Your company has a single Active Directory directory service forest. All user accounts are located in  the Users container. You need to create a number of organizational units （OUs） that will be used to store  user accounts. 
What are two possible ways to achieve this goal？（）

单项选择题You are the network administrator for your company. Your network consists of a single Active   Directory domain. Three security groups named Accountants， Processors， and Management are located in an organizational unit （OU） named Accounting. All of the user accounts that belong to these three  groups are also in the Accounting OU. You create a Group Policy object （GPO） and link it to the  Accounting OU. You configure the GPO to disable the display options under the User Configuration  section of the GPO. You need to achieve the following goals： You need to ensure that the GPO applies to  all user accounts that are members of the Processors group. You need to prevent the GPO fromapplying  to any user account that is a member of the Accountants group. You need to prevent the GPO from  applying to any user account that is a member of the Management group， unless the user account is also  a member of the Processors group. What should you do？（）

A. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL of the GPO to assign the users who are in both the Accountants and Management security groups the Allow - Read and the Allow - Apply Group Policy permissions.
B. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Create a new security group named Mixed that contains all the user accounts from the Processors group and the specific user accounts from the Management group to which you want the GPO to apply. Modify the DACL of the GPO to assign the Mixed security group the Allow - Read and the Allow - Apply Group Policy permissions.
C. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL settings of the GPO to remove the Authenticated Users special group. Modify the DACL settings of the GPO to add the Processors group and assign the Allow - Read and the Allow - Apply Group Policy permissions.
D. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Allow - Apply Group Policy permissions. Modify the DACL settings of the GPO to assign the Management security group the Deny - Read and the Deny - Apply Group Policy permissions.

单项选择题You have a single Active Directory directory service domain. All client computers run either Windows Vista or Windows XP. You create and configure a Group Policy object （GPO） named Secure Client  Computer. You need to ensure that the Secure Client Computer GPO is automatically applied to current  and future Windows XP client computers.  What should you do？（）

A. Create a WMI filter that limits the scope of the Secure Client Computer GPO to the Windows XP operating system. Link the WMI filter to the GPO. Link the GPO to the domain.
B. Create a global security group that contains all of the Windows XP client computers. Edit the permissions of the Secure Client Computer GPO to allow the global security group the Read and Apply Group Policy permissions. Link the Secure Client Computer GPO to the domain.
C. Use the Delegation of Control Wizard at the domain level， and delegate the Generate Resultant Set of policy （Planning） right to the Windows XP client computers. Link the Secure Client Computer GPO to the domain.
D. Use the Delegation of Control Wizard at the domain level， and delegate the Generate Resultant Set of policy （Logging） right to the Windows XP client computers. Link the Secure Client Computer GPO to the domain.

多项选择题Your network consists of Windows XP computers in a single Active Directory directory service   domain. All computers are located in a single Active Directory site. You need to design and deploy a new  Group Policy object （GPO） that automatically installs a custom application on computers.  What are two possible ways to achieve this goal？（）

A. Link the GPO to the domain and assign the application.
B. Link the GPO to the site and assign the application.
C. Link the GPO to the domain and publish the application.
D. Link the GPO to the site and publish the application.

单项选择题Your company plans to distribute an application to all of its client computers by using GroupPolicy. You save a file named setup.msi to a local folder on the domain controller. You assign the Authenticated Users group the Read and Read & Execute permissions for the folder. You create a new Group Policy  object （GPO） and a new Computer Configuration software installation package， and you point the package to the setup.msi file in the local folder. You link the GPO to an organizational unit （OU） that contains a computer object for a test client computer. When you log on to the test client computer， you  notice that the application is not installed. You need to ensure that the application is installed on the test computer.  What should you do？（）

A. Modify the permissions on the folder that contains the setup.msi file so that authenticated users have the List Folder Contents permission. Log off the client computer and then log on.
B. Modify the permissions on the folder that contains the setup.msi file so that authenticated users have the List Folder Contents permission. Restart the client computer.
C. Place the setup.msi file into a shared folder. Modify the software installation package to point to the shared folder. Log off the client computer and then log on.
D. Place the setup.msi file into a shared folder. Modify the software installation package to point to the shared folder. Restart the client computer.

单项选择题Your network consists of Windows XP computers. All computers are joined to a single Active  Directory directory service domain and located in a single Active Directory site. You create a new Group  Policy object （GPO） and link it to the site. The policy configures default screensaver settings. User  accounts of users in the research department are located in an organizational unit （OU） named Research.  You need to allow users in the research department to configure a different screensaver setting on their  computers.  What should you do？（）

A. Move the user accounts of users in the research department to the Users container.
B. Configure a local security policy on all computers in the research department to allow users to modify their screensaver settings.
C. Add users in the research department to a domain group. Allow the group the Apply Group Policy permission for the GPO.
D. Add users in the research department to a domain group. Deny the group the Apply Group Policy permission to the GPO.