CSEC-246: 3.01 Reading Exam Study Set.
A tree can consist of a single domain or a parent domain and child domains, which cannot have child domains of their own. True False
False
Hub and spoke, Half mesh, and Full mesh are all valid replication topologies for DFS replication True False
False
Intrasite replication takes place between DCs in two or more sites. True False
False
The intermediate CA is the most critical and is the server typically configured for offline operation. True False
False
The logical components of Active Directory are forests, domains, and sites. True False
False
With separate domains, stricter resource control and administrative permissions are more difficult. True False
False
For intrasite replication, what component builds a replication topology for DCs in a site and establishes replication partners? a. KCC b. Kerberos c. PDC d. Site link
a. KCC
What is the name of a domain controller on which changes can't be written? a. Read only domain controller b. Access only domain controller c. No write domain controller d. Secured domain controller
a. Read only domain controller
What is used to identify all objects in a domain? a. SID b. RID c. DIR d. PDC
a. SID
An administrator has attempted to change the forest functional level, but the attempt failed due to the failure of an FSMO role. Which FSMO role should be investigated? a. Schema master b. RID master c. PDC emulator d. Infrastructure master
a. Schema master
During garbage collection, what setting controls how long deleted objects remain within the database before such objects are completely removed? a. Tombstone lifetime b. Object expiry date c. Remove by date d. Purge lifetime
a. Tombstone lifetime
What feature in the Windows file system allows users to see only files and folders in a File Explorer window or in a list of files from the dir command to which they have been given at least read permission? a. access-based enumeration b. content information c. content enumeration d. remote access
a. access-based enumeration
What assigned value represents the bandwidth of the connection between sites? a. cost b. site c. metric d. log
a. cost
What type of replication scheme does Active Directory use to synchronize copies of most information in the Active Directory database? a. multimaster b. flexible single master c. domain-wide d. single master
a. multimaster
Select the RODC installation type where the domain administrator creates the RODC computer account in Active Directory, and then a regular user can perform the installation at a later time. a. staged installation b. deferred installation c. selected installation d. default RODC installation
a. staged installation
If you configure the issuance requirements for a certificate issued from a template so that more than one signature is required before a certificate can be issued, which of the following is true? a. The certificate is added to the CRL b. Autoenrollment is disabled c. Certificate enrollment is disabled d. Certificate enrollment is automatic
b. Autoenrollment is disabled
Once Active Directory has been installed, a default site link is created. What is the name of this site link? a. FIRSTSITE b. DEFAULTIPSITELINK c. IPSITECONTAINER d. ADSITEHOLDER
b. DEFAULTIPSITELINK
What Active Directory replication method is more efficient and reliable? a. SYSVOL Replication b. Distributed File System Replication c. File Replication Service d. AD File System Replication
b. Distributed File System Replication
You have a network with three sites named SiteA, SiteB, and SiteC that are assigned the subnets 10.1.0.0/16, 10.2.0.0/16, and 10.3.0.0/16, respectively. You change the IP address of a domain controller in SiteB to 10.1.100.250/16. What should you do now? a. Add the 10.1.0.0/16 subnet to SiteB and then force the replication topology to be recalculated. b. Move the computer object of the domain controller in Active Directory Sites and Services to SiteA. c. Move the computer object in Active Directory Users and Computers to a new OU. d. Right-click the computer object and click Check Replication Topology.
b. Move the computer object of the domain controller in Active Directory Sites and Services to SiteA.
Why might it be a good idea to configure multiple domains in a forest? a. Easier access to resources b. Need for differing account policies c. Access to Universal groups d. You need multiple schemas
b. Need for differing account policies
The RID master FSMO role is ideally placed on the same server as what other role? a. Infrastructure master b. PDC emulator c. Schema master d. Domain naming master
b. PDC emulator
What features should you configure if you want to limit access to resources by users in a trusted forest, regardless of permission settings on these resources? a. Trust transitivity b. Selective authentication c. SID filtering d. Fine-grained password policies
b. Selective authentication
What type of certificate enrollment issues certificates that users can use to log on to a system by entering a PIN? a. Web enrollment b. Smart card enrollment c. Certificates MMC d. Autoenrollment
b. Smart card enrollment
If an employee leaves a company, what should happen to any certificates held by that employee that was issued by the company's PKI? a. They should be included in the CDP b. They should be put on the CRL c. They should be forwarded to the AIA d. They should be added to the OR
b. They should be put on the CRL
Which option below is not one of the three main methods for cleaning up metadata? a. Active Directory Users and Computers b. wbsadmin.exe c. Active Directory Sites and Services d. ntdsutil.exe
b. wbsadmin.exe
How often does garbage collection run on a DC? a. 18 hours b. 2 hours c. 6 hours d. 12 hours
d. 12 hours
What is created automatically by the KCC and allows the configuration of replication between sites? a. Bridgehead server b. Site link bridge c. Site link d. Connection object
d. Connection object
Which of the following is true about the domain functional level? a. All DCs and member servers must be running the Windows version that supports the functional level b. You must raise the functional level on all DCs c. The domain and forest functional level must be the same d. You can have different functional levels within the forest
d. You can have different functional levels within the forest
On a Windows Server 2016, what is the default CRL publication interval? a. 1 week b. 1 month c. 1 year d. 1 day
a. 1 week
By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely? a. 180 days b. 120 days c. 160 days d. 60 days
a. 180 days
What is the default capacity of the Staging folder? a. 4 GB b. 1 GB c. 2 GB d. 3 GB
a. 4 GB
Select the FSMO role that is required to be online to facilitate the addition or removal of a domain controller: a. Domain naming master b. Schema master c. PDC emulator d. RID master
a. Domain naming master
A delegated installation allows a domain administrator to create the RODC computer account in Active Directory, so a that a regular user can perform the installation at a later time. True False
True
A domain controller clone is a replica of an existing DC. True False
True
Adding a subdomain is a common reason for expanding an Active Directory forest. True False
True
An Active Directory snapshot is a replica of the Active Directory database at a specific moment. True False
True
Before you can install an RODC, the forest functional level must be at least Windows Server 2003. True False
True
There's only one global catalog per forest. True False
True
When a full backup or system state backup is performed on a CA server, the certificate store is backed up along with other data. True False
True
What are the two flexible single master operation (FSMO) roles? (Choose all that apply.) a. Forestwide b. Objectwide c. Systemwide d. Domainwide
a. Forestwide d. Domainwide
Which of the following is responsible for assigning a bridgehead server to handle replication for each directory partition? a. Inter-Site Topology Generator b. Knowledge Consistency Checker c. Domain Naming Master d. Infrastructure Master
a. Inter-Site Topology Generator
A server configured for Web enrollment is referred to as which of the following? a. Delta CRL b. Online responder c. CA Web proxy d. Intermediate CA
c. CA Web proxy
Your company has purchased another company that also uses Windows Server 2016 and Active Directory. Both companies need to be able to access each other's forest resources. How can you achieve this goal with the least administrative effort? a. Configure an external trust b. Configure selective authentication c. Create a two-way forest trust d. Share the global catalog for both companies
c. Create a two-way forest trust
Which server role below cannot be installed on a domain controller that will be cloned? a. WSUS b. DNS c. DHCP d. RADIUS
c. DHCP
Select below the FSMO role that is a forest-wide FSMO role: a. Infrastructure master b. RID master c. Domain naming master d. PDC Emulator
c. Domain naming master
What is the first domain installed in a forest called? a. Primary tree b. Global catalog c. Forest root d. Master domain
c. Forest root
After you install AD CS, you want to begin issuing certificates for the encrypting file system. What should you do first? a. Configure the online responder b. Configure enrollment options c. Modify a certificate template d. Install the EFS role service
c. Modify a certificate template
An administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated? a. Infrastructure master b. Schema master c. PDC emulator d. RID master
c. PDC emulator
What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data? a. Root b. System c. SYSVOL d. NTDS
c. SYSVOL
How is a computer's designated site determined, such that the computer is given a domain controller to request services from within the same site? a. Through NPS policies b. Through computer OU information c. Through subnets added to the site d. Through GPOs
c. Through subnets added to the site
