HOTSPOT
Your network contains an Active Directory domain named contoso.com. All servers run Windows
Server 2012 R2.
You need to add a user named User1 to a group named ServerAdmins.
What command should you run? To answer, select the appropriate options in the answer area.

Your network contains an Active Directory domain named contoso.com.
You log on to a domain controller by using an account named Admin1.Admin1 is a member of the
Domain Admins group.
You view the properties of a group named Group1 as shown in the exhibit. (Click the Exhibit button.)

Group1 is located in an organizational unit (OU) named OU1.
You need to ensure that users from Group1 can modify the Security settings of OU1 only.
What should you do from Active Directory Users and Computers?

Your network contains an Active Directory forest named contoso.com. The forest contains a single
domain. All servers run Windows Server 2012 R2. The domain contains two domain controllers
named DC1 and DC2. Both domain controllers are virtual machines on a Hyper-V host.
You plan to create a cloned domain controller named DC3 from an image of DC1.
You need to ensure that you can clone DC1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)

HOTSPOT
Your network contains an Active Directory domain named contoso.com. Domain controllers run
either Windows Server 2008 R2 or Windows Server 2012 R2. All client computers run Windows 8.
All computer accounts are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) that contains several AppLocker rules. You link the GPO to
OU1.
You need to ensure that the AppLocker rules apply to all of the client computers.
What should you configure in the GPO?
To answer, select the appropriate service in the answer area.

Your network contains an Active Directory domain named contoso.com.
You create a software restriction policy to allow an application named App1 by using a certificate
rule.
You need to ensure that when users attempt to execute App1, the certificate for App1 is verified
against a certificate revocation list (CRL).
What should you do?

Your network contains an Active Directory domain named contoso.com. The domain contains an
organizational unit (OU) named OU1.
You need to ensure that when new client computers join the domain, their computer accounts are
created in OU1 by default.
What should you do?

HOTSPOT
Your network contains an Active Directory forest. The forest contains a single domain named
contoso.com.
AppLocker policies are enforced on all member servers.
You view the AppLocker policy applied to the member servers as shown in the exhibit. (Click the
Exhibit button.)

To answer, complete each statement according to the information presented in the exhibit. Each
correct selection is worth one point.

Your network contains an Active Directory domain named contoso.com. The domain contains 100
user accounts that reside in an organizational unit (OU) named OU1.
You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1.
The solution must minimize the number of permissions assigned to User1.
What should you do?

HOTSPOT
Your network contains an Active Directory domain named adatum.com.
You create an account for a temporary employee named User1.
You need to ensure that User1 can log on to the domain only between 08:00 and 18:00 from a client
computer named Computer1.
From which tab should you perform the configuration?
To answer, select the appropriate tab in the answer area.

Your network contains an Active Directory forest named contoso.com. The forest contains a single
domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server
2012 R2.

The domain contains a user named User1 and three global security groups named Group1, Group2
and, Group3.
You need to add User1 to Group1, Group2, and Group3.
Which cmdlet should you run?