Mod 3

What type of group is typically used to manage resources in a domain?

Domain local group

Can be assigned permissions to resources or added as a member to another group in the same domain, but can contain objects from any domain in the forest

Domain local security

By default the password changes every ___________, defined in the Group Policy.

30 days

For members of a protected users global group, how often must the Kerberos Ticket Granting Ticket be renewed?

4 Hours

By default Window Server 2019 password policy requires that password be at least ___ characters or more.

6

What statement regarding DNS implementation is accurate?

A domain should ideally have two or more DNS servers to take advantage of load balancing and multimaster relationships, as well as fault tolerance.

What is the most typically used boundary for an Active Directory site?

A site boundary is typically defined by a network or subnet boundary.

What tab under a user's account properties allows you to define the hours at which the user is able to log on to the domain?

Account Tab

What is NOT an attribute that must be defined for each Active Directory account?

Account holders email address

T/F Workgroup security authentication is called single signon.

False

T/F: "Protect container from accidental deletion" option is recommend that you enable this option to prevent you from accidentally deleting a populated OU.

False

T/F: A forest provides a mans to relate trees that use contiguous namespace in domain outside of each tree.

False

T/F: A user's token is automatically sent to a workstation that is joined to the domain during the authentication process.

False

T/F: By default for a new domain only has one OU, easily identifiable by it's domain name.

False

T/F: Local Administrator accounts have the authority to update the AD schema to ensure on all computers.

False

T/F: RSAT is a free tool that needs to be download and will work on all version of Windows client OS.

False

T/F: Tokens can only be decrypted by user accounts after login to a workstation.

False

The amount of time that a computer is able to cache the results of a lookup is determined by the advanced properties on the DNS server.

False

____________________ is the process of providing a valid user name and password at the Windows login screen.

Authentication

Multiple trees with in a single Forest that share a common naming conventions..

Contiguous namespace

Windows Server that holds a copy of an AD database

DC

Can be assigned permissions to resources or added as a members to another group in any domain with in the forest

Global Security

_________________________ is the default trust relationship in Active Directory allowing users to access resources in another domain with in the same forest.

Internal trust

Under what conditions can a global group be converted to a universal group?

It can be converted as long as it is not nested in another global group or in a universal group.

What is the purpose of a State of Authority record?

It identifies the authoritative DNS server for the current zone.

What information is NOT in a DNS stub zone?

MX record for administrative tracking

What Kerberos account policy can be configured to encourage users to sign out after a certain amount of time?

Maximum lifetime for user ticket

Windows Server that is joined to an AD DC but does hold a copy of AD database

Member Server

What is NOT a true statement to keep in mind when designing an OU structure?

Microsoft recommends nesting OUs at least four levels deep.

Which of the following is not an advantage or reason to join the domain?

No down sides to joining the domain

Which is not an advantage of having users log on to the domain.

Offer protection when online, safer browsing

What is the default password setting when a new user object is created?

Password never expires

what is the process of pre-creating computer account for computer with in the appropriate OU's prior to joining the computer to the domain?

Prestaging

You have been tasked with implementing a server infrastructure that allows clients to use virtual machine and session-based desktops to access and run applications on servers. What role should you install for this purpose?

Remote Desktop Services

Occasionally a computer previously joined to the domain will experience a hardware failure. What needs to happen to resolve the problem?

Reset or delete the computer account in AD Regenerate the key on the client computer which will cause a new key to be generated Change previously joined computer back to workgroup, then rejoin to the domain

Local users and group accounts are in the _______________________.

SAM

What statement regarding functional domain functional levels is accurate?

The functional level at both the domain and forest level should be set to the lowest version of Windows Server used.

What is NOT one of Microsoft's recommendations for creating a computer name?

The maximum length for the name is 63 characters

RODC - Server - it's like a secondary server that includes DNS, replication of active directory and it's objects.. and it's only a copy.

True

Scavenging only removes records created using dynamic update.

True

T/F: A single forest can contain an unlimited number of domains and each domain can contain an unlimited number of objects.

True

T/F: After your credentials are validated you are granted access to each resources based on permissions associated with the resource ACL.

True

T/F: Domain Trees use a common DNS namespace.

True

T/F: If the global catalog is not available to contacted, you may be able to use cached credentials to access your server.

True

T/F: LDAP is able to work with x.500 compliant databases such as Active Directory

True

T/F: The Remote Server Administration Tools can be used to remotely manage Server 2019 and Server 2016 servers.

True

T/F: The User Principal Name (UPN) is login name a user enters during the login process.

True

T/F: The global catalog is contacted to verify the UPN and locate a domain controller that can complete the authentication process. when a user logins at a computer located on a different user account then the one with the user login credentials provided the user login using their user principal name.

True

The Remote Server Administration Tools can be used to remotely manage Server 2019 and Server 2016 servers.

True

t/f: Domain Trees use a common DNS namespace.

True

What statement regarding Active Directory objects that can be members of a domain local group is NOT accurate?

Universal groups in any domain in a tree or forest can be a member of the domain local group, without requiring a trust relationship.

Can be assigned permissions to resources or added as a member to another group within any domain in the forest

Universal security

Default setting after installing

Workgroup

What is not a valid requirement for joining a computer to an Active Directory domain?

You must have Internet connectivity and be capable of reaching microsoft.com

What kind of group is used for e-mail or telephone lists, to provide quick, mass distribution of information?

distribution groups

_________ ip address that is provided by a DHCP service / server.

dynamic

t/f: A forest provides a mans to relate trees that use contiguous namespace in domain outside of each tree.

false

t/f: DHCP configuration requires DNS settings to be sent to clients requesting DHCP services.

false

t/f: Tokens can only be decrypted by user accounts after login to a workstation.

false

t/f: Universal groups are replicated in the global catalog and are the recommended type of groups to use to ensure fast global catalog performance.

false

Which of the following statement(s) is NOT true regarding the Guest account in a Server 2019 environment. a)Assigned a minimal set of rights and permission b) is enabled by default c) is part of the local user's group

is enabled by default

Multiple trees with in a single Forest that share a common naming conventions.. a) require distribution groups b) establish parent child relationship c) contiguous namespace d) use disjointed name space (XX)

page 228 c) contiguous namespace

During the authentication process , after login credentials are validated the DC issues an encrypted token to _____________________ as well as ______________. a) your user object b) all are valid answers (XX NO XX) c) domain group account you belong to d) your computer

pg 223 Your computer and domain group account you belong to

___ DNS records represent computers that are no longer on the network and were added dynmatically.

stale rescourse records

T/F RODC - Server - it's like a secondary server that includes DNS, replication of active directory and it's objects.. and it's only a copy.

true

t/f: A single forest can contain an unlimited number of domains and each domain can contain an unlimited number of objects.

true

t/f: Multiple scopes are supported in a single DHCP server because it often necessary to assign different address ranges.

true

Select the true statement(s) about Active Directory. (Pick all that apply)

xx chapter 4 lecture AD, DS and labs ***