HOTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains the root domain and two child domains named child1.contoso.com and child2.contoso.com. Child1 contains three domain controllers named DC1, DC2, and DC3. Child2 contains one domain controller named DC4.
You have two accounts named Child1Admin1 and Child2Admin2 that you use to perform administrative tasks. Currently, the accounts can manage only the member servers in their respective domain.
You plan to demote DC3 and to remove the Child2 domain.
You need to ensure that Admin1 can demote DC3 and that Admin2 can demote DC4. The solution must use the principle of least privilege.
To which groups should you add Admin1 and Admin2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Admin1: Contoso\Enterprise Admins
Admin2: Child2\Domain Admins
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domains–level-200-
“Admin2 can demote DC4.”
Demoting a replica domain controller DC4 requires only Domain Admins membership at the “child2.contoso.com” child domain.
“Admin1 can demote DC3 to remove the Child2 domain”.
Demoting the last domain controller DC3 in a domain requires Enterprise Admins group membership at the forest root domain “contoso.com”
Per the link you posted:
The -credential argument is only required if you are not already logged on as a member of the Enterprise Admins group (demoting last DC in a domain) or the Domain Admins group (demoting a replica DC).The -includemanagementtools argument is only required if you want to remove all of the AD DS management utilities.
So it looks like you have it swapped. DC4 is the last DC in the child2.contoso.com domain so Admin2 would need to be a member of Contoso\Enterprise Admins. Since there are two other domain controllers in child1.contoso.com Admin1 only needs to be a member of Domain Admins. The given answers are correct.