Your company has an Active Directory forest. The company has branch offices in three locations. Each location has an organizational unit.
You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units.
Which two actions should you perform()
A.Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.
B.Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective org
C.Run the Delegation of Control Wizard and delegate the right to link GPOs for the domain to the branch office admin
D.Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives.
You need to apply desktop restrictions to the sales executives group.
You must not apply these desktop restrictions to the sales managers group.
You create a GPO named DesktopLockdown and link it to the Sales organizational unit.
What should you do next()
A.Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.
B.Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.
C.Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
D.Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit.
You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit.
What are two possible ways to achieve this goal()
A.Configure the Enforce setting on the software deployment GPO.
B.Configure the Block Inheritance setting on the R&D organizational unit.
C.Configure the Block Inheritance setting on the Production organizational unit.
D.Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group
You are installing an application on a computer that runs Windows Server 2008 R2. During installation, the application will need to add new attributes and classes to the Active Directory database.
You need to ensure that you can install the application.
What should you do()
A.Change the functional level of the forest to Windows Server 2008 R2.
B.Log on by using an account that has Server Operator rights.
C.Log on by using an account that has Schema Administrator rights and the appropriate rights to install the applicatio
D.Log on by using an account that has the Enterprise Administrator rights and the appropriate rights to install the applicatio
You want users to log on to Active Directory by using a new User Principal Name (UPN).
You need to modify the UPN suffix for all user accounts.
Which tool should you use()
A.Dsmod
B.Netdom
C.Redirusr
D.Active Directory Domains and Trusts
You need to relocate the existing user and computer objects in your company to different organizational units.
What are two possible ways to achieve this goal()
A.Run the Dsmod utility.
B.Run the Active Directory Migration Tool (ADMT).
C.Run the Active Directory Users and Computers utility.
D.Run the move-item command in the Microsoft Windows PowerShell utility.
Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees the Allow Read and Allow Execute permissions to shared resources in the main office.
The new employees are unable to access shared resources in the main office. You need to ensure that users are able to establish a VPN connection to the main office.
What should you do()
A.Grant the new employees the Allow Full control permission.
B.Grant the new employees the Allow Access Dial-in permission.
C.Add the new employees to the Remote Desktop Users security group.
D.Add the new employees to the Windows Authorization Access security group.
Your company’s security policy requires complex passwords.
You have a comma delimited file named import.csv that contains user account information. You need to create user accounts in the domain by using the import.csv file.
You also need to ensure that the new user accounts are set to use default passwords and are disabled.
What should you do()
A.Modify the userAccountControl attribute to disabled. Run the csvde -i -k -f import.csv command. Run the DSMOD utility
B.Modify the userAccountControl attribute to accounts disabled. Run the csvde -f import.csv command. Run the DSMOD utility
C.Modify the userAccountControl attribute to disabled. Run the wscript import.csv command. Run the DSADD utility
D.Modify the userAccountControl attribute to disabled. Run the ldifde -i -f import.csv command. Run the DSADD utility
A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.
You need to enable the user to join a single computer to the domain.
You must ensure that the user is denied any additional rights beyond those required to complete the task.
What should you do()
A.Prestage the computer account in the Active Directory domain.
B.Add the user to the Domain Administrators group for one day.
C.Add the user to the Server Operators group in the Active Directory domain.
D.Grant the user the right to log on locally by using a Group Policy Object (GPO).
Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC). An RODC server is stolen from one of the branch offices.
You need to identify the user accounts that were cached on the stolen RODC server.
Which utility should you use()
A.Dsmod.exe
B.Ntdsutil.exe
C.Active Directory Sites and Services
D.Active Directory Users and Computers
Your company has an Active Directory forest that runs at the functional level of Windows Server 2008.
You implement Active Directory Rights Management Services (AD RMS). You install Microsoft SQL Server 2005.
When you attempt to open the AD RMS administration Web site, you receive the following error message: "SQL Server does not exist or access denied." You need to open the AD RMS administration Web site.
Which two actions should you perform()
A.Restart IIS.
B.Install Message Queuing.
C.Start the MSSQLSVC service.
D.Manually delete the Service Connection Point in Active Directory Domain Services (AD DS) and restart AD RMS.
最新试题
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password lenght for the domain is set to six characters. you need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long. What should you do first()
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()
Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.You add a logoff script to an existing Group Policy object (GPO). You need to verify that each domain controller successfully replicates the updated group policy. Which two objects should you verify on each domain controller()
You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1. What should you do()
Your network contains a single Active Directory domain named contoso.com. An administrator accidentally deletes the _msdsc.contoso.com zone. You recreate the _msdsc.contoso.com zone. You need to ensure that the _msdsc.contoso.com zone contains all of the required DNS records. What should you do on each domain controller()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()
Your network contain 10 domain controller that run Windows Server R2. The network contain a member server that is configured to collect all of events that occur on the domain controllers. Your need to ensure that administrators are notified when a specific event occurs on any of the domain controllers. You want to achive the goal by using the minimum amount effort. What should you do()
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table. All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do()