Your company has an Active Directory domain and an organizational unit. The
organizational unit is named Web.
You configure and test new security settings for Internet Information Service (IIS) Servers on
a server named IISServerA.
You need to deploy the new security settings only on the IIS servers that are members of the
Web organizational unit.
What should you do?

A.
Run secedit /configure /db iis.inf from the command prompt on IISServerA, then run
secedit /configure /db webou.inf from the comand prompt.

B.
Export the settings on IISServerA to create a security template. Import the security
template into a GPO and link the GPO to the Web organizational unit.

C.
Export the settings on IISServerA to create a security template. Run secedit /configure
/db webou.inf from the comand prompt.

D.
Import the hisecws.inf file template into a GPO and link the GPO to the Web
organizational unit.

Explanation:
http://www.itninja.com/blog/view/using-secedit-to-apply-security-templates
Using Secedit To Apply Security Templates
Secedit /configure /db secedit.sdb /cfg”c:\temp\custom.inf” /silent >nul
This command imports a security template file, “custom.inf” into the workstation’s or server’s
local security database. /db must be specified. When specifying the default secuirty
database (secedit.sdb,) I found that providing no path worked best. The /cfg option informs
Secedit that it is to import the .inf file into the specified database, appending it to any existing
.inf files that have already been imported to this system. You can optionally include an
/overwrite switch to overwrite all previous configurations for this machine. The /silent option
supresses any pop-ups and the >nul hides the command line output stating success or
failure of the action.