Active Directory 2015

1. What is an example of a scenario when you would need to rename a domain controller?

Answers:

• When registering another user.

• When logging in.

• When replacing computer hardware.

• When logging out.

2. What group must you be a member of to configure the site link schedule?

Answers:

• The Network Admins group in Active Directory.

• The Realm Admins group in Active Directory.

• The Enterprise Admins group in Active Directory.

• The Forest Admins group in Active Directory.

3. What command line tool can you use to manage Domain Trusts?

Answers:

• dfsutil.exe

• replmon.exe

• dcdiag.exe

• netdom.exe

4. With the launch of Windows Server 2003, comes a tool to make trust configuration easier. What is it?

Answers:

• The Trust Wizard.

• The Trust Tool.

• The Configuration Wizard.

• The Authentication Wizard.

5. Are the different types of trusts set automatically, or must they be set manually?

Answers:

• The trusts that need manual configuration are contingent upon how Active Directory is organized, and whether different versions of Windows coexist on the network.

• All trusts must be set manually.

• All trusts are set automatically.

• All trusts are set automatically, and they cannot be changed.

6. Your company and its partner want to share files on servers in both of their laboratories. What's the easiest way to make this happen?

Answers:

• Utilize Active Directory Cloud Authentication Services (CA) to create user groups from both companies to access shared data.

• Set up a server on the internet and utilize Windows R-Sync to replicate data from the servers from each partners servers. Set up a Radius Server with user accounts then provide the users with VPN access to the data.

• Set up a Two Way External Trust via Active Directory Domains and Trusts, then setup security groups to share directories.

• Create a group in your company's Active Directory Users and Groups, then create user accounts for the people who will need access to resources in your domain, restrict resources to that group. Have your partner do the same on their domain.

7. You are trying to determine the name of a host but only have the IP Address, what command can you run to finds it's name?

Answers:

• ping -a (IP Address)

• tracert (IP Address)

• ping -h (IP Address)

• ping (IP Address)

8. An Active Directory Forest is ___________________

Answers:

• a collection of different domains connected via two way trusts that don't share the same DNS name space, but share authentication and policy management.

• the sum total of all the objects both physical and logical including their properties in an Active Directory domain and managed from a PDC.

• a method for visualizing autonomous sites that are connected via high speed networks but independent of domain hierarchies.

• the different databases and their interactions that comprise the Active Directory for the management of objects, domain security and policy.

9. What kind of trust is a parent-child trust?

Answers:

• Four-way trust.

• One-way trust.

• Forest trust.

• Two-way trust.

10. How much maintenance does the Active Directory database require on a daily basis?

Answers:

• It has to be backed up hourly.

• It has to be debugged and backed up hourly.

• None besides backups during ordinary operations.

• It has to be backed up daily.

11. What does Windows Time Service use to manage time settings?

Answers:

• System Time Protocol.

• Windows Time Protocol.

• Network Time Protocol.

• Greenwich Time Protocol.

12. What happens if the global catalog is removed?

Answers:

• The domain controller immediately stops trusting in DNS as a global forest server.

• The domain controller immediately stops advertising in trusts as a global realm server.

• The domain controller immediately stops advertising in DNS as a global catalog server.

• The domain controller immediately stops advertising in the system as a global hardware server.

13. To protect the Active Directory schema, how should users be managed?

Answers:

• There is no schema in Active Directory.

• Users should only be added when changes to the schema need to be made.

• No one has access to Active Directory's schema.

• All users have full access to Active Directory's schema.

14. You are having difficulty with remote domain controllers not syncing. What tool would you use to investigate the problem?

Answers:

• DNS Manager

• Active Directory Domains and Trusts

• Windows Remote Server Manager

• Active Directory Federated Services

15. What database engine is used to house the Active Directory?

Answers:

• JET database

• rebase

• T-SQL

• MS SQL Server

16. What is Active Directory's global catalog used for?

Answers:

• System-wide directory searching and facilitating domain client logons when universal groups are available.

• Network-wide directory searching and facilitating domain client logons when universal groups are available.

• Global directory searching and facilitating domain client logons when universal groups are available.

• Forest-wide directory searching and facilitating domain client logons when universal groups are available.

17. In the following list, which methods can NOT be used to manage Active Directory tasks?

Answers:

• Command Line

• Microsoft Management Console

• Active Directory Web Interface

• Windows PowerShell

18. What command line tool can you use to remove and object from the Active Directory

Answers:

• rmdr.exe

• rmdsob.exe

• dsrm.exe

• obdel.exe

19. If you want to see a list of users from the command line or in a script you would use the ______ utility.

Answers:

• adquery.exe

• adfind.exe

• dsadd.exe

• dsget.exe

20. You are deploying a new web based application that only company personnel will use to submit their hours when out of the office. What Active Directory Service would you deploy to enable login security.

Answers:

• Deploy Active Directory Federated Services (FS) via IIS to extend and integrate Windows Login within the application and make it available on the internet.

• Deploy an RDP server accessible via a URL on the internet that will allow users to login to a Window's session to access a secure browser.

• Deploy the replication feature in Active Directory Domains and Trusts that will allow the users PC to automatically exchange certificate tokens when opening the applications URL and securing the users login.

• Set up a nightly scheduled process that executes the Active Directory Users and Groups Directory Export Services (DE) to create a secure text file that is uploaded into the application's database.

21. An Active Directory Forest comprised of Windows 2008 R2 domain controllers will need to incorporate a Windows 2003 R2 Domain controller. What version level will the Forest function?

Answers:

• It will function at the Windows 2003 R2 level.

• It depends on the site the 2003 R2 domain controller is located.

• It will function at the 2008 R2 level.

• All domain objects created on the 2008 R2 domain controllers will function as 2008 R2 those from the incorporated 2003 R2 servers will continue to operate as 2003 objects.

22. Should you log in to your computer as an administrator to complete administrative tasks?

Answers:

• Yes.

• Yes. You should always log in as an administrator, but log out after you are finished.

• Yes, and stay logged in continually.

• No. Use “Run as” to complete them.

23. What is KCC?

Answers:

• It is the Kerberos Consignment Client, which checks and passes Kerberos authentication packets between clients.

• It is the Key Collection Center, the database used in conjunction with Key Distribution Center for exchange Kerberos keys during authentication.

• It is the Knowledge Consistency Checker used to generate the replication topology in Active Directory Domains and Trusts.

• It is the Knowledge Capture Client, used by the Schema Manager in mapping and maintaining domain morphology.

24. What is a NetBIOS name?

Answers:

• A name used to differentiate performance characteristics of NICs.

• A legacy naming convention used to differentiate hardware and software resources.

• The corresponding name of the first 4 dactyls in a MAC address.

• A legacy naming convention used under Lan Manager.

25. When you move the database file, where are registry entries that Ntdsutil.exe edits located?

Answers:

• MACHINE\SYSTEM\SET\Services\NTDS\

• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Utilities\NTDS\

• \SYSTEM\CurrentControlSet\Services\NTDS\HKEY_LOCAL_MACHINE

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\

26. What is an alternative to disabling administrative and guest accounts on domains for security purposes?

Answers:

• Moving them.

• Encrypting them.

• Deleting them.

• Renaming them.

27. If you need to change the default file size of the staging folder, where do you change the staging space limit registry entry?

Answers:

• System\CurrentControlSet\Services\NtFrs\Parameters\HKEY_Local_Machine

• HKEY_Local_Machine\NtFrs\Parameters

• HKEY_Local_Machine\User\Share\Etc\NtFrs\Parameters

• HKEY_Local_Machine\System\CurrentControlSet\Services\NtFrs\Parameters

28. Which of the following is NOT an Active Directory role?

Answers:

• Active Directory Domain Services

• Active Directory Federated Services

• Active Directory Network Object Services

• Active Directory Certificate Services

29. When is it necessary to manage domain and forest trusts?

Answers:

• Only when your organization needs to access other domains.

• Never. They are automatically managed.

• When your organization needs to collaborate with users or resources in other domains, forest trusts, or realms.

• When your organization needs to access other forest trusts only.

30. The Active Directory database is stored in the ______ directory.

Answers:

• %windir%\sysvol

• %windir&\ntds

• %windir%\etc

• %windir%\inf

31. What is a Global Catalog?

Answers:

• A database of every object in an active directory tree, containing the most frequently used object attributes.

• An historical catalog of all authentication traffic in the entire forest.

• The listing of all Group Policies in an Active Directory domain and their implementation schema.

• A listing of all users information that is published by intervals from the Active Directory to Microsoft Exchange.

32. What best practice ensures that all trust relationships are preserved within a domain?

Answers:

• Keeping the system running.

• Performing regular backups.

• Performing annual backups.

• Rebuilding the system every year.

33. What benefit is gained from using global or universal groups when specifying permissions on domain directory objects?

Answers:

• Permissions are transparent across the system, leaving less opportunities for intrusion.

• Permissions are totally deleted.

• Access is allowed to all users.

• Permissions are granted to fewer users.

34. What is a DSRM password used for?

Answers:

• It is used to log into Active Directory in the case that DSRM needs to be taken off-line.

• It is used to log into the system.

• It is used to log onto a domain controller that has been rebooted into DSRM mode to delete its copy of Active Directory.

• It is used to log onto a domain controller that has been rebooted into DSRM mode to take its copy of Active Directory off-line.

35. Why is documentation one of the most critical aspects of Active Directory security administration?

Answers:

• It is essential for network administration.

• It is essential for performance audits.

• It is essential for security audits.

• It is essential for domain audits.

36. Which of the following is NOT a DNS Zone?

Answers:

• Forward Lookup Zone

• Primary Zone

• Internal Lookup Zone

• Stub Zone

37. What two ways can trust relationships be defined?

Answers:

• Four-way, or two-way.

• One-way, or two-way.

• Open, or closed.

• Inside, or outside.

38. What version of Windows Server was the Read Only Domain Controller (RODC) introduced?

Answers:

• Windows 2012

• Windows 2000

• Windows 2003 R

• Windows 2008

39. How are multiple sites connected for replication in Active Directory?

Answers:

• They are connected by Site Link objects.

• They are connected by Link Bot objects.

• They are connected by Network objects.

• They are connected by Connection objects.

40. Which one of the following is NOT one of the 5 Operation Master (FSMO) Roles?

Answers:

• Infrastructure Master Role

• NTLM Master Role

• RID Master Role

• Domain Naming Master Role

41. What security practice does not involve the configuration of software or hardware?

Answers:

• Physical security.

• Network security.

• Domain security.

• Computer security.

42. Five people in Accounting have the need to print checks on a network computer. No one else should have access to this printer. What is the best way to set this up?

Answers:

• Set up a subnet on the corporate switch for the port that is attached to the printer. Give the printer an IP address on that subnet, then set up routes on the computers of the users who will print to that printer.

• Setup a new resource domain, add those users to that need to print to that printer and the printer in Active Directory Users and Groups, then create a one way forest-to-forest trust in Active Directory Domains and Trusts to allow only those users to print

• Make sure that the printer can be reached by name on the network. In Active Directory Group Policy Manager create a group policy that hides the printer name for all users except for the group in Accounting.

• Include the printer as an object in Active Directory Users and Groups, create a security group of those users who can print to that printer, then give them exclusive rights to print.

43. The ADSIEDIT tool is used to:

Answers:

• Filter SID components in the DHCP registry.

• Remove inactive objects in the Active Directory.

• Edit DNS records of Active Directory members.

• Directly add, delete or modify components in the Active Directory.

44. To add a new user via Windows PowerShell you would use the following cmdlet:

Answers:

• New-Item

• New-ADUser

• Set-ADUser

• New-DSObj

45. When creating a domain for the first time, what must be configured properly to easily join computers to your domain?

Answers:

• IIS

• DCHP Server

• Default Domain Policy (GPO)

• DNS Server and services

• LDAP

46. What two operations masters roles exist in each forest?

Answers:

• The system master, and the user master.

• The operations master, and the domain controlling master.

• The super master, and the user master.

• The schema master, and the domain naming master.

47. What is SYSVOL referring to in the context of Active Directory?

Answers:

• The Active Directory SYSVOL shared folder.

• The Active Directory SYSVOL system.

• The Active Directory shared network.

48. Fred in Marketing needs to share files with his small team on a confidential project. What should you do to help?

Answers:

• Create and share a folder on Fred's PC and write a login script that will map a drive to that folder for each member of Fred's team.

• Create a Group policy that identifies each member of Fred's team that will redirect and map a drive to a hidden folder on the server.

• Dedicate a computer to Fred's group and give each person local rights to the computer .

• Create an Active Directory Security Group and assign Fred and his team to it. Create a directory on the file server and give that group exclusive rights to the directory. Share that folder with Fred's team.

49. What is Windows Time Service responsible for?

Answers:

• Setting Active Directory's clock timing.

• Setting the system time to the appropriate time zone.

• Synchronizing the time of all the computers running on the network.

• Synchronizing the system clock so the system runs better.

50. What is unique about the tasks that operations masters perform?

Answers:

• They are encrypted.

• No other domain controllers are permitted to perform them.

• Any domain controllers are permitted to perform them.

• They can operate any other system.

51. Which of the following protocols are NOT needed for Replication?

Answers:

• SMB

• RPC

• IRC

• SMTP

52. What tool is required to make any changes in Windows Time Service?

Answers:

• TIMEnt.exe

• W32tm.exe

• ntp.exe

• T32v.exe

53. Should all system state components be backed up together?

Answers:

• Yes, though it is impossible to back them up together, they can be scheduled at similar times.

• No. They cannot be backed up.

• No.

• Yes. It is impossible to back them up otherwise because their relationship is contingent upon each other.

54. If you needed to know the default number of days that a domain controller preserves knowledge of a deleted object, how would you find the answer?

Answers:

• Check the value of the tombstoneLifetime attribute in the ForestRootDomain object.

• Check the value of the systemLifetime attribute in the ForestTreeDomain object.

• Check the value of the treeherderLifetime attribute in the ShepardOfTheForestDomain object.

• Check the value of the deletedLifetime attribute in the RecycleBinDomain object.

55. A domain computer is no longer authenticating on the domain. How do you fix the problem?

Answers:

• Rename the computer and reboot it.

• From the Active Directory Users and Groups Manager find the computer in the directory and delete it.

• From the computer, change the computer's login password in Local Security Manager, then reboot.

• From the computer, remove from the computer from the domain reboot, and rejoin it to the domain

56. In relation to backup and restore procedures, what provides a default location for files that must be shared for common access throughout a domain?

Answers:

• HKEY

• SYSVOL

• VOLSYS

• SYSKEY

57. What does it mean when a “trust” exists?

Answers:

• The authentication coming from each domain trusts the authentications coming from the other domain.

• Authentication is only allowed for administrators.

• Authentication is allowed for all users.

• Two domains block each other so only users can access the computer.

58. Which of the following are NOT a logical component of Active Directory?

Answers:

• OU

• Branch

• Domain

• Forest

59. How must drives containing database files, or log files, be formatted?

Answers:

• FAT12

• NTFS

• ext2

• FAT32

60. What is Kerberos?

Answers:

• The script complier used for parsing and interpreting SYSVOL scripts.

• A messaging protocol used in Active Directory for intersite transport in multi-site domains.

• A security protocol used for authentication in Active Directory.

• The program that underlies Active Directory Group Policy management.

61. What is LDAP?

Answers:

• Local Domain Administration Protocol.

• Logical Directory Access Protocol.

• Lightweight Directory Access Protocol.

• Local Directory Application Programming Interface.

62. You update a GPO and return to the users computer to see the results but they don't show up. What is the least disruptive way to see the results?

Answers:

• Run the command: ipconfig /flushdns

• Perform a warm boot of the computer

• Run the command: nbtstat /R

• Run the command: gpupdate /force

63. Which of the following is NOT an Active Directory object?

Answers:

• Domain Server

• Computer

• Domain user

• Email Address

64. What is used to enable and optimize replication traffic?

Answers:

• The Knowledge Consistency Optimizer.

• The Knowledge Consistency Checker.

• The Knowledge Network Checker.

• The Knowledge Replication Checker.

65. You have need to check on a security property in the Systems folder in Active Directory Users and Groups but you are having a hard time finding it.

Answers:

• On the View menu check Advanced Features

• Right click on the Domain icon and choose Show Hidden Features.

• There is no Systems folder in the Active Directory Users and Groups manager

• Log out of the server and log back in as a Domain Administrator then reopen Active Directory Users and Groups

66. What is an OU?

Answers:

• Optional Upgrade

• Organizational Unit

• Operational Unit

• Organizational Utility Services

67. A user is complaining that they can't login to the domain because they have tried to login too many times with their password

Answers:

• Ask the user to get someone else to login for them.

• In the Active Domain Domains andTrusts, find the users login server right click and choose Replicate Now, then ask the user to login

• In the Active Directory Users and Computers, find and open the user object, choose the Account tab and unlock the account.

• Tell the user to turn off the computer and restart it, then log in.

68. Why should default users be granted equal rights across the system?

Answers:

• Default users are granted varying degrees of rights. Equality in the varied degrees of granted rights reduces the occurrence of discontinuities that may allow security breaches.

• Default users should never be granted rights on the system.

• Only administrators should be granted equal rights on the server.

• Granting rights equally means that there are no variations in rights granted.

69. When Windows Server receives a file through replication, or prior to being replicated, where must it be stored?

Answers:

• In the staging area.

• In the sandbox area.

• In the Windows area.

• In the replication area.

70. A Schema Partition in Active Directory is the:

Answers:

• Partition that contains all of the information in a Domain about users, groups and OUs.

• Partition that contains all of the information about the structure of the entire forest including sites and trusts.

• Partition that contains all of the definitions of the objects that can be created in the Active Directory and there rules for creating and managing them.

• Partition that contains all of the information that is used and collected by applications and utilities in the Active Directory such as DNS

71. You need to remove a large number of user accounts in the Active Directory because of an acquisition. Which utility would you use?

Answers:

• RMDsob

• LDIFDE

• CSVDE

• DSMoD

72. For which of the following reasons would you NOT deploy a Read Only Domain Controller (RODC)?

Answers:

• Marketing tells you they want their own Domain Controller.

• Your remote office is in a high crime neighborhood.

• Your remote office is complaining about login times.

• The network connection to a remote office is tenuous.

73. Which virus scanning software is known to cause problems when installed on an Active Directory domain controller?

Answers:

• VirusScan2000.

• McAfee VirusScan 8.0.

• Norton System Works.

• AVG Virus Scan.

74. What policy would you implement to rid the system of LM hashes?

Answers:

• “Do Not Store LAN Hash Value on Next Password Change”

• “Do Not Store Hash Value on Next Password Change”

• “Do Not Store LAN Manager Hash Value on Next Password Change”

• “Do Not Store LAN Manager Hash Value on Next Startup”

75. To install a new Active Directory Domain Services (AD DS) Forest you need to be a:

Answers:

• A local administrator on the server.

• A member of the Domain Admins group.

• A member of the Domain Network Services group.

• A member of the Enterprise Admins group.

76. Which of the following protocols is used for communications in Active Directory Domains and Trusts?

Answers:

• SMS

• FTP

• UDP

• SMTP

77. What are Group Policies?

Answers:

• Group Policies are ways to normalize the behavior of controllable applications and procedures on the domain.

• Group Policies are used to provide security as well as filter and manage content from the internet.

• Group Policies are used to manage and segregate domain resources based on rules in the OU defined by group membership.

• Group Policies are used to maximize login efficiency by creating a hierarchies based on user profiles.

78. How many operations masters roles are allocated to each domain?

Answers:

• 4

• 5

• 3

• 2

79. An application you are installing has a service that needs to run on a server where it will interact and modify other network services and components. How do you set it up?

Answers:

• Create a new user in Active Directory Users and Groups. Add the users to the Network Services group. Use this account when installing the service on the server where the application is to run.

• Create a new user in Active Directory Users and Groups. Then on the server add the new domain user you created into the Local Admins group. Use this account to install the application.

• You need to do nothing since it is a network application and will be installed on a network server, those functions are already built in.

• Create a new user in Active Directory Users and Groups. Add the users to the Network Configuration Operators group. Use this account when installing the service on the server where the application is to run.

80. How many levels of readiness are allocated for the global catalog?

Answers:

• 10

• 4

• 2

• 6

81. What do Domain Controllers do?

Answers:

• Assign IP addresses to domain computers

• Receive and relay domain commands

• Control granular settings in a domain environment

• Store the database, maintain the policies and provide the authentication of domain logons

82. One can change the Active Directory Path while creation of the Active Directory

Answers:

• Yes

• No

83. Command to create / run Active Directory Services

Answers:

• tracert

• Fixboot

• traceroute

• ADSI

• dcpromo.exe

84. Five people in Accounting have the need to print checks on a network computer. No one else should have access to this printer. What is the best way to set this up?

Answers:

• Set up a subnet on the corporate switch for the port that is attached to the printer. Give the printer an IP address on that subnet, then set up routes on the computers of the users who will print to that printer.

• Include the printer as an object in Active Directory Users and Groups, create a security group of those users who can print to that printer, then give them exclusive rights to print.

• Setup a new resource domain, add those users to that need to print to that printer and the printer in Active Directory Users and Groups, then create a one way forest-to-forest trust in Active Directory Domains and Trusts to allow only those users to print

• Make sure that the printer can be reached by name on the network. In Active Directory Group Policy Manager create a group policy that hides the printer name for all users except for the group in Accounting.

85. Which one is NOT FSMO role?

Answers:

• Infrastructure Master

• Schema Master

• Flexible Master

• RID Master

86. The Active Directory database is stored in the ______ directory.

Answers:

• %windir%\sysvol

• %windir&\ntds

• %windir%\etc

• %windir%\inf

87. If you need to change the default file size of the staging folder, where do you change the staging space limit registry entry?

Answers:

• HKEY_Local_Machine\NtFrs\Parameters

• HKEY_Local_Machine\User\Share\Etc\NtFrs\Parameters

• HKEY_Local_Machine\System\CurrentControlSet\Services\NtFrs\Parameters

• System\CurrentControlSet\Services\NtFrs\Parameters\HKEY_Local_Machine

88. Members of which of the following groups can perform actions in multiple domains within a forest?

Answers:

• Enterprise Admins

• Forest Admins

• Power Users

• Domain Admins

89. What does FSMO stand for?

Answers:

• Flexible Schema Master Operations

• File Share Master Operations

• Flexible Single Master Operations

• Family Services Master Operations

90. What does the ISTG do?

Answers:

• The ISTG manages and assigns GUIDs to objects in the Active Directory.

• The ISTG is responsible for managing connections between different domain sites.

• The ISTG is the database that stores all Group Policy Objects and the hierarchy schema.

• The ISTG is used to publish Federation Services via an internet proxy.