WS2016 Identity
ADMX and ADML files are placed under what directory within Windows?
%systemroot%\PolicyDefinitions
The folders containing Group Policy Templates (GPTs) can be found under what folder on a domain controller?
%systemroot%\SYSVOL\sysvol\domain\Policies
An administrative template file using what file extension provides a language specific user interface in the Group Policy Management Editor?
.adml
The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon?
/sync
An authenticated user can add up to how many computer accounts to the domain, by default?
10
A service ticket by default lasts for how long
10 hours
By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely?
180 days
How often is the password for a computer account changed by Active Directory?
30 days
The Default Domain Policy sets the maximum password age to what value?
42 days
By default, the maximum tolerance for computer clock synchronization is set to what value
5 minutes
How often are Group Policy Objects updated on domain controllers
5 minutes
A slow link, by default, is a network connection that's less than which of the following?
500 Kbps
By default, Windows password policy requires a minimum password of what length?
7 characters
By default, what is the maximum period during which a TGT can be renewed?
7 days
Select the special character below that cannot be used within an account username. # ? . !
?
What are the two main functions of user accounts in Active Directory?
A method for user authentication to the network Provide detailed information about a user
What feature, once activated, can not be disabled without reinstalling all domain controllers within a forest?
Active Directory Recycle Bin
When a GPO is linked to a site object, what will be affected?
All users and computers physically located at the site
Which special identity group specifically includes any user account (except the Guest) logged into a computer or domain with a valid username and password
Authenticated Users
How can an administrator test an MSA to ensure that it can access the domain with its current credentials, or can be installed on a member computer?
By using the Test-ADServiceAccount cmdlet
Under the Computer Configuration, which folder contains settings related to the Regional and Language Options, User Accounts, and Personalization options?
Control Panel
What policy is a GPO linked to the Domain Controllers OU and specifies the default policy settings for all domain controllers?
Default Domain Controllers Policy
An administrator has discovered that several critical parts of Active Directory have been deleted. What boot mode can be used to perform restoration?
Directory Services Restore Mode (DSRM)
What Active Directory replication method makes use of remote differential compression (RDC)?
Distributed File System Replication (DFSR)
Select the true statement regarding the conversion of group scope: a. Universal groups can be members of global groups b. Domain local groups can be converted to universal, the domain local group must not contain other domain local groups c. Global groups can't be converted to universal groups d. Universal groups that are members of other universal groups can be converted to domain local groups
Domain local groups can be converted to universal, the domain local group must not contain other domain local groups
Select the GPO permission that provides the ability to change existing settings, import settings, and enable or disable a GPO, but is not granted to any user by default.
Edit settings
Select the term used to describe forcing inheritance of settings on all child objects in the GPO's scope, even if a GPO with conflicting settings is linked to a container at a deeper level.
GPO enforcement
Which of the following are ways to change default GPO inheritance?
GPO enforcement blocking inheritance
What defines the objects that a Group Policy Object affects
GPO scope
What defines which objects are affected by settings in a GPO?
GPO scope
An administrator needs to know which servers carry forest-wide roles. What PowerShell cmdlet can be used to display this information?
Get-ADForest
What specific tool allows you to create GPOs, view a GPO's settings, link and unlink GPOs with containers, and manage the inheritance settings of GPOs?
Group Policy Management Console
Select the specific tab within the Group Policy Management Console that will allow you to view which policies affect a domain or OU and where the policies are inherited from.
Group policy inheritance
Settings in the Computer Configuration node of Administrative Templates will impact which registry key below?
HKEY_LOCAL_MACHINE
Settings under the User Configuration node affect what Registry key?
HKEY_LOCAL_USER
What PowerShell cmdlet below will install the Active Directory Domain Services role?
Install-WindowsFeature AD-Domain-Services
What specific authentication protocol used in a Windows domain environment to authenticate logons and grant accounts access to domain resources?
Kerberos
What component of Kerberos is responsible for storing keys for encrypting and decrypting data in the authentication process?
Key Distribution Center
Select the GPO state where the GPO is in the Group Policy Objects folder but hasn't been linked to any container objects.
Link status: unlinked
The name of the command-line utility used to generate IFM data.
NTDSUTIL
What PowerShell cmdlet will link a GPO to a site, domain or OU?
New-GPLink
What is the primary container object for organizing and managing resources in a domain?
OUs
An administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated?
PDC emulator
Select the operations master role that is responsible for providing backward compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers.
PDC emulator master
If a central store for policy definition files has been created, where should the Policy Definitions folder reside?
SYSVOL folder
Select the specific Windows folder that is a shared folder containing file-based information that is replicated to other domain controllers.
SYSVOL folder
What Active Directory partition contains the information needed to define objects and object attributes for all domains in the forest?
Schema directory partition
What specific database stores local user accounts on local computers, and allows users to sign in to and access resources only on the computer where the account resides?
Security Accounts Manager
Which of the following are text files with a .inf extension that contain information for defining policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO?
Security Templates
Which of the following statements is not true regarding the built-in Administrator account?
The Administrator account can be deleted
Using default settings, if a computer's clock differs more than 5 minutes than a Kerberos message's timestamp, what happens?
The Kerberos message is considered invalid
After a template account has been created, what can be done to ensure that the template account does not pose a security risk?
The account should be disabled
Which of the following uses queries to select a group of computers based on certain attributes, and then applies or doesn't apply policies based on the query's results?
WMI filtering
What folder within the Computer Configuration node contains settings related to Event Viewer, File Explorer, Windows PowerShell, and Windows Update?
Windows Components
Select the Account Lockout Policy item that determines how many failed logins can occur on an account before the account is locked.
account lockout threshold
Which of the following is not one of the five folder objects that are created when Active Directory is installed? built-in computers foreign security principals administrators
administrators
What policy setting can be used to force synchronous processing?
always wait for the network at computer startup and logon
What type of application can be installed automatically when the user logs on to a computer in the domain?
assigned
What tool within Windows Server 2016 must be used in order to change the default auditing settings?
auditpol.exe
Which of the following is the primary identifying and administrative unit in Active Directory? schema OU tree domain
domain
OU-linked policies are applied last so they take precedence over which policies?
domain site
How often are computer and user policies applied after a user has logged into a computer?
every 90 minutes
What Windows servers are the only domain controllers that hold universal group membership information?
global catalog
In order to force a computer to immediately download and apply all group policies, what command should be run
gpudate /force
What type of account provides the same functions as managed service accounts but can be managed across multiple servers as in a server farm or a load-balancing arrangement?
group managed service account
Select the operations master role responsible for ensuring that changes made to object names in one domain are updated in references to the object in other domains.
infrastructure master
What type of Active Directory replication takes place between domain controllers in the same site?
intrasite
What command can be used to cause a group policy refresh remotely on Windows Vista and later clients?
invoke-gpupdate
What enables you to target specific users or computers based on criteria?
item-level targeting
What GPO policy will take precedence over all other GPO policies when they are being applied?
last policy applied takes precedence
Select below the option that is not one of the three built-in service accounts. a. Local Operator b. Local System c. Network Service d. Local Service
local operator
In what order are group policy settings applied?
local, site, domain, OU
What setting specifies how long a service ticket can be used before a new ticket must be requested to access the resource for which the ticket was granted?
maximum lifetime for service ticket
What process makes one group a member of another group
nesting
By default, replication between DCs when no changes have occurred is scheduled to happen how often?
once per hour
What Active Directory object enables an administrator to configure password settings for users or groups that are different from those defined in a GPO linked to the domain?
password settings object
An administrator has attempted to change the forest functional level, but the attempt failed due to the failure of an FSMO role. Which FSMO role should be investigated?
schema master
Which of the following choices is one of the two forest-wide FSMO roles? schema master infrastructure master RID master PDC emulator master
schema master
Which of the following is a series of commands saved in a text file to be repeated easily at any time?
script
Which of the following uses permissions to restrict objects from accessing a GPO?
security filtering
When you first create a group, what is the default setting that is applied
security group with global scope
When a client computer wants to connect to a service instance, what specific name type does it use to find the service?
service principal name
Which of the following choices is not one of the three user account types defined in Windows Server 2016? service user account built-in user account domain user account local user account
service user account
Which command line utility below can be used to change an SPN?
setspn
In the User Configuration node, where are policies that determine whether a user can publish DFS root folders in Active Directory?
shared folders
If the slow link detection policy is set at 0, what does this indicate?
slow link detection is disabled
Which policy below requires synchronous processing to ensure a consistent computing environment?
software installation policies
During garbage collection, what setting controls how long deleted objects remain within the database before such objects are completely removed?
tombstone lifetime
In Active Directory, what defines how security principals from one domain can access network resources in another domain?
trust relationship
What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy or manually?
unmanaged policy setting
Approximately 42 days after a service was configured to use a normal user account, the service has stopped working and refuses to run. An administrator has verified that the account still exists on the domain. Assuming default domain policy settings, what could be the issue
user account password expired
When creating a new user, the "User cannot change password" option can't be used in conjunction with what other option?
user must change password at next logon
Which of the following is a user account that is copied to create users with common attributes?
user template
How can an administrator initiate a system state recovery using the command line
wbadmin start systemstaterecovery
By default, what policies will be downloaded and processed by a Group Policy client?
changed policies only
What option limits the delegation to specific services running on specific computers?
constrained delegation
What specific commands can import or export Active Directory data in bulk?
csvde ldifde
What command below can be used to reset the default GPOs to their original settings?
dcgpofix
Select the term used to describe the process, within the context of Active Directory, that allows a person with higher security privileges to assign authority to a person of lesser security privileges to perform certain tasks.
delegation of control
Which of the following stores information about computer network objects and offers features for retrieving and managing that information?
directory service