Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The
domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and three global security groups named Group1, Group2 and,
Group3.
You need to add User1 to Group1, Group2, and Group3.
Which cmdlet should you run?

HOTSPOT
Your network contains an Active Directory domain named adatum.com.
You create an account for a temporary employee named User1.
You need to ensure that User1 can log on to the domain only between 08:00 and 18:00 from a client computer
named Computer1.
From which tab should you perform the configuration?
To answer, select the appropriate tab in the answer area.
Hot Area:

Your network contains an Active Directory domain named contoso.com. The domain contains 100 user
accounts that reside in an organizational unit (OU) named OU1.
You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The
solution must minimize the number of permissions assigned to User1.
What should you do?

Your network contains an Active Directory domain named contoso.com. The domain contains an organizational
unit (OU) named OU1.
You need to ensure that when new client computers join the domain, their computer accounts are created in
OU1 by default.
What should you do?

HOTSPOT
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com.
AppLocker policies are enforced on all member servers.
You view the AppLocker policy applied to the member servers as shown in the exhibit. (Click the Exhibit
button.)

To answer, complete each statement according to the information presented in the exhibit. Each correct
selection is worth one point.
Hot Area:

Your network contains an Active Directory domain named contoso.com.
You create a software restriction policy to allow an application named App1 by using a certificate rule.
You need to ensure that when users attempt to execute App1, the certificate for App1 is verified against a
certificate revocation list (CRL).
What should you do?

HOTSPOT
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows
Server 2008 R2 or Windows Server 2012 R2. All client computers run Windows 8.
All computer accounts are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) that contains several AppLocker rules. You link the GPO to OU1.
You need to ensure that the AppLocker rules apply to all of the client computers.
What should you configure in the GPO?
To answer, select the appropriate service in the answer area.
Hot Area:

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All
servers run Windows Server 2012 R2. The domain contains two domain controllers named DC1 and DC2. Both
domain controllers are virtual machines on a Hyper-V host.You plan to create a cloned domain controller named DC3 from an image of DC1.
You need to ensure that you can clone DC1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Your network contains an Active Directory domain named contoso.com.
You log on to a domain controller by using an account named Admin1.Admin1 is a member of the Domain
Admins group.
You view the properties of a group named Group1 as shown in the exhibit. (Click the Exhibit button.)

Group1 is located in an organizational unit (OU) named OU1.
You need to ensure that users from Group1 can modify the Security settings of OU1 only.
What should you do from Active Directory Users and Computers?

HOTSPOT
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012
R2.
You need to add a user named User1 to a group named ServerAdmins.
What command should you run? To answer, select the appropriate options in the answer area.Hot Area: