client Connection template to Enabled. Apply the GPO to the TSAdmins OU.
单选题Your network contains an Active Directory domain named contoso.com. You have a starter Group Policy object (GPO) named GPO1 that contains more than 100 settings. You need to create a new starter GPO based on the settings in GPO1. You must achieve this goal by using the minimum amount of administrative effort. What should you do?()ARun the New-GPStarterGPO cmdlet and the Copy-GPO cmdletBCreate a new starter GPO and manually configure the policy settings of the starter GPO.CRight-click GPO1, and then click Back Up.Create a new starter GPO,Right-click the new GPO, and then click Restore from BackupDRight-click GPO1, and then click Copy. Right-click Starter GPOs, and then click Paste
多选题You need to design desktop and security settings for the client computers in the Seattle call center. Your solution must be implemented by using the minimum amount of administrative effort.Which two actions should you perform?()AOn each client computer in the call center, configure a local policy that lists only authorized programs in the Allowed Windows Programs listBUsing NTFS permissions, assign the Deny – Read permission for all unauthorized executable files to the client computer domain accountsCDesign a Group Policy object (GPO) that enforces a software restriction policy on all client computers in the call centerDDesign a Group Policy object (GPO) that implements an IPSec policy on all client computers in the call center. Ensure that the IPSec policy rejects connections to any Web servers that the company does not operate
多选题You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()AIn a Group Policy object (GPO), configure the autoenrollment settingsBIn a Group Policy object (GPO), configure the Automatic Certificate Request Settings.COn the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.DOn the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.
单选题Your company has a single Active Directory Domain Services (AD DS) forest with a single domain named PassGuide.com. All client computers run Windows 7. All client computer accounts are located in the Computers container in the PassGuide.com domain. You discover that multiple client computers were automatically shut down because the security log was full. You need to ensure that client computers are not shut down when the security log becomes full. What should you do?()AConfigure an Event Viewer subscription.BIncrease the maximum log size.CModify the event log policy settings in the Default Domain Policy Group Policy object (GPO).DModify the event log policy settings in the Default Domain Controllers Policy Group Policy object(GPO).
多选题You have a single Active Directory directory service domain. All users are located in an organizational unit (OU) named ContosoUsers. All client computer accounts are located in an OU named ContosoComputers. You need to deploy a new application to all users. The application shortcut must be available the next time the users log on. What are two possible ways to achieve this goal?()ACreate a Group Policy object (GPO) to publish the application. Link the GPO to the ContosoComputers OU.BCreate a Group Policy object (GPO) to assign the application. Link the GPO to the ContosoComputers OU.CCreate a Group Policy object (GPO) to publish the application. Link the GPO to the ContosoUsers OU.DCreate a Group Policy object (GPO) to assign the application. Link the GPO to the ContosoUsers OU.
单选题You configure and deploy a Group Policy object (GPO) that contains AppLocker settings. You need to identify whether a specific application file is allowed to run on a computer. Which Windows PowerShell cmdlet should you use()AGet-AppLockerFileInformationBGet-GPOReportCGet-GPPermissionsDTest-AppLockerPolicy
单选题You need to design the configuration for the kiosk computers. Your solution must be able to be implemented by using the minimum amount of administrative effort. What should you do?()AConfigure the kiosk computers as computers that are not members of any domain.Use Local Computer Policy to configure the computers with the collection of settings in the Kiosk Desktop SpecificationBInstall one kiosk computer as a model.Configure this computer with the collection of settings in the Kiosk Desktop Specification.Copy the content of the C:///Documents and Settings/Default Users folder from this model computer to all other kiosk computersCCreate a system policy file named Ntconfig.pol and configure it with the collection of settings in the Kiosk Desktop Specification.Make the kiosk computers members of the Active Directory domain.Use a Group Policy object (GPO) to run a startup script that copies the Ntconfig.pol file to the System32 folder on each kiosk computerDCreate a Group Policy object (GPO) and configure it with the collection of settings in the Kiosk Desktop Specification: Also include an appropriate software restriction policy.Make the kiosk computers members of the Active Directory domain, and place the computer account objects in a dedicated OU. Link the GPO to this OU