You have an Active Directory directory service forest with a forest root domain. The root domain has  two child domains named na.corp.contoso.com and asia.prod.contoso.com. You have an Active Directory  site for each domain. All sites are connected through the DEFAULTIPSITELINK site link. You need to  minimize the time that is required to authenticate users when they access resources in the other domain.  
What should you do？（）

单项选择题You are the network administrator for your company. The network consists of a single Active   Directory forest. The forest consists of 19 Active Directory domains. Fifteen of the domains contain  Windows Server 2003 domain controllers. The functional level of all the domains is Windows 2000 native.  The network also consists of a single Microsoft Exchange 2000 Server organization. You need to create  groups that can be used only to send e-mail messages to user accounts throughout the company. You  want to achieve this goal by using the minimum amount of replication traffic and minimizing the size of the  Active Directory database. You need to create a plan for creating e-mail groups for your company.  What should you do？（）

A. Create global distribution groups in each domain. Make the appropriate users from each domain members of the global distribution group in the same domain. Create universal distribution groups. Make the global distribution groups in each domain members of the universal distribution groups.
B. Create global security groups in each domain. Make the appropriate users from each domain members of the security group in the same domain. Create universal security groups. Make the global security groups in each domain members of the universal security groups.
C. Create universal distribution groups. Make the appropriate users from each domain members of a universal distribution group.
D. Create universal security groups. Make the appropriate users from each domain members of a universal security group.

多项选择题Your company has a single Active Directory directory service forest. All user accounts are located in  the Users container. You need to create a number of organizational units （OUs） that will be used to store  user accounts.  What are two possible ways to achieve this goal？（）

A. Use the Active Directory Sites and Services snap-in.
B. Use the Active Directory Users and Computers snap-in.
C. Use the Dsadd command-line tool with the OU parameter.
D. Use the Dsmod command-line tool with the OU parameter.

单项选择题You are the network administrator for your company. Your network consists of a single Active   Directory domain. Three security groups named Accountants， Processors， and Management are located in an organizational unit （OU） named Accounting. All of the user accounts that belong to these three  groups are also in the Accounting OU. You create a Group Policy object （GPO） and link it to the  Accounting OU. You configure the GPO to disable the display options under the User Configuration  section of the GPO. You need to achieve the following goals： You need to ensure that the GPO applies to  all user accounts that are members of the Processors group. You need to prevent the GPO fromapplying  to any user account that is a member of the Accountants group. You need to prevent the GPO from  applying to any user account that is a member of the Management group， unless the user account is also  a member of the Processors group. What should you do？（）

A. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL of the GPO to assign the users who are in both the Accountants and Management security groups the Allow - Read and the Allow - Apply Group Policy permissions.
B. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants and Management security groups the Deny - Read and the Deny - Apply Group Policy permissions. Create a new security group named Mixed that contains all the user accounts from the Processors group and the specific user accounts from the Management group to which you want the GPO to apply. Modify the DACL of the GPO to assign the Mixed security group the Allow - Read and the Allow - Apply Group Policy permissions.
C. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Deny - Apply Group Policy permissions. Modify the DACL settings of the GPO to remove the Authenticated Users special group. Modify the DACL settings of the GPO to add the Processors group and assign the Allow - Read and the Allow - Apply Group Policy permissions.
D. Modify the discretionary access control list （DACL） settings of the GPO to assign the Accountants security group the Deny - Read and the Allow - Apply Group Policy permissions. Modify the DACL settings of the GPO to assign the Management security group the Deny - Read and the Deny - Apply Group Policy permissions.

单项选择题You have a single Active Directory directory service domain. All client computers run either Windows Vista or Windows XP. You create and configure a Group Policy object （GPO） named Secure Client  Computer. You need to ensure that the Secure Client Computer GPO is automatically applied to current  and future Windows XP client computers.  What should you do？（）

A. Create a WMI filter that limits the scope of the Secure Client Computer GPO to the Windows XP operating system. Link the WMI filter to the GPO. Link the GPO to the domain.
B. Create a global security group that contains all of the Windows XP client computers. Edit the permissions of the Secure Client Computer GPO to allow the global security group the Read and Apply Group Policy permissions. Link the Secure Client Computer GPO to the domain.
C. Use the Delegation of Control Wizard at the domain level， and delegate the Generate Resultant Set of policy （Planning） right to the Windows XP client computers. Link the Secure Client Computer GPO to the domain.
D. Use the Delegation of Control Wizard at the domain level， and delegate the Generate Resultant Set of policy （Logging） right to the Windows XP client computers. Link the Secure Client Computer GPO to the domain.

多项选择题Your network consists of Windows XP computers in a single Active Directory directory service   domain. All computers are located in a single Active Directory site. You need to design and deploy a new  Group Policy object （GPO） that automatically installs a custom application on computers.  What are two possible ways to achieve this goal？（）

A. Link the GPO to the domain and assign the application.
B. Link the GPO to the site and assign the application.
C. Link the GPO to the domain and publish the application.
D. Link the GPO to the site and publish the application.