chapter 6 and 7
Which commands can you use together to change attributes of several users at once?
dsquery and dsmod
The default location for computer accounts that are created automatically after joining the domain can be changed using which command?
redircmp
What feature, once activated, can't be disabled without reinstalling all domain controllers within a forest?
Active Directory Recycle Bin
What Active Directory partition contains the information needed to define objects and object attributes for all domains in the forest?
Schema directory partition
Which of the following choices is not one of the three user account types defined in Windows Server 2012?
Service user account
A valid comma separated value file that can be imported using csvde must have what option below on the first line?
Set variable parameters/ The FQDN of the target domain
After a template account has been created, what can be done to ensure that the template account does not pose a security risk?
The account should be disabled
Which of the following scenarios is not ideal for the deployment of a single domain structure?
The domain structure must be able to utilize different name identities
Under what circumstances would a multi-domain structure not be an ideal choice?
The structure should facilitate easier access to resources
In order to use the Active Directory Recycle Bin, all DCs in the forest must be running at least what Windows Server operating system?
Windows Server 2008 R2
In what order are group policy settings applied?
local, site, domain, OU
What folder under Policies within the Computer Configuration Node of a GPO contains the Control Panel, Network, Printers, System, and Windows Component folders?
User Configuration
Select below the built-in group that facilitates anonymous access to web resources by Internet Information Services
IIS_IUSRS
Select the operations master role responsible for ensuring that changes made to object names in one domain are updated in references to the object in other domains:
Infrastructure master
Which of the following choices is one of the two forest-wide FSMO roles?
Schema master
Permission inheritance can be configured such that permissions are only inherited by specific types of child object types.
True
Which of the following is not associated with an Active Directory tree?
A container object that can be linked to a GPO
An authenticated user can add up to how many computer accounts to the domain, by default?
10
How long does it take for a change to trigger intrasite replication?
15 seconds, with a 3 second delay between each replication partner
The Knowledge Consistency Checker (KCC) ensures the maximum number of hops between any two domain controllers does not exceed what number?
3
How often is the password for a computer account changed by Active Directory?
30 days
How often are Group Policy Objects updated on domain controllers?
5 minutes
By default, the Windows password policy requires a minimum password of what length?
7 characters
Select the special character below that can't be used within a username:
?
What PowerShell cmdlet below will install the Active Directory Domain Services role?
Add-WindowsFeature AD-Domain-Services
What folder under Policies within the Computer Configuration Node of a GPO contains the Control Panel, Network, Printers, System, and Windows Component folders?
Administrative Templates
Which of the following is not one of the five folder objects that are created when Active Directory is installed?
Administrators
Which of the following is not one of the five folder objects that are created when Active Directory is installed?
Administrators
What special identity group is used when a user accesses an FTP server that doesn't require user account logon?
Anonymous logon
By default, when are policies set in the User Configuration node applied?
At user logon
Which special identity group specifically includes any user account (except the Guest) logged into a computer or domain with a valid username and password?
Authenticated Users
A user's profile is stored in what directory on a local computer by default?
C:\Users
Which of the following is a default folder object?
Computer
An administrator has discovered that several critical parts of Active Directory have been deleted. What boot mode can be used to perform restoration?
Directory Services Restore Mode(DSRM)
Jane has left the company. Her user account is a member of several groups and has permissions and rights to a number of forest-wide resources. Jane's replacement will arrive in a couple of weeks and needs access to the same resources. What's the best course of action?
Disable Jane's account. When the new employee arrives, rename Jane's account, assign it a new password, and enable it again.
What is the most typically used group type conversion?
Distribution group->security grouop
Which of the following is the core logical structure container in Active Directory?
Domain
Which of the following is a user account category? (Choose all that apply.)
Domain Local
Select the true statement regarding the conversion of group scope:
Domain local groups can be converted to universal, as long as the domain local group does not contain other domain local groups
Which direct group scope conversion is allowed?
Domain local to universal, provided no domain local group is already a member
Which is responsible for management of adding, removing, and renaming domains in a forest?
Domain naming master
Select the operations master role responsible for ensuring that changes made to object names in one domain are updated in references to the object in other domains:
Domain naming master
The Administrator account should not be re-named, but should at least used a secure password.
False
The dcpromo.exe command is the preferred method for installing Active Directory on Server Core.
False
Which of the following is a valid group scope? (Choose all that apply.)
Global Domain Local
What Active Directory directory partition holds the DNS database?
Global catalog partition
Which of the following is NOT a directory partition?
Group policy partition
What is a downlevel user logon name used for?
Logging into older Windows OSs or using older Windows applications
What is the primary container object for organizing and managing resources in a domain?
OUs
Which of the following statements is true regarding the global catalog?
Only one global catalog exists per forest
Which of the following can be a member of a universal group? (Choose all that apply.)
Other universal groups Global groups from any domain in the forest
Select the operations master role that is responsible for providing backward compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers:
PDC emulator master
Which of the following statements is not true regarding the built-in Administrator account?
The Administrator account can't be renamed, but it can be deleted.
Which of the following statements is true regarding the built-in Guest account?
The Guest account should be renamed if it will be used
Which statement is true regarding the use of the Logon Hours option under a user's account?
The Logon Hours can't be used to disconnect a user that has already logged in
Active Directory's use of multimaster replication ensures that changes to AD objects are automatically replicated to all domain controllers.
True
An explicit "allow" permission will override an inherited "deny" permission.
True
In order for a software package to be published in Active Directory, it must be configured in the User Configuration node of an applicable group policy.
True
Information within an OU can be hidden using permissions, and administration of an OU can be delegated to a non-administrative account.
True
The Active Directory Recycle Bin is disabled by default, and can be enabled in the Active Directory Administrative Center (ADAC)
True
The recommended minimum number of Active Directory domain controllers in a domain environment is two
True
When creating a new user, the "User must change password at next logon" option is enabled by default.
True
How can the output of a command be redirected to a file instead of being displayed on screen?
Type the > character followed by the file name at the end of the command
How can an administrator enable or disable accounts using the command line?
Use the dsmod user command
When creating a new user, the "User cannot change password" option can't be used in conjunction with what other option?
User must change password at next logon
