8
1 Review Questions 1. Which of the following is a GPO on a Vista computer? (Choose all that apply.) a. Local Administrators b. Local Default User c. Local Default Domain d. Local Non-Administrators 2. Where is a GPT stored? a. In a folder named the same as the GPO in the Sysvol share b. In a folder named the same as the GUID of the GPO in Active Directory c. In a folder named the same as the GUID of the GPO in the Sysvol share d. In a folder named the same as the GPO in Active Directory 3. A user-specific local GPO takes precedence over a site-linked GPO. True or False? 4. You’re having replication problems with your GPOs and suspect that the version numbers have somehow gotten out of sync between the GPT and the GPC. What can you do to verify the version numbers on a GPO? a. Check the versionNumber attribute of the GPC and open the GPT.ini file. b. Check the version Number attribute of the GPT and open the GPC.ini file. c. Right-click the GPO in GPMC, click Properties, and view the version in the General tab. d. Right-click the GPO in GPME, click Properties, and view the version in the General tab. 5. All your domain controllers are running Windows Server 2008. You’re noticing problems with GPT replication. What should you check? a. Verify that Active Directory replication is working correctly. b. Verify that FRS is operating correctly. c. Verify that DFSR is operating correctly.

week1

Embed Size (px)

Citation preview

1

2

Review Questions1. Which of the following is a GPO on a Vista computer? (Choose all that apply.)

a. Local Administrators

b. Local Default User

c. Local Default Domain

d. Local Non-Administrators

2. Where is a GPT stored?

a. In a folder named the same as the GPO in the Sysvol share

b. In a folder named the same as the GUID of the GPO in Active Directory

c. In a folder named the same as the GUID of the GPO in the Sysvol share

d. In a folder named the same as the GPO in Active Directory

3. A user-specific local GPO takes precedence over a site-linked GPO. True or False?

4. Youre having replication problems with your GPOs and suspect that the version numbers have somehow gotten out of sync between the GPT and the GPC. What can you do to verify the version numbers on a GPO?

a. Check the versionNumber attribute of the GPC and open the GPT.ini file.

b. Check the version Number attribute of the GPT and open the GPC.ini file.

c. Right-click the GPO in GPMC, click Properties, and view the version in the General tab.

d. Right-click the GPO in GPME, click Properties, and view the version in the General tab.

5. All your domain controllers are running Windows Server 2008. Youre noticing problems with GPT replication. What should you check?

a. Verify that Active Directory replication is working correctly.

b. Verify that FRS is operating correctly.

c. Verify that DFSR is operating correctly.

d. Check the GPOR replication flag for the GPT in the Attribute Editor.

6. The ideal way to create a GPO on a production system is to right-click the OU to which it will be linked and click Create a GPO in this domain, and Link it here. True or False?

7. You have created a GPO that defines settings only in the Local Policies node. You want the settings to apply to all computers in the domain and take precedence over any other GPOs.

Which of the following is the best approach?

a. Link the new GPO to the domain, and unlink the Default Domain Policy. Right-click the domain object and click Enforced.

b. Link the new GPO to each OU containing computer accounts, and make sure it has link order 1.

c. Link the new GPO to the domain, and then right-click the new GPO and click Enforced.

d. Link the new GPO to the domain, make sure it has the highest link order, and then right click the domain object and click Block Inheritance.

8. Which of the following represents the correct order in which GPOs are applied to an object

that falls within the GPOs scope?

a. Site, domain, OU, local GPOs

b. Local GPOs, domain, site, OU

c. Domain, site, OU, local GPOs

d. Local GPOs, site, domain, OU9. Your network consists of three sites and two domains, with some computers from both domains located at each site. Each site has certain security settings that should apply to all computers from both domains when theyre located at the site. Whats the best way to ensure that the correct security settings will be applied to the computers at each site?

a. Create three OUs in each domain, one for each site. In both domains, place the computer accounts in the OU corresponding to the site where the computer is located. Apply a GPO with the appropriate security settings to each OU in both domains.

b. Create three GPOs, one for each site, with the appropriate security settings. Apply the

GPOs to the corresponding site, and enforce the GPO.

c. Create three GPOs, one for each site. Apply the GPOs to the domain object in both domains. Create three groups, one for each site, and place the computer accounts in the appropriate groups. Use GPO filtering to make sure the policy configured for each site affects only the corresponding group of computers.

d. On each computer in each site, configure the local GPO in GPOE with the appropriate security settings. In GPOE, right-click the Computer Configuration node and click Block Inheritance.

10. Objects in an OU with the Block Inheritance option set are affected by a domain-linked GPO with the Enforced option set. True or False?

11. You have created a GPO named RestrictU and linked it to the Operations OU (containing

30 users) with link order 3. RestrictU sets several policies in the User Configuration node.

After a few days, you realize the Operations OU has three users who should be exempt from the restrictions in this GPO. You need to make sure these three users are exempt from RestrictUs settings, but all other policy settings are still in effect for them. Whats the best way to proceed?

a. Move the three users to a new OU. Create a GPO with settings appropriate for the three users, and link it to the new OU.

b. Create an OU under Operations, and move the three users to this new OU. Create a

GPO, and link it to this new OU. Configure the new OU to block inheritance of the RestrictU GPO.

c. Create a global group and add the three users as members. Configure GPO security filtering so that the global group is denied access to the GPO.

d. Set the Enforced option on RestrictU with an Enforce filter that excludes the three user accounts.

12. You have a new sales forecasting application that you want to make available to all users in the Sales OU. You want them to be able to find this application on the Start menu of any computer they log on to. Whats the best way to do this?

a. Create a new GPO, and configure a Software Installation policy in the User Configuration node to assign the application. Link the GPO to the Sales OU.

b. Create a new GPO, and configure a Software Installation policy in the User Configuration node to publish the application. Link the GPO to the Sales OU.

c. Create a new GPO, and configure a Software Installation policy in the Computer Configuration node to assign the application. Link the GPO to the Sales OU.

d. Create a new GPO, and configure a Software Installation policy in the Computer Configuration node to publish the application. Link the GPO to the Sales OU.

13. You have been getting phone calls about resetting the password for a group of 10 part-time employees, who work only one or two days per week and have limited access to network resources. Because of domain account policies, they have to change their passwords every

14 days and are required to use complex passwords of at least 10 characters. You think these users have a difficult time keeping up with their passwords because of their infrequent working hours. What can you do to reduce phone calls from them without compromising the security of other users passwords?

a. Place these users and their computers in their own OU. Create a new GPO with less restrictive password settings, and link it to the new OU.

b. Remove these users computers from the domain and set a local GPO with less restrictive password settings on each of their computers.

c. Place these users and their computers in their own OU. In GPMC, create a new PSO in the Group Policy Objects folder, and link it to the OU.

d. Add the part-time users to a global group. Use ADSI Edit to create a new PSO, and link the PSO to the global group.

14. You have been working with ADMX files to modify existing Administrative Templates and to create new templates. You work on different domain controllers, depending on your location. Despite a concerted effort, your ADMX files are getting out of sync. How can you solve this problem?

a. Remove group policy management tools from all but one domain controller so that policies can be managed from only one computer.

b. Create an ADMX store in the Sysvol share, and copy the ADMX files to the ADMX store.

c. Create an ADMX store in Active Directory, and move all your ADMX files to Active

Directory.

d. Share the %systemroot%\PolicyDefinitions folder on all your domain controllers, and set up Task Scheduler to copy ADMX files automatically from one system to all other systems.

15. You have set up roaming profiles for all users in your network, but users are complaining that logon and logoff take a long time. You investigate and arrive at a solution that doesnt require users to change the way they work and can be implemented quickly. Which solution did you most likely choose?

a. Upgrade your network infrastructure to increase bandwidth.

b. Forbid users from storing files in their profile folders.

c. Set folder redirection policies.

d. Revert back to nonroaming policies.

16. Youre concerned that some domain controllers and workstations dont meet security requirements. What should you do to verify security settings on a computer against a list of known settings?create or copy a security template files and configure the security.17. None of the computers in an OU seem to be getting computer policies from the GPO linked to the OU, but users in the OU are getting user policies from this GPO. Which of the following is a possible reason that computer policies in the GPO arent affecting the computers? (Choose all that apply.)

a. The GPO link is disabled.

b. The Computer Configuration settings are disabled.

c. The computer accounts have Deny Read permission.

d. The OU has the Block Inheritance option set.

18. You need to move some user and computer accounts in Active Directory, but before you do, you want to know how these accounts will be affected by the new group policies they will be subject to. What can you do?

a. Run Secedit.exe.

b. Run Group Policy Modeling.

c. Run Group Policy Results.

d. Run RSoP.

19. You have configured some group policy preferences on a GPO linked to an OU; this GPO has been working fine for months. To test the preferences, you log on to a Vista computer as a user who should be affected by these settings, but the preferences dont appear to take effect. You restart the computer and log on again. Neither the computer nor the user seem to be affected by the preference settings. Whats the most likely cause of the problem?

a. The User Configuration settings are disabled on the GPO.

b. The GPO link is disabled.

c. The GPP CSE package isnt installed.

d. The user and computer are security filtered.

20. You want to set a group policy preference that affects only computers with a CPU speed of at least 2.0 GHz. Whats the best way to do this?

a. Configure item-level targeting.

b. Move all computers meeting the criteria into a separate OU.

c. Configure the group policy client on each computer with this type of CPU.

d. You cant set this preference.

21. You dont have policies that force settings for the look of users computer desktops. Each users chosen desktop settings are applied from his or her roaming profile to any computer he or she logs on to. You think its important for users to have this choice, but youd like a consistent look for computers used for product demonstrations to customers. Whats the best way to do this without affecting users when they log on to other computers?

a. Configure desktop policies in the Computer Configuration node of a GPO, and link this

GPO to the OU containing the demonstration computers.

a. Configure loopback policy processing in Computer Configuration. Configure the desktop settings in User Configuration, and link the GPO to the OU containing the demonstration computers.

b. Create a new user named Demo. Configure Demos desktop settings, and use only this user to log on to demonstration computers.

c. Create a new GPO with a startup script that configures desktop settings appropriate for demonstration computers when these computers are started. Link the GPO to the OU containing the demonstration computers. Instruct users to restart demonstration computers before using them.

22. You want to create policies in a new GPO that affects only computers with Windows XP installed. You dont want to reorganize your computer accounts to do this, and you want computers that are upgraded to Vista to fall out of the GPOs scope automatically. What can you do?

a. For each policy, use selective application to specify Windows XP as the OS.

b. Create a new OU, place all computer accounts representing computers with Windows

XP installed in this OU, and link the GPO to this OU.

c. Create a group called XP Computers. Place all computer accounts representing computers with Windows XP installed in this group, and use this group in a security filter on the GPO. Link the GPO to the domain.

d. Configure a WMI filter on the GPO that specifies Windows XP as the OS. Link the GPO to the domain.

23. When a policy setting in Computer Configuration and User Configuration in the same GPO conflict, the Computer Configuration policy setting takes precedence. True or False?

24. Youre a consultant for a small company that uses eight Windows Vista computers in a workgroup configuration. The owner asked you to set restrictive policies on users to prevent them from making Control Panel, desktop, and other changes. The owner wants to be exempt from these policies but shouldnt be a member of the local Administrators group.

What should you do?

a. Configure the Local Computer Policy object, and then configure a user-specific GPO for the owner.

b. Configure the Local Computer Policy object, and use GPO filtering to exempt the owner from this policy.

c. Install Windows Server 2008 and configure Active Directory. Add the Vista computers to the domain, configure a GPO for the domain, and use filtering to exempt the owner.

d. Configure the Local Computer Policy object, and then configure a logon script for the owner that changes the restrictive settings.

25. You want to have a library of GPOs that specify baseline settings for different policy categories, and you can use this library to create new GPOs with baseline settings already configured. Whats the best way to accomplish this? --a starter GPOs for each policy is needed in each policy category. Using the settings in the Starter GPOs as a baseline to create GPOs.


Week1 IntroToOO

Week1 IntroToOO

Documents
Harvard Week1

Harvard Week1

Documents
Week1 part9

Week1 part9

Technology
Rilsaf14 week1

Rilsaf14 week1

Education
Agency Week1

Agency Week1

Documents
ITM4133 - Week1

ITM4133 - Week1

Documents
week1 ภาพในงานวิศวกรรม

week1 ภาพในงานวิศวกรรม

Documents
Slides Week1

Slides Week1

Documents
Emergence Week1

Emergence Week1

Documents
Reflection Week1

Reflection Week1

Documents
WEEK1 JOURNAL

WEEK1 JOURNAL

Documents
PART2 WEEK1

PART2 WEEK1

Documents
Week1 Python

Week1 Python

Documents
320f14 week1

320f14 week1

Documents
320sp15 week1

320sp15 week1

Education
Review Week1

Review Week1

Documents
Epson week1

Epson week1

Business
Java Week1

Java Week1

Documents
Week1 Functions

Week1 Functions

Documents
668986 week1

668986 week1

Documents
Peter week1

Peter week1

Education
Ethics week1

Ethics week1

Business
Week1 creativity

Week1 creativity

Documents
Week1 Introduction

Week1 Introduction

Education
Introduction week1

Introduction week1

Education
Week1 part4

Week1 part4

Documents
Week1 slides

Week1 slides

Education
Week1 part10

Week1 part10

Documents
Week1 Handouts

Week1 Handouts

Documents
Lecture Week1

Lecture Week1

Documents