Leading the way in IT testing and certification tools, www.certifyme.com
- 101 -
You are a security administrator for certifyme.com. certifyme.com has offices in
New York, San Francisco, and Toronto. The network consists of a single Active
Directory domain named certifyme.com. Each office is configured as an Active
Directory site. All servers run Windows Server 2003. All client computers run
Windows XP Professional. 350-001
Users in the Toronto office work in the research department. User objects for users
who work in the research department is stored in an organizational unit (OU)
named Toronto. Users in other offices frequently travel to the Toronto office for
meeting and training.
The certifyme.com written security policy requires that the following settings be
enforced on computers at the Toronto office:
1. A warning message that reminds users to protect certifyme.com information must
be displayed before users log on.
2. Domain controller authentication is required when users unlock client computers.
3. The highest possible level of authentication must be used on the network at all
times.
You create a new Group Policy object (GPO) named TorontoSecurity to meet the
requirements of the written security policy.
Users who travel to the Toronto office report that they are not presented with the
warning message and that their screen savers do not require a password to
deactivate.
You need to ensure that the written security policy is enforced for other users only
when they travel to the Toronto office. You want to achieve this goal by using the
minimum amount of administrative effort. 640-802
What should you do?
A. Link the TorontoSecurity GPO to the Toronto OU.
B. Link the TorontoSecurity GPO to the domain.
C. Configure a logon script to apply a custom security template when users travel to the
Toronto office.
D. Link the TorontoSecurity GPO to the Toronto site.
Answer: D
Leading the way in IT testing and certification tools, www.certifyme.com
- 102 -
Explanation: GPOs linked to sites might be appropriate to use for setting policy for
proxy settings and network-related settings. Any GPO that is linked to a site container is
applied to all computers in that site, regardless of which domain in the forest the
computer belongs to. VCP-310 This has the following implications: Ensure that the computers do
not access a site Group Policy object across a WAN link, which would lead to significant
performance issues. By default, to manage site GPOs, you need to be either an Enterprise
Admin, or the domain admin of the forest root domain.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment