You work as the network administrator at certifyme.com. The certifyme.com
network consists of a single Active Directory forest that contains three domains
named certifyme.com, us.certifyme.com and, uk.certifyme.com. All servers on the
certifyme.com network run Windows Server 2003 and all client computers run
Windows XP Professional.
Leading the way in IT testing and certification tools, www.certifyme.com
- 22 -
The certifyme.com domain and organizational unit (OU) structure is illustrated by
the following Exhibit.
Exhibit:
Accounts department employees have user accounts in the us.certifyme.com domain,
Research and Development employees have user accounts in the uk.certifyme.com
domain, and all other users have user accounts in the certifyme.com domain. 350-001 Each
domain has an OU named DC_OU that only contains the computer accounts of the
domain controllers in that particular domain.
A new certifyme.com security policy requires the following:
Leading the way in IT testing and certification tools, www.certifyme.com
- 23 -
1. All Accounting department users must use complex passwords with a minimum
length of ten characters.
2. These password restrictions should only affect the Accounting department users.
You thus need to ensure that these requirements are successfully achieved.
What should you do?
A. Create a GPO named PWRestrict.
Link it to the DC_OU OU in the uk.certifyme.com domain.
B. Create a GPO named PWRestrict.
Link it to the TK_Users OU in the certifyme.com domain.
C. Create a GPO named PWRestrict.
Link it to the DC_OU OU in the certifyme.com domain.
D. Modify the appropriate password policy settings in the Default Domain Policy GPO.
E. Create a GPO named PWRestrict.
Link it to the R&D OU in the uk.certifyme.com domain.
F. Create a GPO named PWRestrict.
Link it to the DC_OU OU in the us.certifyme.com domain.
G. Create a GPO named PWRestrict.
Link it to the Accounts OU in the us.certifyme.com domain. 640-802
Answer: D
Explanation: Three domain-wide account policy settings (Password Policy, Account
Lockout Policy and Kerberos Policy) should be unique to the domain and should
always be defined at the domain level. These settings are enforced by the domain
controller computers in the domain, regardless of the container holding the domain
controllers or the OU structure in the domain. Therefore, all domain controllers
always retrieve the values of these user account policy settings from the Default
Domain Policy GPO.
Incorrect Answers:
A, C, F: If you use these options, the settings you have configured will be overridden
by those in the Default Domain Policy GPO.
B: Using this option would only apply the settings to users in this OU. Also, the settings
you have configured will be overridden by those in the Default Domain Policy GPO.
E: There are no members of the Accounting department added to the RandD OU.
This GPO will not affect these users.
G:
Leading the way in IT testing and certification tools, www.certifyme.com
- 24 -
The password policy settings are enforced on the domain controllers. VCP-310 While settings in a
GPO linked at the OU level will apply to users or computers in the container, password
policies should always be applied at the domain level so that the policy will be applied to
all domain computers.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment