Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-800 All Questions

View all questions & answers for the AZ-800 exam
Go to Exam

Exam AZ-800 topic 1 question 8 discussion

Actual exam question from Microsoft's AZ-800
Question #: 8
Topic #: 1
[All AZ-800 Questions]

Your network contains an Active Directory Domain Services (AD DS) domain. The network also contains 20 domain controllers, 100 member servers, and 100 client computers.
You have a Group Policy Object (GPO) named GPO1 that contains Group Policy preferences.
You plan to link GPO1 to the domain.
You need to ensure that the preference in GPO1 apply only to domain member servers and NOT to domain controllers or client computers. All the other Group
Policy settings in GPO1 must apply to all the computers. The solution must minimize administrative effort.
Which type of item level targeting should you use?

  • A. Domain
  • B. Operating System
  • C. Security Group
  • D. Environment Variable
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kijken at Oct. 26, 2022, 10:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
kijken
Highly Voted 2 years, 1 month ago
Nothing is mentioned about OS. Domain controllers can have the same OS. I would do it based on C
upvoted 11 times
kijken
2 years, 1 month ago
I want to correct this answer, I did some testing, and the operating system option has a computer role option in it. You can set that to member server. So this is a valid option. Security group is also possible, but requires more overhead. You should always choose the best option. Same for D, which would also be a possibility. Domain is rubish So B is correct
upvoted 20 times
...
boapaulo
11 months, 3 weeks ago
Option B, “Operating System,” would not be the best choice in this case because it would apply the preference to all computers running the specified operating system, not just member servers. This means that the preference would also apply to domain controllers and client computers that are running the same operating system, which is not in line with the requirement. In contrast, Security Group item-level targeting allows for more granular control, allowing you to apply the preference only to member servers, regardless of the operating system they are running. This meets the requirement to apply the preference only to member servers and not to domain controllers or client computers. Furthermore, it minimizes administrative effort.
upvoted 1 times
sardonique
7 months, 2 weeks ago
you're in the wrong direction. it takes time to create a group with all the servers needed, especially if these server are spread around many OUs, whereas it takes only 7 objects to configure within the "Operating Systems" option: one for each major release of Windows Server: 2003,2003r2,2008,2008r2,2012,2012r2,2022, it allows you to specify "domain member"
upvoted 1 times
...
...
...
Midoria
Most Recent 4 days, 21 hours ago
Operating System Targeting includes a Computer Role option, which allows you to specify whether the preference applies to Domain Controllers, Member Servers, or Workstations. By selecting Member Server, you can easily apply the preference to only member servers, avoiding the need to manually manage security groups. Why this works better: It avoids the additional step of creating or maintaining a security group. It minimizes administrative effort by leveraging built-in functionality. B
upvoted 1 times
...
AB164
2 weeks ago
This is not a clear answer, who can explain please ?
upvoted 1 times
...
Ksk08
4 weeks, 1 day ago
Answer is c
upvoted 1 times
...
TTC000
1 month, 3 weeks ago
Selected Answer: C
Explanation: You need to apply the Group Policy Object (GPO) only to member servers, while excluding domain controllers and client computers. The most efficient way to do this with minimal administrative effort is by using Security Group targeting. You can place all the member servers into a security group, and then apply the GPO preference specifically to that group. This approach ensures that only the specified member servers receive the GPO preference, without impacting domain controllers or client computers. This method provides a granular way of controlling which machines the policy applies to.
upvoted 1 times
...
syu31svc
2 months ago
Selected Answer: B
"apply only to domain member servers and NOT to domain controllers or client computers" From the link Computer role The role of the computer. A computer that is running Windows has one of three roles: Workstation: A domain-joined computer that is running any release of Windows® 7, Windows Vista®, or Windows XP. Member Server: A domain-joined computer that is running any release of Windows Server® 2008 R2, Windows Server 2008, or Windows Server 2003. Domain Controller: A computer running any release of Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003 that hosts Active Directory® directory service for the domain. B is correct
upvoted 3 times
boapaulo
11 months, 3 weeks ago
Option B, “Operating System,” would not be the best choice in this case because it would apply the preference to all computers running the specified operating system, not just member servers. This means that the preference would also apply to domain controllers and client computers that are running the same operating system, which is not in line with the requirement. In contrast, Security Group item-level targeting allows for more granular control, allowing you to apply the preference only to member servers, regardless of the operating system they are running. This meets the requirement to apply the preference only to member servers and not to domain controllers or client computers. Furthermore, it minimizes administrative effort.
upvoted 2 times
...
...
JPO2021
3 months, 3 weeks ago
Option B “Operating System” *An Operating System targeting item allows a preference item to be applied to computers or users only if the processing computer's operating system's product name, release, edition, or computer role matches those specified in the targeting item. If Is Not is selected, it allows the preference item to be applied only if the operating system's product name, release, edition, or computer role does not match those specified in the targeting item. *https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v=ws.11)
upvoted 1 times
...
linuxlinuxmint
6 months, 2 weeks ago
# Définition des rôles que vous souhaitez filtrer $roles = @("DHCP", "DNS") # Ajoutez d'autres rôles au besoin # Filtrer les serveurs ayant des rôles spécifiques $serveursAvecRoles = Get-WmiObject Win32_ServerFeature | ? { $_.Name -in $roles } | Select-Object PSComputerName # Filtrer les serveurs sans rôles spécifiques $serveursSansRoles = Get-WmiObject Win32_ServerFeature | ? { $_.Name -notin $roles } | Select-Object PSComputerName # Afficher les résultats Write-Host "Serveurs avec des rôles spécifiques ($roles) :" $serveursAvecRoles Write-Host "Serveurs sans des rôles spécifiques ($roles) :" $serveursSansRoles
upvoted 1 times
...
sardonique
7 months, 3 weeks ago
As always the question has an ambiguous interpretation. If you have a security group that already contains all the desired computer objects, this solution is the faster. however you cannot assume that. so you would need to create a group and put all the servers as members of the group. you can acheive that using powershell pretty quickly. in my opinion the "Operating System" option is the way to go since it allows to filter by role: "Any", "Member Server" and "Domain Controller", so you would need to add a few rows (7 from 2003 to 2022) such as OS is server 2003 family, OS is server 2003R2 family, OS is server 2008 family .... and for each one of these you would chose the role "Member Server".
upvoted 3 times
...
rasmart
7 months, 3 weeks ago
Selected Answer: C
This seems to be the most effective approach. You could create a security group that includes all the member servers and then target this group with the GPO. This method is precise and allows you to have full control over which servers are affected by the GPO. It requires some initial setup to create and populate the security group, but it minimizes ongoing administrative effort as the group membership dictates the GPO application.
upvoted 1 times
...
SanMan_NZ
9 months, 2 weeks ago
Selected Answer: B
OS targeting is correct only because there is an item under OS targeting called 'Computer Role' which has options to select 'Workstation', Member Srv' or 'Domain Controller.' Answer B is works and the easiest way to achieve the objective.
upvoted 2 times
...
squilly
10 months, 1 week ago
B does not make much sense, member servers and the domain controller very likely can have the same OS, security group would be much better.
upvoted 1 times
...
Tim1119
10 months, 3 weeks ago
Selected Answer: C
As domain controllers and member servers could be the same OS, the answer should be C / Security Group.
upvoted 1 times
...
PapaLion
11 months, 2 weeks ago
Security GROUP is the CORRECT Answer, because the question plan to apply it at the DOMAIN Level, So we don't know wich OS versions have the DCs and the member servers...can be the same....SO......SECURITY GROUP!
upvoted 1 times
...
boapaulo
12 months ago
To ensure that the preference in GPO1 applies only to domain member servers and NOT to domain controllers or client computers, you should use Security Group item-level targeting. You can create a security group that includes only the member servers, and then use item-level segmentation to apply the preference only to that security group. This ensures that the preference is applied only to member servers, minimizing administrative effort and adhering to the principle of least privilege C: is correct - Security Group
upvoted 1 times
boapaulo
11 months, 3 weeks ago
Option B, “Operating System,” would not be the best choice in this case because it would apply the preference to all computers running the specified operating system, not just member servers. This means that the preference would also apply to domain controllers and client computers that are running the same operating system, which is not in line with the requirement. In contrast, Security Group item-level targeting allows for more granular control, allowing you to apply the preference only to member servers, regardless of the operating system they are running. This meets the requirement to apply the preference only to member servers and not to domain controllers or client computers. Furthermore, it minimizes administrative effort.
upvoted 1 times
...
...
cao75rgl
1 year, 5 months ago
Se puede hacer por OS mediante un filtro WMI, tomando el "Product Type: 3" se selecciona los equipos que son member server.
upvoted 1 times
...
pass601
1 year, 5 months ago
B is CORRECT ANSWER
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel