A.A virus that infects an IT administrator’s client computer could gain domain administrator privileges
B.Couriers could gain access to domain administrator privileges
C.Business office staff could discover couriers’ passwords and use them to access couriers’ information
D.All users could use their user accounts to gain the ability to install untested security patches on their client computers

A.On all domain controllers， implement registry access auditing for all registry keys that are considered sensitive by the company’s written security policy
B.On all client computers， implement logon auditing for all user account logons
C.On all client computers， configure registry access auditing for all registry keys that are considered sensitive by the company’s written security policy
D.On all domain controllers， implement logon auditing for all user account logons

A.Create a domain local group named Customer Relations in the northwindtraders.com domain. Add the Sales group and the Sales Managers groups to the Customer Relations group. Add the Customer Relationships group to the Customer Information folder. Assign the appropriate permissions. Add the accounts for the sales department users in Boston to the Boston Customer Relationship group. Add the Boston Customer Relationships group to the Customer Relations group. Disable inheritance on the Payment folder
B.Create a domain local group named Customer Relations in the boston.northwindtraders.com domain. Add the Customer Relations group to the Customer Information folder. Assign the appropriate permissions. Add the Boston Customer Relations group to the Customer Relations group. Disable permission inheritance on the Payment folder
C.Create a domain local group named Customer Relations in the boston.northwindtraders.com domain. Add the Customer Relations group to the Order History folder. Assign the appropriate permissions. Add the Boston Customer Relations group to the Customer Relations group. Disable permission inheritance on the Payment folder
D.Create a domain local group named Customer Relations in the boston.northwindtraders.com domain. Add the Customer Relations group to the Customer Information folder. Assign the appropriate permissions. Add the Boston Customer Relations group to the Customer **MISSING**

A.Enable SSL on the external Web site by using a Microsoft cryptographic service provider （CSP）
B.Enable Microsoft .NET Passport authentication on the external Web site. Use Passport Level 0 with SSL on the external Web site
C.Enable SSL on the external Web site by using a commercial digital certificate
D.Enable SSL on the intranet Web site by using an internal server certificate
E.Enable SSL on the external Web site by using an internal server certificate

A.Configure the Default Domain Policy Group Policy object （GPO） for the northwindtraders.com domain to configure client computers to download updates from the SUS server in New York. Configure the Default Domain Policy GPO for the boston.northwindtraders.com domain to configure client computers to download updates from the SUS server in New York
B.Use Group Policy to configure client computers to download updates from a Windows Update server on the Internet. Configure the Default Domain Policy Group Policy object （GPO） with a startup script that runs Mbsacli.exe. Configure it to scan the computers in both of the branch offices
C.Install and configure a SUS server in the Boston branch office. Configure the server to download updates from a Windows Update server on the Internet. Configure Microsoft Baseline Security Analyzer （MBSA） to scan for updates and computers in the New York office
D.Install and configure a SUS server in each branch office. Configure the SUS servers to download updates from the New York SUS server. Configure Microsoft Baseline Security Analyzer （MBSA） to scan for updates on computers in the New York office

A.Add an enterprise root CA to the northwindtraders.com domain. Configure cross-certification between the northwindtraders.com domain and the boston.northwindtraders.com domain
B.Add an enterprise subordinate issuing CA to the northwindtraders.com domain. Configure qualified subordination for the enterprise subordinate issuing CA in Boston
C.Add enterprise subordinate issuing CAs to the New York， Boston， and Seattle LANs. Configure qualified subordinations for each enterprise subordinate issuing CA
D.Add a stand-alone commercial issuing CA to only the northwindtraders.com domain. Configure cross-certification between the commercial CA and the boston.northwindtraders.com domain

A.Require the internal Web developers to use Telnet with Kerberos authentication. Require the consultants to use L2TP with IPSec
B.Require the internal Web developers to use Encrypting File System （EFS） over Web Distributed Authoring and Versioning （WebDAV）. Require the consultants to use Microsoft.NET Passport authentication with Security Level 0
C.Require the internal Web developers to use Web Distributed Authoring and Versioning （WebDAV） over SSL.Require the consultants to use WebDAV over SSL
D.Require the internal Web developers to use L2TP with IPSec. Require the consultants to use Encrypting File System （EFS） over Web Distributed Authoring and Versioning （WebDAV）
E.Require the internal Web developers to use Web Distributed Authoring and Versioning （WebDAV） over SSL.Require the consultants to use L2TP with IPSec

A.Enable automatic certificate enrollment
B.Enforce smart card logons
C.Enable Encrypting File System （EFS） for offline files
D.Enable a screen saver password

A.Configure RRAS2 as a VPN server. Use Web enrollment to acquire computer certificates for both RRAS1 and RRAS2. Create demand-dial L2TP/IPSec connections on both RRAS1 and RRAS2. Configure dial-out credentials on both RRAS1 and RRAS2. Enable the Basic Firewall settings on RRAS1 and RRAS2
B.Configure RRAS2 as a VPN server. Create demand-dial L2TP/IPSec connections on both RRAS1 and RRAS2. Configure dial-out credentials on both RRAS1 and RRAS2. Configure static routes on both RRAS1 and RRAS2. Set the connection type to persistent on the demand-dial interface on both RRAS1 and RRAS2
C.Create a new OU named RRAS Servers in the boston.northwindtraders.com domain. Move RRAS1 into the RRAS Servers OU. On the Default Domain Policy Group Policy object （GPO）， edit the Secure Server （Require Security） IPSec policy. Configure the IPSec policy to use a certificate for authentication. Specify RRAS2 as the tunnel endpoint. Assign the IPSec policy.
D.Create a new OU named RRAS Server in the northwindtraders.com domain. Move the RRAS2 into the RRAS Servers OU. On the RRAS Servers OU create new Group Policy object （GPO） named IPSECPOL. In IPSECPOL create an IPSec policy and specify RRAS as the tunnel.

A.Open the ports for DNS， HTTP， HTTPS， Kerberos， RADIUS， LDAP， RPC endpoint mapper and client， and Server Message Block （SMB） over IP
B.Enable the Routing and Remote Access Basic Firewall. Open the ports for DNS， Kerberos， LDAP， Exchange RPCs， RADIUS， L2TP， and Internet Key Exchange （IKE）
C.Create a PPTP tunnel from ISA3 to the New York network
D.Create an L2TP/IPSec tunnel from ISA3 to the New York network

A.Use IPSec in transport mode
B.Use Encrypting File System （EFS） over Web Distributed Authoring and Versioning （WebDAV）
C.Use PEAP-EAP-TLS
D.Use Encrypting File System （EFS） remote encryption