You need to design a method to deploy security configuration

第1题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003.   The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods， audit settings， and account policy settings.   The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements， renaming the administrator account， and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings.   You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized， and that after the deployment， the security settings on all application servers meet the design requirements.   What should you do？ （）

• A、 Apply the Setup security.inf template first， the Hisecws.inf template next， and then the Application.inf template.
• B、 Apply the Application.inf template and then the Hisecws.inf template.
• C、 Apply the Application.inf template first， the Setup security.inf template next， and then the Hisecws.inf template.
• D、 Apply the Setup security.inf template and then the Application.inf template.

第2题：

You need to design a method to address the chief information officer’s security concerns. What should you do？（）

• A、Configure Windows Management Instrumentation （WMI） filtering options in the Default Domain Policy GPO
• B、Use the gpresult command
• C、Use Mbsacli.exe
• D、Configure software restriction policy options in the Default Domain Policy GPO

第3题：

Your company has a single Active Directory Domain Services （AD DS） domain and 1，000 Windows Vista computers.  You are planning to deploy Windows 7 and a custom application.   You have the following requirements：   The application must be available to only a specific group of users. You must be able to monitor application usage.   You need to design a deployment method for the custom application that meets the requirements.  Which deployment method should you use in your design？（）

• A、software installation in Group Policy
• B、startup scripts in Group Policy
• C、Microsoft Application Virtualization （App-V）
• D、baseline Windows 7 image that includes the custom application

第4题：

You are creating a Windows Communication Foundation (WCF) service based on WSHttpBinding. New audit requirements dictate that callers must be authenticated on every call to ensure that their credentials have not been revoked.You need to ensure that the service will not cache the security request token. What should you do?（）

• A、Apply a ServiceBehavior attribute to the service implementation class with the lnstanceContextMode property set to Single.
• B、In the message security configuration, change clientCredentialType from lssuedToken to UserName
• C、In the message security configuration, set establishSecurityContext to false.
• D、At the end of every operation, call the SessionStateUtility.RaiseSessionEnd method.

第5题：

You need to design a method to enable remote encryption on Server5. What should you do？（）

• A、Configure the editor’s user account properties to enable Store password using reversible encryption
• B、Configure the editor’s user account properties to enable Use DES encryption for this account
• C、Configure the Local Security Policy on Server to enable the System cryptography： Use FIPS compliant algorithms for encryption， hashing， and signing security policy
• D、Configure the Server5 computer account properties to enable Trust computer for delegation

第6题：

You are planning a Windows 7 deployment infrastructure for a new company.   You have the following requirements：   Three domains  10，000 client computers No user interaction   You need to recommend a deployment infrastructure.   What should you recommend？（）

• A、Deploy Microsoft Deployment Toolkit （MDT） 2010. Design a zero-touch installation.
• B、Deploy Microsoft System Center Virtual Machine Manager. Design a lite-touch installation.
• C、Deploy Microsoft System Center Operations Manager 2007 R2. Design a lite-touch installation. 
• D、Deploy Microsoft System Center Configuration Manager 2007 R2. Design a zero-touch installation.

第7题：

You need to design a security patch management strategy. Your solution must meet business and security requirements， and it must accommodate the company’s resource restrictions. What should you do？（）

• A、Test and manually deploy updates
• B、Deploy a Software Update Services （SUS） server. Test all updates and then approve them. Configure all client computers to automatically obtain updates from the server
• C、Test all updates and then use a third-party utility to repackage updates in a Windows Installer file. Deploy the -.msi files by using Group Policy
• D、Configure all client computers to use Automatic Updates to obtain security updates from the Windows Update Web site. Test all updates posted to the Windows Update Web site

第8题：

You need to design a method to standardize and deploy a baseline security configuration for servers. You solution must meet business requirements. What should you do？（）

• A、Create a script that installs the Hisecdc.inf security template
• B、Use a GPO to distribute and apply the Hisec.inf security template
• C、Use the System Policy Editor to configure each server’s security settings
• D、Use a GPO to distribute and apply a custom security template

第9题：

You have an Exchange Server 2010 organization that consists of 50 Exchange Server 2010 servers. Your companys security policy states that approved Exchange and Windows Server patches and securityupdates must be applied to all Exchange servers within one week of being released.  You need to recommend a patch management solution that meets the following requirements： .Allow administrators to manually approve patches and security updates .Allow only the installation of approved patches and security updates  .Minimize the administrative effort to deploy patches  .Minimize the deployment costs What should you include in the solution？（）

• A、Microsoft Update
• B、Microsoft System Center Configuration Manager
• C、Windows Server Update Services
• D、Windows Update

第10题：

You deploy mobile devices that run Microsoft Windows Mobile 5.0.   Company security policy requires an authentication process that is stronger than a user name and password combination.   You need to ensure that Microsoft ActiveSync sessions use an authentication process that meets the company security policy.   What should you do？（）

• A、Deploy a two-factor authentication process.
• B、Deploy a single-factor authentication process.
• C、Deploy a simple PIN policy for the Windows Mobilebased devices.
• D、Deploy a complex PIN policy for the Windows Mobilebased devices.