Chapter 8

You are a domain administrator for a large, multi-domain network. There are approximately 2500 computers in your domain. Organizational Units (OUs) have been created for each department. Group Policy objects (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied. What should you do?

Your network has a single Active Directory forest with two domains: eastsim.private and HQ.eastsim.private. Organizational units Accounting, Marketing, and Sales represent departments of the HQ domain. Additional OUs (not pictured) exist in both the eastsim.private and HQ.eastsim.private domains. All user and computer accounts for all departments company-wide are in their respective departmental OUs. You are in the process of designing Group Policy for the network. You want to accomplish the following goals: *You want to enforce strong passwords throughout the entire forest for all computers. All computers in both domains should use the same password settings. * The Accounting department has a custom software application that needs to be installed on computers in that department. * Computers in the Marketing and Sales departments need to use a custom background and prevent access to the Run command. You create the following three GPOs with the appropriate settings: Password Settings, Accounting App, and Desktop Settings. How should you link the GPOs to meet the design objectives? To answer, drag the label corresponding to the GPO to the appropriate boxes.

You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. From your workstation, you create a GPO that configures settings from a custom .admx file. You link the GPO to the sales OU. You need to make some modifications to the GPO settings from the server console. However, when you open the GPO, the custom Administrative Template settings are not shown. What should you do?

You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. As part of your security plan, you have analyzed the use of Internet Explorer in your organization. You have defined three different groups of users. Each group has different needs for using Internet Explorer. For example, one group needs ActiveX controls enabled, while you want to disable ActiveX for the other two groups. You would like to create three templates that contain the necessary settings for each group. When you create a GPO, you'd apply the settings in the corresponding template rather than manually set the corresponding Administrative Template settings for Internet Explorer. What should you do?

You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. As you manage Group Policy objects (GPOs), you find that you often make similar user rights, security options, and Administrative Template settings in different GPOs. Rather than make these same settings each time, you would like to create some templates that contain your most common settings. What should you do?

You are the network administrator for eastsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8.1. The company has a main office in New York and several international locations including facilities in Germany and France. You have been asked to build a domain controller that will be deployed to the eastsim.com office in Germany. The network administrators in Germany plan to use Group Policy Administrative Templates to manage Group Policy in their location. You need to install the German version of the Group Policy Administrative Templates so they will be available when the new domain controller is deployed to Germany. What should you do?

You manage the branch office for your company network. The branch office has a single Active Directory domain, branch1.westsim.private. All computers in the branch office are members of the domain. All client computers run Windows 7. The branch office consists of two subnets and 50 host computers. A single DHCP server on Subnet1 delivers IP address information to all clients. A single server on Subnet2 is both the domain controller and DNS server. Dynamic updates are enabled on the DNS zone. You want to configure each client computer with consistent DNS server addresses and DNS search suffixes. You want to prevent users from modifying these settings. What should you do?

You are the network administrator for a large metropolitan hospital. The hospital must conform to several new regulations dealing with patient privacy

You are the security administrator for a large metropolitan school district. You are reviewing security standards with the network for the high school.

You are the Administrator for a network with a single active directory domain named widgets.local . The widgets.local domain has an Organizational Unit object for each major department in the company, including the Information Systems department.

Your network consists of a single Active Directory domain. The OU structure of the domain consists of a parent OU named HW_West, and child OUs of research, HR, Finance, sales, and operations.

You are the administrator of a network with a single Active Directory domain. Your domain contains two domain controllers. Your company's security policy requires that locked out accounts are unlocked by administrators only.

You are the administrator of a network with a single Active Directory domain. Your domain contains three domain controllers and five member servers.

You are the network administrator for your network. You network consists of a single Active Directory domain. All servers run Windows Server 2012 R2. Your company recently mandated The following user account criteria:

You are the network administrator of a small network consisting of three Windwos Server 2012 R2 computers, 50 Windows 7 professional workstations, and 100 Windows 8 workstations. Your network has a password policy in place with the following settings:

You manage a single domain named widgets.com . Organizational units have been created for each company department. User and computer accounts have been moved into their corresponding OUs. you define a password and account lockout policy for the domain.

You manage a single domain named widgets.com . Organizational units have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account locout policy for the domain.

You are consulting with the owner of a small network which has a Windows Server 2008 functioning as a workgroup server. There are six client desktop computers, each of which is running Windows XP Professional. There is no Internet connectivity.

You are the server administrator for your network. Recently, the system time on several servers has been modified. You want to find out who has been making the change. You enable auditing for System events. After several days,

You are the network administrator for your company. Your company uses Windows 7 Professional as its desktop operating system. All computers joined to a single Active directory domain. Several computers store sensitive information. You are configuring security settings that will distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its Security database.

You are the network administrator for your company. Your company uses Windows 7 Professional as its desktop operating system. All computers joined to a single Active directory domain. Several computers store sensitive information. You are configuring security settings that will distributed to all computers on your network. You want to identify denied attempts to manipulate files on computers that have been secured through NTFS permissions.

You are the network administrator for your company. Your company uses Windows 7 Professional as its desktop operating system. All computers joined to a single Active directory domain. Several computers store sensitive information. You are configuring security settings that will distributed to all computers on your network. You want to identify denied attempts to change user's group membership in a computer's local database.

You are the network administrator for your company. Your company uses Windows XP professional as its desktop operating system. Rodney, a user in the research department, shares a computer with two other users.

Your are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows Server 2012 R2 for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. You are creating a security template that you plan to import into a GPO. You want to log all domain user accounts that connect to the member servers.

Your are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows Server 2012 R2 for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. You are creating a security template that you plan to import into a GPO. You would like to log whenever a user is unable to log on to any computer using a domain user account.

You are an administrator for a company that uses Windows 2008 for its server. In addition to active directory, you also provide file and print services, DHCP, DNS, and e-mail services .

You are in charge of managing the servers in your network. Recently, you have noticed that many of the domain member servers are being shutdown. You would like to use auditing to track who performs these actions.

You manage a single domain names widgets.com . Recently, you notice that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those charges. You enable successful auditing of directory service access events in a GPO, and link the GPO to the domain.

You manage a single domain names widgets.com . Recently, you notice that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those charges. You want to only enable auditing that shows you the old and new values of the changed objects.

You manage a single domain names widgets.com . One day you notice that a trust relationship you have established with another forest has changed.

You are the administrator for the widgets.com domain. Organizational unit have been created for each company department. User and computer accounts for each department have been moved into their repective departmental OUs. You have two OUs that contain temporary users:

Select the policy node you would choose to configure who is allowed to manage the auditing and security logs

Click on the user right policy that is used to grant a user local access to the desktop of a Windows Server 2012 R2 system.

You are the administrator for the widgets.com domain. Organizational unit have been created for each company department. User and computer accounts for each department have been moved into their repective departmental OUs. You would like to configure all computers in the Sales OU to prevent the installation of unsigned drivers.

You have several computer running Windows 8. You want to configure a GPO that will make the Windows 8 computers prompt for additional credentials whenever a sensitive action is taken.

You manage 20 computers running Windows 7 in a domain network. You want to prevent the Sales team members from making system changes. Whenever a change is initiated, you want to allow only those who can enter administrator credentials to be able to make the change.

You have been asked to troubleshoot a Windows 8 computer that is a member of a workgroup. The director who uses the machine said he is able to install anything he wants as well as change system settings on-demand.

You have a computer running windows 8. Prior to installing some software, you turn off User account control, reboot the computer, and install the software. You turn UAC back on, but it does not prompt you before performing sensitive actions.

You manage a single domain running Windows Server 2012 R2. You have configured a Restricted Group policy as show in the image. When this policy is applied, which actions will occur? (select two)

You manage a single domain running Windows Server 2012 R2. You have configured a Restricted Group policy as show in the image. When this policy is applied, which actions will occur?

You are the administrator for the westsim.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. Computers in the Accounting department use a custom application. During installation, the application creates a local group named AcctMagic. The group is used to control access to the program. By default, the account used to install the application is made a member of the group. You install the application on each computer in the Accounting department. All Accounting users must be able to run the application on any computer in the department. You need to add each user as a member of the AcctMagic group. You create a domain group named Accounting and make each user a member of this group. You then create a GPO name Acct Software linked to the Accounting OU. You need to define the restricted group settings. What should you do?

You are the network administrator for westsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. You have enabled outbound filtering for Public networks in the Windows Firewall with Advanced Security node of a Group Policy which applies to member servers.

You are the network administrator for westsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. There is one main office located in New York.

You are the network administrator for westsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. A server named App1 is running an application that uses a service named Custom App service.

You are the network administrator for westsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. A member server named Web1 running the Web Server role is hosting an internal company web site.

You need to configure Windows Firewall with Advanced Security to allow traffic for an application that dynamically opens up multiple ports on an ass-needed basis.

You are in charge of managing several servers. Your company requires many custom firewall rules in Windows Firewall with Advanced Security.

You run a custom application on a Windows Server 2012 R2 server. You want to configure the firewall to allow the application to use a specific port, but restrict access to specific users.

You run a custom application on a Windows Server 2012 R2 server. You want to configure the firewall to allow the application to use a specific port, but restrict access to only Wrk1 and Wrk2.

Management is concerned that users are spending time during the day playing games and have asked you to create a restriction that will prevent all users and administrators from running Games app on Windows 8 Workstations.

You are the network administrator for northsim.com . The network consists of a single active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. You want to prevent users from running a common game on their machines.

You are the network administrator for eastsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. You would like to prevent users from running all software on the computer except for software that has been digitally signed.

You are the network administrator for eastsim.com . The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 7. Many of the client computers are used by several different users.

You are the network administrator for southsim.com . The network consists of a single Active Directory domain. All the servers run Windows 2012 R2. All the clients run Windows 8. The clients are shared by multiple users at work.

You are the network administrator for eastsim.com . The network consists of a single Active Directory domain. All the servers run Windows 2012 R2. All the clients run Windows 8. The clients are shared by multiple users at work. You want to allow only members of the Sales team to run the sales lead application.

You are the network administrator for eastsim.com . The network consists of a single Active Directory domain. All the servers run Windows 2012 R2. All the clients run Windows 8. The clients are shared by multiple users at work. Recently, users have downloaded and installed two malware programs onto the computer.

You are the network administrator for northsim.com . The network consists of a single active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. You want to prevent users from running any file with .bat or .vbs extension unless the file is digitally signed by your organization.

You are the network administrator for northsim.com . The network consists of a single active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. You want to find out who has been running a specific game on the client computers.

You manage several computers that run Windows 7. You would like to have better control over the applications that run on there computers, so you have decided to implement AppLocker..

You are the network Administrator for eastsim.com . The network consists of one Active Directory domain. All the servers run Windows Server 2012 R2. All of the clients still run Windows Vista. The domain functional level of the domain is set to Windows Server 2008.

You are the network Administrator for eastsim.com . The network consists of one Active Directory domain. All the servers run Windows Server 2012 R2. You have been instructed to map a drive to a department share for all users.

Select the policy node you would use to configure a user's Internet Explorer options.