Your corporate security policy requires that a user performi

第1题：

第2题：

Your network contains a server named Server1 that runs Windows Server 2008 R2.You have a user named User1.You need to ensure that User1 can view the events in the Security event log. The solution must minimize the number of rights assigned to User1. What should you do？（）

• A、In Event Viewer, filter the Security log.
• B、In Event Viewer, configure the properties of the Security log.
• C、In the Local Security Policy console, modify the Security Options.
• D、In the Registry Editor, add a Security Descriptor Definition Language (SDDL) value.

第3题：

第4题：

Your corporate network has a member server named RAS1 that runs Windows Server 2008. You configure RAS1 to use the Routing and Remote Access Service （RRAS） The companys remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees. You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection. What should you do？（）

• A、 Install the Network Policy Server （NPS） on the RAS1 server
• B、 Create a remote access policy that requires users to authenticate by using SPAP
• C、 Create a remote access policy that requires users to authenticate by using EAP-TLS
• D、 Create a remote access policy that requires users to authenticate by using MS-CHAP v2

第5题：

Which statement describes the behavior of a security policy？（）

• A、The implicit default security policy permits all traffic.
• B、Traffic destined to the device itself always requires a security policy.
• C、Traffic destined to the device’s incoming interface does not require a security policy.
• D、The factory-default configuration permits all traffic from all interfaces.

第6题：

An organization has decided to deploy an IBM Tivoli Access Manager for Enterprise Single-on solution to help address security and productivity issues. Per their corporate security policy， the organization has detailed requirements related to password management for their enterprise applications.  Which password requirements need to be captured？（）

• A、details related to application user ID requirements
• B、policy requirements related to the number of applications that a user can access
• C、policy requirements for application and user initiated password resets and password complexity
• D、do nothing as password policy requirements are best addressed within the application space rather than in an Enterprise Single Sign-On project

第7题：

Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2008 R2. All servers run Windows Server 2008 R2.   A corporate security policy requires complex passwords for user accounts that have administrator  privileges. You need to design a strategy that meets the following requirements： èEnsures that administrators use complex passwords   èMinimizes the number of servers required to support the solution What should you include in your design？（）

• A、Implement Network Access Protection （NAP）.
• B、Implement Active Directory Rights Management Services （AD RMS）.
• C、Create a new Password Settings Object （PSO） for administrator accounts.
• D、Create a new child domain in the forest. Move all non-administrator accounts to the new domain.Configure a complex password policy in the root domain.

第8题：

第9题：

You are the network administrator for your company. Your network consists of a single Active   Directory domain. Three security groups named Accountants， Processors， and Management are located in an organizational unit （OU） named Accounting. All of the user accounts that belong to these three  groups are also in the Accounting OU. You create a Group Policy object （GPO） and link it to the  Accounting OU. You configure the GPO to disable the display options under the User Configuration  section of the GPO. You need to achieve the following goals： You need to ensure that the GPO applies to  all user accounts that are members of the Processors group. You need to prevent the GPO fromapplying  to any user account that is a member of the Accountants group. You need to prevent the GPO from  applying to any user account that is a member of the Management group， unless the user account is also  a member of the Processors group. What should you do？（）

• A、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL of the GPO to assign the users who are in both the Accountants and Management security groups the Allow - Read and the Allow - Apply Group Policy permissions.
• B、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Create a new security group named Mixed that contains all the user accounts from the Processors group and the specific user accounts from the Management group to which you want the GPO to apply. Modify the DACL of the GPO to assign the Mixed security group the Allow - Read and the Allow - Apply Group Policy permissions.
• C、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL settings of the GPO to remove the Authenticated Users special group. Modify the DACL settings of the GPO to add the Processors group and assign the Allow - Read and the Allow - Apply Group Policy permissions.
• D、 Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Allow - Apply Group Policy permissions. Modify the DACL settings of the GPO to assign the Management security group the Deny - Read and the Deny - Apply Group Policy permissions.

第10题：

You are a network administrator of an organization. Maria and John are your network assistant. You have grant then the rights to modify the user properties in the computer management. You want to audit the modification in user accounts. What should you do？（）

• A、Turn on auditing for objects in the Local Security Policy and Select 'Process Tracking'.
• B、Turn on auditing for objects in the Local Security Policy and Select 'Object Access'. 
• C、Use Windows Explorer to turn on auditing for the specific files.
• D、Have the administrator for domains log you on as an administrator and enable auditing for a  specific file.
• E、Turn on auditing for objects in the Local Security Policy and Select 'Account Management'.
• F、Allow only one account at a time to log on to your shared folder. Check the event viewer to  see who logged on.