单选题You need to design an access control strategy that meets business and security requirements. Your solution must minimize forestwide replication. What should you do？（）A Create a global group for each department and a global group for each location. Add 

第1题：

Your network consists of a single Active Directory domain. User accounts for engineering department  are located in an OU named Engineering.    You need to create a password policy for the engineering department that is different from your domain  password policy.    What should you do（）

• A、Create a new GPO. Link the GPO to the Engineering OU.
• B、Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the  Engineering OU.
• C、Create a global security group and add all the user accounts for the engineering department to the  group. Create a new Password Policy Object （PSO） and apply it to the group.
• D、Create a domain local security group and add all the user accounts for the engineering department to  the group. From the Active Directory Users and Computer console， select the group and run the  Delegation of Control Wizard.

第2题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All company data is stored in shared folders on network file servers. The data for each department is stored in a departmental shared folder. Users in each department are members of the departmental global group. Each departmental global group is assigned the Allow - Full Control permission for the corresponding departmental shared folder. Company requirements state that all access to shared folders must be configured by using global groups. A user named Richard works in the sales department. Richard needs to be able to modify files in the Marketing shared folder. You need to ensure that Richard has the minimum permissions for the Marketing shared folder that he needs to do his job. You need to achieve this goal while meeting company requirements and without granting unnecessary permissions. What should you do? （）

• A、Add Richard's user account to the Marketing global group.
• B、Assign the Sales global group the Allow - Change permission for the Marketing shared folder.
• C、Create a new global group. Add Richard's user account to the group. Assign the new global group the Allow - Change permission for the Marketing shared folder.
• D、Assign Richard's user account the Allow - Change permission for the Marketing shared folder.

第3题：

You need to design an access control strategy that meets business and security requirements. Your solution must minimize forestwide replication. What should you do？（）

• A、Create a global group for each department and a global group for each location. Add users to their respective departmental groups as members. Place the departmental global groups within the location global groups. Assign the location global groups to file and printer resources in their respective domains， and then assign permissions for the file and printer resources by using the location global groups
• B、Create a global group for each department， and add the respective users as members. Create domain local groups for file and printer resources. Add the global groups to the respective domain local groups. Then， assign permissions to the file and printer resources by using the domain local groups
• C、Create a local group on each server and add the authorized users as members. Assign appropriate permissions for the file and printer resources to the local groups
• D、Create a universal group for each location， and add the respective users as members. Assign the universal groups to file and printer resources. Then， assign permissions by using the universal groups

第4题：

Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. All servers run Windows Server 2003 Service Pack 2 (SP2). The network contains 10 file servers. Each file server hosts a share named Apps.On each file server, a local group named App-install-local has permissions to the Apps share. A global group named App-install-global belongs to the App-install-local group on each file server. App-install-global is used only to control permissions for the Apps share.You create a global group named Helpdesk.You need to provide the Helpdesk group access to the Apps share on each file server. The Helpdesk group must have the same permissions as the App-install-global group. You must achieve this goal by using the minimum amount of administrative effort.What should you do? （）

• A、Add the Helpdesk group to the App-install-global group.
• B、Add the Helpdesk group to the App-install-local group on each file server.
• C、Convert the App-install-global group to a universal group. Add the App-install-global group to the Helpdesk group.
• D、Convert the Helpdesk group to a universal group. Add the Helpdesk group to the App-install-local group on each file server.

第5题：

Your network consists of a single Active Directory domain. User accounts for engineering  department are located in an OU named Engineering.     You need to create a password policy for the engineering department that is different from your  domain password policy.     What should you do（）

• A、Create a new GPO. Link the GPO to the Engineering OU.
• B、Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the Engineering OU
• C、Create a global security group and add all the user accounts for the engineering department to the group. Create a
• D、Create a domain local security group and add all the user accounts for the engineering department to the group. Fr

第6题：

You need to design a monitoring strategy to meet business requirements for data on servers in the production department. What should you do？（）

• A、Use the Microsoft Baseline Security Analyzer （MBSA） to scan for Windows vulnerabilities on all servers in the production department
• B、Run Security and Configuration Analysis to analyze the security settings of all servers in the production department
• C、Enable auditing for data on each server in the production department. Run System Monitor on all servers in the production department to create a counter log that tracks activity for the Objects performance object
• D、Create a Group Policy Object （GPO） that enables auditing for object access and link it to the product department’s Servers OU. Enable auditing for data on each server in the production department

第7题：

You need to design a method to standardize and deploy a baseline security configuration for servers. You solution must meet business requirements. What should you do？（）

• A、Create a script that installs the Hisecdc.inf security template
• B、Use a GPO to distribute and apply the Hisec.inf security template
• C、Use the System Policy Editor to configure each server’s security settings
• D、Use a GPO to distribute and apply a custom security template

第8题：

Your company has a single-domain Active Directory forest. The functional level of the domain is Windows Server 2008.   You perform the following activities.    Create a global distribution group.      Add users to the global distribution group.      Create a shared folder on a Windows Server 2008 member server.      Place the global distribution group in a domain local group that has access to the shared folder.  You need to ensure that the users have access to the shared folder.  What should you do（）

• A、Raise the forest functional level to Windows Server 2008.
• B、Add the global distribution group to the Domain Administrators group.
• C、Change the group type of the global distribution group to a security group.
• D、Change the scope of the global distribution group to a Universal distribution group.

第9题：

You have an Exchange Server 2010 organization.  The organization contains a global security group named Group1.  You plan to deploy a monitoring solution for the Exchange servers in your organization.  You need to recommend a solution that allows members of Group1 to monitor the performance of Exchange Server 2010 servers.  Your solution must prevent members of Group1 from modifying the configurations of the Exchanges Server 2010 organization.  What should you include in the solution？（）

• A、Delegation of Control Wizard
• B、Federation Trusts
• C、Reliability Monitor
• D、Role Based Access Control （RBAC）

第10题：

You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All TestKing data is stored in shared folders on network file servers. The data for each department is stored in a departmental shared folder. Users in each department are members of the departmental global group. Each departmental global group is assigned the Allow - Full Control permission for the corresponding departmental shared folder. TestKing requirements state that all access to shared folders must be configured by using global groups. A user named Dr King works in the sales department. Dr King needs to be able to modify files in the Marketing shared folder. You need to ensure that Dr King has the minimum permissions for the Marketing shared folder that he needs to do his job. You need to achieve this goal while meeting TestKing requirements and without granting unnecessary permissions. What should you do?（）

• A、Add Dr King's user account to the Marketing global group.
• B、Assign the Sales global group the Allow - Change permission for the Marketing shared folder.
• C、Create a new global group. Add Dr King' user account to the group.Assign the new global group the Allow - Change permission for the Marketing shared folder.
• D、Assign Dr King's user account the Allow - Change permission for the Marketing shared folder.