1. Which of
the following protocols is Active Directory based upon?
A.LDAP
B.L2TP
C.PPTP
D.PPP
E.IPSec
2. . Which
of the following is not a component of Active Directory?
A.Group
Policy
B.Internet Information Services
C.Distribution
Groups
D.Security
Groups
E.All of the
above are components of Active Directory
3.Your
manager asks you to configure Internet Explorer to display the banner “Provided
by Company X.” How will you accomplish this?
A.Within group policy
B.Through
Windows SUS
C.Using
Local Security Policy of each machine
D.Using
Computer Management of the domain server
4. What
protocol provides automatic IP address configuration?
A.DNS
B.DHCP
C.ARP
D.TCP
5. Which of
the following is not a potential advantage of an active directory domain?
A.Centralized
user management
B.Single
sign-in login
C.Enhanced
security management
D.Ability to
deploy software and settings on a large scale
E.Cross-platform compatibility
6. You are
the administrator of an active directory domain. A user complains to you that
he is unable to change his password. No other users have this issue. What is
the most likely cause of the problem?
A.Insufficient
login credentials
B.He is a
member of the Administrators group
C.He is not
a member of the domain
D.The property “User cannot change password” has been
enabled in Active Directory Users and Computers
7. Which of
the following is arranged in the correct Active Directory organizational order
(largest to smallest)?
A.Forest,
Domain, Tree, Branch, Computer
B.Tree,
Forest, Domain, Computer
C.Computer,
Forest, Domain, Tree
D.Forest,
Tree, Computer, Domain
E.Forest, Tree, Domain, Computer
8. You are the administrator of a small business Active Directory
domain server. Your users complain that they are unable to add more than 1 GB
to their “My Documents” folders on their computers. What is the most likely
cause of the issue?
A.Incorrect folder redirection
configuration
B.Insufficient disk space on local machines
C.Incorrect configuration of disk management
D.Insufficient user credentials
E. User error
9. Which of
the following is not an organizational unit within an Active Directory
environment?
A.User
B.Security
Group
C.Distribution
Group
D.Computer
E.Administrative Group
10. Which of
the following is a potential issue when converting a network from a workgroup
to a domain?
A.Ensuring that computers correctly join the domain and
users migrate from local to domain profiles
B.Reduced
security as a result of domain login
C.Difficulty
in users logging into the new, decentralized system
D.High
difficulty in converting a Windows 2003 Server from a workgroup to domain
server
E.Inability
to effectively configure group security policy in a domain
11. Which of
the following modes is associated with the backup and saving of critical domain
server information?
A.Safe mode
B.Safe mode
with networking
C.Safe mode
with command prompt
D.Last known
good configuration mode
E.None of the above
12. You are
the manager and administrator of a large network using both Windows Server 2003
and UNIX infrastructure. Which of the following allows for limited
cross-platform compatibility between the company domain COMPANY and the Unix
nodes?
A.GPEDIT
B.SAMBA
C.IPCHAINS
D.KEREBOS
E.BASH
13. You are
the administrator of a small business network that wishes to use an email
server program, Microsoft Exchange, in conjunction with the domain you have
established. You already use the domain server as both a DHCP server/gateway
and a Windows domain controller. Which of the following is a potential issue
when setting up the email server?
A.Domains
are not compatible with other messaging services such as email and SMS servers
B.Domains
operate on a different layer of the seven-layer network hierarchy
C.Computers
on domains must be assigned the same IP address as the domain server
D.The firewall on the domain server could block the
traffic from the email application
14. Which of
the following groups can always login to a server via Directory Services
Restore Mode?
A.Administrators
only
B.Administrators
and Power Users
C.Administrators,
Power Users, and Backup Operators
D.Power
Users and Backup Operators
E.Administrators and Backup Operators
15. A user
complains that after repeated attempts at logging onto his domain account, he
continues to receive the message that the username and/or password are
incorrect. You are positive that he is entering the correct credentials to
login to the domain server. Which of the following is the most likely
explanation for this issue?
A.His
network connection is not working correctly
B.The domain
server is not recognizing his computer as a registered node
C.He is logging onto his computer and not the actual
domain
D.The domain
controller’s login server is not working correctly
E.He has a
faulty Windows installation
16. What is
a potential issue with allowing multiple concurrent connections to an IIS
server that is used on the same server as a domain controller?
A.Security
could be breached by a buffer overflow error
B.The
bandwidth and processing power used to access IIS could take away from the
available bandwidth/processing power of the domain controller
C.IIS often
interferes with the correct operation of a domain controller
D.The SAM
Security Database will undergo over-extension as it is being accessed too much
by both the IIS and the domain servers
E.None of the above are potential issues
17. A user
complains to you that he is experiencing difficulties with his Windows installation
and wishes to re-install Windows. Which of the following utilities would you
use to remotely perform an installation via network?
A.Netprep
B.Riprep
C.Config
D.Netconfig
E.None of
the above
18. Which of
the following is a typical concern involved in migrating from Windows 2000
Server to Windows Server 2003 with regard to Active Directory functionality?
A.Difficulty
in migrating existing user accounts
B.Difficulty
in migrating existing group policy
C.Reduced
cross-platform compliance in Windows Server 2003
D.Compatibility of legacy applications on the new server
E.Compliance
of Server 2003 with LDAP specifications
19. Your
company runs Windows Server 2003 with an Active Directory domain controller and
group policy. A user complains that he is experiencing trouble with his
desktop, and explains that he is unable to change the image of the background
of the screen. His username is JOHN and his group is USERS. Your manager asks
you to resolve the issue. How can you best resolve this issue?
A.Disable
group policy management for USERS
B.Disable
group policy management for JOHN
C.Disable
the desktop control policy option for USERS
D.Disable
the desktop control policy option for JOHN
E.Add JOHN to a new group SPECIAL USERS, copy the group
policy management settings from USERS, and apply it to SPECIAL USERS with the
exception of the desktop policy option
20. You are
the network administrator for a Windows-based network with 100 users. You wish
to organize the users by the department in which they work – Accounting,
Engineering, and so forth. You also wish to apply access controls to centrally
located (server-side) resources based on those assigned groups. Without the
installation of additional software, which of the following is not necessary to
apply this access control scheme?
A.Active
Directory
B.TCP/IP
C.Creation
of non-default groups
D.Creation of group policy settings
E.Creation
of access control list for server resources
21. Which of
the following is an advantage of using login scripts in Active Directory?
A.They allow for routine and forced execution of commands
and programs
B.They allow
for scheduled, routine, and forced execution of commands and programs
C.They allow
for scheduled and optional execution of commands and programs
D.They allow
for routine and user-induced execution of commands and programs
E.They allow
for scheduled and forced execution of commands and programs
22 Your
manager asks you to implement a solution that would allow for the creation of
two separate logical groupings of networked computers, both of which fall under
a single, general company tree. Which of the following will accomplish this
goal?
A.Create two
forests and one domain
B.Create two
trees and one domain
C.Create
three domains
D.Create one forest and two domains
E.Create one
forest, two trees, and four domains
23. Your
manager asks you to crack down on extraneous Internet usage by deviant domain
users. You are responsible for the domain controller only; the gateway and
routing is administered by one of your peers. What should you tell your
manager?
A.Internet access control is not a function of Active
Directory, and therefore the request should be sent to a different
administrator
B.You will
install a DHCP server in conjunction with a WINS control server
C.You will
configure Internet Access Control Options via Administrative Tools
D.You will
configure Internet Information Services
E.You will
configure Windows Firewall to restrict network traffic
24. Which of
the following is true of Active Directory in regard to the seven-layer OIC
networking hierarchy?
A.Active
Directory operates in the Data Link layer
B.Active
Directory operates in the Physical layer
C.Active
Directory operates in the Network layer
D.Active
Directory operates in the Presentation layer
E.None of the above
25. A user
complains that he cannot access his account on the domain COMPANY and that the
server reports that his account has been disabled. How would you best go about
correcting the issue?
A.Delete his
current account and create an account with an identical username and password
B.Copy his
disabled account, rename the old account, and change the new account to the
original name
C.Uncheck the “Account is Disabled” option under the
Properties for his account
D.Check the
“Account is Enabled” option under the Properties for his account
E.Assign him
a new password and ask him to change it when he has logged on
26. Your
manager asks you to implement a solution that allows domain users to share a
common desktop background and certain desktop items. You go to Group Policy
Management, but upon changing the settings, you notice that the desktops do not
change. What should you first assume is the issue?
A.Group
policy has been configured incorrectly
B.The
computers/users are not in the correct groups in group policy
C.The PC requires a logoff/logon before the new settings
will be pulled
D.The
Windows installation on the PC is defective
E.The
Windows Server 2003 installation on the server has not been configured
correctly
27. Which of
the following accurately describes the difference between a normal and a
fault-tolerant DFS installation?
A.Fault-tolerant
DFS stores all file system topology
B.Fault-tolerant
DFS uses more processing power
C.Fault-tolerant DFS stores all file system topology on a
separate server
D.Fault-tolerant
DFS uses RAID 1
E.Fault-tolerant
DFS is incapable of using RAID
28. Which of
the following is not a hidden share on a Windows Server 2003 installation?
A.Admin$
B.IPC$
C.Printstor$
D.Print$
E.SYSVOL
29. You have
a single Active Directory domain. All domain controllers run Windows Server
2008 and are configured as DNS servers. The domain contains one Active
Directory-integrated DNS zone. You need to ensure that outdated DNS records are
automatically removed from the DNS zone. What should you do?
A.From the
properties of the zone, modify the TTL of the SOA record.
B.From the properties of the zone, enable scavenging.
C.From the
command prompt, run ipconfig /flushdns.
D.From the
properties of the zone, disable dynamic updates.
30.Your
network consists of a single Active Directory domain. All domain controllers
run Windows Server 2008 R2. The Audit account management policy setting and
Audit directory services access setting are enabled for the entire domain. You
need to ensure that changes made to Active Directory objects can be logged. The
logged changes must include the old and new values of any attributes.
What should you do?
A.Run auditpol.exe and then configure the Security
settings of the Domain Controllers OU.
B.From the
Default Domain Controllers policy, enable the Audit directory service access
setting and enable directory service changes.
C.Enable the
Audit account management policy in the Default Domain Controller Policy.
D.Run
auditpol.exe and then enable the Audit directory service access setting in the
Default Domain policy.
31. Your
company, Contoso Ltd has a main office and a branch office. The offices are
connected by a WAN link. Contoso has an Active Directory forest that contains a
single domain named ad.contoso.com. The ad.contoso.com domain contains
one domain controller named DC1 that is located in the main office. DC1 is
configured as a DNS server for the ad.contoso.com DNS zone. This zone is
configured as a standard primary zone. You install a new domain
controller named DC2 in the branch office. You install DNS on DC2. You
need to ensure that the DNS service can update records and resolve DNS queries
in the event that a WAN link fails. What should you do?
A.Create a
new stub zone named ad.contoso.com on DC2.
B.Create a
new standard secondary zone named ad.contoso.com on DC2.
C.Configure
the DNS server on DC2 to forward requests to DC1.
D.Convert the ad.contoso.com zone on DC1 to an Active
Directory-integrated zone.
32. Your company has a server
that runs an instance of Active Directory Lightweight Directory Service (AD
LDS). You need to create new organizational units in the AD LDS application
directory partition. What should you do?
A.Use the
dsmod OU command to create the organizational units.
B.Use the
Active Directory Users and Computers snap-in to create the organizational units
on the AD LDS application directory partition.
C.Use the
dsadd OU command to create the organizational units.
D.Use the ADSI Edit snap-in to create the organizational
units on the AD LDS application directory partition
33. Your
company has an Active Directory domain. The company has two domain controllers
named DC1 and DC2. DC1 holds the Schema Master role. DC1 fails. You log
on to Active Directory by using the administrator account. You are not able to
transfer the Schema Master operations role. You need to ensure that DC2
holds the Schema Master role. What should you do?
A.Configure
DC2 as a bridgehead server.
B.On DC2, seize the Schema Master role.
C.Log off
and log on again to Active Directory by using an account that is a member of
the Schema Administrators group. Start the Active Directory Schema snap-in.
D.Register
the Schmmgmt.dll. Start the Active Directory Schema snap-in.
34. Your
network consists of an Active Directory forest that contains one domain named
contoso.com. All domain controllers run Windows Server 2008 R2 and are
configured as DNS servers. You have two Active Directory-integrated zones:
contoso.com and nwtraders.com. You need to ensure a user is able to modify
records in the contoso.com zone. You must prevent the user from modifying the
SOA record in the nwtraders.com zone. What should you do?
A.From the
Active Directory Users and Computers console, run the Delegation of Control
Wizard.
B.From the
Active Directory Users and Computers console, modify the permissions of the
Domain Controllers organizational unit (OU).
C.From the DNS Manager console, modify the permissions of
the contoso.com zone.
D.From the
DNS Manager console, modify the permissions of the nwtraders.com zone.
35. Your
company has an Active Directory domain. All servers run Windows Server 2008 R2.
Your company uses an Enterprise Root certificate authority (CA). You need to
ensure that revoked certificate information is highly available. What should
you do?
A.Implement
an Online Certificate Status Protocol (OCSP) responder by using an Internet
Security and Acceleration Server array.
B.Publish
the trusted certificate authorities list to the domain by using a Group Policy
Object (GPO).
C.Implement an Online Certificate Status Protocol (OCSP)
responder by using Network Load Balancing.
D.Create a
new Group Policy Object (GPO) that allows users to trust peer certificates.
Link the GPO to the domain.
36. You have
two servers named Server1 and Server2. Both servers run Windows Server 2008 R2.
Server1 is configured as an enterprise root certification authority (CA). You
install the Online Responder role service on Server2. You need to configure
Server1 to support the Online Responder. What should you do?
A.Import the
enterprise root CA certificate.
B.Configure
the Certificate Revocation List Distribution Point extension.
C.Configure the Authority Information Access (AIA)
extension.
D.Add the
Server2 computer account to the CertPublishers group.
37. Your
company has an Active Directory domain. A user attempts to log on to a computer
that was turned off for twelve weeks. The administrator receives an error
message that authentication has failed. You need to ensure that the user is
able to log on to the computer. What should you do?
A.Run the
netsh command with the set and machine options.
B.Reset the computer account. Disjoin the computer from
the domain, and then rejoin the computer to the domain.
C.Run the
netdom TRUST /reset command.
D.Run the
Active Directory Users and Computers console to disable, and then enable the
computer account.
38. Your
company has an Active Directory forest that contains a single domain. The
domain member server has an Active Directory Federation Services (AD FS) role
installed. You need to configure AD FS to ensure that AD FS tokens contain
information from the Active Directory domain. What should you do?
A.Add and
configure a new account partner.
B.Add and
configure a new resource partner.
C.Add and configure a new account store.
D.Add and
configure a Claims-aware application
39. You
network consists of a single Active Directory domain. All domain controllers
run Windows Server 2008 R2. You need to reset the Directory Services Restore
Mode (DSRM) password on a domain controller. What tool should you use?
A.Active
Directory Users and Computers snap-in
B.ntdsutil
C.Local
Users and Groups snap-in
D.dsmod
40. Your
company has a main office and a branch office. You deploy a read-only domain
controller (RODC) that runs Microsoft Windows Server 2008 to the branch office.
You need to ensure that users at the branch office are able to log on to the
domain by using the RODC. What should you do?
A.Add
another RODC to the branch office.
B.Configure
a new bridgehead server in the main office.
C.Decrease
the replication interval for all connection objects by using the Active
Directory Sites and Services console.
D.Configure the Password Replication Policy on the RODC.
41. Your
company has a single Active Directory domain named intranet.adatum.com. The
domain controllers run Windows Server 2008 and the DNS server role. All
computers, including non-domain members, dynamically register their DNS
records. You need to configure the intranet.adatum.com zone to allow only
domain members to dynamically register DNS records. What should you do?
A.Set dynamic updates to Secure Only.
B.Remove the
Authenticated Users group.
C.Enable
zone transfers to Name Servers.
D.Deny the
Everyone group the Create All Child Objects permission.
42. Your
network consists of a single Active Directory domain. All domain controllers
run Windows Server 2008 R2 and are configured as DNS servers. A domain
controller named DC1 has a standard primary zone for contoso.com. A domain
controller named DC2 has a standard secondary zone for contoso.com. You need to
ensure that the replication of the contoso.com zone is encrypted. You must not
lose any zone data. What should you do?
A.Convert
the primary zone into an Active Directory-integrated stub zone. Delete the
secondary zone.
B.Convert the primary zone into an Active
Directory-integrated zone. Delete the secondary zone.
C.Configure
the zone transfer settings of the standard primary zone. Modify the Master
Servers lists on the secondary zone.
D.On both
servers, modify the interface that the DNS server listens on.
43. Contoso,
Ltd. has an Active Directory domain named ad.contoso.com. Fabrikam, Inc. has an
Active Directory domain named intranet.fabrikam.com. Fabrikam's security policy
prohibits the transfer of internal DNS zone data outside the Fabrikam network.
You need to ensure that the Contoso users are able to resolve names from the
intranet.fabrikam.com domain. What should you do?
A.Create a
new stub zone for the intranet.fabrikam.com domain.
B.Configure conditional forwarding for the
intranet.fabrikam.com domain.
C.Create a
standard secondary zone for the intranet.fabrikam.com domain.
D.Create an
Active DirectoryCintegrated zone for the intranet.fabrikam.com domain.
44. An
Active Directory database is installed on the C volume of a domain controller.
You need to move the Active Directory database to a new volume. What should you
do?
A.Copy the
ntds.dit file to the new volume by using the ROBOCOPY command.
B.Move the
ntds.dit file to the new volume by using Windows Explorer.
C.Move the
ntds.dit file to the new volume by running the Move-item command in Microsoft
Windows PowerShell.
D.Move the ntds.dit file to the new volume by using the
Files option in the Ntdsutil utility
45. Your
company has file servers located in an organizational unit named Payroll. The
file servers contain payroll files located in a folder named Payroll. You
create a GPO. You need to track which employees access the Payroll files on the
file servers. What should you do?
A.Enable the
Audit process tracking option. Link the GPO to the Domain Controllers
organizational unit. On the file servers, configure Auditing for the
Authenticated Users group in the Payroll folder.
B.Enable the Audit object access option. Link the GPO to
the Payroll organizational unit. On the file servers, configure Auditing for
the Everyone group in the Payroll folder.
C.Enable the
Audit process tracking option. Link the GPO to the Payroll organizational unit.
On the file servers, configure Auditing for the Everyone group in the Payroll
folder.
D.Enable the
Audit object access option. Link the GPO to the domain. On the domain
controllers, configure Auditing for the Authenticated Users group in the
Payroll folder.
46. Your
company uses a Windows 2008 Enterprise certificate authority (CA) to issue
certificates. You need to implement key archival. What should you do?
A.Configure
the certificate for automatic enrollment for the computers that store encrypted
files.
B.Install an
Enterprise Subordinate CA and issue a user certificate to users of the
encrypted files.
C.Apply the
Hisecdc security template to the domain controllers.
D.Archive the private key on the server.
47. Your
company has an Active Directory domain that runs Windows Server 2008 R2. The
Sales OU contains an OU for Computers, an OU for Groups, and an OU for Users.
You perform nightly backups. An administrator deletes the Groups OU. You need
to restore the Groups OU without affecting users and computers in the Sales OU.
What should you do?
A.Perform an
authoritative restore of the Sales OU.
B.Perform a
non-authoritative restore of the Sales OU.
C.Perform an authoritative restore of the Groups OU.
D.Perform a
non-authoritative restore of the Groups OU.
48. Your
network consists of a single Active Directory domain. The functional level of
the forest is Windows Server 2008 R2. You need to create multiple password
policies for users in your domain. What should you do?
A.From the
Group Policy Management snap-in, create multiple Group Policy objects.
B.From the
Schema snap-in, create multiple class schema objects.
C.From the ADSI Edit snap-in, create multiple Password
Setting objects.
D.From the
Security Configuration Wizard, create multiple security policies.
49. You have
a domain controller that runs Windows Server 2008 R2 and is configured as a DNS
server. You need to record all inbound DNS queries to the server. What should
you configure in the DNS Manager console?
A.Enable debug logging.
B.Enable
automatic testing for simple queries.
C.Configure
event logging to log errors and warnings.
D.Enable
automatic testing for recursive queries.
50. Your company
has a main office and a branch office. The company has a single-domain Active
Directory forest. The main office has two domain controllers named DC1 and DC2
that run Windows Server 2008 R2. The branch office has a Windows Server 2008 R2
read-only domain controller (RODC) named DC3. All domain controllers hold the
DNS Server role and are configured as Active Directory-integrated zones. The
DNS zones only allow secure updates. You need to enable dynamic DNS updates on
DC3. What should you do?
A.Run the
Dnscmd.exe /ZoneResetType command on DC3.
B.Reinstall Active Directory Domain Services on DC3 as a
writable domain controller.
C.Create a
custom application directory partition on DC1. Configure the partition to store
Active Directory-integrated zones.
D.Run the
Ntdsutil.exe > DS Behavior commands on DC3.
51. Your
company has a branch office that is configured as a separate Active Directory
site and has an Active Directory domain controller. The Active Directory site
requires a local Global Catalog server to support a new application. You need
to configure the domain controller as a Global Catalog server. Which tool
should you use?
A.The Server
Manager console
B.The Active Directory Sites and Services console
C.The
Dcpromo.exe utility
D.The
Computer Management console
E.The Active
Directory Domains and Trusts console
52. Your
company has a main office and three branch offices. The company has an Active
Directory forest that has a single domain. Each office has one domain
controller. Each office is configured as an Active Directory site. All sites
are connected with the DEFAULTIPSITELINK object. You need to decrease the
replication latency between the domain controllers. What should you do?
A.Decrease
the replication schedule for the DEFAULTIPSITELINK object.
B.Decrease the replication interval for the
DEFAULTIPSITELINK object.
C.Decrease
the cost between the connection objects.
D.Decrease
the replication interval for all connection objects.
53. Your
company has two Active Directory forests named contoso.com and fabrikam.com.
Both forests run only domain controllers that run Windows Server 2008. The
domain functional level of contoso.com is Windows Server 2008. The domain
functional level of fabrikam.com is Windows Server 2003 Native mode. You
configure an external trust between contoso.com and fabrikam.com. You need to
enable the Kerberos AES encryption option. What should you do?
A.Raise the
forest functional level of fabrikam.com to Windows Server 2008.
B.Raise the domain functional level of fabrikam.com to
Windows Server 2008
C.Raise the
forest functional level of contoso.com to Windows Server 2008.
D.Create a
new forest trust and enable forest-wide authentication.
54. Your
company has an Active Directory forest that runs at the functional level of
Windows Server 2008. You implement Active Directory Rights Management
Services (AD RMS). You install Microsoft SQL Server 2005. When you
attempt to open the AD RMS administration Web site, you receive the following
error message: "SQL Server does not exist or access denied."
You need to open the AD RMS administration Web site. Which two actions
should you perform? (Each correct answer presents part of the solution. Choose
two.)
A.Restart
IIS.
B.Manually
delete the Service Connection Point in AD DS and restart AD RMS.
C.Both A. and D.
D.Start the
MSSQLSVC service.
55. You are
decommissioning domain controllers that hold all forest-wide operations master
roles. You need to transfer all forest-wide operations master roles to another
domain controller. Which two roles should you transfer? (Each correct answer
presents part of the solution. Choose two.)
A.Domain
naming master
B.Infrastructure
master
C.RID master
D.Schema
master
E.Both A. and D.
56. Your
company has an Active Directory domain named ad.contoso.com. The domain has two
domain controllers named DC1 and DC2. Both domain controllers have the DNS
server role installed. You install a new DNS server named
DNS1.contoso.com on the perimeter network. You configure DC1 to forward all
unresolved name requests to DNS1.contoso.com. You discover that the DNS
forwarding option is unavailable on DC2. You need to configure DNS
forwarding on the DC2 server to point to the DNS1.contoso.com server.
Which two actions should you perform? (Each correct answer presents part of the
solution. Choose two.)
A.Clear the
DNS cache on DC2.
B.Configure
conditional forwarding on DC2.
C.Configure
the Listen On address on DC2.
D.Delete the
Root zone on DC2.
E. Both B and D
57. Your
company has an organizational unit named Production. The Production organizational
unit has a child organizational unit named R&D. You create a GPO named
Software Deployment and link it to the Production organizational unit.
You create a shadow group for the R&D organizational unit. You need to
deploy an application to users in the Production organizational unit.
You also need to ensure that the application is not deployed to users in the
R&D organizational unit. What are two possible ways to achieve this
goal? (Each correct answer presents a complete solution. Choose two.)
A.Configure
the Block Inheritance setting on the Production organizational unit.
B.Configure
the Block Inheritance setting on the R&D organizational unit.
C.Configure
the Enforce setting on the software deployment GPO.
D.Configure
security filtering on the Software Deployment GPO to Deny Apply group policy
for the R&D security group.
E. Both B and D
58. All
consultants belong to a global group named TempWorkers. You place three file
servers in a new organizational unit named SecureServers. The three file
servers contain confidential data located in shared folders. You need to record
any failed attempts made by the consultants to access the confidential data.
Which two actions should you perform? (Each correct answer presents part of the
solution. Choose two.)
A.Create and
link a new GPO to the SecureServers organizational unit. Configure the Deny
access to this computer from the network user rights setting for the
TempWorkers global group.
B.Create and
link a new GPO to the SecureServers organizational unit. Configure the Audit
privilege use Failure audit policy setting.
C.Create and
link a new GPO to the SecureServers organizational unit. Configure the Audit
object access Failure audit policy setting.
D.On each
shared folder on the three file servers, add the TempWorkers global group to
the Auditing tab. Configure the Failed Full control setting in the Auditing
Entry dialog box.
E.Both C and D
59. When a
computer learns another computer's MAC address, it keeps the address in its ...
A.arp cache
B.arp file
C.arp query
D.bit bucket
60. What is
the only real downside of stub zone?
A.like
conditional forwarders, if a DNS server's address changes, it must be updated
maunally
B.it can
only hold CNAME records
C.you have
to configure zone transfers
D.Additional traffic created by replicating zone
information
61. When
configuring folder and file permissions, use the _____ button on the folder
properties Security tab to change which groups and users have permissions to a
folder.
A.General
B.Edit
C.Modify
D.Tools
62. In the
Windows environment, a _____ is a group of DLLs, information files, and
programs that processes print jobs for printing.
A.driver
B.renderer
C.queue
manager
D.spooler
63. What is
the IPv6 equivalent of IPv4's loop back address of 127.0.0.1?
A.127.0.0.1
B.fe80:0:0:0:0:0:0:1
C.0:0:0:0:0:0:fe80
D.::1
64. You're
taking an older server performing the PDC emulator master role out of service
and will be replacing it with a new server configured as a domain controller.
What should you do to ensure the smoothest transition?
A.Transfer the PDC master role to the new domain
controller, and then shut down the old server
B.shutdown
the current PDC master and seize the PDC master role from the new domain
controller
C.back up
the domain controller that's currently the PDC master, restore it to the new
domain controller, then shut down the old PDC master
D.shutdown
the current PDC master, and then transfer the PDC master role to the new domain
controller
65. Which of
the following is an important requirement for running Hyper-V?
A.Must have
at least Windows Server 2008 Web Edition installed
B.Must have
a multi core CPU
C.Must have
a multi socket motherboard
D.Must have at least Windows Server 2008 64-bit Standard
Edition
66. A ______
is one in which every child object contains the name of the parent object.
A.disjointed
namespace
B.logical
namespace
C.contained
namespace
D.contiguous namespace
67. For
several hours now, your IT staff has been trying to troubleshoot an issue on
AppSrv1. AppSrv1 uses an application that requires it to access SQL
database on a server named DBSrv1 but recent changes in the network topology
have outdated previous DNS entries. Initially, the problem is believed related
to the DNS database, but after using nslookup, you find that the DNS entry is
correct. AppSrv1 can reach the DBSrv1 server manually by IP address, but
when using a name, it resolves to the wrong machine. What is most likely the
issue?
A.AppSrv1
has a static route entry to DBSrv1
B.nslookup
was pulling from the correct DNS server, but the computer is configured with
the wrong DNS server
C.A
conditional forward zone has not been set up properly
D.someone added a static entry for DBSrv1 in the hosts
text file which is now outdated.
68. A _____
is a TCP/IP-based concept (container) within Active Directory that is
linked to IP subnets.
A.forest
B.domain
C.site
D.tree
69. One of
your partner organizations currently has to provide logon credentials to access
criticial applications on your extranet's web site. While this has worked
in the past, a recent metting has brought to light the need for singole sign-on
capabilities for the website. After researching the issue, you discover
that one of Windows Server 2008's new Active Directory roles can help solve the
problem. Which of the following answers allows you to create a trust
relationshiop between your extranet and your partner organization?
A.Active Directory Federation Services (AD FS)
B.Active
Directory Lightweight Directory Services (AD LDS)
C.Active
Directory Rights Management Services (AD RMS)
D.Active
Directory Advanced Integration Services (AD AIS)
70. Under
what MMC would you create new connection objects?
A.Active Directory Sites and Services
B.Active
Directory Users and Computers
C.Active
Directory Network and Connection Objects
D.Active
Directory Domains and Trusts
71. Which of
the following features is not present in Windows Server 2003 domain functional
level?
A.Domain
controller renaming
B.selective
authentication
C.logon
timestamp replication
D.fine-grained password policies
72. If you
make changes to an existing GPO that is already linked in Active Directory, how
fast do the policy settings take effect?
A.50 seconds
B.30 minutes
C.1 hour
D.As soon as the client downloads them
73. To _____
an object means to make it available for users to access when they view Active
Directory contents.
A.inherit
B.control
C.present
D.publish
74. If
multiple default gateways are assigned to a computer (such as a multihomed
server), what determines which default gateway will be used?
A.a random
process
B.the
default gateway with the highest address is the one used
C.the metric
D.the
gateway on the smaller subnet will be used
75. Which of
the following tools is the basic application responsible for loading more
useful management related snap-ins?
A.Disk
Management
B.Internet
Information Services Manager
C.Hyper V
Manager
D.Microsoft Management Console
76. If
multiple servers are specified in the forwarders tab of a server's Properties,
what happens if a query is made and none of the forwarders provide a response?
A.a normal recursive lookup process is initiated,
starting with a root server
B.the query
fails and the DNS server sends a failure reply to the client
C.the query
is then passed to conditional forwarders
D.the query
is cached until it can be resolved
77. You are
in charge of a domain that contains several office rooms and one large computer
commons area. In order to secure accounts in the domain, you want to
apply separate account policies for the computers in the commons area, while
maintaining the policies that are used in the office rooms. Currently,
all computers are in the Computers folder. What is the most efficent way
to accomplish this task?
A.Create a new OU called "CommonsArea" and move
the commons area computer accounts into it. Create a new GPO and configure the
desired account policies. Link the new GPO to the CommonsArea OU
B.Create a
new domain on a new domain controller to service the commons area
C.The policy
settings must be assigned manually on the local computer GPO's in the commons
area
D.Create a
new GPO and specify the computer accounts of the computers in the commons area
then apply the desired account policies. Finally, link the new GPO to the
domain.
78. One of
the below IP address / subnet mask pairs is invalid; find the invalid answer.
A.10.0.239.254/255.0.255.0
B.172.31.1.200/255.255.0.0
C.192.168.2.190/255.255.255.128
D.10.200.139.1/255.255.255.248
79. Which of
the following is not a common way to configure DNS for a forest trust?
A.Conditional
forwarders
B.Stub zone
C.secondary
zone
D.Caching DNS
80. Which is
not a benefit of using virtual machines?
A.virtual
machines consolidate resources
B.virtualization
isolates critical applications for testing and troubleshooting purposes
C.virtual
machines can be used to provide access to multiple OSs in an educational
environment
D.virtual machines have reduced hardware and software
requirements
81. The
Network Devices Enrollment Services (NDES) allows network devices such as
routers and switches, to obtain certificates by using a special Cisco
proprietary protocol known as ....
A.Simple Certificate Enrollment Protocol (SCEP)
B.Special
Device Certification Protocol (SDCP)
C.Secured
Network Device Protocol (SNMP)
D.Special
Certificate Enrollment Protocol (SCEP)
82. Last
Friday, your organization deployed a brand new Server Core installation of
Windows Server 2008. To simplify adminstrative tasks and to prevent
downtime your organization makes use of monitoring software that continually
tests connectivity. This monitoring software then sends text messages to
a specific group of administrators if it should detect that a server is
unreachable for any reason. On Monday, when the Server Core's IP address was
placed into the monitoring software, the group of administrators received a
text almost immediately telling them that the Server Core machine was
unreachable. The administrator on-call says that on Friday, he was able
to ping the Server Core box to a well known internet address, as well as
several servers on the local network. On Monday, he attempts to ping the
Server Core installation from his workstation for the first time and does not
receive a response. Assuming that the Server Core installation is using default
settings, what is most likely the issue?
A.Over the
weekend, Windows Update ran and downloaded a driver update for the ethernet
card without disabling the original driver, causing it to malfunction. Using
the command waus.exe /purge /recent should fix the issue
B.the Server
Core machine has the TCP/IP protocol enabled on the outgoing protocol list for
the configured network interface, but not for the incoming list. It must be
added in the interface's Properties dialog box
C.The
network cable is installed for the server has failed over the weekend, and
should be replaced to restore normal network connectivity.
D.Windows Server 2008's firewall is blocking ICMP Echo
Request packets by default. To fix the issue, you must type netsh firewall set
icmpsetting 8
83. A(n)
______ is a list of privleges given to an account or security group granting
access to an object, such as a shared folder or shared printer.
A.ACL
B.ACE
C.attribute
list
D.GPO
84. Windows
Server 2008 is activated automatically after several days. However, if it can't
be activated, how many days do you have to active Windows Server 2008 before
you can no longer log on?
A.30 days
B.15 days
C.60 days
D.90 days
85. If
correct time zone information is not used and your servers' clocks run at
different times, what is most likely to have issuses on your network?
A.Windows
Update
B.IP address
assignment
C.program
performance
D.User authentication
86. When
examining a Workgroup Model, a Windows Server 2008 server that participates in
a workgroup is referred to as a _____.
A.domain
controller
B.member
server
C.stand-alone server
D.stand-alone
member server
87. You are
constructing a server for a small office complex that will run for
approximately 12 hours everyday. Because of a limited budget, you have decided
to use a disk subsystem that is inexpensive and offers excellent performance.
Pick the technology that best fits this description.
A.SCSI
B.SATA
C.PATA
D.SAS
88. The main
purpose of Active Directory is to _.
A.Provide authentication and authorization to users and
computers.
B.Provide
File and Print services
C.Give
administrators the ability to control access to restricted hardware
D.allow
users to organize their files systems into a cohesive and high performance
directory structure
89. What
command can you type to perform a system state backup?
A.wbadmin start systemstatebackup
B.wbadmin
start sysstatebackup
C.wbadmin
begin systemstatebackup
D.wbadmin
start statebackup
90. Which
command below can be used to add your Server Core system as a domain member?
A.netdom
B.dcpromo
C.netsh
D.domjoin
91. When
using HTTPS, after the web client finds that CA is trusted and the
signature on a certficate is verified, the web client sends additional
parameters to the server that are encrypted with the server's ....
A.Private
key
B.Public key
C.Secret key
D.Ciphertext
92. What
does round robin do?
A.Allows an
administrator to configure multiple routes that user must make
"rounds" through in order to reach a service, improving security
B.causes
network performance issues by continuously rotating the IP addresses associated
with services
C.creates
invalid DNS records by disabling DNS timestamp scavenging
D.creates a load sharing/ balancing mechanism for servers
that have identical services, such as two servers that hose the same website.
93. What
type of information does a resource record of type A contain?
A.host
B.name
server
C.state of
authority
D.IPv6 host
94. Windows
Server 2008 Enterprise is capable of being configured with failover clustering
for up to how many nodes?
A.4 nodes
B.8 nodes
C.16 nodes
D.30 nodes
95. _____
are used in Microsoft operating systems to provide a consistent working
environment for one or more users.
A.Environments
B.Settings
C.Templates
D.Profiles
96. You work
for the large Example.com corporation. Recently, Example.com has been
adding new branch offices at a steady rate. Just last week, a new branch
office was created and now you have been put in charge of configuring group
policy settings for the branch office. Because this branch office will be
fairly large, it will be set up as a separate domain. Since there are several
branch offices with similar GPO requirements, you want to be able to make use
of GPOs that have already proven to be useful. What is the easiest way to
make the policies in this new branch office similar to those already in place?
A.Manually
recreate all GPO settings from the other domains and link them to the new
domain
B.Use GPO migration by adding the domains with the policies
you want to GPMC, and then copy and paste them.
C.Use CSVDE
import the GPOs via comma separated values in text files
D.backup the
desired GPOs on the domains you want to mimic, then restore the GPOs in the new
domain.
97. You are
the administrator of a domain whose users are experiencing difficulties in
properly updating their respective Windows installations with the latest
upgrades and patches. Which of the following is the best solution?
A.Disable
Active Directory and manage the machines as a workgroup
B.Disable
the “Manage my Own Security” option within Control Panel
C.Use Group
Policy to require the regular automatic updating of Windows
D.Employ Windows Server Update Services in conjunction
with Group Policy
98. What is
a major drawback to enabling the auditing of object access?
A.decreased
security
B.too much
information is logged
C.not ideal
for highly secure environment
D.involves considerable overhead
99. When a
print job is processed over the Internet or an intranet, _____ must be
installed and running in Windows Server 2008.
A.Windows
Distribution Services (WDS)
B.Internet Information Services (IIS)
C.Windows
Support Services (WSS)
D.Web Server
Service (WSS)
100. Which
description best fits the CA Administrator role?
A.Approves
requests for certificate enrollment and revocation
B.manages
auditing logs
C.configures and maintains CA servers, and can assign all
other CA roles and renew the CA certificate
D.Able to
backup and restore files and directories
101. GPC
replication between domain controllers in the same site occurs at about what
interval after a change has been made by default?
A.20 seconds
B.50 seconds
C.30 seconds
D.15 seconds
102. What is
the Microsoft recommendation for placement of global catalog servers?
A.Install a
global catalog server in a site once it is larger than 50 accounts and the
number of DCs is greater than 2
B.install a global catalog server in a site once it is
larger than 500 accounts and the number of DCs is greater than 2
C.Install a
global catalog server in a site once it is larger than 1,000 accounts and the
number of DCs is greater than 4
D.install a
global catalog server in a site once it is larger than 5,000 accounts and the
number of DCs is greater than 8
103. If your
creating a shortcut trust between domains in different forests, this must exist
first:
A.Realm
trust
B.External
trust
C.Another
shortcut trust
D.forest trust
104. What
must be done to allow a user to be able to access a file encrypted with EFS
over a network connection?
A.Certificate autoenrollment must be configured
B.the user
must be given the correct permissions
C.the users
SID must be exported to the remote machine
D.this can
not be accomplished
105. The
______ stores information about every object within a forest.
A.global catalog
B.global
master
C.schema
master
D.master
catalog
106. Which
of the following Windows Server 2008 editions has no upgrade path?
A.Standard
Edition
B.Enterprise
Edition
C.Datacenter
Edition
D.Web Server Edition
107. What
option under the General tab in the Properties dialog box of a forest trust is
only availble for use betweeon two Windows Server 2008 domains?
A.direction
of trust
B.transitivity
of trust
C.the other domain supports Kerberos AES Encryption
D.Validate
108. Increased
network usage has inspired your staff to install a new DNS server. After much
consideration, you have decided to also make the new server a domain controller
as well. One of your interns is curious as to what benefit this would provide
to DNS over simply making the DNS server a member server.
A.The server
can do zone transfer for stub zones
B.The AD-integrated domain DNS zones will be created
automatically
C.Active
Directory integrated secondary zones would be possible
D.resource
consolidation
109. Active
Directory was first introduced in which operating system?
A.Windows 2000 Server
B.Windows XP
SP2
C.Windows
2003 Server
D.Windows
Vista
110. Where
do users log in when joining an Active Directory domain?
A.application
B.individual
computer
C.domain
D.server
111. There
are two basic classes of objects in an Active Directory domain. Which of the
following is an object?
A.logical
B.leaf
C.tree
D.attribute
112. Which
of the following is a main group type found in Active Directory?
A.security
B.domain
C.global
D.universal
113. Which
group is used most often when designing an Active Directory infrastructure?
A.distribution
B.universal
C.global
D.security
114. Which
group is used for nonsecurity-related functions, such as sending email messages
to a collection of users?
A.distribution
B.universal
C.global
D.security
115. DNS
naming limitations call for a maximum of how many characters per domain name?
A.32
B.63
C.128
D.255
116. What
type of compatibility are functional levels designed to provide in Active
Directory installations running domain controllers with various versions of the
Windows Server operating system?
A.functional
B.forward
C.backward
D.existing
117. What is
the name of the communications protocol called for by the original X.500
standard?
A.Directory Access Protocol
B.Data
Access Protocol
C.Lightweight
Directory Access Protocol
D.Lightweight
Data Access Protocol
118. The
Read-Only Domain Controller (RODC) supports only incoming replication traffic.
As a result, what is it possible to do when using a Read-Only Domain
Controller?
A.create
Active Directory objects
B.modify
Active Directory objects
C.delete
Active Directory objects
D.none of the above
119. A site
topology consists of all of the following Active Directory object types except
__________.
A.Sites
B.Subnets
C.Subnet Links
D.Site Links
120. When
using the subzone method, you can leave the Internet DNS servers in place and
use Windows Server 2008 DNS servers to host the zone for the subdomain. Which
of the following is a configuration change that you must make?
A.You must
use your domain controllers as your DNS servers.
B.You must
use your Internet DNS servers to host your Active Directory domains.
C.You must
turn on dynamic updates on the DNS servers.
D.You must configure Internet DNS servers to delegate the
Active Directory subdomain to the Windows Server 2008 DNS servers.
121. Which
of the following isnota reason for creating an
organizational unit?
A.assigning
Group Policy settings
B.duplicating
organizational divisions
C.implementing domains
D.delegating
administration
122. Which
of the following isnota variable that can affect the
performance of an Active Directory installation?
A.length of the domain name you create
B.hardware
you select for your domain controllers
C.capabilities
of your network
D.types of
WAN links connecting your remote sites
123. To
use a Windows Server 2008 computer as a domain controller, you must configure
it to use a(n) __________.
A.APIPA
address
B.address
supplied by a DHCP server
C.static IP address
D.none of
the above
124. Every
Active Directory domain should have a minimum of __________ domain controllers.
A.one
B.two
C.three
D.four
125. An
Active Directory domain controller can verify a user’s identity by which of the
following methods?
A.smart
cards
B.passwords
C.biometrics
D.all of the above
126. Which
of the following isnota reason why you should try to create
as few domains as possible when designing an Active Directory infrastructure?
A.A license must be purchased from Microsoft for each
domain you create.
B.Additional
domains increase the overall hardware and maintenance costs of the deployment.
C.Some
applications might present security issues when working in a forest with
multiple domains.
D.Additional
domains increase the number of administrative tasks that must be performed.
127. Which
of the following Active Directory elements provides a true security boundary?
A.organizational
units
B.domains
C.domain
trees
D.forests
128. What is
the primary difference between global and universal groups?
A.Global
groups decrease the amount of replication traffic between sites.
B.Universal groups add more data to the global catalog.
C.You can
use universal groups across the board if your network consists of multiple
sites.
D.Global
groups add more data to the universal catalog.
129. Unlike
organizational units, you cannot assign Group Policy settings to computer
objects, nor can you delegate their administration.
A.True
B.False
130.
Subdomains in a tree inherit permissions and policies from their parent
domains.
A.True
B.False
131. You can
drag and drop leaf objects, such as users and computers, between OUs, but not
between domains.
A.True
B.False
132. When
you want to grant a collection of users permission to access a network
resource, such as a file system share or a printer, you can assign permissions
to an organizational unit.
A.True
B.False
133. Active Directory is one of the easiest technologies to test
because an isolated lab environment usually can emulate many of the factors
that can affect the performance of a directory service.
A.True
B.False
134. What
are the requirements to enable the Active Directory recycle bin in Windows
Server 200
A.All
DCs must be running Windows Server 2008 R2
B.Adprep to prepare both the forest and domain
C.Raise the functional level of the forest and
domains to Windows Server 2008 R2
D.All of above
135. This
Windows 2000 component stores all of the objects that make up a Windows 2000
network, such as user objects, group objects, and computer objects. It also
provides the services that enable users to locate objects on the network and
also provides administrators with the tools that are necessary to manage a Windows
2000 network." What does this best describe? Select one.
A.WINS
B.DNS
C.Domain
D.Active Directory
136. What
are sites and domains, and how are they different from each other? Select two.
A. A
domain is a logical grouping of servers and other network resources under a
single domain name. It is also a component of the Active Directory logical
structure.
B. A
domain is a logical grouping of servers and other network resources under a
single domain name. This is also a component of the Active Directory physical
structure.
C. A
site is a combination of one or more IP subnets that are connected by a
high-speed link. This is also a component of the Active Directory physical
structure.
D. Both A and C.
137. Which
of the following best describes a tree and a forest? Select two
A. A
tree is a group of one of more domains, all of which share a contiguous DNS
namespace.
B. A
forest is a group of one or more domains, all of which share a contiguous DNS
namespace.
C. A
forest is a collection of two or more trees that form a noncontiguous DNS
namespace.
D. Both A and C
138. This
Windows 2000 service provides name resolution of fully qualified domain names,
such as acme.com. It also has the ability to map fully qualified domain names
to the corresponding IP addresses, and defines the namespace. This also allows
clients to locate servers that provide necessary services, such as the global
catalog and authentication." What service does this best describe? Select
one.
A. WINS
B. DNS
C. DHCP
D. Active Directory
139. When an administrator
runs dcpromo command in Windows Server 2003 to install Domain, setup fails with
the following message "Active Directory installation failed. The network
location could not be reached." What may be the problem ?
A.DNS
B.Default
gateway
C.Network
adapter
D.Administrative privileges
140. As the network administrator of a Windows
2003 network, when you were monitoring your network securities, you discovered
that most of the users have been using the same password ever since their
accounts were created. You want to secure your password policies so that users
must change their passwords periodically. What will be your course of action?
A.Enforce password history
B.Minimum password age
C.Maximum password age
D.Both A and C
141.You are the network administrator and
responsible for handling your company's domain sales.microsoft.com running in
Windows Server 2003. Your domain accidentally crashes and when you re-run the
dcpromo command to promote it again as domain controller with the same name, it
fails. What may be the problem?
A.DNS zone conflicting with the
same name
B.Some old objects with same name conflicting for the new
server
C.Latest
service pack is missing
D.Run
ipconfig/flusdhns command
142.Which of the following commands provide
maximum information related to capacity statistics such as megabytes per server
and per object class, and to compare two directory tree across replicas in the
same domain?
A.repadmin
B.replmon
C.netdiag
D.dsastat
143.You are the administrator of a Windows 2003
domain. The domain has 100 users working on Windows XP. You want to allow all
users to change their desktop setting if they try to work on any Windows XP
computer. But their altered desktops should not be saved once they log off.
What should you do in this scenario?
A.Edit GPO
to set the customize desktop
B.Change the ntuser.dat file to ntuser.man in profiles
directory
C.Schedule a
batch to run at some interval to delete the user's home directory at each
client computer
D.Configure
a roaming profile for each user in the network
144.Which of the following commands are useful
for troubleshooting Active Directory replication failure due to incorrect DNS
configuration?
A.ipconfig/registerdns
B.dcdiag
/test:registerdns /dnsdomain
C.dcdiag
/test:connectivity
D.Both B and C
145.You are the network administrator for your
company. One user account named Mike often needs to be moved between sales and
marketing group. But the changes are not taking effect. Which of the following
FSMO role may be responsible for that?
A.RID Role
B.Infrastructure role
C.PDC emulator role
D.Domain naming role
146.Which of the following FSMO roles mostly
affects the network users functionality immediately?
A.PDC Emulator role
B.Infrastructure role
C.Domain name master
D.RID master role
147.You are the network administrator of an
Aerospace Company.Your company's policy clearly states for renaming of Guest
account on all computers in domain.You have no time to edit name manually on
each computer.You need to do it immediately.What should you do ?
A.Create a
login script and apply it on Default Domain Group Policy
B.Instruct
user to enable remote desktop and change their name from server using remote
desktop
C.Use GPO to rename Guest account at the Default Domain
Group Policy
D.Send
network message to all users to rename guest account
148.The network of ABC TOYS company
consists of Windows Server 2003 and 5000 Windows XP Clients. Sometime, users
report missing data from the server. The network administrator wants to find
the user deleting the files. He created a GPO and assigned it on the ABC Toys
domain. Which actions should he audit?
A.Process tracking
B.Account login events
C.Object access
D.Privileged access
149. Your network consists of three Windows
2003 Domain Controllers named DC-1, DC-2 and DC-3. DC-3 doesnot hold any FSMO
roles. After backing-up the System State Data Back-up of all DCs, DC-3 disk
failed. You replaced the failed disk with a new disk and installed Server 2003
on the new disk. What should you do next on DC-3?
A.Restore the System State Data back-up from
Directory Services restore Mode
B.Run Windows Back-up on DC-1 and restore the
same on DC-3
C.Run Active Directory
installation wizard to make the new computer a replica in the domain
D.Force replication from Active Directory
Sites and Services to DC-3
150.You are the administrator of a Windows 2003
domain. According to company policy, you created an OU and applied a GPO
restricting Control Panel access to users. Later on, your company policy
changed and you allow Control Panel access to some of the users in that OU. The
policy also states that their membership be kept as it is without moving them
to other groups or OUs.How will you allow Control Panel access to some users
thereby restricting access to others in the same OU?
A.Deny Apply Group Policy
permission to users from the properties of Control Panel GPO.
B.Create a new security group, move all users
to that group, and deny GPO permissions
C.Add users to Domain Administrator group
D.Select Block Policy Inheritance from the
properties tab of OU.