Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering.
You need to create a password policy for the engineering department that is different from your domain password policy.
What should you do()
A.Create a new GPO. Link the GPO to the Engineering OU.
B.Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the Engineering OU.
C.Create a global security group and add all the user accounts for the engineering department to the group. Create a new Password Policy Object (PSO) and apply it to the group.
D.Create a domain local security group and add all the user accounts for the engineering department to the group. From the Active Directory Users and Computer console, select the group and run the Delegation of Control Wizard.
您可能感兴趣的试卷
你可能感兴趣的试题
A.Modify the properties of the user account to set the account to never expire.
B.Modify the properties of the user account to extend the Logon Hours setting.
C.Modify the properties of the user account to set the password to never expire.
D.Modify the default domain policy to decrease the account lockout duration.
You need to ensure that users who enter three successive invalid passwords within 5 minutes are
locked out for 5 minutes.
Which three actions should you perform()
A.Set the Minimum password age setting to one day.
B.Set the Maximum password age setting to one day.
C.Set the Account lockout duration setting to 5 minutes.
D.Set the Reset account lockout counter after setting to 5 minutes.
E.Set the Account lockout threshold setting to 3 invalid logon attempts.
F.Set the Enforce password history setting to 3 passwords remembered.
The default domain GPO in your company is configured by using the following account policy settings:
( Minimum password length: 8 characters .Maximum password age: 30 days.
Enforce password history: 12 passwords remembered .Account lockout threshold: 3 invalid logon attempts .Account lockout duration: 30 minutes
You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008 R2. The SQL Server application uses a service account named SQLSrv. The SQLSrv account has domain user rights.
The SQL Server computer fails after running successfully for several weeks. The SQLSrv user account is not locked out.
You need to resolve the server failure and prevent recurrence of the failure.
Which two actions should you perform()
A.Reset the password of the SQLSrv user account.
B.Configure the local security policy on Server1 to grant the Logon as a service right on the SQLSrv user
C.Configure the properties of the SQLSrv account to Password never expires.
D.Configure the properties of the SQLSrv account to User cannot change password.
E.Configure the local security policy on Server1 to explicitly grant the SQLSrv user account the allow logon locally user right.
Your company has an Active Directory forest. The company has three locations. Each location has an organizational unit and a child organizational unit named Sales.
The Sales organizational unit contains all users and computers of the sales department.
The company plans to deploy a Microsoft Office 2007 application on all computers within the three Sales rganizational units.
You need to ensure that the Office 2007 application is installed only on the computers in the Sales organizational units. What should you do()
A.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the domain.
B.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
C.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to publish the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
D.Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the Sales organizational unit in each location.
Your company has an Active Directory forest. The forest includes organizational units corresponding to the following four locations: (London .Chicago .New York .Madrid
Each location has a child organizational unit named Sales. The Sales organizational unit contains all the users and computers from the sales department.
The offices in London, Chicago, and New York are connected by T1 connections. The office in Madrid is connected by a 256-Kbps ISDN connection.
You need to install an application on all the computers in the sales department.
Which two actions should you perform()
A.Disable the slow link detection setting in the Group Policy Object (GPO).
B.Configure the slow link detection threshold setting to 1,544 Kbps (T1) in the Group Policy Object (GPO).
C.Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to users. Link the GPO to each Sales organizational unit.
D.Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to the computers. Link the GPO to each Sales organizational unit.
Your company has an Active Directory forest. Each branch office has an organizational unit and a child organizational unit named Sales.
The Sales organizational unit contains all users and computers of the sales department.
You need to install a Microsoft Office 2007 application only on the computers in the Sales organizational unit.
You create a GPO named SalesApp GPO.
What should you do next()
A.Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the domain.
B.Configure the GPO to assign the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
C.Configure the GPO to publish the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
D.Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the Sales organizational unit in each location.
Your company has an Active Directory forest that contains client computers that run Windows Vista and Windows XP.
You need to ensure that users are able to install approved application updates on their computers. Which two actions should you perform()
A.Set up Automatic Updates through Control Panel on the client computers.
B.Create a GPO and link it to the Domain Controllers organizational unit. Configure the GPO to automatically search for updates on the Microsoft Update site.
C.Create a GPO and link it to the domain. Configure the GPO to direct the client computers to the Windows Server Update Services (WSUS) server for approved updates.
D.Install the Windows Server Update Services (WSUS). Configure the server to search for new updates on the Internet. Approve all required updates.
All consultants belong to a global group named TempWorkers.
You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders.
You need to record any failed attempts made by the consultants to access the confidential data. Which two actions should you perform()
A.Create and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audit policy setting.
B.Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.
C.Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.
D.On each shared folder on the three file servers, add the three servers to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
E.On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
Your company has an Active Directory domain. All consultants belong to a global group named
TempWorkers. The TempWorkers group is not nested in any other groups.
You move the computer objects of three file servers to a new organizational unit named SecureServers.
These file servers contain only confidential data in shared folders.
You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources. What should you do()
A.Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.
B.Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.
C.Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.
D.Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locallyuser right to the TempWorkers global group.
Your company purchases a new application to deploy on 200 computers. The application requires that you modify the registry on each target computer before you install the application.
The registry modifications are in a file that has an .adm extension.
You need to prepare the target computers for the application.
What should you do()
A.Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational unit that contains the target computers.
B.Create a Microsoft Windows PowerShell script to copy the .adm file to the startup folder of each target computer.
C.Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on each target computer.
D.Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on each target computer.
最新试题
Your network contains an Active Directory domain. A user named User1 takes a leave of absence for one year. You need to restrict access to the User1 user account while User1 is away. What should you do()
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use()
Your network contain 10 domain controller that run Windows Server R2. The network contain a member server that is configured to collect all of events that occur on the domain controllers. Your need to ensure that administrators are notified when a specific event occurs on any of the domain controllers. You want to achive the goal by using the minimum amount effort. What should you do()
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1()
Your network contains an Active Directory forest. The forest contains an Acitve Directory site for a remote office. The remote site contains a read-only domain controller (RODC). You need to configure the RODC to store only the password of users in the remote site. What should you do()
Your company has four offices. The network contains a single Active Directory domain. Each office has domain controller. Each office has an organitational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the password for the user accounts in their respective office only. The solution must prevent the thechnicians from creating user accounts. What shoul you do()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()