Adv Server Exam 2

Kayla uses an XML editor to create a custom administrative template file to create a policy to control a setting that is not provided by default on systems running Windows 11. What file extension is she most likely to use? .adm .admx .xml .xmlx

.admx

When you install Azure AD Connect, a best practice is to use a specific entity for the purpose of syncing with Azure AD Connect. What type of entity should you specify? The Administrator group A Global Administrator account A Universal Administrator account The existing Administrator account

A Global Administrator account

A company has the main office in NY, a sales office in CA, and another sales office in FL. The sales offices use a shared folder in NY. The company uses a different domain for each office. How should the company structure their groups? A domain local group in CA and another in FL, add both to a universal group in NY A domain local group in CA and another in FL, add both to a global group in NY A universal group in CA and another in FL, add both to a global group in NY A global group in CA and another in FL, add both to a universal group in NY

A global group in CA and another in FL, add both to a universal group in NY

You are going on a business trip and are given a new laptop to take on the trip. You notice a folder in your profile called TempLocalUse so you create a subfolder underneath it and copy some files to it. When you arrive at your destination you notice the folder is missing. What may have happened? A preference was set with the "Remove this item when it is no longer applied" option asserted A preference was set with the "Remove this item when out of scope detected" option asserted A preference was set with the "Remove this folder when it is no longer applied" option asserted A preference was set with the "Remove this folder when out of scope detected" option asserted

A preference was set with the "Remove this item when it is no longer applied" option asserted

Which of the following statements are true in describing the differences between a published application and an assigned application software installation method for users? Select two. An assigned application cannot be installed automatically An assigned application is reserved for specific account types A published application is on a share drive available to all users A published application can be installed from the Control Panel A published application is not installed automatically on startup

A published application can be installed from the Control Panel A published application is not installed automatically on startup

Identify the statements that best describe differences between AAD and AADDS. Select two. AAD is easier to deploy AAD supports Kerberos AADDS supports groups and OUs AADDS is a cloud service, AAD is not AADDS fully supports all on-premises AD features

AAD is easier to deploy AADDS supports groups and OUs

A company, which does not currently use cloud services, only wants to use Microsoft 365 and cloud storage. Which of the following should they install and why? AAD to manage authentication AAD to create group policies and OUs AADDS to facilitate access to storage resources AADDS to support client authentication using Kerberos

AAD to manage authentication

When configuring Azure AD DS, what is the name of the two OUs that are created by default? Select two. AADDC DCs AADDC Users AADDC Resources AADDC Computers

AADDC Users AADDC Computers

You are using Active Directory to add new user accounts. What are some of the tools you could use? Select three. GPO ADAC ADDS ADUC PowerShell

ADAC ADUC PowerShell

Allegra configures a GPO in the Computer Configuration node to prevent access to the Windows services manager. Another technician configures a GPO in the User Configuration node granting access. If a user tries to access the services manager what will happen? Access will be granted because the User Configuration policies take precedence Access will be denied because the Computer Configuration policies take precedence An error message will be issued indicating there is a conflict that needs to be resolved Access will be denied because conflicting GPOs err on the side of being more restrictive

Access will be denied because the Computer Configuration policies take precedence

You are assigning rights and permissions to resources in a single-domain environment. Which of the following processes should you use? Add accounts to global groups; add global groups to universal groups Add accounts to global groups; add global groups to domain local groups Add accounts to universal groups; add universal groups to permission groups Add accounts to universal groups; add universal groups to domain local groups

Add accounts to global groups; add global groups to domain local groups

Kairo adds a few computers to a domain, and they are placed in the default location for computer accounts. What is the best way to apply a policy to the computers? Add the computers to a local group Add a group policy to the Computers folder Add the computers to a domain local group Add the computers to an organizational unit

Add the computers to an organizational unit

Taranis is asked to test a backup and restore application before it is deployed in a production environment. He will test it using a large virtual Windows infrastructure used for testing. The primary area of concern is the ability to back up the 20 DCs in the test network. What is the best way to limit the access granted to Taranis? Add the technician to the default Backup Operators group in the Builtin folder Create a Backup Admins group and add the technician with backup capabilities Add the user to the SAM database with the ability to backup and restore all DCs Add the technician to the default Hyper-V Administrators group in the Builtin folder

Add the technician to the default Backup Operators group in the Builtin folder

In the process of setting up the various components of Azure AD, along with the default settings, Kenia enables pass-through authentication. However, when she tries to log in using a test account, the attempt is not successful. What is the problem? Password writeback was not enabled on the on-premises DCs The wrong SQL Server Express service account was used The incorrect computer account group was specified An agent on the on-premises DCs was not installed

An agent on the on-premises DCs was not installed

Company A recently merged with company B, so they still maintain separate AD forest structures. They are small companies but want to start using Azure AD for access to an Azure resource that needs to be shared between the two. What tool will allow them to do this? Azure AD Connect Domain Sync Azure AD Connect Share Sync Azure AD Connect Cloud Sync Azure AD Connect Site Sync

Azure AD Connect Cloud Sync

What are valid reasons for migrating administrative templates using the ADMX Migrator? Select two. To automatically move ADMX files from other systems to a centralized system To enable DCs to push the ADMX files to client computers to update the registry Because you need to support clients that run operating systems older than Vista To make use of a central store to more readily facilitate replication of the files Although ADM files will work just fine, the ADMX files are a lot more efficient

Because you need to support clients that run operating systems older than Vista To make use of a central store to more readily facilitate replication of the files

Paco works at a large corporation. As he navigates the GPMC, he notices one of the domain objects has an exclamation point in a blue circle. What does this mean? GPO enforcement has been disabled so site-level policies will be ignored Blocking inheritance has been enabled so site-level policies will be ignored GPO enforcement has been disabled so parent-level policies will be ignored Blocking inheritance was enabled at the site-level so domains will not inherit policies

Blocking inheritance has been enabled so site-level policies will be ignored

Identify some of the features and/or settings available with the Azure AD Connect Health tool. Select two. Check synchronization errors Create support tickets automatically Verify the health status of on-premises DCs Enable automatic updates of on-premises DCs Disable automatic updates of the AAD Connect Health agent

Check synchronization errors Disable automatic updates of the AAD Connect Health agent

You are performing an offline domain join of a few computers that will be connected to the network. You use the command syntax shown below. Which of the following statements are true? Select two.Command1: djoin /provision /domain DomainName /machine ComputerName /savefile filename.txtCommand2: djoin /requestODJ /loadfile filename.txt /windowspath %systemroot% /localos Both commands are executed on the computer joining the domain Run Command2 after the computers are connected to the network Command1 is used to create the computer account in the domain Command2 is executed on the computer that is joining the domain filename.txt contains a list of computer names and passwords you create

Command1 is used to create the computer account in the domain Command2 is executed on the computer that is joining the domain

Aryan makes a change that affects the HKEY_LOCAL_MACHINE Registry key. In which one of the following nodes did Aryan make the change? User Configuration node Registry Configuration node Machine Configuration node Computer Configuration node

Computer Configuration node

Chabela performs a variety of tasks using group policy preferences. If permission is granted, identify actions users can potentially perform or changes they can make once Chabela is done. Select all that apply. Configure Internet settings Join the computer to the domain Configure custom Registry settings Create and modify local users and groups Enable and disable devices on a computer

Configure Internet settings Configure custom Registry settings Create and modify local users and groups Enable and disable devices on a computer

The software engineering (SWE) team at a company needs access to some of the resources the software quality assurance (SQA) team uses to test the software. The SQA team created a SWE distribution group to communicate with the SWE team and vice-versa. What is the most likely way in which access to SQA's resources will be granted to the SWE team? Convert the SWE distribution group to a security group Add the SQA distribution group SWE's security group Add the SWE distribution group to SQA's security group Add the SWE distribution group to SQA's distribution group

Convert the SWE distribution group to a security group

Marcus decides he would like to make changes to the Default Domain Policy. What is a recommended practice in terms of making the changes? Unlink it, make the changes, then link it again Create a new GPO instead of modifying it Use the GPMC to make the changes Use the GPME to make the changes

Create a new GPO instead of modifying it

You create a GPO to grant access to PowerShell to the Software Engineering (SWE) division. You then create another GPO to restrict access to PowerShell to the Software Release (SR) subdivision which falls under the Software Engineering umbrella. How should you structure the organizational unit(s)? Nest an SR OU under a SWE OU; deny access to all and create an exception for SWE Create one OU and apply two different policies based on the role each member plays Create an OU for SWE granting access, and nest an SR OU beneath it restricting access Create two separate OUs and grant access to SWE OU while denying access to the SR OU

Create an OU for SWE granting access, and nest an SR OU beneath it restricting access

What benefits do Azure AD Domain Services offer over on-premises Active Directory? Select two. There are more features available in AADDS than AAD DC software updates are not managed by Admins Domain and forest trusts are more secure Schema extensions are easier to manage Backup of Active Directory is automatic

DC software updates are not managed by Admins Backup of Active Directory is automatic

Which of the following are characteristics of the Local Administrators GPO? Select two. The default policy in the GPO takes effect as soon as a user logs on to the system Default membership may or may not include the Domain Admins global group It has a User Configuration node, so policies are limited to user-related settings Since they are local, they typically override domain-level policies that may be in place It is available for configuration upon adding the Admin Policy Object Editor snap-in

Default membership may or may not include the Domain Admins global group It has a User Configuration node, so policies are limited to user-related settings

Jon, an IT administrator, creates an OU. He then creates a group and adds junior technicians with the ability to create, delete, and manage user accounts in the OU. Which of the following best describes what Jon has done? Assigned roles Delegated control Granted privileges Assigned permissions

Delegated control

Which of the following are true statements regarding security groups and distribution groups? Select three. Distribution groups can be used to assign rights and permissions Distribution groups can include people outside your organization Security groups can contain the same objects as distribution groups Security groups can be used as distribution groups by some applications You must recreate security groups as distribution groups for email purposes

Distribution groups can include people outside your organization Security groups can contain the same objects as distribution groups Security groups can be used as distribution groups by some applications

Brianna works at an organization that has grown a lot but has many groups that are not nested. She wants to convert and nest some of the groups to make them easier to manage. Which conversion is NOT permitted? Universal to global Global to universal Domain local to global Domain local to universal Universal to domain local

Domain local to global

You create a GPO and link it to a parent OU. A junior technician creates a child O and then links a GPO to it that nullifies some of the policies you created on the parent. What could you have done to prevent this situation? Enabled GPO enforcement on the GPO linked to the child OU Enabled GPO enforcement on the GPO linked to the parent OU Disabled Blocking inheritance on the GPO linked to the child OU Disabled Blocking inheritance on the GPO linked to the parent OU

Enabled GPO enforcement on the GPO linked to the parent OU

Ivan is about to implement Azure AD DS using a custom domain. Before he starts, what should he verify? Ensure a successful backup of AD resources was completed Ensure the Azure AD service is running and synchronizing Ensure DNS records for IP address of on-premises DCs exist Ensure very large and nested groups are clearly identified

Ensure the Azure AD service is running and synchronizing

Which of the following statements are true when characterizing the similarities or differences between FRS and DFSR? Select three. FRS is used to replicate GPCs whereas DFSR is used to replicate GPTs FRS runs on Servers earlier than 2008, DFSR runs on Server 2008 or later Normal Active Directory replication uses FRS in the GPC replication process DFSR is more reliable and better at handling unexpected service shutdowns DFSR compresses and transfers only the data blocks that have been changed

FRS runs on Servers earlier than 2008, DFSR runs on Server 2008 or later DFSR is more reliable and better at handling unexpected service shutdowns DFSR compresses and transfers only the data blocks that have been changed

Due to the large number of policies available in the Administrative Templates section of a GPO you decide to use a filter to help you find the specific policy you want to access. How can you get to the filter? GPME, Select desired GPO, Policies, Computer Configuration, Administrative Templates GPME, Select desired GPO, Policies, Administrative Templates, Computer Configuration GPME, Select desired GPO, Administrative Templates, Policies, Computer Configuration GPME, Select desired GPO, Administrative Templates, Computer Configuration, Policies GPME, Select desired GPO, Computer Configuration, Administrative Templates, Policies GPME, Select desired GPO, Computer Configuration, Policies, Administrative Templates

GPME, Select desired GPO, Policies, Computer Configuration, Administrative Templates

Which of the following statements is true regarding GPOs in Azure? GPOs are not synchronized between on-premises AD and Azure AD DS GPO synchronization between on-premises AD and Azure AD DS is triggered by a change GPO synchronization between on-premises AD and Azure AD DS is initiated by Azure AD DS GPO synchronization between on-premises AD and Azure AD DS is initiated by the on-premise AD

GPOs are not synchronized between on-premises AD and Azure AD DS

Hans recently sold his small networking services company and started working for a large corporation. He is asked to modify one of the GPOs but notices it is taking longer that he expected for the changes to propagate to a particular DC. What file can he check to see if the update has been processed? RPL.ini GPO.ini GPC.ini GPT.ini

GPT.ini

You reset the computer account of a system that is unable to sign in to the domain, but the problem continues. Which of the following should be included in your efforts to fix the problem? Reset the password of the computer account Move the computer to a different OU then back Have the computer leave then rejoin the domain Change the name on the computer and try again

Have the computer leave then rejoin the domain

In a site-linked GPO, what does GPO processing use to determine where a user is signing in from to apply the proper policy? Username IP Address Port number Physical location

IP Address

You are creating a group policy preference. One of the options for the Folders entry is Update. What does this option do? Select two. If the folder exists, all content is deleted and replaced Updates the contents of the folder during replication Updates the contents of the folder if set to true If the folder does not exist, it is created Updates the properties of the folder

If the folder does not exist, it is created Updates the properties of the folder

Izz creates a few administrative template files on a Windows Server 2022 system in a network with multiple domain controllers. Where, or under what folder, should she place the files? Select all that apply. In the ADMX central store In the same folder where GPTs are stored In the DC that controls the PDC emulator role %systemroot%\SYSVOL\sysvol\domainname\ADMX\PolicyDefinitions\en-us %systemroot%\SYSVOL\sysvol\domainname\Policies\PolicyDefinitions\en-us %systemroot%\SYSVOL\sysvol\domainname\Templates\PolicyDefinitions\en-us

In the ADMX central store In the same folder where GPTs are stored In the DC that controls the PDC emulator role %systemroot%\SYSVOL\sysvol\domainname\Policies\PolicyDefinitions\en-us

Victor is creating a startup called myscript.ps1 that will be deployed using a GPO. Where should he place the script, such that it would offer the greatest advantage? On a regular shared folder In the SYSVOL/sysvol/ folder In the GUID folder of the GPO In the User Configuration node

In the GUID folder of the GPO

The company Tamika works for is growing and no longer wants employees to log in to the Azure resources with log in credentials that differ from the one they use to access local resources. How can the company meet this objective? Install Azure AD SSPR Install Azure AD Sync Install Azure AD Connect Install Azure ADDS Connect

Install Azure AD Connect

Vincent works at a company that has a small overseas office running Windows Server 2003 because they are supporting an older application used by the local market for which upgrades are no longer available. Vincent wants to configure group policy preferences but is unable to find the tool on the 2003 server. How, if possible, can this apparent limitation be overcome? Upgrade to a version of Windows Server released after 2003 Install Group Policy Preferences Client Side Extensions Windows Server 2003 does not support preferences Install the Legacy Group Policy Preferences Editor

Install Group Policy Preferences Client Side Extensions

Ruby needs to configure some software installation policies. What are some of the software deployment options available via the Administrative Templates folder? Select three. Use the Computer Configuration node to install a software package when first invoked Install an application when a user logs on to the system if permission is granted Uninstall an application if the user or computer falls out of the scope of the GPO Deploy a package upgrade by specifying which existing packages should be upgraded Use the Publish option under the User Configuration node to install when needed

Install an application when a user logs on to the system if permission is granted Uninstall an application if the user or computer falls out of the scope of the GPO Deploy a package upgrade by specifying which existing packages should be upgraded

Neymar configured Azure AD DS and needs to create a few GPOs. Which of the following steps, will help him achieve his goal? Select two. Add the VM to a different region for redundancy Install the Group Policy Management tools Create a new virtual network for the VM Install Host Guardian Hyper-V Support Correct Answer Create a Windows Server VM in Azure

Install the Group Policy Management tools Create a Windows Server VM in Azure

Which of the following is necessary for the successful creation of an MSA? Create an MSA on a workgroup computer in the Manage Service Accounts folder Install the MSA before installing Active Directory for automatic MSA discovery Install the MSA on the target computer that already has Active Directory installed Install PowerShell only if you want to install the MSA using a PowerShell script

Install the MSA on the target computer that already has Active Directory installed

You are managing 9 web servers configured with load-balancing capabilities that use a group managed service account in a domain with multiple DCs. You generate a KDS root key to facilitate the changing of password(s) automatically. How can you best ensure all DCs are able to use the key before changing password(s)? Introduce a delay to allow replication to update all domain controllers in the domain Use -EffectiveImmediately when generating the key to transmit it to all DCs right away Wait until you receive an acknowledgment from every DC before committing the change Write a script to automatically log in to the DCs and generate the key using the same seed

Introduce a delay to allow replication to update all domain controllers in the domain

Which of the following characteristics are true regarding universal groups? Select three. User accounts are not permitted as members It can be a member of another universal group It is best not to replicate them to preserve integrity Changes to universal groups should be minimized It is the only group stored on global catalog servers

It can be a member of another universal group Changes to universal groups should be minimized It is the only group stored on global catalog servers

User janedoe uses the following command to add a computer named pewter to a domain:netdom join pewter /Domain:az800.corp /UserD:janedoe /PasswordD:*What is the purpose of the asterisk ( * )? It corresponds to the password that belongs to user janedoe It is the wildcard character so any password will be accepted Allows the user to set the password for the computer account It is a special character to indicate that no password is required

It corresponds to the password that belongs to user janedoe

Identify the statements that best describe the benefits of folder redirection. Select two. It is useful for centralized backup It is useful when implementing shortcuts It is useful when roaming profiles are utilized It is useful when existing folders become corrupt It is useful when implementing a shared folder structure

It is useful for centralized backup It is useful when roaming profiles are utilized

Jodi runs gpedit.msc to configure a GPO on a computer in the domain. What will be the scope of the GPO? OU Site Local Domain

Local

When Bernadette, a professor, signs on to her office computer she sees the IP address in the lower right hand side of the desktop. However, when she signs on to a computer in the computer lab using the same credentials, she sees a different background and the IP address is not displayed. What is the most likely reason why the policy applied in her office is different from the one in the computer lab? Loopback policy processing is enabled in the lab computer Loopback policy processing is enabled in her office computer Her office computer and lab computers have different policies Her office computer and lab computers are in different domains

Loopback policy processing is enabled in the lab computer

You need to apply group policy settings on some laptops that must be enforced only when they are connected to the company's network. What type of policy setting should you create? Unmanaged policy setting Persistent policy setting Managed policy setting Dynamic policy setting

Managed policy setting

In the process of setting up Active Directory you create OUs and groups. As you configure the system which of the following do you need to keep in mind? Select two. Objects contained in a group can be assigned permissions Objects contained in a group cannot be assigned permissions An OU can be used to assign permissions to objects it contains OUs can be nested up to three levels deep depending on the size An OU cannot be used to assign permissions to objects it contains

Objects contained in a group can be assigned permissions An OU cannot be used to assign permissions to objects it contains

You install Azure AD Connect with SSPR enabled. But when Javelin resets her password in Azure AD, the new password is not valid when trying to log in to access on-premises domain resources. What is the problem, or how can the discrepancy be rectified? Enable pass-through authentication The service agent for SSPR is missing The authentication method is missing Password writeback was not enabled

Password writeback was not enabled

You create a GPO related to the Computer Configuration node and link it to a test OU. After verifying the change was applied, you proceed to make additional changes to the GPO. However, the test computer you are using does not reflect the additional changes. What should you do? Reboot the computer Log out and log in again Wait for replication to complete Verify you click Save in the GPME

Reboot the computer

Your company wants to transition to the cloud. No one in your company has ever implemented cloud services so you are asked to prepare an Azure AD DS implementation plan. As you experiment with AADDS, one of the options is to select one of two forest types for synchronization. What is the difference between selecting user forest and resource forest? Select two. Selecting user forest synchronizes only user accounts and organizational units with users Selecting resource forest synchronizes computer accounts and OUs that do not have users Selecting user forest synchronizes objects in AAD and user accounts in on-premises AD Selecting resource forest synchronizes all objects irrespective of where they were created Selecting resource forest only synchronizes users and group created in Azure A

Selecting user forest synchronizes objects in AAD and user accounts in on-premises AD Selecting resource forest only synchronizes users and group created in Azure AD

Which of the following represent recommended or best practices relative to group policies? Select two. Set account policies and a few critical security policies at the domain level AD folders, such as Computers and Users, should have a GPO linked to them If managing Computers and Users objects with group policies, move them to an OU Define group policy settings at the domain level and define exceptions at the OU level Define group policy settings at the site level and define exceptions at the domain level

Set account policies and a few critical security policies at the domain level If managing Computers and Users objects with group policies, move them to an OU

You need to create a few GPOs for technicians to use as a baseline setting for new GPOs they are about to configure. What type of GPO should you create? Starter GPO Group Policy Template Administrative Template GPO Computer and User Configuration Template GPO

Starter GPO

Julieta wants to check the status of a certain GPO. She checks the Status flag of the GPO using the Active Directory Users and Computers tool and notices the value is 3. What does it mean? The GPO is enabled The GPO is disabled There are 3 minutes left before replication completes This value represents the replication version number

The GPO is disabled

You configure Azure AD DS and a group policy using a VM. However, when you test it, the policy is not applied. What could be the problem? You need to link the GPO to the Azure-managed DC OU You did not select the option to enable default policies The VM being used is in a different virtual network You did not install Host Guardian Hyper-V Support

The VM being used is in a different virtual network

Appoline, a new employee in a secure facility, is told her username is appoline765 and the initial password is LetMe_1nn. She tries to log in using the provided credentials but keeps getting an error message and is not granted access. Which of the following is most likely to be the problem? The administrator forgot to reset the password The account was created with no initial password The account for Appoline is missing a password policy The password policy requires an initial blank password

The account was created with no initial password

When you log into your office computer, a shared folder is automatically available. However, when you log into a lab computer the shared folder is not automatically available. What is the most likely reason for this behavior? The computer is not a member of the domain The computer is not in an organizational unit The user employed different log in credentials The computer is not connected to the network

The computer is not a member of the domain

Identify the statements that best describe the differences between the Administrator and Guest accounts on a computer where only one domain exists. Select two. The domain Administrator account is a member of the Enterprise Admins group The local Administrator account has full access to all aspects of the domain The local Administrator account should be deleted to prevent unauthorized access The Guest account is disabled by default; it must be enabled by an administrator The Guest account must be added to the Everyone group or it will have no access

The domain Administrator account is a member of the Enterprise Admins group The Guest account is disabled by default; it must be enabled by an administrator

Bryson configures two GPOs that are similar. The only difference is that one grants access to the Control Panel and the other does not explicitly grant access. Both are applied to an object. What will be the resulting effect? The object will not have access to the Control Panel An error will be issued because the policies conflict GPOs err on the side of the more restrictive policy The object will have access to the Control Panel

The object will have access to the Control Panel

Given an SPN with the syntax shown below, which of the following best describes what the port number represents? service type/instance name:port number/service name The port number of the service type to be accessed The port number of the service name to be accessed The port number of the service instance to be accessed The port number of the instance name to be accessed

The port number of the service name to be accessed

A user signs into a computer connected to a large network but they are not able to access domain resources. What is the most likely reason why? The network structure is peer-to-peer The network needs a Domain Controller The user account is stored in the SAM database The user is missing from the local Users and Groups

The user account is stored in the SAM database

Lucero, a junior helpdesk technician, is experimenting with groups and users. Juniper, the IT administrator, sees a group called Testing and coincidently attempts to delete it at the same time Lucero attempts to create a user in that group. What are the consequences? The user will be in the ADUC Recycle Bin Both the user and the group will be deleted The user created by Lucero will not be created The group deleted by Juniper will not be deleted The user will be in the ADUC LostAndFound folder

The user will be in the ADUC LostAndFound folder

Havila right-clicks a computer object in Active Directory Users and Computers and clicks Reset Account. What are the possibilities that could have induced her to take this action? Select two. In the process of performing an offline domain join there was a power glitch, so the join was paused There was a power outage about two months ago and everyone neglected to turn on the computer The password between the computer and the computer account in Active Directory are out of sync The computer account had been disabled in Active Directory and now needs to be re-enabled again

There was a power outage about two months ago and everyone neglected to turn on the computer The password between the computer and the computer account in Active Directory are out of sync

You navigate to the folder:C:\Windows\SYSVOL\sysvol\mycompany.com\Policies\You notice two folders with numerical identifiers that are very similar. One begins with 6AC1 and the other with 31B2. Which of the following statements best describe these two folders? Select two They are GPT folders They are GPC folders 31B2 is a GPT folder and 6AC1 is a GPC folder The 31B2 folder contains policy settings for the Default Domain Policy The 6AC1 folder contains policy settings for the Default Domain Policy

They are GPT folders The 31B2 folder contains policy settings for the Default Domain Policy

Identify the elements that GPTs and GPCs have in common. Select two. One serves as a backup for the other They are both stored in Active Directory They are both assigned a globally unique ID They are replicated using the same method They both have a Machine and User subfolder

They are both assigned a globally unique ID They both have a Machine and User subfolder

Which of the following statements are true regarding the Administrative Templates in the Computer Configuration and the User Configuration nodes? Select three. They both contain a System subfolder They both contain a Desktop subfolder They both contain a Network subfolder They both contain a Control Panel subfolder They both contain a Shared Folder subfolder

They both contain a System subfolder They both contain a Network subfolder They both contain a Control Panel subfolder

Under what condition would it make sense to create a WMI filter? To configure group policies that cannot be restricted To configure group policies that cannot be overridden When extensions to extend GPO functionality are missing To prevent an object from applying the policies of a GPO

To prevent an object from applying the policies of a GPO

Charles removes the Authenticated Users group from a GPO. Why would he do that? To enable Windows Management Instrumentation filtering on specific users To ensure the default settings applied due to security filtering are inherited To prevent the GPO from being applied to specific users and/or computers To temporarily prevent user access to domain resources during DC backup

To prevent the GPO from being applied to specific users and/or computers

Joseph creates a security group containing accounts and contacts. However, when Jane, a new hire who is listed as a contact in the security group, tries to sign in, permission is denied but other members of the group are able to sign in. How can the problem be rectified? Ensure Jane is using the right username and password Update the DACL to give Janes access to the network Use Active Directory to create an account for Jane Ensure Jane is not listed on other distribution lists

Use Active Directory to create an account for Jane

You want to shield a few objects in an OU from the GPO linked to it. How can you accomplish this? Select three. Use Windows Management Instrumentation filtering Remove the Authenticated Users group from the GPO Directly edit the GPO's discretionary access control list Modify the group policy in the AD System\Policies folder Use Security Filtering in the GPMC to add objects to shield

Use Windows Management Instrumentation filtering Remove the Authenticated Users group from the GPO Directly edit the GPO's discretionary access control list

When would a company use an Azure AD security group vs. a Microsoft 365 group? Select two. Use an AAD security group to assign access to a variety of resources Use a security group when you want to add group members dynamically Use a Microsoft 365 group when access to MS Office products is required Use a Microsoft 365 group when you want to add group members manually Use a Microsoft 365 group when you want to send emails to a group of people

Use an AAD security group to assign access to a variety of resources Use a Microsoft 365 group when you want to send emails to a group of people

Lorenzo wants to configure a group policy preference on a limited set of systems that are running a specific version of the Windows operating system. How can he best implement the policy only on those systems? Use a logon script Create an ADM file Correct Answer Use item-level targeting Use a preference exception

Use item-level targeting

Linus, the domain administrator, uses a dedicated account to sign into a Linux computer on the network. Where in Active Directory can this capability be configured? User Account Properties > Member Of > Set Linux Group User Account Properties > Account > Set Secondary Group User Account Properties > Member Of > Set Primary Group User Account Properties > Account > Set POSIX-compliant Group

User Account Properties > Member Of > Set Primary Group

There are four local GPOs configured on a non-domain computer. The Local Computer Policy prevents access to the firewall settings. The Administrators policy allows access. The Non-Administrators GPO prevents access. The user-specific GPO for jdoe, who is not an administrator, allows access. Which policy will be applied to jdoe? User-specific Policy Administrators Policy Local Computer Policy Non-Administrators Policy

User-specific Policy

You add a new computer to the domain. Which of the following local groups in the computer will be modified automatically? Select two Users Builtin Members Computers Administrators

Users Administrators

Which of the following represent valid categories of default groups in a Windows Domain? Select three. Users Builtin Remote Computers Special Identity

Users Builtin Special Identity

You are responsible for assigning permissions to a variety of AD objects. To what types of AD objects can you assign permissions? Select three. OUs Users You Answered GPOs Groups Computers

Users Groups Computers

You are using an Administrative Template to configure an aspect of the Event Viewer. In which folder will you make the changes? Server Events System Windows Components Operating System Components

Windows Components

You are looking at the User Configuration node in the GPME to assess the changes you are considering. What subnodes are available under the Preferences folder? Select two. System Settings Windows Settings Local Preferences Computer Settings Control Panel Settings

Windows Settings Control Panel Settings

Identify some of the benefits of using OUs. Select three. You can change the OU structure easily to accommodate reorganizations You can hide Active Directory objects for confidentiality or security reasons You can add multiple domains to an OU to mirror the organization's structure You can use OUs to assign permissions to users, computers, and other objects They give you the flexibility to create a hierarchy with as many levels as needed

You can change the OU structure easily to accommodate reorganizations You can hide Active Directory objects for confidentiality or security reasons They give you the flexibility to create a hierarchy with as many levels as needed

Axel, whose username is axelp99, is not able to log into a legacy system running an older application in the mycompany domain using his UPN. What username will allow him to sign in successfully? mycompany\axelp99 mycompany/axelp99 axelp99@mycompany [email protected]

mycompany\axelp99