2008 Ad Module 4

Information Technology

Systems Administration

ITIL

MCSA

MCSE

Reviewed by Editorial Team

The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.

Learn about Our Editorial Process

| By Malsader

Malsader

Community Contributor

Quizzes Created: 1 | Total Attempts: 172

| Attempts: 172 | Questions: 10

Share on Facebook Share on Twitter Share on Whatsapp Share on Pinterest Share on Email Copy to Clipboard Embed on your website

Question 1 / 10

0 %

0/100

Score 0/100

1. A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails. You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task. What should you do?

Prestage the computer account in the Active Directory domain.

Add the user to the Domain Administrators group for one day.

Add the user to the Server Operators group in the Active Directory domain.

Grant the user the right to log on locally by using a Group Policy Object (GPO).

Pre-staging the computer account in the Active Directory domain allows the user to join a single computer to the domain without granting them any additional rights beyond those required for the task. This ensures that the user is only able to perform the specific task of joining the computer to the domain and does not have any unnecessary privileges.

Explanation

Submit

About This Quiz

The '2008 AD Module 4' quiz evaluates skills in managing Active Directory in a corporate environment. It covers domain joining, GPO application, and administrative template management, crucial for IT professionals ensuring compliance and efficient network management.

What's your name? Personalize your quiz and earn a certificate with your name on it!

2. Your company has an Active Directory domain and an organizational unit. The organizational unit is named Web. You configure and test new security settings for Internet Information Service (IIS) servers on a server named IISServerA. You need to deploy the new security settings only on the IIS servers that are members of the Web organizational unit. What should you do?

Run secedit /configure /db iis.inf from the command prompt on IISServerA, and then run secedit /configure /db webou.inf from the... Run secedit /configure /db iis.inf from the command prompt on IISServerA, and then run secedit /configure /db webou.inf from the command prompt.

Export the settings on IISServerA to create a security template. Import the security template into a GPO and link the... Export the settings on IISServerA to create a security template. Import the security template into a GPO and link the GPO to the Web organizational unit.

Export the settings on IISServerA to create a security template. Run secedit /configure /db webou.inf from the command prompt.

Import the hisecws.inf file template into a GPO and link the GPO to the Web organizational unit.

To deploy the new security settings only on the IIS servers that are members of the Web organizational unit, you should export the settings on IISServerA to create a security template. Then, import the security template into a Group Policy Object (GPO) and link the GPO to the Web organizational unit. This ensures that the security settings are applied specifically to the IIS servers within the Web organizational unit, without affecting other servers outside of it.

Explanation

Submit

3. Your company purchases a new application to deploy on 200 computers. The application requires that you modify the registry on each target computer before you install the application. The registry modifications are in a file that has an .adm extension. You need to prepare the target computers for the application. What should you do?

Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational... Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational unit that contains the target computers.

Create a Microsoft Windows PowerShell script to copy the .adm file to the startup folder of each target computer.

Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on... Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on each target computer.

Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on... Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on each target computer.

not-available-via-ai

Explanation

not-available-via-ai

Submit

4. Your company has an Active Directory domain. All consultants belong to a global group named TempWorkers. The TempWorkers group is not nested in any other groups. You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders. You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources. What should you do?

Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from... Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network... Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the... Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.

Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally user right... Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group.

To prevent members of the TempWorkers group from accessing the confidential data on the file servers without affecting access to other domain resources, a new GPO should be created and linked to the SecureServers organizational unit. The Deny access to this computer from the network user right should be assigned to the TempWorkers global group. By denying network access to the TempWorkers group, they will be unable to access the file servers and the confidential data contained within them. This solution specifically targets the file servers in the SecureServers OU, ensuring that access to other domain resources is not affected.

Explanation

Submit

5. Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit. You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

Configure the Enforce setting on the software deployment GPO.

Configure the Block Inheritance setting on the R&D organizational unit.

Configure the Block Inheritance setting on the Production organizational unit.

Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group.

By configuring the Block Inheritance setting on the R&D organizational unit, the GPO linked to the Production organizational unit will not be applied to the R&D organizational unit, ensuring that the application is not deployed to users in the R&D organizational unit. Additionally, by configuring security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group, the GPO will be denied for the R&D security group, further preventing the deployment of the application to users in the R&D organizational unit.

Explanation

Submit

6. Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives. You need to apply desktop restrictions to the sales executives group. You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit. What should you do next?

Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.

Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.

Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.

Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.

not-available-via-ai

Explanation

not-available-via-ai

Submit

7. Your company has an Active Directory forest. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements. Your partner company has an Active Directory forest that contains a single domain. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. You need to configure your partner company's domain to use the approved set of administrative templates. What should you do?

Use the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import... Use the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPO to the default domain policy.

Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator.

Copy the ADML files from your company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator.

Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the... Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on the partner company's PDC emulator.

To configure the partner company's domain to use the approved set of administrative templates, the ADMX files (Group Policy administrative templates) need to be copied from the company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator. This will ensure that the partner company's domain can access and apply the approved templates for regulatory compliance requirements.

Explanation

Submit

8. Your company has an Active Directory forest that contains Windows Server 2008 R2 domain controllers and DNS servers. All client computers run Windows XP SP3. You need to use your client computers to edit domain-based GPOs by using the ADMX files that are stored in the ADMX central store. What should you do?

Add your account to the Domain Admins group.

Upgrade your client computers to Windows 7.

Install .NET Framework 3.0 on your client computers.

Create a folder on PDC emulator for the domain in the PolicyDefinitions path. Copy the ADMX files to the PolicyDefinitions... Create a folder on PDC emulator for the domain in the PolicyDefinitions path. Copy the ADMX files to the PolicyDefinitions folder.

not-available-via-ai

Explanation

not-available-via-ai

Submit

9. Your company has an Active Directory forest. The company has branch offices in three locations. Each location has an organizational unit. You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.

Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective organizational units.

Run the Delegation of Control Wizard and delegate the right to link GPOs for the domain to the branch office... Run the Delegation of Control Wizard and delegate the right to link GPOs for the domain to the branch office administrators.

Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units to the... Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators.

To ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units, two actions should be performed.

First, the user accounts of the branch office administrators should be added to the Group Policy Creator Owners Group. This group has the necessary permissions to create and manage GPOs.

Second, the Delegation of Control Wizard should be run to delegate the right to link GPOs for their branch organizational units to the branch office administrators. This will give them the necessary permissions to apply GPOs specifically to their respective organizational units.

Explanation

Submit

10. All consultants belong to a global group named TempWorkers. You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders. You need to record any failed attempts made by the consultants to access the confidential data. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Create and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audit policy setting.

Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.

Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the... Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.

On each shared folder on the three file servers, add the three servers to the Auditing tab.Configure the Failed Full... On each shared folder on the three file servers, add the three servers to the Auditing tab.Configure the Failed Full control setting in the Auditing Entry dialog box.

On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the... On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.

To record any failed attempts made by the consultants to access the confidential data, two actions should be performed. First, a new Group Policy Object (GPO) should be created and linked to the SecureServers organizational unit. Then, the Audit object access Failure audit policy setting should be configured in the GPO. This will enable auditing of failed attempts to access objects on the file servers. Additionally, the TempWorkers global group should be added to the Auditing tab of each shared folder on the three file servers. The Failed Full control setting should be configured in the Auditing Entry dialog box. This will ensure that any failed attempts by consultants to access the confidential data in the shared folders are recorded.

Explanation

Submit

View My Results

Quiz Review Timeline (Updated): Mar 20, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.