Your company has an Active Directory domain that has an organizational unit named Sales. The
Sales organizational unit contains two global security groups named sales managers and sales executives.
You need to apply desktop restrictions to the sales executives group. You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit. What should you do next()
A.Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.
B.Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.
C.Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
D.Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has an organizational unit named Production. The Production organizational unit has achild organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit. You create a shadow group for the R&D organizational unit.
You need to deploy an application to users in the Production organizational unit.
You also need to ensure that the application is not deployed to users in the R&D organizational unit.
What are two possible ways to achieve this goal()
A.Configure the Enforce setting on the software deployment GPO.
B.Configure the Block Inheritance setting on the R&D organizational unit.
C.Configure the Block Inheritance setting on the Production organizational unit.
D.Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group.
You are installing an application on a computer that runs Windows Server 2008 R2. During installation, the application will need to add new attributes and classes to the Active Directory database.
You need to ensure that you can install the application.
What should you do()
A.Change the functional level of the forest to Windows Server 2008 R2.
B.Log on by using an account that has Server Operator rights.
C.Log on by using an account that has Schema Administrator rights and the appropriate rights to install the application.
D.Log on by using an account that has the Enterprise Administrator rights and the appropriate rights to install the application.
You want users to log on to Active Directory by using a new User Principal Name (UPN).
You need to modify the UPN suffix for all user accounts. Which tool should you use()
A.Dsmod
B.Netdom
C.Redirusr
D.Active Directory Domains and Trusts
You need to relocate the existing user and computer objects in your company to different organizational units.
What are two possible ways to achieve this goal()
A.Run the Dsmod utility.
B.Run the Active Directory Migration Tool (ADMT).
C.Run the Active Directory Users and Computers utility.
D.Run the move-item command in the Microsoft Windows PowerShell utility.
Your company hires 10 new employees. You want the new employees to connect to the main office
through a VPN connection. You create new user accounts and grant the new employees the Allow Read and Allow Execute permissions to shared resources in the main office.
The new employees are unable to access shared resources in the main office.
You need to ensure that users are able to establish a VPN connection to the main office.
What should you do()
A.Grant the new employees the Allow Full control permission.
B.Grant the new employees the Allow Access Dial-in permission.
C.Add the new employees to the Remote Desktop Users security group.
D.Add the new employees to the Windows Authorization Access security group.
Your companys security policy requires complex passwords.
You have a comma delimited file named import.csv that contains user account information.
You need to create user accounts in the domain by using the import.csv file. You also need to ensure that the new user accounts are set to use default passwords and are disabled. What should you do()
A.Modify the userAccountControl attribute to disabled. Run the csvde i k f import.csv command. Run the DSMOD utility to set default passwords for the user accounts.
B.Modify the userAccountControl attribute to accounts disabled. Run the csvde f import.csv command. Run the DSMOD utility to set default passwords for the user accounts.
C.Modify the userAccountControl attribute to disabled. Run the wscript import.csv command. Run the DSADD utility to set default passwords for the imported user accounts.
D.Modify the userAccountControl attribute to disabled. Run the ldifde i f import.csv command. Run the DSADD utility to set passwords for the imported user accounts.
A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.
You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task.
What should you do()
A.Prestage the computer account in the Active Directory domain.
B.Add the user to the Domain Administrators group for one day.
C.Add the user to the Server Operators group in the Active Directory domain.
D.Grant the user the right to log on locally by using a Group Policy Object (GPO).
Your company has an Active Directory forest that contains a single domain. The domain member
server has an Active Directory Federation Services (AD FS) server role installed.
You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain.
What should you do()
A.Add and configure a new account store.
B.Add and configure a new account partner.
C.Add and configure a new resource partner.
D.Add and configure a Claims-aware application.
Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC).
An RODC server is stolen from one of the branch offices.
You need to identify the user accounts that were cached on the stolen RODC server. Which utility should you use()
A.Dsmod.exe
B.Ntdsutil.exe
C.Active Directory Sites and Services
D.Active Directory Users and Computers
Your company has an Active Directory forest that runs at the functional level of Windows Server 2008.
You implement Active Directory Rights Management Services (AD RMS). You install Microsoft SQL Server 2005.
When you attempt to open the AD RMS administration Web site, you receive the following error message:
"SQL Server does not exist or access denied."
You need to open the AD RMS administration Web site.
Which two actions should you perform()
A.Restart IIS.
B.Install Message Queuing.
C.Start the MSSQLSVC service.
D.Manually delete the Service Connection Point in Active Directory Domain Services (AD DS) and restart AD RMS.
最新试题
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort.What do you do first()
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do()
What should you do()
You remotely monitor several domain controllers. You run winrm.exe quickconfig on each domain controller. You need to create a WMI script query to retrieve information from the bios of each domain controller. Which format should you use to write the query()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1()
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()
You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do()
You need to compact an Active Directory database on a domain controller that runs windows Server 2008 R2. What should you do()