Free MCSE Braindumps, the best braindumps site for certification exams like 070-290, 070-270 and more!

QUESTION 1
You are the network administrator for Alecnet .s T he network consists of a Windows 2000 Active
Directory domain named Alecnet .com.
You have deployed a new Windows 2000 Server computer as a Web server in the perimeter network (also
known as the DMZ). The Web server is not a member of Alecnet .sc om. A firewall between the network and the DMZ
is configured to allow only HTTP traffic to be sent from the DMZ to the private network.
Your Web server administrator creates a security template named Webserver.inf that defines the default security
settings required for the Web server. The security template settings must be enforced at the Web server and applied at
regular intervals.
What should you do?
A.Make the Web server a member of the Alecnet .sc o m domain and place the Web server computer
account into a new
organizational unit (OU).
Import the Webserver.inf security template to the Default Domain Policy.
B.Create a batch file that applies the security template by using thesecedit /configure /cfg Webserver.inf /db
web.sdb
command.
In Scheduled Tasks, create a new task to run the batch file daily.
C.Apply the security template using the Security Configuration and Analysis console on the Web server.
Create a batch file that updates the security policy of the Web server by using thesecedit /refreshpolicy
machine_policy
/enforcecommand.
In Scheduled Tasks, create a new task to run the batch file daily.
D.Import the Webserver.inf security template to the Local Computer policy of the Web server.
Create a batch file that updates the security policy of the Web server by using thesecedit /refreshpolicy
machine_policy
/enforcecommand.
In Scheduled Tasks, create a new task to run the batch file daily.
Answer: C
Explanation:
We apply the security template using theSecurity Configuration and Analysisconsole. We then update the
security
policy at regular intervals using a scheduled task.
Incorrect Answers
A:We do not want to apply the Webserver.inf to all computers in the domain.
B:We do repeatedly have to apply the security template.
D:
The initial template applied to a computer is called the Local Computer Policy. It is not a good practice to
change this
template.

QUESTION 2
You are the network administrator for Alecnet .s T he network consists of a Windows 2000 Active
Directory domain.
The domain contains two Windows 2000 domain controllers and 500 Windows 2000 Professional computers.
The relevant portion of the Active Directory hierarchy is shown in the exhibit.
The user accounts for all administrators are located in the IT_Users organizational unit (OU). All other user
accounts are
located in the Employee_Users OU. The client computer accounts for the administrators' computers are located
in the
IT_Computers OU. All other client computer accounts are located in the Employee_Computers OU.
You company employs 10 security auditors to ensure that servers and client computers comply with the written
security
policy of Alecnet .s Y ou create a domain security group named Security_Audit. You add the
computer accounts for
each security auditor to this group.
You create several Group Policy objects (GPOs) and link them to the Employees OU. The GPOs configure
security
settings to enforce the written policy. The priority and configuration of each GPO are shown in the following
table.

GPO name Policy Setting Object with
Read
and Apply
Group Policy
Permissions
Priority No Override
GPO1 Audit object
access
Success and
Failure
Authenticated 1
Users
Security_Audit
GPO2 Audit logon
events
Failure Security_Audit 2
GPO3 Audit account
logon events
Success Authenticated 3 X
Users
Security_Audit
You discover that the Security logs on many client computers are full of successful object access events from
the users
of the client computers. You do not want users to be audited when they access files on their own computers.
However,
you want the security auditors to be audited when they access any file on any client computer.
What should you do?
A.Clear theNo Overridecheck box in GPO3.
B.Remove the Authenticated Users group from the DACL for GPO1.
C.Configure the policy settings for GPO3 so that success and failure events are audited.
D.Configure the DACL for GPO1 so that the Authenticated Users group hasDeny Apply
Group Policypermission.
Answer: B
Explanation:
By removing the Authenticated Users group from the DACL of GPO1, only members of the
Security_Auditgroup
would be audited for Object Access.
Incorrect Answers
A, C:GPO1 would still be applied, and object Access by the Authenticated Users group would still be audited.
D:The auditors, like all users, belong to the Authenticated Users group. They would also bereceiveDeny Apply
Group
Policypermission,and they would not be audited contrary to the requirements in this scenario.

QUESTION 3
You are the network administrator for Alecnet .s T he network consists if a Windows 2000 Active
Directory domain.
The domain contains five Windows 2000 Server domain controllers and 50 Windows NT Workstation 4.0
computers.
You perform a clean installation of Windows 2000 Professional on four client computers. You do not install
Internet
Information Services (IIS) on these computers.
The written security policy for Alecnet asl lows Windows 2000 Professional users to install and run IIS.
Every computer
running IIS must be configured to meet the written policy before the computer can be connected to
Alecnet ns e twork.
You want to ensure that the written policy for IIS is enforced automatically if IIS is installed on a Windows
2000
Professional computer.
What should you do before the user receive their computers?
A.On each Windows 2000 Professional computer, modify the Ocfilesw.inf security template to comply with the
written
policy.
B.On each Windows 2000 Professional computer, modify the Setup Security.inf security template to comply
with the
written policy.
C.On a reference computer, configure IIS permissions to comply with the written policy.
In the local Group Policy editor, selectImport current Authenticode Security information.
Select theExport Browser Settingsoption and save the settings to a file.
Place the file inSystemroot\System32 on each Windows 2000 Professional computer.
D.On a reference computer, configure IIS permissions to comply with the written policy.
In the local Group Policy editor, selectImport current security zones settings.
Select theExport Listoption and save the list to a file.
Place the file inSystemroor\System32 on each Windows 2000 Professional computer.
Answer: C
Explanation:
You can use Authenticode to designate software publishers and credentials agencies as trustworthy. You can
also
import these settings from your computer. If you want to modify the settings that you will apply to your users'
computers, clickImport current Authenticode security information, and then click Modify Settings.
Authenticode allows administrators to designate software publishers and credentials agencies as trustworthy.
These
settings can also be imported from the administrator's computer. Click Import current Authenticode
information, and
then click Modify Settings to modify the settings that will apply to users' computers.
Incorrect Answers
A:It would be a daunting administrative task to reconfigure each client computer manually. Furthermore, the
OCFilesw.inf file defines Optionalcomponent file security for Professional.

B:It would be a daunting administrative task to reconfigure each client computer manually. Furthermore, the
secure
templates (secure*.inf) implement recommended security settings for all security areas except files, folders, and
registry
keys.
D:IIS security does not primarily concern accessing secure sites.
QUESTION 4
You are the network administrator for Alecnet .s T he network consists of a Windows 2000 Active
Directory domain.
The domain contains 2,000 portable computers that run Windows XP Professional. All portable computers use
Microsoft Internet Explorer as their only Web browser.
When you work from home, your portable computer automatically dials in to Alecnet ns e twork so that you
can administer network resources remotely. The written security policy for Alecnet rse quires stricter security
zone and
privacy settings for all portable computers. You configure your portable computer to comply with the written
policy.
You create a Group Policy object (GPO) named SetSecurity and link it to the domain. You import the
connection
settings from your computer to the Security Zones and Content Ratings policy in SetSecurity.
Now, when other users work from home, they report that their computers attempt to dial in toAlecnets
network automatically. However, the connections fail because only administrators have dialup
permissions to Alecnets
network. You need to restore the
dialup
configuration for other users to its previous state, while continuing to enforce the written
security policy.
What should you do?
A.On your portable computer, open theProgramspolicy in the Internet Explorer maintenance section of the
SetSecurity
GPO, and select the option to import settings.
Save the modified GPO.
B.On your portable computer, modify theAutomatic Browser Configurationpolicy of the SetSecurity GPO so
that
automatic browser configuration is disabled.
Save the modified GPO.
C.Delete, recreate, and then link the SetSecurity GPO to the domain by using a Windows XP Professional
computer
that has the same configuration as your portable computer.
D.Create a new user account in the domain.
Use the new account to log on to your portable computer.
Configure the settings to comply with the written policy, configure the dialup
configuration to not dial, and import those
settings to the SetSecurity GPO. Delete the new user account.
Answer: D

Explanation:
The administrator account was used when configuring the LapTop computers. Administrators are allowed to
connect
remotely. We must therefore use a nonadministrator
user account when configuring the GPO that should be used on
the LapTops.
Incorrect Answers
A:An incomplete solution.
B:TheAutomatic Browser Configurationpolicy is used to automatically push the updated security zone settings
to
each user's desktop computer, enabling the administrator to manage security policy dynamically across all
computers on
the network.
C:We need to configure the template with a NON admin account
QUESTION 5
You are the network administrator for Alecnet .s T he network consists of a Windows 2000 Active
Directory domain.
The domain contains domain controllers that run either Windows 2000 Sever or Windows NT Server 4.0.
You need to modify a registry entry on all domain controllers. You create an administrative template that
contains the
registry entry. You need to apply the template only to each domain controller every time it is restarted.
What must you do to achieve this goal? (Each correct answer presents part of the solution. Choose two)
A.Import the administrative template to the Default Domain Policy Group Policy object (GPO) and then
configure the
registry entry in the template.
B.Import the administrative template to the Default Domain Controllers Policy Group Policy object (GPO) and
then
configure the registry entry in the template.
C.Import the administrative template to the local Group Policy of the domain controller that runs the PDC
Emulator and
then configure the registry entry in the template.
D.Import the administrative template to a system policy, configure the template, and save it as a file named
Ntconfig.pol.
Place the Ntconfig.pol file in the Policies folder under the Sysvol share.
Configure the Lbridge.cmd utility.
E.Import the administrative template a system policy, configure the template, and save it as a file named
Ntconfig.pol.
Place the Ntconfig.pol file in the Netlogon share on the Windows NT 4.0 export server.
Configure the Lbridge.cmd script.
F.Import the administrative template to a system policy, configure the template, and save it as a file named
Ntconfig.pol.
Place the Ntconfig.pol file in the Netlogon share on a Windows 2000 domain controller.
Configure the Lbridge.cmd script.
Answer: B, D

Explanation:
B:The Default Domain Controllers Policy Group Policy object (GPO) applied to all Windows 2000 Domain
controllers. We use it to make the appropriate configuration.
D:The Windows NT system policy file, Ntconfig.pol, should be placed on the SYSVOL on a Windows 2000
Domain
controller.
Note: A concern in a mixed environment is keeping the NETLOGON shares consistent. You have to remember
to
place a copy of Config.POL (for Windows 9x clients) and NTConfig.POL (for NT clients) in
SYSVOL\SYSVOL\DomainName\Scripts folder which is shared as NETLOGON on Windows 2000 domain
controllers. Windows NT LanMan Directory Replication can not be configured to replicate with Windows 2000
File
Replication Service, so until you migrate completely to Windows 2000 with AD, you'll have to remember to
keep
*.POL files in both environments synchronized. You can use Microsoft provided LBridge.cmd script to copy
the data
from Windows 2000BasedDCto aWindowsNT4.0 BDC configured as an export server.
Reference:
HOW TO: Use Lbridge.cmd to Replicate System Policies Between Windows 2000 and Windows NT 4.0
Domain
Controllers
Incorrect Answers
A:It should only be applied to domain controllers, not to every computer in the domain.
C:The PDC emulator cannot be helpful in replicating the configuration to the Windows NT domain controller.
E:We must replicate the Ntconfig.pol file from a Windows 2000 Domain controller.
F:The Netlogon share on a Windows 2000 domain controller is not used for replication.
QUESTION 6
You are the network administrator for Alecnet .s T he network consists of a Windows 2000 Active
Directory domain.
The domain contains 50 Windows NT Workstation 4.0 computers and 50 Windows 2000 Professional
computers.
Some Windows 2000 Professional computers run Internet Services (IIS) and host a Web site for the employees
who
use the computers.
You replace all Windows NT Workstation computers with new Windows 2000 Professional computers. You
want to
ensure that all client communication between all Windows 2000 computers is digitally signed. However, you
want all
client computers to be able to access the Web site on each Windows 2000 Professional computer.
You create a custom security template. You need to configure and apply the template to the appropriate client
computers.
What two actions should you take? (Each correct answer presents part of the solution. Choose two)
A.Apply the template to all Windows 2000 Professional computers.
B.Apply the template only to Windows 2000 Professional computers not running IIS.

C.Configure the template to enable theDigitallySign Client Communication (always)policy.
D.Configure the template to enable theDigitallySign Server Communication (always)policy.
E.Configure the template to enable theDigitallySign Client Communication (when possible)policy.
F.Configure the template to enable theDigitallySign Server Communication (when possible)policy.
Answer: A, C
Explanation:
We want to implement the highest possiblesecurity !!thereforwe apply the template to ALL clients pc's and we
implement the Digitally Sign Client Communication (always) policy.
QUESTION 7
You are the network administrator for Alecnet .s T he network consists of a Windows 2000 Active
Directory domain.
The domain contains 50 Windows NT Workstation 4.0 computers and 50 Windows 2000 Professional
computers.
You replace all Windows NT Workstation computers with Windows 2000 Professional computers.
You create an organizational unit (OU) named Workstations. You move all the Windows 2000 Professional
computers
into the Workstations OU. You create a Group Policy object (GPO) named Software_settings and link it to the
Workstation OU.
You configure the Software_settings GPO to distribute an application that is not certified for Windows 2000.
Users
report that they cannot save preferred settings in the application, which uses the systemroot directory. However,
this
application functioned correctly when it was installed on Windows NT Workstation computers.
You want to ensure that users can save the preferred settings of the application.
What should you do?
A.Edit the Software_settings GPO and import the Defltwk.inf security template.
B.Edit the Software_settings GPO and import the Compatws.inf security template.
C.Edit the Software_settings GPO and enable theDisable legacy run listpolicy.
D.Edit the Software_settings GPO and disable theSet Windows File Protection scanningpolicy.
Answer: B
Explanation:
By lowering the security levels on specific files, folders, and registry keys that are commonly accessed by
applications,
the compatible templates allow most applications to run successfully.
Incorrect Answers
A:Windows 2000 includes Security Configuration templates that contain the default settings for NTFS
permissions,
registry permissions, default user rights, and so on. Defltwk.inf is used on Windows 2000 Professional
computers. By
applying this security template to computers itensurethat they would receive the same security settings as the
cleanly

installed computers. However, the computers in this scenario are already cleanly installed, so there would be no
change
of security permission.
C:Enabling theDisable legacy run listwould prevent listed legacy program from running.
D:TheSet Windows File Protection scanningpolicy determines when Windows File Protection scans protected
files.
This policy directs Windows File Protection to enumerate and scan all system files for changes.
QUESTION 8
You are the network administrator for Alecnet .s T he network contains 3,000 Windows NT Workstation 4.0
computers. All the computers run a custom software application that requires customized security settings. Each
computer contains the correct security settings to run the application.
You upgrade one of the computers to Windows 2000 Professional by running Setup from a network distribution
shared
folder. The upgrade completes successfully, but the custom application will not run. You discover that the
upgrade
process overwrote the computer's customized security settings.
You need to ensure that future upgrades to Windows 2000 Professional will not overwrite the customized
security
settings.
What should you do?
A.Apply the Compatws.inf security template to each computer after it is upgraded to Windows 2000
Professional.
B.Configure a postinstallation
batch file that applies the Dwup.inf security template by running theseceditcommand.
C.Modify the Dwup.inf security template in the Windows 2000 Professional distribution shared folder to
include the
customized security settings.
D.Customize the security settings on the upgraded Windows 2000 Professional computer.
Use the Security Configuration and Analysis console to export the security settings to a security template named
Upgrade.inf.
Place the template in the Windows 2000 Professional distribution shared folder.
E.Modify the default Hisecws.inf security template to include the customized security settings.
Save the modified template in the Windows 2000 Professional distribution shared folder.
Answer: C
Explanation:
Windows 2000 uses the following security templates to apply security settings during the upgrade process:
1.Dwup.inf (for Windows 2000 Professional upgrades)
2.Dsup.inf (for Windows 2000 Server upgrades)
To prevent the upgrade process from modifying custom security settings, you can modify these textbased
templates to
ignore the specific folders, files, or registry keys that contain custom security settings. The modified Dwup.inf
is saved in
the Distribution folder and will be applied to all future upgrades.

Note:The Windows 2000 upgrade process applies Windows 2000 default security settings to registry keys and
file
system objects. This process overwrites any custompermissionsthat you previously defined. If the Windows
2000
default security settings are in conflict with custom permissions, programs that rely on the custom permissions
may not
work properly.
Reference:
HOW TO: Prevent Windows 2000 Upgrade from Modifying Custom Security, Microsoft Knowledge Base
Article Q260242
Incorrect Answers
A:The Compatws.inf security template only makes Windows 2000 Professional computer compatible with the
Windows NT 4.0 default security settings. However, in this scenario we must ensure that customized security
settings
are preserved.
B:We must customize the Dwup.inf security template.
D:The Upgrade.inf security template would not be applied to the upgraded computers.
E:The modified Hisecws.inf security template would not be applied to the upgraded computers.
QUESTION 9
You are the network administrator for Alecnet .s T he network consists of a Windows 2000 Active
Directory domain.
The network contains two Windows 2000 Server computers configured as domain controllers and 1,500
Windows
2000 Professional client computers.
Your manager wants you to ensure that yourdomain Account Polices areno less secure than the Account Polices
of the
Securedc.inf template. You run the Security Configuration and Analysis console on a network domain
controller, and
you use the Securedc.inf template to analyze the computer.
You review the Account Lockout Policy portion of the analysis. The relevant portion of the analysis is shown in
the
following table.
Policy Database setting Computer setting
Account lockout duration 30 minutes 0
Account lockout threshold 5 invalid logon attempts 3 invalid logon attempts
Reset account lockout counter
after
30 minutes 20 minutes

Your manager does not want to weaken the existing security. You must increase the security of the Account
Lockout
Policy in all areas in which it is less restrictive than the Securedc.inf template.
What should you do?
A.Import the Securedc.inf template into the Domain Security Policy.
B.Import the Securedc.inf template into the Domain Controller Security Policy.
C.Create a new security template withanAccountlockout durationof0 minutes, andAccount lockout thresholdof
3 invalid logon attempts, and aReset account lockout counter afterpolicy of30 minutes.
Import the new template into the Domain Security Policy.
D.Create a new security template withanAccountlockout durationof30, anAccount lockout thresholdof3 invalid
logon
attempts, and aReset account lockout counterpolicy of30 minutes.
Import the new template into the Domain Controller Security Policy.
Answer: C
Explanation:
TheAccount lockout durationpolicy determines the number of minutes a locked out account remains locked out
before automatically becoming unlocked. The range is 1 to 99999 minutes. You can specify that the account
will be
locked out until an administrator explicitly unlocks it by setting the value to 0.
TheAccount lockout thresholddetermines the number of failed logon attempts that will cause a user account to
be
locked out. A locked out account cannot be used until it is reset by an administrator or the account lockout
duration has
expired. You can set values between 1 and 999 failed logon attempts, or you can specify that the account will
never be
locked out by setting the value to 0.
By default, this setting is disabled in the Default Domain Group Policy object (GPO) and in the local security
policy of
workstations and servers.
TheReset account lockout counter afterpolicy determines the number of minutes that must elapse after a failed
logon
attempt before the bad logon attempt counter is reset to 0 bad logons. The range is 1 to 99999 minutes.
By default, this policy is not defined, since it only has meaning when an Account lockout threshold is specified
When we merge two security templates, by importing the 2ndtemplate, the 2ndimported template takes
precedence
when there is contention. As we want maximum security we need to create a custom security template which
only
strengthens security on all policies.
Note:You can merge several different templates into one composite template, whichcan then canbe used for
analysis or
configuration of a system, by importing each template into a working database. The database merges the various
precedence when there is contention.
The Best solution is this

Policy Setting
Account lockout duration 0 minutes
Account lockout threshold 3 invalid logon attempts
Reset account lockout counter after 30 minutes
Incorrect
Answers
A, B:The Securedc.inf security template would take precedence when there is contention. It would allow 5
invalid login
attempts, which would lower security.
D:We want anAccount lockout durationof 0 (admin will unlock), not 30 minutes.
QUESTION 10
You are the network administrator for Alecnet .s T he network consists of a Windows 2000 Active
Directory domain
and includes 1, 000 Windows XP Professional client computers. All client computers are members of the
domain. The
domain accounts for all client computers are located in the organizational units (OUs) of the departments that
own the
computers. The domain also includes 100 Windows 2000 Server computers. The computer accounts for all
servers are
located in an OU named Servers.
All client computers are configured with a single hard disk. The hard disk is configured as two logical
volumes named C and D. The C drive contains only the operating system files. The D drive contains all user
data and application files. Both drives are formatted to use NTFS.
The written security policy for Alecnet rse quires custom NTFS permissions on the root of the D drive for
all client computers. Previously, these permissions were manually applied by an administrator before new
computers were delivered to users. However, new computers are now being added at a rate of 100 or more
per month. Computers ordered from the manufacturer contain different hardware.
You want to ensure that new client computers can be automatically configured with the correct NTFS
permissions for the root of drive D. However, you do not want your solution to affect any of the servers in
the domain.
What should you do?
A.Create a Microsoft Visual Basic Scripting Edition (VBScript) script that assigns the correct NTFS
permissions to the
root of drive D.
Create a new Group Policy object (GPO) and link it to the domain.
Configure the GPO to run as a startup script.
A.Create a startup script that runs thecacls.execommand to apply the correct NTFS permissions to the root of
drive

D.Create a new Group Policy object (GPO) and link it to each departmental OU.
Configure the new GPO to run the startup script.
A.Create a security template that assigns the correct NTFS permissions to the root of drive D.
Import the template into a Group Policy object (GPO) and link the GPO to each departmental OU.
A.Create a security template that assigns the correct NTFS permissions to the root of Drive D.
Analyze the template, configure the correct NTFS permissions for the root of drive D, and save the security
database.
Copy
the security database to a folder named C:\Windows\Security on each new client computer.
Answer: C
Explanation:
We create a security template with the appropriate NTFSpermissions,import the security template into a GPO,
link to
GPO to each departmental OU. This ensures that the computers will be configured with the correct NTFS
permissions.
Incorrect Answers
A:The startup script would run in the security context of the user, and it would not be allowed to apply these
changes.
B:The cacls.exe utility displays or modifies access control lists (ACLs) of files. However, the startup script
would run in
the security context of the user, and it would not be allowed to apply these changes.
D:Moving the security database to the C:\Windows\Security directory would not accomplish much. We should
use a
GPO instead to apply the NTFS permissions.
QUESTION 11
You are the network administrator for Alecnet .s T he network consists of a Windows 2000 Active
Directory domain.
The domain contains 10 Windows 2000 domain controllers, 100 Windows 2000 Professional client computers,
and
500 Windows NT Workstation 4.0 computers.
You create an organizational unit (OU) named Client_Comps. You move all the client computer accounts in
the network to this OU. Then, you create a Group Policy object (GPO) named CK1 and link it to the
Client_Comps OU. You import the Securews.inf security template to CK1 .
You install Windows 2000 Professional on all client computers. You verify that each client computer applies
CK1 .
Users report that an application does not run on the Windows 2000 Professional computers. You discover
that the application stores user data in the program files folder structure. This application used to run on the
Windows NT Workstation 4.0 computers.
You need to ensure that the application can run on Windows 2000 Professional computers while maintaining
the security settings in Securews.inf. You also need to maintain security on the other computers and domain
controllers in the domain.
What should you do?
A.Import the Compatws.inf security template to CK1 .

B.Configure CK1 so that it applies only the settings from Defltwk.inf security template.
C.Create a new GPO and link it to the domain.
Import the Defltwk.inf security template to the new GPO.
A.Create a new security template that merges the Securews.inf template and the Compatws.inf template.
Import the new template to the Default Domain Policy GPO.
Answer: A
Explanation:
We should reduce the security constraints for the Windows 2000 Professional computers. We accomplish this
by
applying the Compatws.inf security template to CK1 . CK1 will be applied to all computers in the
Client_Comps OU
which is including all Windows 2000 Professional computers.
Incorrect Answers
B:We still must apply the Securews.inf security template.
C:We do not want the Defltwk.inf security template applied to all computers in the domain, just to the Windows
2000
Professional computers.
D:We do not want to apply the merged security template to all computers in the domain, only the Windows
2000
Professional computers.
QUESTION 12
You are the network administrator for Alecnet .s T he network consists of a Windows 2000 Active
Directory domain. The domain contains 10 Windows 2000 domain controllers, 400 Windows 2000
Professional computers, and 400 Windows 98 computers.
You create an organizational unit (OU) named Client_Comps. You move all Windows 2000 client computer
accounts to this OU. You create a Group Policy object (GPO) named GPO1 and link it to the Client_Comps
OU. You import the Securews.inf security template to GPO1.
The Windows 98 computers contain security settings by means of a system policy. You upgrade the Windows
98 computer to Windows 2000 Professional. You place the computer account for each upgraded client
computer in the Client_Comps OU.
You discover that some security settings that were applied from the system policy are still applied to the
upgraded client computers. These security settings are creating problems for users.
You try to reconfigure these security settings by using GPO1, but the options are not available. You need to
reconfigure the security settings on the upgraded client computers.
What should you do?
A.Import the Compatws.inf security template to GPO1.
B.Run the Security Configuration and Analysis tool on each of the upgraded client computers.
Analyze and configure the computers by using the Securews.inf template.
A.Run thesecedit /refreshpolicy machine_policycommand an all the upgraded client computers.
B.Create a custom administrative template that reconfigures the security settings and add it to GPO1.
Answer: D

Explanation:
We should make a custom administrative template to reconfigure the upgraded security settings. We should
then add it
to GPO1.
Incorrect Answers
A:Importing Compatws.inf into the GPO would have a negative impact on the security configuration. We
cannot allow
it.
B:As we are unable to apply the Securews.inf security template through the GPO we could explicitly apply it
through
the Security Configuration and Analysis tool. This would be a heavy administrative burdenhowever,we would
have to
perform this task on every upgraded PC.
C:The problem is not that GPO1 is not applied. The problem is that some old system policies are still in use.