A.Encrypt customer information when it is stored and when it is being transmitted
B.Require encrypted connections to the public Web site， which is hosted on the Web server on the perimeter network
C.Encrypt all marketing information on file servers and client computers
D.Require encrypted connections to all file servers

A.Permit administrators to use an HTTP interface to manage servers remotely
B.Permit only administrators to connect to the servers’ Telnet service
C.Permit administrators to manage the servers by using Microsoft NetMeeting
D.Require administrators to use Remote Desktop for Administration connections to manage the servers

A.Create a global group for each department and a global group for each location. Add users to their respective departmental groups as members. Place the departmental global groups within the location global groups. Assign the location global groups to file and printer resources in their respective domains， and then assign permissions for the file and printer resources by using the location global groups
B.Create a global group for each department， and add the respective users as members. Create domain local groups for file and printer resources. Add the global groups to the respective domain local groups. Then， assign permissions to the file and printer resources by using the domain local groups
C.Create a local group on each server and add the authorized users as members. Assign appropriate permissions for the file and printer resources to the local groups
D.Create a universal group for each location， and add the respective users as members. Assign the universal groups to file and printer resources. Then， assign permissions by using the universal groups

A.Create a GPO. Link the GPO to the OUs that contain computer accounts for computers that run the legacy application， Use the GPO to give the Domain Users security group full control on the partitions of the registry that the legacy application uses
B.Create a GPO. Link the GPO to the OUs that contain computer accounts for computers that run the legacy application. Use the GPO to give the Domain Users security group full control on the HKEY_USERS partition of the registry
C.Create a GPO. Link the GPO to the OUs that contain computer accounts for computers that run the Legacy application. Use the GPO to make all users who require access to the application members of Local Administrators group on each computer
D.Create a GPO. Link the GPO to the OUs that contain computer accounts for computers that run the Legacy application. Use the GPO to give all users who require access to the application full control for the Ntuser.dat file

A.Make the members of the AdvancedSupport security group members of the Domain Admins security group
B.Give each desktop support technician permission to reset passwords for the top-level OU that contains user accounts at their own location
C.Delegate full control over all OUs that contain user accounts to all AllSupport  security group
D.Change the permissions on the domain object and its child objects so that the BasicSupport security group is denied permissions. Then， add a permission to each OU that contains user accounts that allows AllSupport security group members to reset passwords in that OU

A.Connect the wireless access points to a dedicated subnet. Allow the subnet direct access to the Internet，but not to the company network.Require company users to establish a VPN to access company resources
B.Install Internet Authentication Service （IAS） on a domain controller.Configure the wireless access points to require IEEE 802.1x authentication
C.Establish IPSec policies on all company servers to request encryption from all computers that connect from the wireless IP networks
D.Configure all wireless access points to require the Wired Equivalent Privacy （WEP） protocol for all connections. Use a Group Policy object （GPO） to distribute the WEP keys to all computers in the domain

A.Place all infrastructure servers in subnets that cannot exchange information with the Internet
B.Establish a custom security template that contains unique required settings for each combination of services that run on the infrastructure servers
C.Use Group Policy objects （GPOs） to apply the custom security template or templates to the Infrastructure servers
D.Edit the local policy settings to configure each individual server

A.Configure the kiosk computers as computers that are not members of any domain.Use Local Computer Policy to configure the computers with the collection of settings in the Kiosk Desktop Specification
B.Install one kiosk computer as a model.Configure this computer with the collection of settings in the Kiosk Desktop Specification.Copy the content of the C：\Documents and Settings\Default Users folder from this model computer to all other kiosk computers
C.Create a system policy file named Ntconfig.pol and configure it with the collection of settings in the Kiosk Desktop Specification.Make the kiosk computers members of the Active Directory domain.Use a Group Policy object （GPO） to run a startup script that copies the Ntconfig.pol file to the System32 folder on each kiosk computer
D.Create a Group Policy object （GPO） and configure it with the collection of settings in the Kiosk Desktop Specification： Also include an appropriate software restriction policy.Make the kiosk computers members of the Active Directory domain， and place the computer account objects in a dedicated OU. Link the GPO to this OU

A.建立一个脚本来安装Hisecdc.inf安全模版
B.使用GPO来发布和应用Hisec.inf安全模版
C.使用系统策略管理器来配置每部服务器的安全设置
D.使用GPO来发布和应用自定义安全模版

A.为内网用户建立一个网页提供注册服务用来请求访问资源
B.允许用户的注册权利
C.建立用户注册站并把证书存储在智能卡中
D.创建连接管理脚本以识别客户机的操作系统，并配置网页代理的设置来满足网页注册服务