HOTSPOT
Your network contains an Active Directory forest. The forest contains two domains named Domain1
and Domain2.
Domain1 contains a file server named Server1. Server1 has a shared folder named Share1.
Domain2 contains 50 users who require access to Share1.
You need to create groups in each domain to meet the following requirements:
In Domain1, create a group named Group1. Group1 must be granted access to Share1.
In Domain2, create a group named Group2. Group2 must contain the user accounts of the 50 users.
Permission to Share1 must only be assigned directly to Group1.
Which type of groups should you create and which group nesting strategy should you use?
To answer, select the appropriate configuration in the answer area.
Answer: 
Explanation:
Any group, whether it is a security group or a distribution group, is characterized by a scope that
identifies the extent to which the group is applied in the domain tree or forest. The boundary, or
reach, of a group scope is also determined by the domain functional level setting of the domain in
which it resides. There are three group scopes:
universal, global, and domain local.Security groups in a nesting strategy with global scope can have only accounts as their members.
And Security groups with domain local scope can have other groups with global scope and accounts
as their members.
Answer is correct. Logic:
Domain Local security groups can contain other DL groups and Global/Universal groups from the forest, so this is fine for Group1.
Global groups contain users from the domain. The 50x users are in the same domain (Domain2), so this is fine for Group2.
You would then make the group Domain2\Group2 a member of Domain1\Group1. This works as both domains are in the same forest.
If the question concerned users from a numerous different domains in the forest, you would have to use a Universal groups (to bring all of the users together) as Global groups can only contain users from the same domain.
0
0