HOTSPOT
Your network contains an Active Directory domain named contoso.com.
The domain contains an organizational unit (OU) named OU1 as shown in the OU1 exhibit. (Click the
Exhibit button.)
The membership of Group1 is shown in the Group1 exhibit. (Click the Exhibit button.)
You configure GPO1 to prohibit access to Control Panel. GPO1 is linked to OU1 as shown in the GPO1
exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise
select No. Each correct selection is worth one point.
Answer: 
Explanation:
Group Policy does NOT APPLY TO SECURITY GROUPS, only users and computers in an OU.
Consequently, the only users in the OU are User2 and User4. Since the Security Filtering specifies
that the policy will only apply to users/computers in the OU who are members of Group1 or User3,
User4 will not have the policy applied. Since User2 is, in fact, a member of Group1, the policy will be
applied to user 2. Thus, the only user who will not be able to access the control panel is User2.
Correct
As you know, GPO can only be linked to Site, Domain and OU. In addition, GPO will also not applied to the Group objects by design. It only can be applied to User and Computer objects.
To apply the Group Policy on the User and Computer objects based on Security Groups, you will need to use Security Filtering !!!
In OU: User 1,2,4
In SF: User 1,2,3
GPO hits only user 1 + 2 !
N N Y Y
However, GPO only applies to Users and computer objects in the OU,so does not See USER1 as it’s in a group, regardless of the security filtering
NNYN
YNYY IS CORRECT
I recreated the scenario in my lab (Windows Server 2012 R2) & (Windows 8.1 Pro). The GPO is NOT applied to ANY user. So YYYY
The only case, where something different happens, is when I put the “Authenticated Users” Group in the GPO’s “Security Filtering” (where it exists by default). In this case the GPO is applied to User2 & User4 which are natively placed in OU1 and thus denied access to Control Panel.
Anyone tested it too?
You have to grant ‘Authenticated Users’ at least ‘Read’ permission under Delegation. This is due a security update release earlier form Microsoft.
Passed 70-410 exam few days ago! Scored 9XX/1000!
Few new questions on Azure, Virtual machine, etc. NO questions about ipv6 and ipv4.
Other questions were completely rephrased and data changed (IP addresses).
Recommend to learned the newest PassLeader 70-410 dumps (http://www.passleader.com/70-410.html), all questions have been updated in it!
What’s more, you can get part of that PassLeader 70-410 dumps here for free:
https://drive.google.com/open?id=0B-ob6L_QjGLpfnJzOE1fWnlJOWVtaE93SnJNT3gtaTNYYnVpZkw5THBSMWRKbFlfaXh1azg
Hope you all can pass exam easily! Lets see you all in 70-411!
GOOD LUCK!
NNNY
https://www.youtube.com/watch?v=CWqYCHth0mg
http://www.aiotestking.com/microsoft/you-configure-gpo1-to-prohibit-access-to-control-panel-gpo1-is-linked-to-ou1-as-shown-in-the-gpo1-exhibit/