Quiz: Module 03 Managing Active Directory Accounts
Which of the following is a built-in user account? (Choose all that apply.)
Administrator Guest
Which of the following are user account categories? (Choose all that apply.)
Local Domain
Which of the following members can belong to a global group? (Choose all that apply.)
a. Computer accounts c. User accounts
You have four servers running a service in a load-balancing configuration, and you want the services on all four servers to use the same service account. What should you do?
a. Create a group and add the servers' computer accounts to it. Run the New-ADServiceAccount cmdlet.
Which direct group scope conversion is allowed?
a. Domain local to universal, provided no domain local group is already a member
Which of the following are valid group scopes? (Choose all that apply.)
a. Global b. Domain local
Which of the following is a characteristic of Azure AD?
a. Multitenant
Which of the following is used to uniquely identify a service instance to a client?
a. SPN
Which of the following are true about user accounts in a Windows Server 2016 domain? (Choose all that apply.)
a. The name can have 1 to 20 characters. c. The name can't be duplicated in the domain.
Which of the following are the advantages of using a managed service account instead of a regular user account for service logon? (Choose all that apply.)
a. The system manages passwords. d. You can't be locked out.
You are deploying Azure AD DS and are on the option to configure the forest type. You want to sync all objects in Azure AD and all user and group accounts in your on-premises Active Directory. Which forest type should you choose?
a. User forest
Which of the following account options can't be set together? (Choose all that apply.)
a. User must change password at next logon c. Password never expires
Which of the following are considered security principals? (Choose all that apply.)
b. Computer accounts c. User accounts
You have decided to follow Microsoft's best practices to create a group scope that will allow you to aggregate users with similar rights requirements. Which group scope should you create and then use to assign permissions to a resource?
b. Domain local
Which of the following can be a member of a universal group? (Choose all that apply.)
b. Global groups from any domain in the forest c. Other universal groups
Which of the following service accounts can be managed across multiple servers?
b. Group managed service account
You have hired a new junior administrator and created an account for her with the logon name JrAdmin. You want her to be able to reset user accounts and modify group memberships for users in the Operations department whose accounts are in the Operations OU. You want to do this with the least effort and without giving JrAdmin broader capabilities. What should you do?
b. In Active Directory Users and Computers, right-click the Operations OU and click Delegate Control.
Which of the following are built-in service accounts? (Choose all that apply.)
b. Local System c. Network Service
Which of the following are true about organizational units? (Choose all that apply.)
b. OUs can be nested. c. A GPO can be linked to an OU.
You have created an MSA on DC1 to run a service on the ldsServ1 server. What's the last thing you should do before using the Services MMC to configure the service to use the new MSA?
b. On ldsServ1, run the Install-ADServiceAccount cmdlet.
Which of the following Azure AD Connect sign-in options requires an agent to be installed on-premises to allow users to authenticate with Azure services?
b. Pass-through authentication
Which of the following is a process that allows users to sign in using one set of credentials without having to enter credentials again to access remote services and applications?
b. SSO
Which of the following is not a valid user account name?
b. Sam*Snead35
Tom has access to sensitive company information. Over the past few months, he has signed in to computers in other departments and left them without signing out. You have discussed the matter with him, but the problem continues to occur. You're concerned that someone could access these sensitive resources easily. What's the best way to solve this problem?
b. Specify which domain computers Tom can sign in to by using the "Log On To" option in his account's properties.
A domain user signing in to the domain becomes a member of which special identity group?
c. Authenticated Users
You have just deployed a Windows Server VM in Azure. You want to connect to the server's console to further configure the VM via Server Manager. You want the connection to be secure via a web browser. Which type of connection should you configure?
c. Bastion host
You have deployed Azure AD, installed Azure AD Connect, and configured synchronization. However, some users are complaining that they can no longer sign in to the on-premises Active Directory after changing their password in the cloud. They are able to sign in to the Azure cloud, however. What should you do?
c. Configure password writeback.
Jada has left the company. Her user account is a member of several groups, and it has permissions and rights to a number of forest-wide resources. Jada's replacement will arrive in a couple of weeks, and the replacement will need access to the same resources. What's the best course of action?
c. Disable Jada's account. When the new employee arrives, rename Jada's account, assign it a new password, and enable it again.
Which of the following is true about the Users domain local group?
c. Domain Users is a member.
A user is having trouble signing in to the domain from a computer that has been out of service for several months, and nobody else can seem to sign in from the computer. What should you try first to solve the problem?
c. Reset the computer account, remove the computer from the domain, and rejoin it to the domain.
You have noticed the inappropriate use of computers for gaming and Internet downloads by some employees who come in after hours and on weekends. These employees don't have valid work assignments during these times. You have been asked to devise a solution for these employees that doesn't affect other employees or these employees' computers during working hours. What's the best solution?
c. Set the Logon Hours options for their user accounts.
What happens if a security group that's an ACE in a shared folder is converted to a distribution group?
c. The group remains in the DACL, but the ACE has no effect on members' access to the resource.
You are considering integrating Azure with your on-premises datacenter and you want to start with identity. You want a lightweight footprint on your on-premises servers. At the moment, you are only concerned with making sure your users can authenticate to the cloud without having to enter their credentials again after they have authenticated to the on-premises Active Directory. You also want to be sure that when users change their password, they are subject to on-premises policies. Which collection of Azure services should you deploy?
d. Azure AD Connect cloud sync, SSO, Azure AD
In your Windows Server 2022 domain, you have a member server that is also running Windows Server 2022. You want to install the LocSvc service, which will access only local resources. You need to configure authentication for this service but don't want to use one of the built-in service accounts; also, you want to use the least administrative effort. What should you do?
d. Configure the service to log on as NT Service\LocSvc.
You want to see the permissions set on an OU, so you open Active Directory Users and Computers, right-click the OU, and click Properties. After clicking all the available tabs, you can't seem to find where permissions are set in the Properties dialog box. What should you do?
d. In Active Directory Users and Computers, click View and then click Advanced Features.
