You are a security administrator for your company. The -找考题网

单项选择题You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The company occasionally experiences downtime because of malicious lnternet worms that arrive as Microsoft Visual Basic Scripting Edition （VBS） files. You examine several client computers and discover that VBS files are downloaded by using Microsoft Outlook，instant messaging，or peer-to-peer file sharing programs. You need to prevent users from running VBS files regardless of how they arrive on client computers. What should you do？（）

A. Use a software restriction policy to disable all unauthorized scripts.
B. Use an Administrative Template to ensure that Outlook and lnternet Explorer are in the Restricted Sites security zon
C. Use a centralized logon script to rename the Wscript.exe file on each computer to contain a nonexecutable extensio
D. Use a file system security policy to assign the Deny - Execute permission for the Wscript.exe file.

单项选择题You are a security administrator for your company. The company has one main office and five branch offices. Network administrators work in the main office and each branch office. Network administrators in the main office frequently create scripts that automate common administrative tasks. You review each script to ensure it does not introduce security vulnerabilities. Scripts that do not introduce security vulnerabilities are considered approved. Occasionally， branch office administrators modify these scripts and distribute the modified scripts to other branch office administrators. Branch office administrators often report that they accidentally run a modified version of a script. You need to ensure that branch office administrators can verify which scripts are approved scripts. What should you do？（）

A. Maintain a list of the dates that the approved scripts were last modified. lnstruct branch office administrators to verif
B. Digitally sign All approved scripts. Instruct branch office administrators to verify the signature before using a script.
C. Distribute all approved scripts to branch office administrators in an e-mail message.
D. Place all approved scripts on a file server in the main office. Assign All branch office administrators only the Allow -the approved scripts. Instruct administrators to copy scripts from this file server.

单项选择题You are a security administrator for your company. The network consists of three Active Directory domains. All Active Directory domains are running at a Windows Server 2003 mode functionality level. Employees in the editorial department of your company need access to resources on file servers that are in each of the Active Directory domains. Each Active Directory domain in the company contains at least one editorial department employee user account. You need to create a single group named Company Editors that contains all editorial department employee user accounts and that has access to the resources on file server computers. What should you do？（）

A. Create a global distribution group in the forest root domain and name it Company Editors.
B. Create a global security group in the forest root domain and name it Company Editors.
C. Create a universal distribution group in the forest root domain and name it Company Editors.
D. Create a universal security group in the forest root domain and name it Company Editors.

单项选择题You are a security administrator for your company. The network consists of a single Active Directory domain. Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows XP Professional. The company’s written security policy states that user accounts must be locked if an unauthorized user attempts to guess the users， passwords. The current account policy locks out a user after two invalid password attempts in five minutes. The user remains locked out until the account is reset by an administrator. Users frequently call the help desk to have their account unlocked. Calls related to account lockout constitute 25 percent of help desk calls. You need to reduce the number of help desk calls related to account lockout. What should you do？（）

A. Modify the Default Domain Controllers Policy Group Policy object（GPO）. Increase the maximum lifetime for service
B. Modify the Default Domain Policy Group Policy object（GPO）. Configure an account lockout threshold of 10.
C. Modify the Default Domain Controllers Policy Group Policy object（GPO）. Disable the enforcement of user logon res
D. Modify the Default Domain Policy Group Policy object（GPO）. Increase the minimum password age.

单项选择题You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows 2000 Professional. You manage a Windows Server 2003 computer named Server1 that is a domain member server. You use IIS on Server1 to host an Internet Web site. Approximately 4，000 employees of your company connect over the lnternet to access company confidential data on Server1. You control access to data on Server1 by using NTFS file permissions assigned to groups. Different groups are assigned access to different files. Employees must have access only to files that they are assigned access to based on their membership in a group. You enable SSL on Server1 to protect confidential data while it is in transit. You issue each employee an Authenticated Session certificate and store a copy of that certificate with their user account in the Active Directory domain. You need to ensure that Server1 authenticates users based on possession of their certificate. What should you do？（）

A. Request a Web server certificate from a commercial certification authority （CA）.
B. Configure access restrictions based on employee ip address.
C. Enable Digest authentication for Windows domain servers.
D. Configure client certificate mapping.