This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Where must the Password Policy and Account Lockout Policy be defined to control domain user accounts?
In a GPO linked to the organizational unit (OU) that contains the user accounts.
In a GPO linked at the domain level.
In the Default Domain Controllers Policy.
A service account is repeatedly being used to sign in at the console of your servers. Which user right stops that behavior most directly?
Deny log on locally
Deny access to this computer from the network
Log on as a service
Which security option must be enabled so that the Active Directory Advanced Audit Policy Configuration policies reliably override the legacy audit policies?
Audit: Shut down system immediately if unable to log security audits
Audit: Force audit policy subcategory settings (Windows Vista or later)
Audit: Audit the use of Backup and Restore privilege
You must guarantee that only an approved group is a member of the local Administrators group on every member server, removing anyone else. Which Security Settings node enforces this authoritatively?
Restricted Groups, using the Members of this group list
Group Policy Preferences > Local Users and Groups (Update)
System Services
What is the recommended first enforcement mode when you deploy AppLocker rules to production servers?
Enforce rules
Audit only
Not configured
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?