You have an Exchange Server organization that contains three servers that have Exchange Server
2013 installed and one server that has Exchange Server 2010 installed. You create the custom RBAC
roles shown in the following table.

The Seattle help desk manages all of the users in an organizational unit (OU) named Seattle. The
Miami help desk manages all of the users in an OU named Miami. The IT Administrators manage all
of the users in the forest. You need to recommend which commands must be run to prevent only
the members of both help desks from modifying the properties of users who have a department
attribute value of Manager. Which three commands should you run? (Each correct answer presents
part of the solution. Choose three.)

A.
new-managementscope “executive users exclusive scope” -recipientrestrictionfilter { department
-eq “manager” } -exclusive –force

B.
new-managementroleassignment -name “managers” -securitygroup “managers” -role “mail
recipients” -exclusiverecipientwritescope “executive users exclusive scope”

C.
new-roleassignmentpolicy -name “limited end user policy” -roles “mypersonalinformation”.

D.
new-rolegroup -name “managers” -roles “mail recipients” -members admins

E.
new-rolegroup -name “help desk” -roles “mail recipients” -members admins

Explanation:
Note:
* (A) Use the New-ManagementScope cmdlet to create a regular or exclusive management scope.
After you create a regular or exclusive scope, you need to associate the scope with a management
role assignment. To associate a scope with a role assignment, use the NewManagementRoleAssignment cmdlet.
* (B) Use the New-ManagementRoleAssignment cmdlet to assign a management role to a
management role group, management role assignment policy, user, or universal security group
(USG).