You are a security administrator for your company. The netwo

第1题：

You have a share on your local computer. This share contains some sensitive applications in theform of .exe files. You want to audit the users who are trying to execute these programs. What should you do？（）

• A、Turn on auditing for objects in the Local Security Policy and Select 'Process Tracking'.
• B、Turn on auditing for objects in the Local Security Policy and Select 'Object Access'.
• C、Use Windows Explorer to turn on auditing for the specific files. 
• D、Have the administrator for domains log you on as an administrator and enable auditing for a  specific file.
• E、Turn on auditing for objects in the Local Security Policy and Select 'Account Management'.
• F、Allow only one account at a time to log on to your shared folder. Check the event viewer to  see who logged on. 

第2题：

You are a security administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional.    You install Software Update Services （SUS） on a server named Server1. The company’s written security policy states that all updates must be tested and approved before they are installed on network computers.    You need to ensure that SUS uses the minimum amount of disk space on Server1.  What should you do？（）

• A、 Configure Server1 to redirect client computers to the Microsoft Windows Update servers.
• B、 Compress the folder in which the downloaded updates are stored.
• C、 Configure Server1 to store only the locales that are needed.
• D、 Download the updates， and then delete updates that are not approved for client computers.

第3题：

第4题：

You are the administrator of your company’s network. You use Security Templates to configure a Security Policy on the Windows 2000 Professional Computers in the Sales organizational unit （OU）. You notice that the Computers in the Sales OU are not downloading the Security Policy settings. On each computer， the Security Policy appears in the Local Computer Policy， but is not listed as the effective policy. You want all computers in the Sales OU to have the Security Policy listed as the effective policy. How should you accomplish this task？ （）

• A、Use Security Templates to correct the setting and export the security file.
• B、Use Security Configuration and Analysis to import the security setting. Then create a Group policy object （GPO） for the Sales QU.
• C、Use Secedit /RefreshPolicy Machine_Policy command.
• D、Use the Basicwk.inf security file settings， save the security file， and then import the fileto theComputers.

第5题：

You are the network administrator for your company. All servers run Windows Server 2003.  Twenty company employees connect to a terminal server named Server2 to run applications and to gain access to the Internet.The 20 employees report that they receive security messages while browsing Internet Web sites.  The employees report that they cannot modify the Internet Explorer security settings on their client computers while connected to Server2.You need to allow these 20 employees to modify the Internet Explorer security settings on their client computers while connected to Server2. What should you do？（）

• A、Log on to Server2 as Administrator and add http：// to the list of trusted sites in Internet Explorer.
• B、Instruct the 20 employees to add http：// to the list of trusted sites in Internet Explorer on their client computers.
• C、Instruct the 20 employees to change the Internet Explorer privacy settings on their client computers to Low.
• D、Uninstall Internet Explorer Enhanced Security Configuration on Server2.

第6题：

You work as a network administrator in your company. Communication inside the company is ensured by network environments, such as GET VPN, Dynamic Multipoint VPN and Ethernet. Which PIN architecture is applicable in those environments?（）

• A、Campus
• B、Teleworker
• C、Branch
• D、Data center

第7题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003.   The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods， audit settings， and account policy settings.   The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements， renaming the administrator account， and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings.   You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized， and that after the deployment， the security settings on all application servers meet the design requirements.   What should you do？ （）

• A、 Apply the Setup security.inf template first， the Hisecws.inf template next， and then the Application.inf template.
• B、 Apply the Application.inf template and then the Hisecws.inf template.
• C、 Apply the Application.inf template first， the Setup security.inf template next， and then the Hisecws.inf template.
• D、 Apply the Setup security.inf template and then the Application.inf template.

第8题：

第9题：

You are the desktop administrator for your company. The company's network contains 500 Windows XP Professional computers. The information security department releases a new security template named NewSec.inf. You import NewSec.inf into a security database named NewSec.sdb. You analyze the result, and you review the changes that the template makes. You examine the security policies that are defined in NewSec.inf. You discover that the settings in NewSec.inf have not been implemented on your computer. You need to ensure that the settings in NewSec.inf overwrite the settings in your computer's local security policy. What are two possible ways to achieve this goal?（）

• A、Run the Secedit /configure /db C:/NewSec.sdb command.
• B、Run the Secedit /refreshpolicy machine_policy command.
• C、Copy NewSec.inf to the C:/Windows/Inf folder. 
• D、Copy NewSec.sdb to the C:/Windows/System32/Microsoft/Protect folder. 
• E、Use the Security Configuration and Analysis console to open NewSec.sdb and then to perform a Configure operation. 
• F、Use the Security Configuration and Analysis console to export NewSec.sdb to the Defltwk.inf security template. 

第10题：

You are a network administrator of an organization. Maria and John are your network assistant. You have grant then the rights to modify the user properties in the computer management. You want to audit the modification in user accounts. What should you do？（）

• A、Turn on auditing for objects in the Local Security Policy and Select 'Process Tracking'.
• B、Turn on auditing for objects in the Local Security Policy and Select 'Object Access'. 
• C、Use Windows Explorer to turn on auditing for the specific files.
• D、Have the administrator for domains log you on as an administrator and enable auditing for a  specific file.
• E、Turn on auditing for objects in the Local Security Policy and Select 'Account Management'.
• F、Allow only one account at a time to log on to your shared folder. Check the event viewer to  see who logged on.