Your network consists of a single Active Directory domain.
All domain controllersrun Windows Server 2003.
You upgrade all domain controllers to Windows Server 2008.
You need to configure the Active Directory environment to support the application of multiple
password policies.
What should you do?

A.
Raise the functional level of the domain to Windows Server 2008.

B.
On one domain controller, run dcpromo /adv.

C.
Create multiple Active Directory sites.

D.
On all domain controllers, run dcpromo /adv.

Explanation:
http://technet.microsoft.com/en-us/library/cc770842%28v=ws.10%29.aspx
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
This step-by-step guide provides instructions for configuring and applying fine-grained password and account
lockout policies for different sets of users in Windows Server® 2008 domains.
In Microsoft® Windows® 2000 and Windows Server 2003Active Directory domains, you could apply only one
password and account lockout policy, which is specified in the domain’s Default Domain Policy, to all users in
the domain. As a result, if you wanted different password and account lockout settings for different sets of
users, you had to either create a password filter or deploy multiple domains. Both options were costlyfor
different reasons.
In Windows Server 2008, you can use fine-grained password policies to specify multiple password policies and
apply different password restrictions and account lockout policies to different sets of users within asingle
domain.
Requirements and special considerations for fine-grained password and account lockout policies
Domain functional level: The domain functional level must be set to Windows Server 2008 or higher.
etc…