Question: 22 Your network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2. You need to create multiple password policies for users in your domain. What should you do? A. From the Group Policy Management snap-in, create multiple Group Policy objects. B. From the Schema snap-in, create multiple class schema objects. C. From the ADSI Edit snap-in, create multiple Password Setting objects. D. From the Security Configuration Wizard, create multiple security policies. Answer: C Explanation:
Certification Preparation Material Page | 29 Answer: From the ADSI Edit snap-in, create multiple Password Setting objects. Explanation: AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide .. In Windows Server 2008, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain. .. To store fine-grained password policies, Windows Server 2008 includes two new object classes in the Active Directory Domain Services (AD DS) schema: Password Settings Container Password Settings The Password Settings Container (PSC) object class is created by default under the System container in the domain. It stores the Password Settings objects (PSOs) for that domain. You cannot rename, move, or delete this container. ... Steps to configure fine-grained password and account lockout policies When the group structure of your organization is defined and implemented, you can configure and apply finegrained password and account lockout policies to users and global security groups. Configuring fine-grained password and account lockout policies involves the following steps: Step 1: Create a PSO Step 2: Apply PSOs to Users and Global Security Groups Step 3: Manage a PSO Step 4: View a Resultant PSO for a User or a Global Security Group Step 1: Create a PSO You can create Password Settings objects (PSOs): Creating a PSO using the Active Directory module for Windows PowerShell Creating a PSO using ADSI Edit Creating a PSO using ldifde Question: 23 You have a domain controller that runs Windows Server 2008 R2 and is configured as a DNS server. You need to record all inbound DNS queries to the server. What should you configure in the DNS Manager console? A. Enable debug logging. B. Enable automatic testing for simple queries. C. Configure event logging to log errors and warnings. D. Enable automatic testing for recursive queries. Answer: A Explanation: DNS Tools Event-monitoring utilities The Windows Server 2008 family includes two options for monitoring DNS servers: Default logging of DNS server event messages to the DNS server log.