Your company has an Active Directory forest. The company has branch offices in three locations.
Each location has an organizational unit.
You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units.
Which two actions should you perform()
A.Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.
B.Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective organizational units.
C.Run the Delegation of Control Wizard and delegate the right to link GPOs for the domain to the branch office administrators.
D.Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators.
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has an Active Directory domain that has an organizational unit named Sales. The
Sales organizational unit contains two global security groups named sales managers and sales executives.
You need to apply desktop restrictions to the sales executives group. You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit. What should you do next()
A.Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.
B.Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.
C.Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
D.Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
Your company has an organizational unit named Production. The Production organizational unit has achild organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit. You create a shadow group for the R&D organizational unit.
You need to deploy an application to users in the Production organizational unit.
You also need to ensure that the application is not deployed to users in the R&D organizational unit.
What are two possible ways to achieve this goal()
A.Configure the Enforce setting on the software deployment GPO.
B.Configure the Block Inheritance setting on the R&D organizational unit.
C.Configure the Block Inheritance setting on the Production organizational unit.
D.Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group.
You are installing an application on a computer that runs Windows Server 2008 R2. During installation, the application will need to add new attributes and classes to the Active Directory database.
You need to ensure that you can install the application.
What should you do()
A.Change the functional level of the forest to Windows Server 2008 R2.
B.Log on by using an account that has Server Operator rights.
C.Log on by using an account that has Schema Administrator rights and the appropriate rights to install the application.
D.Log on by using an account that has the Enterprise Administrator rights and the appropriate rights to install the application.
You want users to log on to Active Directory by using a new User Principal Name (UPN).
You need to modify the UPN suffix for all user accounts. Which tool should you use()
A.Dsmod
B.Netdom
C.Redirusr
D.Active Directory Domains and Trusts
You need to relocate the existing user and computer objects in your company to different organizational units.
What are two possible ways to achieve this goal()
A.Run the Dsmod utility.
B.Run the Active Directory Migration Tool (ADMT).
C.Run the Active Directory Users and Computers utility.
D.Run the move-item command in the Microsoft Windows PowerShell utility.
Your company hires 10 new employees. You want the new employees to connect to the main office
through a VPN connection. You create new user accounts and grant the new employees the Allow Read and Allow Execute permissions to shared resources in the main office.
The new employees are unable to access shared resources in the main office.
You need to ensure that users are able to establish a VPN connection to the main office.
What should you do()
A.Grant the new employees the Allow Full control permission.
B.Grant the new employees the Allow Access Dial-in permission.
C.Add the new employees to the Remote Desktop Users security group.
D.Add the new employees to the Windows Authorization Access security group.
Your companys security policy requires complex passwords.
You have a comma delimited file named import.csv that contains user account information.
You need to create user accounts in the domain by using the import.csv file. You also need to ensure that the new user accounts are set to use default passwords and are disabled. What should you do()
A.Modify the userAccountControl attribute to disabled. Run the csvde i k f import.csv command. Run the DSMOD utility to set default passwords for the user accounts.
B.Modify the userAccountControl attribute to accounts disabled. Run the csvde f import.csv command. Run the DSMOD utility to set default passwords for the user accounts.
C.Modify the userAccountControl attribute to disabled. Run the wscript import.csv command. Run the DSADD utility to set default passwords for the imported user accounts.
D.Modify the userAccountControl attribute to disabled. Run the ldifde i f import.csv command. Run the DSADD utility to set passwords for the imported user accounts.
A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.
You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task.
What should you do()
A.Prestage the computer account in the Active Directory domain.
B.Add the user to the Domain Administrators group for one day.
C.Add the user to the Server Operators group in the Active Directory domain.
D.Grant the user the right to log on locally by using a Group Policy Object (GPO).
Your company has an Active Directory forest that contains a single domain. The domain member
server has an Active Directory Federation Services (AD FS) server role installed.
You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain.
What should you do()
A.Add and configure a new account store.
B.Add and configure a new account partner.
C.Add and configure a new resource partner.
D.Add and configure a Claims-aware application.
Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC).
An RODC server is stolen from one of the branch offices.
You need to identify the user accounts that were cached on the stolen RODC server. Which utility should you use()
A.Dsmod.exe
B.Ntdsutil.exe
C.Active Directory Sites and Services
D.Active Directory Users and Computers
最新试题
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do()
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller()
Your network contains a single Active Directory domain named contoso.com. An administrator accidentally deletes the _msdsc.contoso.com zone. You recreate the _msdsc.contoso.com zone. You need to ensure that the _msdsc.contoso.com zone contains all of the required DNS records. What should you do on each domain controller()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers.The servers are configure as shown in the following table. Server name Server roel Service Server1 Certification authority (CA) Server2 Certificate Enrollment Web Service Server3 Certificate Enrollment Policy Web Service You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service. Which two actions should you perform()
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()
You need to compact an Active Directory database on a domain controller that runs windows Server 2008 R2. What should you do()
Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7. You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do()
You remotely monitor several domain controllers. You run winrm.exe quickconfig on each domain controller. You need to create a WMI script query to retrieve information from the bios of each domain controller. Which format should you use to write the query()
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use()