You need to create a Password Settings object （PSO）. Which t

第1题：

You have an Exchange Server 2010 organization.You need to prevent users from changing their password by using Outlook Web App （OWA）.What should you do？（）

• A、Create a Group Policy Object.
• B、Create an Outlook Web App Mailbox policy.
• C、Modify the authentication settings of the OWA virtual directory.
• D、Modify the authentication settings of the IISADMPWD virtual directory.

第2题：

Your network contains an Active Directory forest. The forest contains one domain and three sites.   Each site contains two domain controllers. All domain controllers are DNS servers.  You create a new Active Directory-integrated zone.   You need to ensure that the new zone is replicated to the domain controllers in only one of the sites.   What should you do first（）

• A、Modify the NTDS Site Settings object for the site.
• B、Modify the replication settings of the default site link.
• C、Create an Active Directory connection object.
• D、Create an Active Directory application directory partition.

第3题：

Your network consists of a single Active Directory domain. User accounts for engineering department  are located in an OU named Engineering.    You need to create a password policy for the engineering department that is different from your domain  password policy.    What should you do（）

• A、Create a new GPO. Link the GPO to the Engineering OU.
• B、Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the  Engineering OU.
• C、Create a global security group and add all the user accounts for the engineering department to the  group. Create a new Password Policy Object （PSO） and apply it to the group.
• D、Create a domain local security group and add all the user accounts for the engineering department to  the group. From the Active Directory Users and Computer console， select the group and run the  Delegation of Control Wizard.

第4题：

You need to configure the security settings for the new app servers. Which two actions should you perform?（）

• A、Create a Group policy object (GPO) for the web servers.
• B、Create a Group policy object (GPO) for the database servers.
• C、Modify the Default Domain Policy.
• D、Modify the Default Domain Controllers Policy.

第5题：

Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site1 contains four domain controllers. Site2 contains a read-only domain controller （RODC）.   You add a user named User1 to the Allowed RODC Password Replication Group. The WAN link between Site1 and Site2 fails.   User1 restarts his computer and reports that he is unable to log on to the domain. The WAN link is restored and User1 reports that he is able to log on to the domain.  You need to prevent the problem from reoccurring if the WAN link fails.   What should you do（）

• A、Create a Password Settings object （PSO） and link the PSO to User1’s user account.
• B、Create a Password Settings object （PSO） and link the PSO to the Domain Users group.
• C、Add the computer account of the RODC to the Allowed RODC Password Replication Group.
• D、Add the computer account of User1’s computer to the Allowed RODC Password Replication Group.

第6题：

Your network contains an Active Directory forest. The functional level of the forest is Windows Server  2008 R2.   Your companys corporate security policy states that the password for each user account must be  changed at least every 45 days.   You have a user account named Service1. Service1 is used by a network application named Application1.   Every 45 days， Application1 fails.   After resetting the password for Service1， Application1 runs properly.   You need to resolve the issue that causes Application1 to fail. The solution must adhere to the corporate  security policy.   What should you do（）

• A、Run the Set-ADAccountControl cmdlet.
• B、Run the Set-ADServiceAccount cmdlet.
• C、Create a new password policy.
• D、Create a new Password Settings object （PSO）.

第7题：

Your company has a main office and a branch office.  The network contains an Active Directory domain.   The main office contains a writable domain controller named DC1. The branch office contains a read-only  domain controller （RODC） named DC2.   You discover that the password of an administrator named Admin1 is cached on DC2.  You need to prevent Admin1s password from being cached on DC2.   What should you do（）

• A、Modify the NTDS Site Settings.
• B、Modify the properties of the domain.
• C、Create a Password Setting object （PSO）.
• D、Modify the properties of DC2s computer account.

第8题：

Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2008 R2. All servers run Windows Server 2008 R2.   A corporate security policy requires complex passwords for user accounts that have administrator  privileges. You need to design a strategy that meets the following requirements： èEnsures that administrators use complex passwords   èMinimizes the number of servers required to support the solution What should you include in your design？（）

• A、Implement Network Access Protection （NAP）.
• B、Implement Active Directory Rights Management Services （AD RMS）.
• C、Create a new Password Settings Object （PSO） for administrator accounts.
• D、Create a new child domain in the forest. Move all non-administrator accounts to the new domain.Configure a complex password policy in the root domain.

第9题：

Your network contains an Active Directory forest. The forest contains an Acitve Directory site for a  remote office. The remote site contains a read-only domain controller （RODC）.     You need to configure the RODC to store only the password of users in the remote site.     What should you do（）

• A、Create a Paasword Settings object （PSO）.
• B、Modify the Partial-Attribute-Set attribute of the forest.
• C、Add the users accounts of the remote site users to the Allowed RODC Password Replication Group.
• D、Add the users accounts of users who are not in the remote site to the Denied RODC Password Replication Group.

第10题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 10 domain controllers and 50 servers in application server roles. All servers run Windows Server 2003.   The application servers are configured with custom security settings that are specific to their roles as application servers. Application servers are required to audit account logon events， object access events， and system events. Application servers are required to have passwords that meet complexity requirements， to enforce password history， and to enforce password aging. Application servers must also be protected against man-in-the-middle attacks during authentication.  You need to deploy and refresh the custom security settings on a routine basis. You also need to be able to verify the custom security settings during audits.   What should you do？ （）

• A、 Create a custom security template and apply it by using Group Policy.
• B、 Create a custom IPSec policy and assign it by using Group Policy.
• C、 Create and apply a custom Administrative Template.
• D、 Create a custom application server image and deploy it by using RIS.