70-294 QOTD for May 27th

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Keith is a junior network admin for a company that designs classified sonar equipment for Navy submarines. This is a single domain network running a Windows Server 2003 Active Directory domain. He has been delegated complete authority over the Design OU. While password length and complexity is important throughout the domain, members of the design OU are required to use more secure passwords than the rest of the domain. These passwords must be of at least 10 characters that must be changed every 30 days. Keith right clicks the OU container, selects properties, selects the group policy tab and navigates the path to Password Policy. There, he makes the appropriate changes to the password policy for the Design OU. Later, when he logs on to a test account in the Design OU, he discovers that he is able to log on with a password that meets the default settings for the domain. What is the issue? Choose one answer.

A. Keith does not have sufficient permissions to change the OU’s password policies. He must be a member of the Enterprise Admins group.
B. Keith does not realize that the range of characters can only be set to eight or more and that the minimum amount of time that can be set to change passwords is 45 days. When he set these values to invalid settings, the system defaulted to the domain’s default group policy settings.
C. The Design OU Group Policy Container is set to Block Policy Inheritance which allows the domain’s default group policy settings for passwords to be applied instead of those Keith applied to the OU’s GPO.
D. Password policies can only be set at the domain or site levels and any password policies set at the OU level are ignored.
E. Password policies can only be set at the domain level and any password policies set at the OU level are ignored.
F. Password policies can only be set at the site level and any password policies set at the OU level are ignored.

Answer later.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Answer for today E

 

yup E for me too, heres the time when multi domains come in useful ;)
besides it would be cool to have the email
[email protected]

 

Ya'know, Ryan...now that you've revealed keith's "super secret" e-mail address...some Government agent is going to have to try and kill you...

 

I would have picked C (why not?) as a possible reason but I will bow to the superior knowledge of the gang and pick E.

 

hmm maybe ill post this response later instead of ruining the question
EDIT: this is what i had written
The reason nugget, is that password policy can only be defined on a domain level, although other elements of group policy can be filtered and shaped with access lists, block inheritence etc, password policy from the domain will always supersede any changes you make lower down in the tree
its an odd one, and i am unsure why they did it that way (anyone care to comment?) but it is one of the prime reasons for using multiple domains still even though OUs replace thier need on many other levels

 

Correct answer is E. Password policy changes can only be made at the domain level. If they are made anywhere else, the policy changes are ignored. More later.