2008 Ad Module 4

10 Questions | Total Attempts: 96

SettingsSettingsSettings
Please wait...
Module Quizzes & Trivia

Mini-test for server 2008 AD module 4


Questions and Answers
  • 1. 
    A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.   You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task.   What should you do?
    • A. 

      Prestage the computer account in the Active Directory domain.

    • B. 

      Add the user to the Domain Administrators group for one day.

    • C. 

      Add the user to the Server Operators group in the Active Directory domain.

    • D. 

      Grant the user the right to log on locally by using a Group Policy Object (GPO).

  • 2. 
    Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit.   You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit.   What are two possible ways to achieve this goal?   (Each correct answer presents a complete solution. Choose two.)
    • A. 

      Configure the Enforce setting on the software deployment GPO.

    • B. 

      Configure the Block Inheritance setting on the R&D organizational unit.

    • C. 

      Configure the Block Inheritance setting on the Production organizational unit.

    • D. 

      Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group.

  • 3. 
    Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives.   You need to apply desktop restrictions to the sales executives group.   You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit.   What should you do next?
    • A. 

      Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.

    • B. 

      Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.

    • C. 

      Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.

    • D. 

      Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.

  • 4. 
    Your company has an Active Directory forest. The company has branch offices in three locations. Each location has an organizational unit.   You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units.   Which two actions should you perform?   (Each correct answer presents part of the solution. Choose two.)  
    • A. 

      Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.

    • B. 

      Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective organizational units.

    • C. 

      Run the Delegation of Control Wizard and delegate the right to link GPOs for the domain to the branch office administrators.

    • D. 

      Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators.

  • 5. 
    Your company has an Active Directory forest. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements.   Your partner company has an Active Directory forest that contains a single domain. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7.   You need to configure your partner company's domain to use the approved set of administrative templates.   What should you do?
    • A. 

      Use the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPO to the default domain policy.

    • B. 

      Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator.

    • C. 

      Copy the ADML files from your company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator.

    • D. 

      Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on the partner company's PDC emulator.

  • 6. 
    Your company has an Active Directory forest that contains Windows Server 2008 R2 domain controllers and DNS servers. All client computers run Windows XP SP3.   You need to use your client computers to edit domain-based GPOs by using the ADMX files that are stored in the ADMX central store.   What should you do?
    • A. 

      Add your account to the Domain Admins group.

    • B. 

      Upgrade your client computers to Windows 7.

    • C. 

      Install .NET Framework 3.0 on your client computers.

    • D. 

      Create a folder on PDC emulator for the domain in the PolicyDefinitions path. Copy the ADMX files to the PolicyDefinitions folder.

  • 7. 
    Your company purchases a new application to deploy on 200 computers. The application requires that you modify the registry on each target computer before you install the application.   The registry modifications are in a file that has an .adm extension.   You need to prepare the target computers for the application.   What should you do?
    • A. 

      Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational unit that contains the target computers.

    • B. 

      Create a Microsoft Windows PowerShell script to copy the .adm file to the startup folder of each target computer.

    • C. 

      Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on each target computer.

    • D. 

      Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on each target computer.

  • 8. 
    Your company has an Active Directory domain. All consultants belong to a global group named TempWorkers. The TempWorkers group is not nested in any other groups.   You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders.  You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources.   What should you do?
    • A. 

      Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

    • B. 

      Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

    • C. 

      Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.

    • D. 

      Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group.

  • 9. 
    All consultants belong to a global group named TempWorkers.   You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders.   You need to record any failed attempts made by the consultants to access the confidential data.   Which two actions should you perform?   (Each correct answer presents part of the solution. Choose two.)  
    • A. 

      Create and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audit policy setting.

    • B. 

      Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.

    • C. 

      Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.

    • D. 

      On each shared folder on the three file servers, add the three servers to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.

    • E. 

      On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.

  • 10. 
    Your company has an Active Directory domain and an organizational unit. The organizational unit is named Web. You configure and test new security settings for Internet Information Service (IIS) servers on a server named IISServerA.   You need to deploy the new security settings only on the IIS servers that are members of the Web organizational unit.   What should you do?
    • A. 

      Run secedit /configure /db iis.inf from the command prompt on IISServerA, and then run secedit /configure /db webou.inf from the command prompt.

    • B. 

      Export the settings on IISServerA to create a security template. Import the security template into a GPO and link the GPO to the Web organizational unit.

    • C. 

      Export the settings on IISServerA to create a security template. Run secedit /configure /db webou.inf from the command prompt.

    • D. 

      Import the hisecws.inf file template into a GPO and link the GPO to the Web organizational unit.

Back to Top Back to top