Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit.
You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit.
What are two possible ways to achieve this goal()
A.Configure the Enforce setting on the software deployment GPO.
B.Configure the Block Inheritance setting on the R&D organizational unit.
C.Configure the Block Inheritance setting on the Production organizational unit.
D.Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group
您可能感兴趣的试卷
你可能感兴趣的试题
You are installing an application on a computer that runs Windows Server 2008 R2. During installation, the application will need to add new attributes and classes to the Active Directory database.
You need to ensure that you can install the application.
What should you do()
A.Change the functional level of the forest to Windows Server 2008 R2.
B.Log on by using an account that has Server Operator rights.
C.Log on by using an account that has Schema Administrator rights and the appropriate rights to install the applicatio
D.Log on by using an account that has the Enterprise Administrator rights and the appropriate rights to install the applicatio
You want users to log on to Active Directory by using a new User Principal Name (UPN).
You need to modify the UPN suffix for all user accounts.
Which tool should you use()
A.Dsmod
B.Netdom
C.Redirusr
D.Active Directory Domains and Trusts
You need to relocate the existing user and computer objects in your company to different organizational units.
What are two possible ways to achieve this goal()
A.Run the Dsmod utility.
B.Run the Active Directory Migration Tool (ADMT).
C.Run the Active Directory Users and Computers utility.
D.Run the move-item command in the Microsoft Windows PowerShell utility.
Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees the Allow Read and Allow Execute permissions to shared resources in the main office.
The new employees are unable to access shared resources in the main office. You need to ensure that users are able to establish a VPN connection to the main office.
What should you do()
A.Grant the new employees the Allow Full control permission.
B.Grant the new employees the Allow Access Dial-in permission.
C.Add the new employees to the Remote Desktop Users security group.
D.Add the new employees to the Windows Authorization Access security group.
Your company’s security policy requires complex passwords.
You have a comma delimited file named import.csv that contains user account information. You need to create user accounts in the domain by using the import.csv file.
You also need to ensure that the new user accounts are set to use default passwords and are disabled.
What should you do()
A.Modify the userAccountControl attribute to disabled. Run the csvde -i -k -f import.csv command. Run the DSMOD utility
B.Modify the userAccountControl attribute to accounts disabled. Run the csvde -f import.csv command. Run the DSMOD utility
C.Modify the userAccountControl attribute to disabled. Run the wscript import.csv command. Run the DSADD utility
D.Modify the userAccountControl attribute to disabled. Run the ldifde -i -f import.csv command. Run the DSADD utility
A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.
You need to enable the user to join a single computer to the domain.
You must ensure that the user is denied any additional rights beyond those required to complete the task.
What should you do()
A.Prestage the computer account in the Active Directory domain.
B.Add the user to the Domain Administrators group for one day.
C.Add the user to the Server Operators group in the Active Directory domain.
D.Grant the user the right to log on locally by using a Group Policy Object (GPO).
Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC). An RODC server is stolen from one of the branch offices.
You need to identify the user accounts that were cached on the stolen RODC server.
Which utility should you use()
A.Dsmod.exe
B.Ntdsutil.exe
C.Active Directory Sites and Services
D.Active Directory Users and Computers
Your company has an Active Directory forest that runs at the functional level of Windows Server 2008.
You implement Active Directory Rights Management Services (AD RMS). You install Microsoft SQL Server 2005.
When you attempt to open the AD RMS administration Web site, you receive the following error message: "SQL Server does not exist or access denied." You need to open the AD RMS administration Web site.
Which two actions should you perform()
A.Restart IIS.
B.Install Message Queuing.
C.Start the MSSQLSVC service.
D.Manually delete the Service Connection Point in Active Directory Domain Services (AD DS) and restart AD RMS.
Your company has an Active Directory Rights Management Services (AD RMS) server. Users have Windows Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level.
You need to configure AD RMS so that users are able to protect their documents.
What should you do()
A.Install the AD RMS client 2.0 on each client computer.
B.Add the RMS service account to the local administrators group on the AD RMS server.
C.Establish an e-mail account in Active Directory Domain Services (AD DS) for each RMS user.
D.Upgrade the Active Directory domain to the functional level of Windows Server 2008.
Your company has a server that runs Windows Server 2008 R2. The server runs an instance of Active Directory Lightweight Directory Services (AD LDS).
You need to replicate the AD LDS instance on a test computer that is located on the network.
What should you do()
A.Run the repadmin /kcc
B.Create a naming context by running the Dsmgmt command on the test computer.
C.Create a new directory partition by running the Dsmgmt command on the test computer.
D.Create and install a replica by running the AD LDS Setup wizard on the test computer.
最新试题
You remotely monitor several domain controllers. You run winrm.exe quickconfig on each domain controller. You need to create a WMI script query to retrieve information from the bios of each domain controller. Which format should you use to write the query()
Your company has four offices. The network contains a single Active Directory domain. Each office has domain controller. Each office has an organitational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the password for the user accounts in their respective office only. The solution must prevent the thechnicians from creating user accounts. What shoul you do()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do()
You need to compact an Active Directory database on a domain controller that runs windows Server 2008 R2. What should you do()
You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use()
Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do()
What should you do()
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table. All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do()