Announcement

Collapse
No announcement yet.

70-294 practice question

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 70-294 practice question

    This is taken from Microsoft Press Readiness Review Suite for 70-294 exam.
    Be sure to scroll down to the end to see if you're frustrated and/or you got it right....
    You are an engineer for an enterprise organization. The company's Active Directory infrastructure consists of a single domain. The company's organization unit (OU) structure represents the departments in the company. the OU structure for the development department consists of a Development Users OU and a Development Computers OU. All employees and contractors in the development department are users in the Development Users OU. The Development Computers OU contains all client computers, application servers, file servers, and Web servers in the development department.

    Because of the sensitivity of the source code stored on their client computers, you want to configure strict password policies for the developers. This restriction on the developers should be enforced on all computers in the enterprise. The source code files and folders are secured with NTFS permissions. Therefore, employees who are not members of the development department should have less restricted password policies on all computers in the department.


    How should you configure group policy to meet your requirements?

    1. Configure User Configuration in a group policy object and apply it to the Development Computers OU.

    2. Configure Computer Configuration in a group policy object and apply it to the Development Computers OU.

    3. Configure Computer Configuration in a group policy object and apply it to the Development Users OU.

    4. Configure User Configuration in a group policy object and apply it to the Development Users OU.

    OK, that's the possible choices









    and the answer that the CD gives you...

    Answer: 3


    Two things I noticed right off the bat
    1.It's applying a computer configuration to an OU filled with only users. This might seem too obvious but User configurations apply only to users and computer configurations apply only to computers. When a user logs on to a computer the user settings of the applied GPO(s) are set. When a computer boots up the computer settings of the applied GPO(s) are set. There is a caveat to this and that is that user settings of the computer's GPO(s) will be applied if loopback processing is enabled.
    2.It's attempting to configure something that can only be configured at the domain level. Doing this at any other level will have no affect on Active Directory user accounts at all.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

  • #2
    Re: 70-294 practice question

    I would query it with Microsoft. I dont know about the RRs but the training kits have an email address for questions / comments.

    It could be one that slipped through because, as you say, passwords are controlled at domain level.

    I can see the logic of their answer -- password policy is in the computer section of GPO and they want to apply it to specific users (in the Development Users OU) on any computer, and not to other users on the Dev computers so, from the given answers, this is the only one that fits.

    Are MS Press Writers allowed to have off days?

    Tom
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: 70-294 practice question

      Originally posted by Ossian
      I would query it with Microsoft. I dont know about the RRs but the training kits have an email address for questions / comments.
      Good idea. I'll do that and post back with what they say.

      I can see the logic of their answer -- password policy is in the computer section of GPO and they want to apply it to specific users (in the Development Users OU) on any computer, and not to other users on the Dev computers so, from the given answers, this is the only one that fits.
      True, I can see the logic too but it won't work in real life.
      Regards,
      Jeremy

      Network Consultant/Engineer
      Baltimore - Washington area and beyond
      www.gma-cpa.com

      Comment


      • #4
        Re: 70-294 practice question

        As you say -- wont work in practice, but logical for a non-expert. Some proof-reader needs to be fired!

        Tom
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: 70-294 practice question

          Password security configuration settings for the domain can only be configured in a GPO tied to the domain, such as the Default Domain Policy, or another GPO that you choose to link to the domain. Domain password policies cannot be enforced in GPOs tied to anything else - Sites, or OUs.

          With the above in mind, none of the answers listed are correct.

          However, the question is suggesting configuring LOCAL COMPUTER PASSWORD POLICIES, thus the answer is:
          2. Configure Computer Configuration in a group policy object and apply it to the Development Computers OU.

          The wording of the question is somewhat poor but if this question was on the test, you would need to choose 2 based on the answers provided and also based on the fact that the question did not actually say for fact that domain user accounts and passwords were being used to log on to the developer computers. In fact, the relevant pieces of the question states Because of the sensitivity of the source code stored on their client computers, you want to configure strict password policies for the developers. This restriction on the developers should be enforced on all computers in the enterprise. and employees who are not members of the development department should have less restricted password policies on all computers in the department.. You could interpret this as them implying that developers are logging on to the computer using local computer accounts and thus computer account password policies would be the appropriate place to configure this.

          It's a trick question and it's poorly worded. The part that says This restriction on the developers should be enforced on all computers in the enterprise contradicts the correct answer and would imply a correct answer of 3.
          Last edited by jasonboche; 10th June 2006, 20:38.
          VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
          boche.net - VMware Virtualization Evangelist
          My advice has no warranties. Follow at your own risk.

          Comment


          • #6
            Re: 70-294 practice question

            The trouble is all the answers state applying a policy to a given OU. Yes, local policy can enforce password complexity but OU policy cannot.

            IMHO not a trick question, but definitely a flawed one.

            Tom
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: 70-294 practice question

              Originally posted by Ossian
              The trouble is all the answers state applying a policy to a given OU. Yes, local policy can enforce password complexity but OU policy cannot.
              If the computers are in the OU, local computer password policy can be enforced on the local computer SAM by tying the GPO to the OU that the computers are a member of. This would be the automated method.

              Are you saying that password policies cannot be tied to the local computer SAM using GPOs? I will test.

              A manual method would be to run gpedit.msc on each of the computers and configure password policy for the local computer SAM manually. Another manual method would be to use secedit or security configuration and analysis to import a custom security template containing the password policy on each of the computers.
              VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
              boche.net - VMware Virtualization Evangelist
              My advice has no warranties. Follow at your own risk.

              Comment


              • #8
                Re: 70-294 practice question

                Password policies can be tied to the local computer SAM using GPOs
                Attached Files
                VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
                boche.net - VMware Virtualization Evangelist
                My advice has no warranties. Follow at your own risk.

                Comment


                • #9
                  Re: 70-294 practice question

                  BTW - for some MS Press books, you can go to support.microsoft.com and punch in the ISBN number and it will give you any corrections they've made since its first printing.

                  OK, here's the response I got from my email inquiry...

                  From Microsoft:
                  Hello Jeremy,

                  Thank you for contacting Microsoft Learning.

                  The Readiness Review Suite included with the MCSE Self-Paced Training Kit (Exam 70-294): Planning, Implementing, and Maintaining a Microsoft® Windows Server™ 2003 Active Directory® Infrastructure is supported directly by MeasureUp, the company who produced the review. For your convenience, we have forwarded this message to their support department at [email protected].

                  Regards,

                  Jeff
                  Microsoft Learning Support
                  http://www.microsoft.com/learning/support
                  ...and from MeasureUp:
                  Hi Jeremy;

                  Sorry for the trouble. According to our content department you are correct. Password policies for Active Directory user accounts must be managed in a domain-level GPO because domain controllers ignore password policies in any other GPOs. Also, your explanation of how settings are applied is absolutely correct.

                  The content department also says that it is a good sign when a candidate can identify errors in practice test questions.

                  In this case, we did not write the questions, MS Press did. They have us wrap them in our engine for distribution. And luckily our content people had a few minutes today and look into it. That is not hardly ever the case around here normally.

                  Good luck in your studies!

                  John Hecht

                  MeasureUp Support

                  --------------------------------------------------------------------------------

                  From: Jeremy
                  Sent: Saturday, June 10, 2006 11:54 AM
                  To: Microsoft Press Input
                  Subject: 70-294 practice question


                  Hello.

                  I have a question about some of the study materials. If this is not the correct place for this query the please direct me to the appropriate place.

                  This is taken from Microsoft Press Readiness Review Suite for 70-294 exam.

                  [...text from above is inserted here...]


                  I'm wondering if this is intentional just to add difficulty or is it a technical overlook?

                  Please explain.

                  Thank you for your time

                  -Jeremy
                  Last edited by JeremyW; 12th June 2006, 20:16.
                  Regards,
                  Jeremy

                  Network Consultant/Engineer
                  Baltimore - Washington area and beyond
                  www.gma-cpa.com

                  Comment


                  • #10
                    Re: Thanks for sharing

                    Thanks for sharing your findings with us! I'm sure others will also benefit from knowing what was wrong and how you troubleshooted it.

                    Cheers,

                    Daniel Petri
                    Microsoft Most Valuable Professional - Active Directory Directory Services
                    MCSA/E, MCTS, MCITP, MCT

                    Comment

                    Working...
                    X