Design Core Identity and Access Management Components

These questions are based on 70-647: PRO: Windows Server 2008, Enterprise Administrator
Microsoft
Self Test Software Practice Test


Objective: Design core identity and access management components.
Sub-objective: Design the enterprise-level group policy strategy.


Single answer, multiple-choice


You are the administrator for an artist’s management agency. The company has offices in Los Angeles, New York and Atlanta. Each office is configured as a domain named after the location.


A new security policy dictates that the run box must be removed from all computers except the domain administrator in each domain. This should be accomplished with the least effect on computer start-ups and user log-ons. What will be the best approach?




    1. Apply a single GPO to the root domain and deny the Apply Group Policy permission for each administrator.
    2. Apply a single GPO to the root domain and block inheritance.
    3. Apply a single GPO to each domain and deny the Apply Group Policy permission for each administrator.
    4. Use the Preferences node to create the setting, filter out the domain administrator accounts and then apply the GPO to all domains.

Answer:
C. Apply a single GPO to each domain and deny the Apply Group Policy permission for each administrator.


Tutorial:
You should apply a single GPO to each domain and then set the Apply Group Policy permission for each administrator to Deny. GPOs are not inherited from one domain to the next, so the GPO must be applied or linked…


cmadmin

ABOUT THE AUTHOR

Posted in Uncategorized|

Comment:

Powered by WebDesk