2008 Ad Module 4

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Malsader
M
Malsader
Community Contributor
Quizzes Created: 1 | Total Attempts: 172
Questions: 10 | Attempts: 172

SettingsSettingsSettings
Module Quizzes & Trivia

Mini-test for server 2008 AD module 4


Questions and Answers
  • 1. 

    A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.   You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task.   What should you do?

    • A.

      Prestage the computer account in the Active Directory domain.

    • B.

      Add the user to the Domain Administrators group for one day.

    • C.

      Add the user to the Server Operators group in the Active Directory domain.

    • D.

      Grant the user the right to log on locally by using a Group Policy Object (GPO).

    Correct Answer
    A. Prestage the computer account in the Active Directory domain.
    Explanation
    Pre-staging the computer account in the Active Directory domain allows the user to join a single computer to the domain without granting them any additional rights beyond those required for the task. This ensures that the user is only able to perform the specific task of joining the computer to the domain and does not have any unnecessary privileges.

    Rate this question:

  • 2. 

    Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit.   You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit.   What are two possible ways to achieve this goal?   (Each correct answer presents a complete solution. Choose two.)

    • A.

      Configure the Enforce setting on the software deployment GPO.

    • B.

      Configure the Block Inheritance setting on the R&D organizational unit.

    • C.

      Configure the Block Inheritance setting on the Production organizational unit.

    • D.

      Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group.

    Correct Answer(s)
    B. Configure the Block Inheritance setting on the R&D organizational unit.
    D. Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group.
    Explanation
    By configuring the Block Inheritance setting on the R&D organizational unit, the GPO linked to the Production organizational unit will not be applied to the R&D organizational unit, ensuring that the application is not deployed to users in the R&D organizational unit. Additionally, by configuring security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group, the GPO will be denied for the R&D security group, further preventing the deployment of the application to users in the R&D organizational unit.

    Rate this question:

  • 3. 

    Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives.   You need to apply desktop restrictions to the sales executives group.   You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit.   What should you do next?

    • A.

      Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.

    • B.

      Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.

    • C.

      Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.

    • D.

      Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.

    Correct Answer
    A. Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.
  • 4. 

    Your company has an Active Directory forest. The company has branch offices in three locations. Each location has an organizational unit.   You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units.   Which two actions should you perform?   (Each correct answer presents part of the solution. Choose two.)  

    • A.

      Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.

    • B.

      Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective organizational units.

    • C.

      Run the Delegation of Control Wizard and delegate the right to link GPOs for the domain to the branch office administrators.

    • D.

      Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators.

    Correct Answer(s)
    A. Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.
    D. Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators.
    Explanation
    To ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units, two actions should be performed.

    First, the user accounts of the branch office administrators should be added to the Group Policy Creator Owners Group. This group has the necessary permissions to create and manage GPOs.

    Second, the Delegation of Control Wizard should be run to delegate the right to link GPOs for their branch organizational units to the branch office administrators. This will give them the necessary permissions to apply GPOs specifically to their respective organizational units.

    Rate this question:

  • 5. 

    Your company has an Active Directory forest. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements.   Your partner company has an Active Directory forest that contains a single domain. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7.   You need to configure your partner company's domain to use the approved set of administrative templates.   What should you do?

    • A.

      Use the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPO to the default domain policy.

    • B.

      Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator.

    • C.

      Copy the ADML files from your company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator.

    • D.

      Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on the partner company's PDC emulator.

    Correct Answer
    B. Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator.
    Explanation
    To configure the partner company's domain to use the approved set of administrative templates, the ADMX files (Group Policy administrative templates) need to be copied from the company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator. This will ensure that the partner company's domain can access and apply the approved templates for regulatory compliance requirements.

    Rate this question:

  • 6. 

    Your company has an Active Directory forest that contains Windows Server 2008 R2 domain controllers and DNS servers. All client computers run Windows XP SP3.   You need to use your client computers to edit domain-based GPOs by using the ADMX files that are stored in the ADMX central store.   What should you do?

    • A.

      Add your account to the Domain Admins group.

    • B.

      Upgrade your client computers to Windows 7.

    • C.

      Install .NET Framework 3.0 on your client computers.

    • D.

      Create a folder on PDC emulator for the domain in the PolicyDefinitions path. Copy the ADMX files to the PolicyDefinitions folder.

    Correct Answer
    B. Upgrade your client computers to Windows 7.
  • 7. 

    Your company purchases a new application to deploy on 200 computers. The application requires that you modify the registry on each target computer before you install the application.   The registry modifications are in a file that has an .adm extension.   You need to prepare the target computers for the application.   What should you do?

    • A.

      Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational unit that contains the target computers.

    • B.

      Create a Microsoft Windows PowerShell script to copy the .adm file to the startup folder of each target computer.

    • C.

      Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on each target computer.

    • D.

      Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on each target computer.

    Correct Answer
    A. Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational unit that contains the target computers.
  • 8. 

    Your company has an Active Directory domain. All consultants belong to a global group named TempWorkers. The TempWorkers group is not nested in any other groups.   You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders.  You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources.   What should you do?

    • A.

      Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

    • B.

      Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

    • C.

      Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.

    • D.

      Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group.

    Correct Answer
    A. Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.
    Explanation
    To prevent members of the TempWorkers group from accessing the confidential data on the file servers without affecting access to other domain resources, a new GPO should be created and linked to the SecureServers organizational unit. The Deny access to this computer from the network user right should be assigned to the TempWorkers global group. By denying network access to the TempWorkers group, they will be unable to access the file servers and the confidential data contained within them. This solution specifically targets the file servers in the SecureServers OU, ensuring that access to other domain resources is not affected.

    Rate this question:

  • 9. 

    All consultants belong to a global group named TempWorkers.   You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders.   You need to record any failed attempts made by the consultants to access the confidential data.   Which two actions should you perform?   (Each correct answer presents part of the solution. Choose two.)  

    • A.

      Create and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audit policy setting.

    • B.

      Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.

    • C.

      Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.

    • D.

      On each shared folder on the three file servers, add the three servers to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.

    • E.

      On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.

    Correct Answer(s)
    B. Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.
    E. On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
    Explanation
    To record any failed attempts made by the consultants to access the confidential data, two actions should be performed. First, a new Group Policy Object (GPO) should be created and linked to the SecureServers organizational unit. Then, the Audit object access Failure audit policy setting should be configured in the GPO. This will enable auditing of failed attempts to access objects on the file servers. Additionally, the TempWorkers global group should be added to the Auditing tab of each shared folder on the three file servers. The Failed Full control setting should be configured in the Auditing Entry dialog box. This will ensure that any failed attempts by consultants to access the confidential data in the shared folders are recorded.

    Rate this question:

  • 10. 

    Your company has an Active Directory domain and an organizational unit. The organizational unit is named Web. You configure and test new security settings for Internet Information Service (IIS) servers on a server named IISServerA.   You need to deploy the new security settings only on the IIS servers that are members of the Web organizational unit.   What should you do?

    • A.

      Run secedit /configure /db iis.inf from the command prompt on IISServerA, and then run secedit /configure /db webou.inf from the command prompt.

    • B.

      Export the settings on IISServerA to create a security template. Import the security template into a GPO and link the GPO to the Web organizational unit.

    • C.

      Export the settings on IISServerA to create a security template. Run secedit /configure /db webou.inf from the command prompt.

    • D.

      Import the hisecws.inf file template into a GPO and link the GPO to the Web organizational unit.

    Correct Answer
    B. Export the settings on IISServerA to create a security template. Import the security template into a GPO and link the GPO to the Web organizational unit.
    Explanation
    To deploy the new security settings only on the IIS servers that are members of the Web organizational unit, you should export the settings on IISServerA to create a security template. Then, import the security template into a Group Policy Object (GPO) and link the GPO to the Web organizational unit. This ensures that the security settings are applied specifically to the IIS servers within the Web organizational unit, without affecting other servers outside of it.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 20, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Jul 26, 2011
    Quiz Created by
    Malsader
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.