Your company has an Active Directory forest. Each branch office has an organizational unit and a child organizational unit named Sales.
The Sales organizational unit contains all users and computers of the sales department.
You need to install a Microsoft Office 2007 application only on the computers in the Sales organizational unit.
You create a GPO named SalesApp GPO.
What should you do next()
A.Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the domain.
B.Configure the GPO to assign the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
C.Configure the GPO to publish the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
D.Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the Sales organizational unit in each location.
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has an Active Directory forest that contains client computers that run Windows Vista and Windows XP.
You need to ensure that users are able to install approved application updates on their computers. Which two actions should you perform()
A.Set up Automatic Updates through Control Panel on the client computers.
B.Create a GPO and link it to the Domain Controllers organizational unit. Configure the GPO to automatically search for updates on the Microsoft Update site.
C.Create a GPO and link it to the domain. Configure the GPO to direct the client computers to the Windows Server Update Services (WSUS) server for approved updates.
D.Install the Windows Server Update Services (WSUS). Configure the server to search for new updates on the Internet. Approve all required updates.
All consultants belong to a global group named TempWorkers.
You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders.
You need to record any failed attempts made by the consultants to access the confidential data. Which two actions should you perform()
A.Create and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audit policy setting.
B.Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.
C.Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.
D.On each shared folder on the three file servers, add the three servers to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
E.On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
Your company has an Active Directory domain. All consultants belong to a global group named
TempWorkers. The TempWorkers group is not nested in any other groups.
You move the computer objects of three file servers to a new organizational unit named SecureServers.
These file servers contain only confidential data in shared folders.
You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources. What should you do()
A.Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.
B.Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.
C.Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.
D.Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locallyuser right to the TempWorkers global group.
Your company purchases a new application to deploy on 200 computers. The application requires that you modify the registry on each target computer before you install the application.
The registry modifications are in a file that has an .adm extension.
You need to prepare the target computers for the application.
What should you do()
A.Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational unit that contains the target computers.
B.Create a Microsoft Windows PowerShell script to copy the .adm file to the startup folder of each target computer.
C.Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on each target computer.
D.Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on each target computer.
Your company has an Active Directory forest that contains Windows Server 2008 R2 domain controllers and DNS servers. All client computers run Windows XP SP3.
You need to use your client computers to edit domain-based GPOs by using the ADMX files that are
stored in the ADMX central store. What should you do()
A.Add your account to the Domain Admins group.
B.Upgrade your client computers to Windows 7.
C.Install .NET Framework 3.0 on your client computers.
D.Create a folder on PDC emulator for the domain in the PolicyDefinitions path. Copy the ADMX files to the PolicyDefinitions folder.
Your company has an Active Directory forest. The company has servers that run Windows Server
2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements.
Your partner company has an Active Directory forest that contains a single domain. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7.
You need to configure your partner companys domain to use the approved set of administrative templates.
What should you do()
A.Use the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPO to the default domain policy.
B.Copy the ADMX files from your companys PDC emulator to the PolicyDefinitions folder on the partner companys PDC emulator.
C.Copy the ADML files from your companys PDC emulator to the PolicyDefinitions folder on thepartner companys PDC emulator.
D.Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on the partner companys PDC emulator.
A.Download the Conf.adm, System.adm, Wuau.adm, and Inetres.adm files from the Microsoft Web site. Copy the ADM files to the FR folder.
B.Copy the ADML files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
C.Copy the Install.WIM file from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
D.Copy the ADMX files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
Your company has an Active Directory forest. The company has branch offices in three locations.
Each location has an organizational unit.
You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units.
Which two actions should you perform()
A.Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.
B.Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective organizational units.
C.Run the Delegation of Control Wizard and delegate the right to link GPOs for the domain to the branch office administrators.
D.Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators.
Your company has an Active Directory domain that has an organizational unit named Sales. The
Sales organizational unit contains two global security groups named sales managers and sales executives.
You need to apply desktop restrictions to the sales executives group. You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit. What should you do next()
A.Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.
B.Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.
C.Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
D.Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
Your company has an organizational unit named Production. The Production organizational unit has achild organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit. You create a shadow group for the R&D organizational unit.
You need to deploy an application to users in the Production organizational unit.
You also need to ensure that the application is not deployed to users in the R&D organizational unit.
What are two possible ways to achieve this goal()
A.Configure the Enforce setting on the software deployment GPO.
B.Configure the Block Inheritance setting on the R&D organizational unit.
C.Configure the Block Inheritance setting on the Production organizational unit.
D.Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group.
最新试题
Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group. Members of G_Marketing report that they cannot accesss the Marketing folder. You need to ensure that the G_Marketing members can accesss the folder from the network. What should you do()
Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7. You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do()
Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password lenght for the domain is set to six characters. you need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long. What should you do first()
Your network contains an Active Directory domain. A user named User1 takes a leave of absence for one year. You need to restrict access to the User1 user account while User1 is away. What should you do()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers.The servers are configure as shown in the following table. Server name Server roel Service Server1 Certification authority (CA) Server2 Certificate Enrollment Web Service Server3 Certificate Enrollment Policy Web Service You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service. Which two actions should you perform()
What should you do()
Your network contains a single Active Directory domain named contoso.com. An administrator accidentally deletes the _msdsc.contoso.com zone. You recreate the _msdsc.contoso.com zone. You need to ensure that the _msdsc.contoso.com zone contains all of the required DNS records. What should you do on each domain controller()
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run()