Your network consists of a single Active Directory forest that contains the domains shown in the following table.You create a universal security group named Contoso-All in the Contoso domain. You plan to use Contoso-All toassign permissions only on servers in the contoso.com domain.You add a group named Region1-All in the Region1 domain to Contoso\Contoso-All and receive the errormessage shown in the exhibit. (Click the Exhibit button.)You need to need to ensure that members of Region1\Region1-All can access resources that have been assigned to Contoso\Contoso-All.What should you change?()A. Contoso\Contoso-All to a domain local security groupB. Contoso\Contoso-All to a global security groupC. Region1\Region1-All to a domain local security groupD. Region1\Region-All to a universal distribution group
You are the network administrator for TestKing. The network consists of a single Active Directory domain named testking.com. All domain controllers run Windows Server 2003. The sales department recently hired 10 new employees. User accounts for these employees were created in Active Directory. The manager of the sales department sent you a list of a new users and asked you to add the user accounts to an existing global group named SalesDept. You need to add the users to the SalesDept global group. What are two possible ways to achieve this goal? Each correct answer presents a complete solution. Choose two.()A、Use the dsadd user command to add the user accounts to the SalesDept global group.B、Use the dsadd group command to add the user accounts to the SalesDept global group.C、In Active Directory Users and Computers, select all 10 user accounts. Right-click the selected users, and then select the Properties menu command.D、In Active Directory Users and Computers, select all 10 user accounts. Right-click the selected users, and then select the Add to a Group menu command.
You are a network administrator for TestKing. The network consists of a single Active Directory domain named testking.com. A user named Mrs. King works in the information technology (IT) security department. Mrs. King is a member of the ITSecurity global group. Mrs. King reports that no one in the ITSecurity global group can access the security log from the console of a computer named Testking1. You need to grant the ITSecurity global group the minimum rights necessary to view the security log on Testking1. How should you modify the local security policy?()A、Assign the Generate security audits user right to the ITSecurity global group.B、Assign the Manage auditing and security logs user right to the ITSecurity global group.C、Assign the Allow logon through Terminal Services user right to the ITSecurity global group.D、Assign the Act as part of the operating system user right to the ITSecurity global group.
Your company has an Active Directory domain. All consultants belong to a global group named TempWorkers. The TempWorkers group is not nested in any other groups. You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders. You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources. What should you do()A、Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.B、Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.C、Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.D、Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locallyuser right to the TempWorkers global group.
You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All TestKing data is stored in shared folders on network file servers. The data for each department is stored in a departmental shared folder. Users in each department are members of the departmental global group. Each departmental global group is assigned the Allow - Full Control permission for the corresponding departmental shared folder. TestKing requirements state that all access to shared folders must be configured by using global groups. A user named Dr King works in the sales department. Dr King needs to be able to modify files in the Marketing shared folder. You need to ensure that Dr King has the minimum permissions for the Marketing shared folder that he needs to do his job. You need to achieve this goal while meeting TestKing requirements and without granting unnecessary permissions. What should you do?()A、Add Dr King's user account to the Marketing global group.B、Assign the Sales global group the Allow - Change permission for the Marketing shared folder.C、Create a new global group. Add Dr King' user account to the group.Assign the new global group the Allow - Change permission for the Marketing shared folder.D、Assign Dr King's user account the Allow - Change permission for the Marketing shared folder.
You have an Exchange Server 2010 organization. You have a global security group named Legal that contains all the members of your companys legaldepartment. The companys security policy states that the Legal group must be able to search all mailboxes for e-mailmessages that contain specific keywords. You need to recommend a solution for the organization that complies with the security policy. What should you include in the solution?()A、a Discovery Management role groupB、a legal holdC、administrator audit loggingD、Mailbox journaling
All consultants belong to a global group named TempWorkers. You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders. You need to record any failed attempts made by the consultants to access the confidential data. Which two actions should you perform()A、Create and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audiB、Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audC、Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer fD、On each shared folder on the three file servers, add the three servers to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.E、On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure th
You work as an administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com.All servers in the ABC.com domain, including domain controllers, have Windows Server 2012 R2 installed.You have created and linked a new Group Policy object (GPO) to an organizational unit (OU), named ABCServ, which host the computer accounts for servers in the ABC.com domain.You have been tasked with adding a group to a local group on all servers in the ABC.com domain.This group should not, however, be removed from the local group. Which of the following actions should you take?()A、You should consider adding a restricted group.B、You should consider adding a global group.C、You should consider adding a user group.D、You should consider adding a server group.
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All users in the publishing department are members of a global group named Publishing. Interns in the publishing department are also members of a global group named PublishingInterns. A network file server contains a shared folder named PubsSalesData. Interns must not be able to view or modify any files in the PubsSalesData folder. All other employees in the publishing department must be able to view and modify the files in the PubsSalesData folder. The NTFS permissions for all folders are configured to assign the Allow - Full Control permission to members of the Domain Users global group. You need to configure the share permissions for the PubsSalesData folder. Which two actions should you perform? ()(Each correct answer presents part of the solution. Choose two.)A、Assign the Allow - Read permission to the Publishing global group.B、Assign the Allow - Change permission to the Publishing global group.C、Assign the Deny - Change permission to the PublishingInterns global group.D、Assign the Allow - Read permission to the PublishingInterns global group.
You are the network administrator for Testking.com. The network consists of a single Active Directory domain testking.com. The functional level of the domain is Windows 2000 native. Some network servers run Windows 2000 Server, and others run Windows Server 20003. All users in your accounting department are members of an existing global distribution group named Global-1. You create a new network share for the accounting users. You need to enable the members of Global-1 to access the file share. What should you do?()A、Raise the functional level of the domain to Windows Server 2003.B、Change the group type of Global-1 to security.C、Change the group scope of Global-1 to universal.D、Raise the functional level of the forest to Windows Server 2003.
Your company has an Active Directory domain. All consultants belong to a global group named TempWorkers. The TempWorkers group is not nested in any other groups. You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders. You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources. What should you do()A、Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer froB、Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right toC、Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global gD、Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to
You are a network administrator for your company. The network consists of a single Active Directory domain. A user named Mary works in the information technology (IT) security department. Mary is a member of the ITSecurity global group. Mary reports that no one in the ITSecurity global group can access the security log from the console of a computer named Server1. You need to grant the ITSecurity global group the minimum rights necessary to view the security log on Server1. How should you modify the local security policy?()A、Assign the Generate security audits user right to the ITSecurity global group.B、Assign the Manage auditing and security logs user right to the ITSecurity global group.C、Assign the Allow logon through Terminal Services user right to the ITSecurity global group.D、Assign the Act as part of the operating system user right to the ITSecurity global group.
All consultants belong to a global group named TempWorkers. You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders. You need to record any failed attempts made by the consultants to access the confidential data. Which two actions should you perform()A、Create and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audit policy setting.B、Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.C、Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.D、On each shared folder on the three file servers, add the three servers to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.E、On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
单选题You are the network administrator for TestKing.com. The network consists of a single Active Directory domain named testking.com. The functional level of the domain is Windows 2000 native. A global group named Travelling contains 7,000 users. All of these users are assigned portable computers, which they will use to run new POSIX-compliant application. You create a global group named POSIX. For all 7,000 users in Travelling, you change the primary group to POSIX. Members of Travelling now report that they cannot access necessary domain resources. How should you solve this problem?()AEnsure that each site on your network is connected to at least one other site by a replication link that uses the SMTP protocol.BCreate two new global groups, Travelling1 and Travelling2. Place one half of the members of Travelling in each new group. Then place both new groups in Travelling.CRemove all domain users from the Users group, and then add all domain users to the group again.DRemove all users from Travelling. Change Travelling to a universal group. Add the same users to the new Travelling group.
单选题Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. All servers run Windows Server 2003 Service Pack 2 (SP2). The network contains 10 file servers. Each file server hosts a share named Apps.On each file server, a local group named App-install-local has permissions to the Apps share. A global group named App-install-global belongs to the App-install-local group on each file server. App-install-global is used only to control permissions for the Apps share.You create a global group named Helpdesk.You need to provide the Helpdesk group access to the Apps share on each file server. The Helpdesk group must have the same permissions as the App-install-global group. You must achieve this goal by using the minimum amount of administrative effort.What should you do? ()AAdd the Helpdesk group to the App-install-global group.BAdd the Helpdesk group to the App-install-local group on each file server.CConvert the App-install-global group to a universal group. Add the App-install-global group to the Helpdesk group.DConvert the Helpdesk group to a universal group. Add the Helpdesk group to the App-install-local group on each file server.
单选题Your network consists of a single Active Directory domain. The relevant portion of the Active Directory domain is configured as shown in the following diagram. The Staff organizational unit (OU) contains all user accounts except for the managers user accounts. The Managers OU contains the managers user accounts and the following global groups èSales èFinance èEngineering You create a new Group Policy object (GPO) named GPO1, and then link it to the Employees OU. Users from the Engineering global group report that they are unable to access the Run commandon the Start menu. You discover that the GPO1 settings are causing the issue. You need to ensure that the users from the Engineering global group are able to access the Run command on the Start menu. What should you do?()AConfigure GPO1 to use the Enforce Policy option.BConfigure Block Inheritance on the Managers OU.CConfigure Group Policy filtering on GPO1 for the Engineering global group.DCreate a new child OU named Engineering under the Employees OU. Move the Engineering global group to the new Engineering child OU.
多选题You are the network administrator for The network consists of a single Active Directory domain named All network servers run Windows Server 2003. All client computers run Windows XP Professional. All users in the publishing department are members of a global group named Publishing. Interns in the publishing department are also member of a global group named of PublishingInterns. A network file server contains a shared folder PubSalesData. Interns must not be able to view or modify any files in the PubsSalesData folder. All other employees in the publishing department must be able to view and modify the files in the PubsSalesData folder. The NTFS permissions for all folders are configured the Allow - Full Control permissions to members of the Domain Users global group. You need to configure the share permissions for the PubSalesData folder. Which two actions should you perform? ()(Each correct answer presents part of the solution. Choose two.)AAssign the Allow - Read permission to the Publishing global group.BAssign the Allow - Change permission to the Publishing global groupCAssign the Deny - Change permission to the PublishingInterns global group.DAssign the Allow - Read permission to the PublishingInterns global group
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All company data is stored in shared folders on network file servers. The data for each department is stored in a departmental shared folder. Users in each department are members of the departmental global group. Each departmental global group is assigned the Allow - Full Control permission for the corresponding departmental shared folder. Company requirements state that all access to shared folders must be configured by using global groups. A user named Richard works in the sales department. Richard needs to be able to modify files in the Marketing shared folder. You need to ensure that Richard has the minimum permissions for the Marketing shared folder that he needs to do his job. You need to achieve this goal while meeting company requirements and without granting unnecessary permissions. What should you do? ()AAdd Richard's user account to the Marketing global group.BAssign the Sales global group the Allow - Change permission for the Marketing shared folder.CCreate a new global group. Add Richard's user account to the group. Assign the new global group the Allow - Change permission for the Marketing shared folder.DAssign Richard's user account the Allow - Change permission for the Marketing shared folder.
多选题All consultants belong to a global group named TempWorkers. You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders. You need to record any failed attempts made by the consultants to access the confidential data. Which two actions should you perform()ACreate and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audit policy setting.BCreate and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.CCreate and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.DOn each shared folder on the three file servers, add the three servers to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.EOn each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
单选题Your network consists of a single Active Directory domain. The functional level of the domain isWindows Server 2003. All servers run Windows Server 2003 Service Pack 2 (SP2).The network contains 10 file servers. Each file server hosts a share named Apps. On each file server, a local group named App-install-local has permissions to the Apps share. A globalgroup named App-install-global belongs to the App-install-local group on each file server.App-install-global is used only to control permissions for the Apps share.You create a global group named Helpdesk.You need to provide the Helpdesk group access to the Apps share on each file server. The Helpdeskgroup must have the same permissions as the App-install-global group. You must achieve this goal byusing the minimum amount of administrative effort.What should you do? ()AAdd the Helpdesk group to the App-install-global group.BAdd the Helpdesk group to the App-install-local group on each file server.CConvert the App-install-global group to a universal group. Add the App-install-global group to the Helpdesk group.DConvert the Helpdesk group to a universal group. Add the Helpdesk group to the App-install-local group on each file server.
多选题You need to ensure that the network administrators are able to administer the NewApp database servers. Which two actions should you perform?()ACreate an organizational unit (OU) for all users who log on to any of the NewApp servers.BCreate an organizational unit (OU) named NewApp Users for the NewApp users.CCreate an organizational unit (OU) named NewApp Servers for the NewApp servers.DCreate a Group Policy object (GPO) for the NewApp Users OU to enforce the use of IPSec.ECreate a global group for all NewApp servers. Add this group to the NewApp Servers OU.FCreate a Group Policy object (GPO) for the NewApp Servers OU to enforce the use of smart cards.
单选题You are designing a security group strategy to meet the business and technical requirements. What should you do?()ACreate one global group named G_Executives. Make all executives user accounts members of that group.BCreate two global groups named G_Executives and one universal group named U_Executives. Make the two global members of U_Executives. Make the executive user accounts members of the appropriate global group.CCreate three global groups named G_NY_Executives and G_Chi_Executives and G_Executives. Make G_NY_Executives and G_Chi_Executives members of G_Executives. Make the executive user accounts members of the appropriate global group. DCreate one domain local group named DL_Executives. Make all executive user accounts members of that group.