Microsoft 70-411 Exam – Q69

Your network contains an Active Directory domain named The domain contains 30 user accounts that are used for network administration. The user accounts are members of a domain global group named Group1.

You identify the security requirements for the 30 user accounts as shown in the following table.

You need to identify which settings must be implemented by using a Password Settings object (PSO) and which settings must be implemented by modifying the properties of the user accounts.

What should you identify? To answer, configure the appropriate settings in the dialog box in the answer area.

Correct Answer:

Fine-Grained Password Policy cmdlet functionality did not change between the Windows Server 2008 R2 and Windows Server 2012. As a convenience, the following diagram illustrates the associated arguments for cmdlets:

The following are the Active Directory user account options:
-User must change password at next logon
-User cannot change password
-Password never expires
-Store password using reversible encryption
-Account is disabled
-Smart card is required for interactive logon
-Account is sensitive and cannot be delegated
-User Kerberos DES encryption types for this account
-This account supports Kerberos AES 128 bit encryption
-This account supports Kerberos AES 256 bit encryption
-Do not require Kerberos preauthentication