Your company has an Active Directory forest. The company has branch offices in three locations. Each location has an organizational unit.
You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units.
Which two actions should you perform()
A.Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.
B.Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective org
C.Run the Delegation of Control Wizard and delegate the right to link GPOs for the domain to the branch office admin
D.Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units to the
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives.
You need to apply desktop restrictions to the sales executives group.
You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit.
What should you do next()
A.Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.
B.Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.
C.Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
D.Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit.
You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit.
What are two possible ways to achieve this goal()
A.Configure the Enforce setting on the software deployment GPO.
B.Configure the Block Inheritance setting on the R&D organizational unit.
C.Configure the Block Inheritance setting on the Production organizational unit.
D.Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group
You are installing an application on a computer that runs Windows Server 2008 R2. During installation, the application will need to add new attributes and classes to the Active Directory database.
You need to ensure that you can install the application.
What should you do()
A.Change the functional level of the forest to Windows Server 2008 R2.
B.Log on by using an account that has Server Operator rights.
C.Log on by using an account that has Schema Administrator rights and the appropriate rights to install the applicatio
D.Log on by using an account that has the Enterprise Administrator rights and the appropriate rights to install the app
You want users to log on to Active Directory by using a new User Principal Name (UPN).
You need to modify the UPN suffix for all user accounts.
Which tool should you use()
A.Dsmod
B.Netdom
C.Redirusr
D.Active Directory Domains and Trusts
You need to relocate the existing user and computer objects in your company to different organizational units.
What are two possible ways to achieve this goal()
A.Run the Dsmod utility.
B.Run the Active Directory Migration Tool (ADMT).
C.Run the Active Directory Users and Computers utility.
D.Run the move-item command in the Microsoft Windows PowerShell utility.
Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees the Allow Read and Allow Execute permissions to shared resources in the main office.
The new employees are unable to access shared resources in the main office. You need to ensure that users are able to establish a VPN connection to the main office.
What should you do()
A.Grant the new employees the Allow Full control permission.
B.Grant the new employees the Allow Access Dial-in permission.
C.Add the new employees to the Remote Desktop Users security group.
D.Add the new employees to the Windows Authorization Access security group.
Your company’s security policy requires complex passwords.
You have a comma delimited file named import.csv that contains user account information. You need to create user accounts in the domain by using the import.csv file.
You also need to ensure that the new user accounts are set to use default passwords and are disabled.
What should you do()
A.Modify the userAccountControl attribute to disabled. Run the csvde -i -k -f import.csv command. Run the DSMOD u
B.Modify the userAccountControl attribute to accounts disabled. Run the csvde -f import.csv command. Run the DSM
C.Modify the userAccountControl attribute to disabled. Run the wscript import.csv command. Run the DSADD utility to
D.Modify the userAccountControl attribute to disabled. Run the ldifde -i -f import.csv command. Run the DSADD utility
You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role installed.
You need to minimize the amount of time it takes for client computers to download a certificate revocation list (CRL).
What should you do()
A.Install and configure an Online Responder.
B.Install and configure an additional domain controller.
C.Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.
Your company has an Active Directory forest. You plan to install an Enterprise certification authority (CA) on a dedicated stand-alone server.
When you attempt to add the Active Directory Certificate Services (AD CS) server role, you find that the Enterprise CA option is not available.
You need to install the AD CS server role as an Enterprise CA.
What should you do first()
A.Add the DNS Server server role.
B.Join the server to the domain.
C.Add the Web Server (IIS) server role and the AD CS server role.
D.Add the Active Directory Lightweight Directory Services (AD LDS) server role.
You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements:
- Allows the certification authority to automatically issue certificates - Integrates with Active Directory Domain Services
What should you do()
A.Install and configure the Active Directory Certificate Services server role as a Standalone Root CA .
B.Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA .
C.Purchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate S
D.Purchase a certificate from a third-party certification authority. Import the certificate into the computer store of the sc
最新试题
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group. Members of G_Marketing report that they cannot accesss the Marketing folder. You need to ensure that the G_Marketing members can accesss the folder from the network. What should you do()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()
Your network contains an Active Directory forest. The forest contains an Acitve Directory site for a remote office. The remote site contains a read-only domain controller (RODC). You need to configure the RODC to store only the password of users in the remote site. What should you do()
Your company has four offices. The network contains a single Active Directory domain. Each office has domain controller. Each office has an organitational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the password for the user accounts in their respective office only. The solution must prevent the thechnicians from creating user accounts. What shoul you do()
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()
What should you do()
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do()
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1()