Mod 3
What type of group is typically used to manage resources in a domain?
Domain local group
Can be assigned permissions to resources or added as a member to another group in the same domain, but can contain objects from any domain in the forest
Domain local security
By default the password changes every ___________, defined in the Group Policy.
30 days
For members of a protected users global group, how often must the Kerberos Ticket Granting Ticket be renewed?
4 Hours
By default Window Server 2019 password policy requires that password be at least ___ characters or more.
6
What statement regarding DNS implementation is accurate?
A domain should ideally have two or more DNS servers to take advantage of load balancing and multimaster relationships, as well as fault tolerance.
What is the most typically used boundary for an Active Directory site?
A site boundary is typically defined by a network or subnet boundary.
What tab under a user's account properties allows you to define the hours at which the user is able to log on to the domain?
Account Tab
What is NOT an attribute that must be defined for each Active Directory account?
Account holders email address
T/F Workgroup security authentication is called single signon.
False
T/F: "Protect container from accidental deletion" option is recommend that you enable this option to prevent you from accidentally deleting a populated OU.
False
T/F: A forest provides a mans to relate trees that use contiguous namespace in domain outside of each tree.
False
T/F: A user's token is automatically sent to a workstation that is joined to the domain during the authentication process.
False
T/F: By default for a new domain only has one OU, easily identifiable by it's domain name.
False
T/F: Local Administrator accounts have the authority to update the AD schema to ensure on all computers.
False
T/F: RSAT is a free tool that needs to be download and will work on all version of Windows client OS.
False
T/F: Tokens can only be decrypted by user accounts after login to a workstation.
False
The amount of time that a computer is able to cache the results of a lookup is determined by the advanced properties on the DNS server.
False
____________________ is the process of providing a valid user name and password at the Windows login screen.
Authentication
Multiple trees with in a single Forest that share a common naming conventions..
Contiguous namespace
Windows Server that holds a copy of an AD database
DC
Can be assigned permissions to resources or added as a members to another group in any domain with in the forest
Global Security
_________________________ is the default trust relationship in Active Directory allowing users to access resources in another domain with in the same forest.
Internal trust
Under what conditions can a global group be converted to a universal group?
It can be converted as long as it is not nested in another global group or in a universal group.
What is the purpose of a State of Authority record?
It identifies the authoritative DNS server for the current zone.
What information is NOT in a DNS stub zone?
MX record for administrative tracking
What Kerberos account policy can be configured to encourage users to sign out after a certain amount of time?
Maximum lifetime for user ticket
Windows Server that is joined to an AD DC but does hold a copy of AD database
Member Server
What is NOT a true statement to keep in mind when designing an OU structure?
Microsoft recommends nesting OUs at least four levels deep.
Which of the following is not an advantage or reason to join the domain?
No down sides to joining the domain
Which is not an advantage of having users log on to the domain.
Offer protection when online, safer browsing
What is the default password setting when a new user object is created?
Password never expires
what is the process of pre-creating computer account for computer with in the appropriate OU's prior to joining the computer to the domain?
Prestaging
You have been tasked with implementing a server infrastructure that allows clients to use virtual machine and session-based desktops to access and run applications on servers. What role should you install for this purpose?
Remote Desktop Services
Occasionally a computer previously joined to the domain will experience a hardware failure. What needs to happen to resolve the problem?
Reset or delete the computer account in AD Regenerate the key on the client computer which will cause a new key to be generated Change previously joined computer back to workgroup, then rejoin to the domain
Local users and group accounts are in the _______________________.
SAM
What statement regarding functional domain functional levels is accurate?
The functional level at both the domain and forest level should be set to the lowest version of Windows Server used.
What is NOT one of Microsoft's recommendations for creating a computer name?
The maximum length for the name is 63 characters
RODC - Server - it's like a secondary server that includes DNS, replication of active directory and it's objects.. and it's only a copy.
True
Scavenging only removes records created using dynamic update.
True
T/F: A single forest can contain an unlimited number of domains and each domain can contain an unlimited number of objects.
True
T/F: After your credentials are validated you are granted access to each resources based on permissions associated with the resource ACL.
True
T/F: Domain Trees use a common DNS namespace.
True
T/F: If the global catalog is not available to contacted, you may be able to use cached credentials to access your server.
True
T/F: LDAP is able to work with x.500 compliant databases such as Active Directory
True
T/F: The Remote Server Administration Tools can be used to remotely manage Server 2019 and Server 2016 servers.
True
T/F: The User Principal Name (UPN) is login name a user enters during the login process.
True
T/F: The global catalog is contacted to verify the UPN and locate a domain controller that can complete the authentication process. when a user logins at a computer located on a different user account then the one with the user login credentials provided the user login using their user principal name.
True
The Remote Server Administration Tools can be used to remotely manage Server 2019 and Server 2016 servers.
True
t/f: Domain Trees use a common DNS namespace.
True
What statement regarding Active Directory objects that can be members of a domain local group is NOT accurate?
Universal groups in any domain in a tree or forest can be a member of the domain local group, without requiring a trust relationship.
Can be assigned permissions to resources or added as a member to another group within any domain in the forest
Universal security
Default setting after installing
Workgroup
What is not a valid requirement for joining a computer to an Active Directory domain?
You must have Internet connectivity and be capable of reaching microsoft.com
What kind of group is used for e-mail or telephone lists, to provide quick, mass distribution of information?
distribution groups
_________ ip address that is provided by a DHCP service / server.
dynamic
t/f: A forest provides a mans to relate trees that use contiguous namespace in domain outside of each tree.
false
t/f: DHCP configuration requires DNS settings to be sent to clients requesting DHCP services.
false
t/f: Tokens can only be decrypted by user accounts after login to a workstation.
false
t/f: Universal groups are replicated in the global catalog and are the recommended type of groups to use to ensure fast global catalog performance.
false
Which of the following statement(s) is NOT true regarding the Guest account in a Server 2019 environment. a)Assigned a minimal set of rights and permission b) is enabled by default c) is part of the local user's group
is enabled by default
Multiple trees with in a single Forest that share a common naming conventions.. a) require distribution groups b) establish parent child relationship c) contiguous namespace d) use disjointed name space (XX)
page 228 c) contiguous namespace
During the authentication process , after login credentials are validated the DC issues an encrypted token to _____________________ as well as ______________. a) your user object b) all are valid answers (XX NO XX) c) domain group account you belong to d) your computer
pg 223 Your computer and domain group account you belong to
___ DNS records represent computers that are no longer on the network and were added dynmatically.
stale rescourse records
T/F RODC - Server - it's like a secondary server that includes DNS, replication of active directory and it's objects.. and it's only a copy.
true
t/f: A single forest can contain an unlimited number of domains and each domain can contain an unlimited number of objects.
true
t/f: Multiple scopes are supported in a single DHCP server because it often necessary to assign different address ranges.
true
Select the true statement(s) about Active Directory. (Pick all that apply)
xx chapter 4 lecture AD, DS and labs ***