Chapter 4 questions
What type of group is typically used to manage resources in a domain?
Domain local group
Access control list
2. A list of all security descriptors that have been set up for a particular object, such as for a shared folder or a shared printer
What symbol cannot be used in an account name in Windows Server 2016?
:
bridgehead server
A domain controller at each Active Directory site with access to a site network link, which is designated as the DC to exchange replication information.
local security group
A group of user accounts that is used to manage resources on a standalone computer.
global security group
A group that typically contains user accounts from its home domain and that is a member of domain local groups in the same or other domains.
organizational unit
A grouping of objects within a domain that provides a means to establish specific policies for governing those objects and that enables object management to be delegated
Namespace
A logical area on a network that contains directory services and named objects and that has the ability to perform name resolution.
contiguous namespace
A namespace in which every child object has a portion of its name from its parent object
disjointed namespace
A namespace in which the child object name does not resemble the parent object name.
What statement regarding trust relationships between domains is accurate?
Due to the trust relationship between parent and child domains, any one domain can have access to the resources of all others
schema
Elements used in the definition of each object contained in Active Directory, including the object class and its attributes
What is the most typically used boundary for an Active Directory site?
A site boundary is typically defined by a network or subnet boundary.
globally unique
A unique number, up to 16 characters long, that is associated with an Active Directory object
1What tab under a user's account properties allows you to define the hours at which the user is able to log on to the domain?
Account tab
An Organizational Unit cannot be nested within another Organizational Unit.
False
You can't convert a domain local group to a universal group.
False
What feature provided at the Windows Server 2012 domain functional level creates a secure channel or tunnel between a client seeking authentication for a computer service and the server providing secure access keys for secure communications?
Flexible Authentication Secure Tunneling (FAST)
When should an organization consider using Microsoft Azure Active Directory?
It should be considered if the organization subscribes to Office 365 services, or other compatible web services.
What is NOT a true statement to keep in mind when designing an OU structure?
Microsoft recommends nesting OUs at least four levels deep.
How are changes made within Active Directory maintained on different domain controllers?
Multimaster replication is used to replicate changes to other DCs.
When using the protected users global group, what is not a valid security restriction imposed on the group?
Only computers running Windows 7 or higher can be made member computers.
How do you make a user profile a mandatory profile, preventing all changes?
Rename the Ntuser.dat file to Ntuser.man in the user's profile directory.
When replication occurs between sites, what servers are involved in replication?
Replication only occurs between two bridgehead servers.
After deleting an account, what happens to the associated GUID?
The GUID will be permanently deleted and never re-used.
What statement regarding functional domain functional levels is accurate?
The functional level at both the domain and forest level should be set to the lowest version of Windows Server used
What happens if a user attempts to sign in while the global catalog server for the domain is offline?
The user will be allowed to sign in to the network with cached credentials.
23. A recently promoted employee at your company has called you because they attempted to log in to their computer several times with a password created after a password expiry notice, but the attempts made were unsuccessful. You have reset the user's account password, but the user is still unable to log in. What is most likely the cause of the failure?
The user's account has been locked due to frequent failed password attempts.
A Read-Only Domain Controller (RODC) cannot be used to update information in Active Directory, and it does not replicate to regular DCs.
True
In an Active Directory forest, all trees use the same schema
True
According to Microsoft, what is the minimum number of DCs that should be present in any organization using Active Directory?
Two
What statement regarding Active Directory objects that can be members of a domain local group is NOT accurate?
Universal groups in any domain in a tree or forest can be a member of the domain local group, without requiring a trust relationship
distribution groups
What kind of group is used for e-mail or telephone lists, to provide quick, mass distribution of information?
What is the minimum forest functional level should you use if you wish to make use of the protected users security group?
Windows Server 2012 R2
