CTS130 CH 1/2
. Where would you find files related to logon and logoff scripts in an Active Directory environment?a.C:\Windows\NTDS b. %systemroot%\SYSVOL
%systemroot%\SYSVOL
Which of the following is considered a leaf object? (Choose all that apply.) a. Computer account b. Organizational unit c. Domain controller d. Shared folder
- computer account - shared folder
Which of the following is a feature of Active Directory? (Choose all that apply.) a. Fine-grained access controls b. Can be distributed among many servers c. Can be installed on only one server per domain d. Has a fixed schema
-Fine-grained access controls -Can be distributed among many servers
Where is a GPT stored? a. In a folder named the same as the GPO in the SYSVOL share b.In a folder named the same as the GUID of the GPO in Active Directory c. In a folder named the same as the GUID of the GPO in the SYSVOL share d. In a folder named the same as the GPO in Active Directory
. In a folder named the same as the GUID of the GPO in the SYSVOL share
Which of the following is not associated with an Active Directory tree? a.A group of domains b.A container object c.A common naming structure d.Parent and child domains
A container object
Which of the following is not associated with an Active Directory tree? a. A group of domains b. A container object that can be linked to a GPO c. A common naming structure d. Parent and child domains
A container object that can be linked to a GPO
1. Which of the following best describes a directory service? a. A service similar to a list of information in a text file b. A service similar to a database program but with the capability to manage objects c. A program for managing the user interface on a server d. A program for managing folders, files, and permissions on a distributed server
A service similar to a database program but with the capability to manage objects
Which MMC is added after Active Directory installation? (Choose all that apply.) a. Active Directory Domains and Trusts b. Active Directory Groups and Sites c. ADSI Edit d. Active Directory Restoration Utilit
ADSI Edit
Which of the following is true about GPOs? a.They affect all groups in their scope. b.Account policies are under the User Configuration node c.The Default Domain Policy affects only user accounts. d. Account policies are under the Computer Configuration node.
Account policies are under the Computer Configuration node.
Which of the following is best described as policy definition files saved in XML format? a.Administrative templates b.Security templates c.Group Policy objects d.Group Policy templates
Administrative templates
Your company runs a commercial website that enables your business partners to purchase products and manage their accounts. You want to increase the site's security by issuing certificates to business partners to augment logon security and protect data transmissions with encryption. What should you install?a.An online enterprise CA b. An online standalone CA c.An offline root CA d.An intermediate CA
An online standalone CA
If you want the most security, which of the following should you use?a.Symmetric cryptography only b.Asymmetric cryptography only c.Acombination of symmetric and asymmetric cryptography d.Secret key cryptography
Asymmetric cryptography only
By default, when are policies set in the User Configuration node applied?a. Every 5 minutes b. Immediately c. At user logon d. At computer restart
At user logon
A domain user signing in to the domain becomes a member of which special identity group? a. Creator Owner b. System c. Authenticate d Usersd. Anonymous Logon
Authenticated Users
What kind of group policy processing always occurs when a user is logged on to the computer at the time a group policy refresh occurs?a.Foreground processing b.Slow link processing c.Background processing d.Selective processing
Background Processing
Which of the following is the term for a DC in a site that handles replication of a directory partition for that site? a.Inter-Site Topology Generator b.Knowledge Consistency Checker c.Bridgehead server d.Global catalog server
Bridgehead server
Which role can renew the CA certificate? a.CA Administrator b.Certificate Manager c.Backup Operator d.Auditor
CA Administrator
Which of the following is not a necessary step to configure autoenrollment? a.Configure a KRA. b.Configure a certificate template. c.Configure a group policy. d.Add the template to the CA.
Configure a KRA
Your company has had a major reorganization, and you need to transfer several hundred user accounts to another domain. Which of the following can help with this task?a.Create a system state backup and restore ntds.dit to the new domain. b.In Active Directory Users and Computers, select each account and export it. c.Create a snapshot and export the accounts with ldifde. d.Use the Export-ADUser PowerShell cmdlet.
Create a snapshot and export the accounts with ldifde.
Which of the following is not part of Active Directory's logical structure? a. Tree b. Forest c. DC d. OU
DC
To reduce the amount of traffic generated when clients download the CRL, which of the following should you use? a. AIA b. Delta CRL c. CDP d. SCEP
Delta CRL
Which of the following is a subfolder in the User Configuration node but not the Computer Configuration node of a GPO?a.Network b.Windows Components c.System d.Desktop
Desktop
Which container has a default GPO linked to it? a. Users b. Printers c. Computers d. Domain
Domain
Which of the following is the core logical structure container in Active Directory? a. Fores tb. OU c. Domain d. Site
Domain
An account named SrAdmin created an OU named QandA under the Operations OU. Which of the following is true by default? a. Domain Admins is the owner of the QandA OU. b. SrAdmin is the owner of the QandA OU and all objects created inside it. c. SrAdmin has all standard permissions except Full control for the QandA OU. d. The Everyone group has Read permission to the QandA OU.
Domain Admins is the owner of the QandA OU.
Which of the following is true about the Users domain local group? a. It's in the Users folder b. It can be converted to a global group. c. Domain Users is a member. d. Its members can log on locally to a domain controller.
Domain Users is a member.
Which is responsible for management of adding, removing, and renaming domains in a forest?a. Schema masterb. Infrastructure masterc. Domain naming masterd. RID master
Domain naming master
Which of the following is not a function of the global catalog?a.Facilitating forest-wide searches b.Keeping universal group memberships c. Facilitating intersite replication d.Facilitating forest-wide logons
Facilitating intersite replication
Which of the following best describes the first domain installed in a forest?a.Forest root b.Global catalog c.Master domain d.Primary tree
Forest root
You have created a GPO that sets certain security settings on computers. You need to make sure that these settings are applied to all computers in the domain. Which of the following GPO processing features are you most likely to use? a. Block inheritance b. GPO enforcement c. WMI filtering d. Loopback processing
GPO enforcement
What's the term for removing deleted objects in Active Directory?a.Tombstoning b.Offline defragmentation c.Recycling objects d.Garbage collection
Garbage collectio
Which of the following is associated with installing the first domain controller in a forest? a. RODC b. Child domain c. Global catalog d. DHCP
Global catalog
Which is responsible for facilitating forest-wide Active Directory searches? a Knowledge Consistency Checker b. Infrastructure master c. Domain naming master d. Global catalog server
Global catalog server
Which of the following service accounts can be managed across multiple servers? a.AD managed service account b. Group managed service account c.Multi-managed service account d.Managed service account
Group managed service account
An administrator would like to configure a computer to load policy information that is stored locally to speed system startup. What client-side feature should the administrator select? a.Locals processing b.WMI filtering c.Group Policy caching d.Network Location Awareness
Group policy caching
When installing an additional DC in an existing domain, which of the following is an option for reducing replication traffic? a. New site b. Child domain c. GC server d. IFM
IFM
You want to see the permissions set on an OU, so you open Active Directory Users and Computers, right-click the OU, and click Properties. After clicking all the available tabs, you can't seem to find where permissions are set in the Properties dialog box. What should you do? a. Log on as a member of Enterprise Admins and try again. b. In the Properties dialog box, click the Advanced button. c. Right-click the OU and click Security. d. In Active Directory Users and Computers, click View, Advanced Features.
In Active Directory Users and Computers, click View, Advanced Features.
You have hired a new junior administrator and created an account for her with the logon name JrAdmin. You want her to be able to reset user accounts and modify group memberships for users in the Operations department whose accounts are in the Operations OU. You want to do this with the least effort and without giving JrAdmin broader capabilities. What should you do? a. In Active Directory Administrative Center, right-click the Operations OU, click Properties, and click Managed By. b. In Active Directory Users and Computers, right-click the Operations OU and click Delegate Control. c. Open the Operations Security tab and add JrAdmin to the DACL. d. Add JrAdmin to the Password Managers domain local group.
In Active Directory Users and Computers, right-click the Operations OU and click Delegate Control.
Where is a GPT stored? a. In the SYSVOL share b. In Active Directory c. In GPMC d. In GPME
In the SYSVOL share
In intrasite replication, which of the following is responsible for building a replication topology for DCs in a site and establishing replication partners?a .GPO b.PDC c.RID d KCC
KCC
2. The protocol for accessing Active Directory objects and services is based on which of the following standards? a. DNS b. LDAP c. DHCP d. ICMP
LDAP
Which of the following represents the correct order in which GPOs are applied to an object that falls within the GPO's scope? a. Site, domain, OU, local GPOs b. Local GPOs, domain, site, OU c. Domain, site, OU, local GPOs d. Local GPOs, site, domain, OU
Local GPOs, site, domain, OU
Which type of account is not found in Active Directory? a. Domain user account b. Local user account c. Built-in user account d. Computer account
Local user account
You manage a multidomain forest with domains named DomainA and DomainB. You want to use the GPOs from DomainA in DomainB without having to reconfigure all GPOs. What do you need to configure? a.Migration table b.GPO backup and restore c.Delegation d.RSoP
Migration Table
You want to prevent tampering on your internetworking devices by issuing these devices certificates to run IPsec. What should you install?a.Online responder b. NDES role service c.Intermediate CA d.CDP
NDES role service
Which of the following is a valid reason for using multiple forests?a.Centralized management b. Need for different schemas c.Ease of access to all domain resources d.Need for a single global catalog
Need for different schemas
User authentications are taking a long time. The domain controller performing which FSMO role will most likely decrease authentication times if it's upgraded? a. RID master b. PDC emulator c. Infrastructure master d. Domain naming master
PDC emulator
Which of the following is a new feature introduced with the Windows Server 2016 forest functional level? a.AES support b.Fine-grained password policies c.Domain controller renaming d.Privileged Access Management
Privileged Access Management
Which of the following specifies what types of actions a user can perform on a computer or network? a. Attributes b. Rights c. Permissions d. Class
Rights
Where are user accounts stored on a standalone computer? a.SQL database b.SAM database c.Active Directory d.A flat file
SAM database
Which of the following defines the types of information stored in an Active Directory object? a. GPOs b. Attribute values c. Schema attributes d. Schema classes
Schema attributes
Which of the following should you configure if you want users in a trusted forest to have access only to certain resources in your forest regardless of permission settings on these resources? a.SID filtering b.Trust transitivity c.Selective authentication d.One-way trust
Selective authentication
Camille and Sophie want to engage in secure communication. Both hold a public/private key pair. Camille wants to send an encrypted message to Sophie. Which of the following happens first? a.Camille encrypts the message with her public key. b.Camille sends Sophie her private key. c.Sophie sends Camille her public key. d.Camille encrypts the message with her private key
Sophie sends Camille her public key.
You have an Active Directory forest of two trees and eight domains. You haven't changed any of the operations master domain controllers. On which domain controller is the schema master? a. All domain controllers b. The last domain controller installed c. The first domain controller in the forest root domain d.The first domain controller in each tree
The first domain controller in the forest root domain
You have an Active Directory forest of two trees and eight domains. You haven't changed any operations master domain controllers. On which domain controller is the schema master? a. All domain controllers b. The last domain controller installed c. The first domain controller in the forest root domain d. The first domain controller in each tree
The first domain controller in the forest root domain
Which of the following is not a step in the recovery process for a key that has been archived automatically?a.The key is sent to a KRA for decryption. b.The KRA decrypts the key and sends it to the user in a password-protected file. c.The user encrypts the password-protected file using the KRA's public key. d.The user imports the key by using the password supplied by the KRA.
The user encrypts the password-protected file using the KRA's public key.
Which of the following is the period between an object being deleted and being removed from the Active Directory database? a.Tombstone lifetime b.Defragmentation limit c.Object expiration d.Restoration period
Tombstone lifetime
All your domain controllers are running Windows Server 2016. You're noticing problems with GPT replication. What should you do? a. Verify that Active Directory replication is working correctly b. Verify that FRS is operating correctly c. Verify that DFSR is operating correctly d. Check the GPOReplication flag for the GPT in the Attribute Editor
Verify that DFSR is operating correctly
Which of the following is the default forest functional level for a Windows Server 2016 domain controller installed in a new forest?a.Windows Server 2012 R2 b.Windows Server 2016 c.Windows Server 2008 d.Windows Server 2012
Windows Server 2016
Which of the following are user account categories? (Choose all that apply.) a. Local b. Global c. Domain d. Universal
a local c. Domain
Which of the following are built-in user accounts? (Choose all that apply.) a. Administrator b. Operator c. Anonymous d. Guest
a. Administrator d. guest
Which of the following is associated with an Active Directory forest? (Choose all that apply.) a. Can contain trees with different naming structures b. Allows independent domain administration c. Contains domains with different schemas d. Represents the broadest element in Active Directory
a. Can contain trees with different naming structures b. Allows independent domain administration d. Represents the broadest element in Active Directory
Which of the following members can belong to the global group? (Choose all that apply.) a. Computer accounts b. Global groups from any domain c. User accounts d. Universal groups
a. Computer accounts c. User accounts
Which of the following components are collectively grouped together and referred to as the object's security descriptor? (Choose all that apply.) a. DACL b. Object owner c. SACL d. OUs
a. DACL b. Object owner c. SACL
An administrator has just backed up a GPO to save specific policy settings. Which of the following additional settings and information were also backed up in this procedure? (Choose all that apply.) a. Delegation settings b. Security filtering settings c. Network Policy Updates d. WMI filter links
a. Delegation settings b. Security filtering settings d. WMI filter links
Which of the following is a directory partition? (Choose all that apply.) a. Domain directory partition b. Group policy partition c.Schema directory partition d. Configuration partition
a. Domain directory partition d. Configuration partition
Which of the following are reasons for establishing multiple sites? (Choose all that apply.) a. Improving authentication efficiency b.Enabling more frequent replication c. Reducing traffic on the WAN d.Having only one IP subnet
a. Improving authentication efficiency c. Reducing traffic on the WAN
Which of the following are local GPOs on a Windows 10 computer? (Choose all that apply.) a. Local Administrators b. Local Default User c. Local Default Domain d. Local Non-Administrators
a. Local Administrators d. Local Non-Administrators
Which of the following is the responsibility of a domain controller? (Choose all that apply.) a. Storing a copy of the domain data b. Providing data search and retrieval functions c. Servicing multiple domains d. Providing authentication services
a. Storing a copy of the domain data b. Providing data search and retrieval functions d. Providing authentication services
Which of the following are the main functions of user accounts? (Choose all that apply.) a.User authentication b. Biometric identity c.Autonomous access d. Detailed information
a. User authentication d. deailed information
Which of the following is a valid group scope? (Choose all that apply.) a. Global b. Domain local c. Forest d. Domain global
a. global b. domain local
Which of the following are true about user accounts in a Windows Server 2016 domain? (Choose all that apply.) a. The name can be from 1 to 20 characters. b. The name is case sensitive .c. The name can't be duplicated in the domain. d. Using default settings, PASSWORD123 is a valid password.
a. the name can be from 1 to 20 characters c. the name can't be duplicated in the domain
Which of the following account options can't be set together? (Choose all that apply.) a. User must change password at next logon. b. Store password using reversible encryption .c. Password never expires .d. Account is disabled.
a. user must change password at next logon c. Password never expires.
Which of the following are services provided by a PKI? (Choose all that apply.) a.Confidentiality b.Nonrepudiation c.Authorization d.Antivirus
a.Confidentiality b.Nonrepudiation
Which of the following GPOs are created by default when Active Directory is installed? (Choose all that apply.) a.Default Domain Controllers Policy b.Default Group Policy c.Default Active Directory Domain Policy d. Default Domain Policy
a.Default Domain Controller Policy b.Default Domain Policy
Which of the following are reasons to use multiple domains? (Choose all that apply.) a.Need for different name identities b.Replication control c.Need for differing account policies d.Ease of access to resources
a.Need for different name identities b.Replication control c.Need for differing account policies
Which of the following are built-in service accounts? (Choose all that apply.) a.Anonymous Logon b. Local system c.Network Service d.Authenticated Users
b. Local system c. Network service
Which of the following are true about organizational units? (Choose all that apply.) a. OUs can be added to an object's DACL. b. OUs can be nested .c. A group policy can be linked to an OU. d. Only members of Domain Administrators can work with OUs.
b. Ou's can be nested c. A group policy can be linked to an OU.
None of the computers in an OU seem to be getting computer policies from the GPO linked to the OU, but users in the OU are getting user policies from this GPO. Which of the following are possible reasons that computer policies in the GPO aren't affecting the computers? (Choose all that apply.) a. The GPO link is disabled. b. The Computer Configuration settings are disabled .c. The computer accounts have Deny Read permission.
b. The Computer Configuration settings are disabled .c. The computer accounts have Deny Read permission.
Which of the following are considered security principals? (Choose all that apply.) a. Contacts b. Computer accounts c. User accounts d. Distribution groups
b. computer accounts c. user accounts
To which of the following can a GPO be linked? (Choose all that apply.) a. Trees b. Domains c. Folders d. Sites
b. domains d. sites
Which of the following can be a member of a universal group? (Choose all that apply.) a. User accounts from the local domain only b. Global groups from any domain in the forest c. Other universal groups d. Domain local groups from the local domain only
b. global groups from any domain in the forest. c. Other universal groups.
Which of the following are methods for creating a GPO? (Choose all that apply.) a.Use Active Directory Users and Computers b.Link it to a container c.Use the Group Policy Objects folder of the Group Policy Management console d.Use an XML editor
b. link in to a container C. Use the Group Policy Objects folder of the group policy management console.
All domains in the same forest have which of the following in common? (Choose all that apply.) a. Domain name b. Schema c. Domain administrator d. Global catalog
b. schema d. global catlog
Which of the following are true about GPOs? (Choose all that apply.) a.Local GPOs override domain GPOs. b.Domain GPOs are stored on member servers. c.Domain GPOs can be linked to Active Directory sites. d. The <CTX>gpedit.msc </CTX> tool can be used to edit local GPOs.
c.Domain GPOs can be linked to Active Directory sites. d. The <CTX>gpedit.msc </CTX> tool can be used to edit local GPOs.
Which of the following is a default folder object created when Active Directory is installed? a. Computers b. Domain Controllers c. Groups d. Sites
computers
Which of the following identifies the CA and describes the CA's certificate renewal policy? a.Root CA MCSA Guide to Identity with Windows Server 2016, Exam 70-742Ch. 8Solutions- b.Online responder c.CRL d.CPS
cps
What can you do to integrate user authentication between Linux and Active Directory? a.Create a realm trust. b.Create an external trust. c.Create a one-way trust. d.Create a transitive trust
create a realm trust
What can you do to reduce the delay caused by authentication referral?a.Create a forest trust. b.Create an external trust. c.Create a shortcut trust .d.Create a transitive trust
create a shortcut trust
You have decided to follow Microsoft's best practices to create a group scope that will allow you to aggregate users with similar rights requirements. Which group scope should you initially create? a. Global b. Domain local c. Local d. Universal
domain local
PKI is based on symmetric cryptography. True or False?
false
You have created a custom administrative template. You want this template to be available to all DCs so that policies can be configured with it from any DC. Where should you save it? a.In %systemroot%\PolicyDefinitions b. In the central store c.In the root of the C drive d.In ADUC
in the central store
In a three-level CA hierarchy, the middle-level servers are referred to as which type of CA? a.Standalone b.Enterprise c.Intermediate d.Online
intermediate
Which of the following is not a valid user account name? a. Sam$Snead1 b. Sam*Snead35 c. SamSnead!24 d. Sam23Snead
sam*snead35
Which of the following defines the types of objects in Active Directory? a. GPOs b. Attribute values c. Schema attributes d. Schema classes
scheme classes
Which of the following is used at both ends of the cryptography process (encryption and decryption) and must be known by both parties?a.Public key b.Private key c.Secret key d.Digital signature
secret key
Your network is configured in a hub-and-spoke topology. You want to control the flow of replication traffic between sites, specifically reducing the traffic across network links between hub sites to reach satellite sites. What should you configure? a. Connection objects between domain controllers in each site b. Intersite transports c. Site link bridges d. NTDS settings
site link bridges
Which of the following is a component of Active Directory's physical structure? a.Organizational units b. Domains c. Sites d. Folders
sites
Which of the following is used to uniquely identify a service instance to a client? a.SPN b.KDC c.Service ticket d.TGT
spn, kdc, tgt
You have installed your root CA and will be taking it offline. The root CA must be which type of CA?a.Standalone b.Enterprise c.Intermediate d.Online
standalone
