Term
The dcpromo.exe command is the preferred method for installing Active Directory on Server Core.
* True
* False |
|
Definition
|
|
Term
The Active Directory Recycle Bin is disabled by default and can be enabled in the Active Directory Administrative Center (ADAC).
• True
• False |
|
Definition
|
|
Term
Active Directory's use of multimaster replication ensures that changes to AD objects are automatically replicated to all domain controllers.
• True
• False |
|
Definition
|
|
Term
The recommended minimum number of Active Directory domain controllers in a domain environment is three.
• True
• False |
|
Definition
|
|
Term
The second DC is always configured as a GC server.
• True
• False |
|
Definition
|
|
Term
Schema attributes define what type of information is stored in each object, such as first name, last name, and password for a user account object.
• True
• False |
|
Definition
|
|
Term
Select the operations master role responsible for ensuring that changes made to object names in one domain are updated in references to the object in other domains.
• RID master
• Domain naming master
• Schema master
• Infrastructure master |
|
Definition
|
|
Term
In what order are group policy settings applied?
• domain, site, OU, local
• local, site, OU, domain
• site, OU, domain, local
• local, site, domain, OU |
|
Definition
|
|
Term
User accounts created in Active Directory are referred to as domain user accounts.
• True
• False |
|
Definition
|
|
Term
For security reasons, it’s best to delete an account that will be inactive for an extended period.
• True
• False |
|
Definition
|
|
Term
The PowerShell cmdlet New-ADUser gets information about user accounts.
• True
• False |
|
Definition
|
|
Term
Which of the following statements is not true regarding the built-in Administrator account?
• The Administrator account can be deleted
• The domain Administrator account in the forest root domain has full access to all aspects of the forest.
• The local Administrator has full access to a local computer; a domain Administrator has full access to a domain
• The Administrator account can be disabled. |
|
Definition
| The Administrator account can be deleted. |
|
|
Term
How can an administrator enable or disable accounts using the command line?
• Use the Enable-ADAccount cmdlet
• Use the dsmod user command
• Use the Disable-ADAccount cmdlet
• Use the chmod user command |
|
Definition
| Use the dsmod user command |
|
|
Term
Which statement is true regarding the use of the Logon Hours option under a user's account?
• Logon hours can be set for specific days of the month, as well as holidays
• The Logon Hours can't be used to disconnect a user that is already logged in
• Logon Hours can't be changed during weekends
• The Logon Hours forces a user to log off during "Logon denied" periods |
|
Definition
| The Logon Hours can't be used to disconnect a user that is already logged in. |
|
|
Term
A user's profile is stored in what directory on a local computer by default?
• C:\System32\Profiles
• C:\Documents and Settings
• C:\Users\logonname
• C:\System32\Users |
|
Definition
|
|
Term
How often is the password for a computer account changed by Active Directory?
• 30 days
• 15 days.
• 60 days
• 10 days |
|
Definition
|
|
Term
The GPO policy defines which objects a GPO affects.
• True
• False |
|
Definition
|
|
Term
The Default Domain Policy is linked to the domain object and specifies default settings that affect all users and computers in the domain.
• True
• False |
|
Definition
|
|
Term
A service account is a user account that Windows services use to log on to a computer or domain with a specific set of rights and permissions.
• True
• False |
|
Definition
|
|
Term
A managed service account (MSA) enables administrators to manage rights and permissions for services but with strict manual password management policies.
• True
• False |
|
Definition
|
|
Term
The Default Domain Policy sets the maximum password age to what value?
• 30 days
• 42 days
• 60 days
• 90 days |
|
Definition
|
|
Term
Select the Account Lockout Policy item that determines how many failed logins can occur on an account before the account is locked.
• Account lockout duration
• Account lockout trigger
• Account lockout threshold
• Account lockout max |
|
Definition
| Account lockout threshold |
|
|
Term
Which type of ticket below is requested by an account when it wants to access a network resource, such as a shared folder?
• Authentication Ticket
• Service ticket
• Shared Access Ticket (SAT)
• Ticket Granting Ticket (TGT) |
|
Definition
|
|
Term
Timestamps within Kerberos are used to help guard against what type of attack?
• Spoofing attack
• Replay attack
• TCP SYN attack
• DDOS attack |
|
Definition
|
|
Term
Administrative template files are in HTML format, using the .admx extension.
• True
• False |
|
Definition
|
|
Term
User Account Control policies determine what happens on a computer when a user attempts to perform an action that requires elevation.
• True
• False |
|
Definition
|
|
Term
A published application can be installed automatically.
• True
• False |
|
Definition
|
|
Term
A transform file utilizes what file name extension?
• .tra
• .mod
• .msi
• .mst |
|
Definition
|
|
Term
An administrative template file using what file extension provides a language specific user interface in the Group Policy Management Editor?
• .adm
• .admx
• .adlang
• .adml |
|
Definition
|
|
Term
Settings under the User Configuration node affect what Registry key?
• HKEY_CURRENT_USER
• HKEY_CURRENT_MACHINE
• HKEY_LOCAL_MACHINE
• HKEY_LOCAL_USER |
|
Definition
|
|
Term
Which of the following is a series of commands saved in a text file to be repeated easily at any time?
• program
• script
• binaries
• application |
|
Definition
|
|
Term
What type of application can be installed automatically when the user logs on to a computer in the domain?
• delegated
• selected
• assigned
• published |
|
Definition
|
|
Term
GPOs set at the domain level should contain settings that you want to apply to all objects in the domain.
• True
• False |
|
Definition
|
|
Term
GPO enforcement is configured on a GPO, not on an Active Directory container.
• True
• False |
|
Definition
|
|
Term
A loopback policy can be used to change user policy settings based on the GPO within whose scope a computer object falls.
• True
• False |
|
Definition
|
|
Term
Group policy caching improves system startup speed because the cache is used during asynchronous background processing, which occurs when the system boots.
• True
• False |
|
Definition
|
|
Term
You can configure a firewall with the Group Policy tool or on a client computer.
• True
• False |
|
Definition
|
|
Term
The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon?
• /sync
• /full
• /force
• /wait |
|
Definition
|
|
Term
Select the GPO permission that provides the ability to change existing settings, import settings, and enable or disable a GPO, but is not granted to any user by default.
• Edit Settings
• Create GPOs
• Link GPOs
• Read |
|
Definition
|
|
Term
OU-linked policies are applied last so they take precedence over which policies? (Choose all that apply.)
• site
• administrator.
• domain
• account |
|
Definition
|
|
Term
The logical components of Active Directory are forests, domains, and sites.
• True
• False |
|
Definition
|
|
Term
A domain controller clone is a replica of an existing DC.
• True
• False |
|
Definition
|
|
Term
Before you can install an RODC, the forest functional level must be at least Windows Server 2003.
• True
• False |
|
Definition
|
|
Term
By default, subnets are created in Active Directory Sites and Services
• True
• False |
|
Definition
|
|
Term
Authentication efficiency, replication efficiency, and application efficiency are the three main reasons for establishing multiple sites.
• True
• False |
|
Definition
|
|
Term
Intrasite replication occurs between bridgehead servers.
• True
• False |
|
Definition
|
|
Term
What is the name of a domain controller on which changes can't be written?
• Read only domain controller
• No write domain controller
• Access only domain controller
• Secured domain controller |
|
Definition
| Read Only Domain Controller |
|
|
Term
Once Active Directory has been installed, a default site link is created. What is the name of this site link?
• IPSITECONTAINER
• DEFAULTIPSITELINK
• ADSITEHOLDER
• FIRSTSITE |
|
Definition
|
|
Term
Intrasite replication takes place between DCs in two or more sites.
• True
• False |
|
Definition
|
|
Term
A tree can consist of a single domain or a parent domain and child domains, which cannot have child domains of their own.
• True
• False |
|
Definition
|
|
Term
With separate domains, stricter resource control and administrative permissions are more difficult.
• True
• False |
|
Definition
|
|
Term
There's only one global catalog per forest.
• True
• False |
|
Definition
|
|
Term
Before you can install a DC running a newer Windows Server version in an existing forest with a lower functional level, you must prepare existing DCs with the adprep.exe command-line program.
• True
• False |
|
Definition
|
|
Term
What is the first domain installed in a forest called?
• Master domain
• Forest root
• Primary tree
• Global catalog |
|
Definition
|
|
Term
Your company has purchased another company that also uses Windows Server 2016 and Active Directory. Both companies need to be able to access each other's forest resources. How can you achieve this goal with the least administrative effort?
• Configure selective authentication
• Create a two-way forest trust
• Configure an external trust
• Share the global catalog for both companies |
|
Definition
|
|
Term
Why might you need to configure multiple forests?
• Need for different schemas
• Single administrator
• Need for a single global catalog
• Easier access to all domain resourc |
|
Definition
| Need for different schemas |
|
|
Term
If a certificate is not renewed before the validity period expires, the certificate can still be used until the renewal period ends.
• True
• False |
|
Definition
|
|
Term
Certificate autoenrollment is an option only on enterprise CAs.
• True
• False |
|
Definition
|
|
Term
Users can request certificates that aren't configured for autoenrollment by using the Certificates snap-in.
• True
• False |
|
Definition
|
|
Term
A revocation configuration tells the CA what methods are available for clients to access CRLs.
• True
• False |
|
Definition
|
|
Term
Online Responder used to issue certificates to network devices, such as routers and switches.
• True
• False |
|
Definition
|
|
Term
You run a PKI that has issued tens of thousands of certificates to hundreds of thousands of clients. You have found that the traffic created when clients download the CRL is becoming excessive. What can you do to reduce the traffic caused by clients downloading the CRL?
• Configure Web enrollment
• Shorten the renewal period
• Use a Delta CRL
• Install NDES |
|
Definition
|
|
Term
You want to configure automatic key archival to ease the burden of managing backup of private keys. What role must you assign to at least one trusted user in the organization?
• CPS
• OR
• KRA
• CDP |
|
Definition
|
|
Term
What type of algorithm is used to sign the CA certificate?
• Hash
• Ciphertext
• Plaintext
• CSP |
|
Definition
|
|
Term
AD FS is designed to work over the public Internet with a Web browser interface.
• True
• False |
|
Definition
|
|
Term
Applications that are not claims-aware can't be used in an AD FS deployment.
• True
• False |
|
Definition
|
|
Term
The federated Web SSO with forest trust design is most often used in business-to-employee relationships.
• True
• False |
|
Definition
|
|
Term
A claims provider is the resource partner that accepts claims from the business partner to make authentication and authorization decisions.
• True
• False |
|
Definition
|
|
Term
Multi-factor authentication means users must authenticate with more than one device.
• True
• False |
|
Definition
|
|
Term
Which of the following hosts resources that are made available to the account partner?
• Relying party
• Claims provider
• Federation trustee
• Claims agent |
|
Definition
|
|
Term
Which of the following is created on the AD FS server that acts as the claims provider in an AD FS deployment?
• Federation trust
• Claims provider trust
• Attribute store
• Relying party trust |
|
Definition
|
|
Term
Your company deals with highly confidential information, some of which is transmitted via email among employees. Some documents have been forwarded via email, making the documents more difficult to track. You want to be able to prevent employees from forwarding certain emails. What should you deploy?
• EFS
• Web SSO
• AD RMS
• AD CS |
|
Definition
|
|
