Microsoft 70-410 Chapter 11-18
Which of the following items is a valid leaf object in Active Directory?
User
What is the maximum length for a fully qualified domain name, including the trailing period?
255 Characters
Which of the following would be the correct FQDN for a resource record in a reverse lookup zone if the computer's IP address is 10.75.143.88?
88.143.75.1.in-addr.arpa
Which of the following best describes the function of a starter GPO?
A starter GPO functions as a template for the creation of new GPOs.
The IPv6 DNS host record is referred to as a(n):
AAAA Record
What is a key benefit to using ADAC or the Active Directory Users and Computers console?
ADAC allows you to modify the properties of multiple users or multiple computers at once.
Which of the following types of files do Group Policy tools access from a Central Store by default?
ADMX
What two graphical tools will help create either user or computer objects?
Active Directory Administrative Center and Active Directory Users and Computer
What is the simplest way for administrators to upgrade their Active Directory Domain Services (AD DS) infrastructure to Windows Server 2012 R2?
Add a new Windows Server 2012 R2 server to your existing Directory Services installation
Which of the following are the two built-in user accounts created automatically on a computer running Windows Server 2012 R2?
Administrator & Guest
What is the purpose of the Audit Policy section of a Local Group Policy objects (GPO)?
Administrators can log successful and failed security events, such as loss of data, account access, and object access.
Which of the following is not true about an object's attributes?
Admins must manually supply information for certain attributes Every container object has, as an attribute, a list of all the other objects it contains Leaf objects do not contain attributes
What client applications utilize Domain Name System (DNS) to resolve host names into IP addresses?
All Internet applications working with host names must use DNS to resolve host names into IP addresses
At which layer of the OSI model does DHCP operate?
Application Layer
What are the three primary event logs?
Application, Security, and System
What are the key benefits of security templates?
Apply consistent, scalable, and reproducible security settings throughout an enterprise.
How are most Group Policy settings applied or reapplied?
At the refresh interval
A DNS server that hosts a primary or secondary zone containing a particular record can issue the following response to a query for the record:
Authoritative Answer
What are some best practices when creating internal DNS namespaces
Avoid an excessive number of domain levels
What is the key difference between groups and Organizational Units (OUs)?
Because groups are independent from domain structure, its members may be located anywhere in the domain or outside the domain
What is the primary means by which people access resources on an Active Directory Domain Service (AD DS) network?
By having a user account
This DNS configuration item will forward DNS queries to different servers based on the domain name of the query.
Conditional Forwarder
Installing Windows Server 2012 Active Directory Domain Services (AD DS) installs two default policies: Default Domain Policy and Default Domain Controller Policy. As an administrator, you need different policy settings than the default. What is the best approach to make those changes?
Create new GPOs to augment or override the existing default settings.
Which of the following DHCP message types is sent first in process of obtaining an address lease?
DHCPDISCOVER
Which of the following message types is not used during a successful DHCP address assignment?
DHCPINFORM
You are planning an Active Directory implementation for a company that currently has sales, accounting, and marketing departments. All department heads want to manage their own users and resources in Active Directory. What feature will permit you to set up Active Directory to allow each manager to manage his or her own container but not any other containers?
Delegation of Control
Your DHCP servers are burdened with heavy traffic, most related to IP address renewals. Unfortunately, virtually all the IP addresses in each of your subnets are allocated. Which of the following options is the best way to lower the renewal traffic?
Deploy additional DHCP servers on the most burdened subets
After you create a GPO that contains computer or user settings, but not both, what can you do for faster GPO processing?
Disable the setting area that is not configured.
What command-line utility allows administrators to modify groups' type and scope as well as add or remove members?
Dsmod.exe
Select the best reasons for using organizational units (OUs)?
Duplicating organizational divisions, assigning Group Policy settings, and delegating administration
What is the first domain installed in a new Active Directory forest called?
Forest Root Domain
Which of the following does an Active Directory client use to locate objects in another domain?
Global Catalog
What is the primary difference between universal groups and global groups in Windows Server 2012 R2?
Global groups use less data in the global catalog. So, in considering replication traffic, universal groups should be within a site.
Which of the following group scope modifications are not permitted? (Choose all answers that are correct.)
Global to Domain Local
Which of the following tools would you use to deploy the settings in a security template to all of the computers in an Active Directory Domain Services domain?
Group Policy Management console
What is an important difference between groups and organizational units (OUs)?
Group memberships are independent of the domain's tree structure
Generally, how do groups differ from OUs?
Groups are security principals, meaning you assign access permissions to a resource based on membership to a group. OUs are for organization and for assigning Group Policy settings.
When using CSVDE, what is the first line of the text file that uses proper attribute names?
Header Record
When using Netdom.exe to join an account, you may add the parameter [/OU:OUDN]. If this parameter is left out, where is the object placed?
In the Computers Container
You are preparing to deploy Windows 8 to a large number of new workstations. Which of the following options would be best?
Install Windows 8 using Pre-Boot Execution Environment (PXE) and Windows Deployment Services (WDS)
What can be used to add, delete, or modify objects in Active Directory, in addition to modifying the schema if necessary?
LDIFDE
What is the order in which Windows systems receive and process multiple GPOs?
LSDOU (local, site, domain, and then OU)
What are the two basic classes of Active Directory objects?
Leaf & Container
What are the different types of Group Policy objects (GPOs)?
Local, domain, and starter
An Active Directory functional level must be low enough to ensure interoperability between domain controllers running different versions of Windows Server. How does the functional level affect the AD forest?
Lower functional level means fewer features available
The following is a hexadecimal address that is uniquely associated with a specific Network Interface Card (NIC)
MAC
Which of the following types of DHCP address allocation is the equivalent of a reservation in Windows Server 2012 R2
Manual Allocation
Who may join a computer to the domain?
Members of the computer's local Administrators group may join the computer to the domain
What is the primary purpose of name caching?
Name caching enables the second name resolution request for the same name to bypass the referral process
Which of the following is not a type of user account that can be configured in Windows Server 2012 R2?
Network Accounts
What is the PowerShell cmdlet syntax for creating a new computer object
New-ADComputer -Name <computer name> -path <distinguished name>
What is the PowerShell cmdlet syntax for creating a new user account?
New-ADUser
Which of the following is a container object within Active Directory?
OU
You are attempting to delete a global security group in the Active Directory Users and Computers console, and the console will not let you complete the task. Which of the following could possibly be causes for the failure? (Choose all answers that are correct.)
One of the group's members has the group set as its primary group. You do not have the proper permissions for the container in which the group is located.
Which of the following cannot contain multiple Active Directory domains?
Organizational Units
What is the best approach for planning a security template strategy?
Plan according to the needs of computer roles, but not individual computers.
What is the primary benefit of a DNA forwarder
Reducing the traffic and making efficient use of available bandwidth across the network perimeter
Which of the following is not one of the elements of the Domain Name System (DNS)?
Relay Agents
Which of the following network components are typically capable of functioning as DHCP relay agents?
Routers & Windows Server 2012 R2 Computers
What is required by DNS for Active Directory to function?
SRV Records Support
The following feature is available only on Active Directory-integrated DNS zones:
Secure Dynamic Updates
Which of the following techniques can you use to apply GPO settings to a specific group of users in an OU?
Security Filtering
Which of the following tools would you use to modify the settings in a security template?
Security Templates snap-in
What differences matter most in creating a single user versus multiple users?
Single user creation is often done from the graphical user interface (GUI), whereas creating multiple users typically requires using command-line tools.
Group Policy settings are divided into two subcategories: User Configuration and Computer Configuration. Each of these two settings are further organized into three subnodes. What are the three subnodes?
Software Settings, Windows Settings, and Administrative Templates
What are the dangerous consequences of a poorly chosen Time To Live (TTL)?
Specifying a TTL that is too short can overburden root name and top-level domain servers with requests
The following is an administrative grouping of scopes that is used to support multiple logical subnets on a single network segment:
Superscope
A DHCP client first attempts to reacquire its lease at half the lease time, which is known as
T1
To make use of Pre-boot Execution Environment (PXE) and Windows Deployment Services (WDS), what special configuration do you require on the server and client?
The DHCP server on the network must have a custom PXEClient option (option 60) configured with the location of the WDS server on the network
When multiple GPOs are linked to a container, which GPO in the list has the highest priority?
The first
If creating a local GPO, then a secondary GPO, then a tertiary GPO, what policy settings are included in each GPO?
The first GPO contains both Computer Configuration and User Configuration settings, whereas the secondary and tertiary GPOs contain only User Configuration settings.
When you apply a GPO with a value of Not Configured for a particular setting to a system on which that same setting is disabled, what is the result?
The setting remains disabled.
What are the different kinds of groups?
There are two types: security and distribution, and three group scopes: domain local, global, and universal.
One method a Dynamic Host Configuration Protocol (DHCP) server allocates IP addresses is called manual allocation. This process involves manually assigning an IP address to a particular server. What is the key benefit of DHCP manual allocation over manually configuring the address directly on the server?
This process prevent accidental duplication of permanently assigned IP Addresses
What is the primary reason for creating different sites on an Active Directory network?
To control the amount of traffic passing over the relatively slow and expensive WAN links between locations
Which of the following is not a correct reason for creating an OU?
To create a permanent container that cannot be moved or renamed
What is the default trust relationship between domains in one forest?
Two-way trust relationship between domain trees
Universal Which of the following groups do you use to consolidate groups and accounts that either span multiple domains or the entire forest?
Universal
What did Microsoft introduce in Windows Server 2012 R2 to ensure users with administrative privileges still operate routine tasks as standard users?
User Account Control (UAC)
What are the two interfaces available for creating and managing user accounts in Windows Server 2012 R2?
User Accounts control panel and the Local Users and Groups snap-in for MMC
What are the two interfaces for creating and managing local user accounts for a computer joined to the domain?
User Accounts control panel and the Local Users and Groups snap-in for MMC
The built-in local groups on a server running Windows Server 2012 receive their special capabilities through which of the following mechanisms?
User rights
Which of the following local GPOs takes precedence on a system with multiple local GPOs?
User-specific Group Policy
Which of the following are local groups to which you can add users with the Windows Control Panel?
Users & Administrators
In a domain running at the Windows Server 2012 domain functional level, which of the following security principals can members of a global group? (Choose all answers that are correct.)
Users, Computers, & Global Groups
Group Policies applied to parent containers are inherited by all child containers and objects. What are the ways you can alter inheritance?
Using the Enforce, Block Policy Inheritance, or Loopback settings.
What servers should not be DHCP Clients?
Web servers, DHCP servers, and Domain Controllers
When would you need to create a user account through the Control Panel?
When you join a computer to an Active Directory Domain Services (AD DS) domain, you can create only new local user accounts with the Local Users and Groups snap-in. Control Panel is while the computer is not a member of an AD DS domain.
Are typical, authenticated users able to create computer objects in an Active Directory?
Yes, by default, users who are successfully authenticated to Active Directory are permitted to join up to ten workstations to the domain, thus creating up to 10 associated computer objects.
You are an administrator in a mixed environment of Windows Server 2012, Server 2008 R2 and desktops running Vista. You need different settings for users, based on their identities. Can you achieve this through multiple local GPOs?
Yes, this is achievable through support by all OSs, regardless of whether standalone or whether members of an AD DS domain.
Is it possible to add AD DS on a computer running Server Core?
Yes, you use pwoershell, by first installing AD DS role, and then promoting the server to a DC
By default, linking a GPO to a container causes all the users and computers in that container to receive the GPO settings. How can you modify the default permission assignments so that only certain users and computers receive the permissions and, consequently, the settings in the GPO?
You apply security filtering in the Group Policy Management console.
After configuring and deploying the Audit Directory Service Access policy, what must you do before a computer running Windows Server 2012 begins logging Active Directory access attempts?
You must wait for the audit policy settings to propagate to all of the domain controllers on the network.
Data from a primary zone is transmitted to secondary zone using the following:
Zone Transfer
If the user named Amy is located in the sales OU of the central.cohowinery.com domain, what is the correct syntax for referencing this user in a command line utility?
cn=amy,ou=sales,dc=central,dc=cohowinery,dc=com
In the fully qualified domain name www.sales.contoso.com, which of the following is the second-level domain?
contoso
Which of the following utilities do you use to perform an offline domain join?
djoin
Local GPOs are stored ______, whereas Domain GPOs are stored _____.
on the local computer; in Active Directory
