Final Review
GPOs are processed in the following order:
1. The local GPO is applied. 2. GPOs linked to sites are applied. 3. GPOs linked to domains are applied. 4. GPOs linked to organizational units are applied. For nested organizational units, GPOs linked to parent organizational units are applied before GPOs linked to child organizational units are applied.
A DHCP server can provide which of the following types of information to clients?
Default gateway WINS servers Subnet mask DNS servers IP address
Which FSMO roles are are unique (only one instance each) per directory (forest-wide)?
Domain Naming Master Infrastucture Master PDC Emulator RID Master Schema Master
Which FSMO roles are are unique (only one instance each) per domain?
Domain Naming Master Infrastucture Master PDC Emulator RID Master Schema Master
You can set DHCP scope options in which of the following ways?
Globally for all scopes by setting default server options. On a client-class basis by configuring user-specific or vendor-specific classes. On a per-client basis by setting reservation options. On a per-scope basis by setting scope options. On a per-user basis
What is the purpose of a Start of Authority record?
It identifies the authoritative DNS server for the current zone. It identifies SSL certificates in use on the domain. It provides information about secondary DNS servers and off-site primary servers. It provides the authoritative alias for a computer name.
This profile is issued each time an error condition prevents the user's profile from loading. These profiles are deleted at the end of logon session and changes made by users are lost.
Mandatory User Profiles Roaming User Profiles Temporary User Profiles Local User Profiles
This profile is stored on a server share and the profile is downloaded to any network computer when the user logs on. Changes to the profile are synchronized with the server copy when the user logs off.
Mandatory User Profiles Temporary User Profiles Roaming User Profiles Local User Profiles
Organizational Units are created using which tool? Select the BEST answer.
Microsoft Management Console Active Directory Sites and Services Active Directory Users and Computers Active Directory Domains and Trusts
The default authentication method used by Windows 2000 and later versions is
NTLM Kerberos CHAP MS-CHAP
When considering GPO precedence between local GPO, default domain GPO, domain controller GPO, site GPO and OU GPOs, what GPOs are applied first?
OU GPOs Default domain GPOs Local GPOs Site GPO
%USERPROFILE% and %USERNAME% are Windows environment variables with values indicating the location of the current user's profile directory and the current user's logon account name, respectively.
True False
A transitive trust means that if A and B have a trust and B and C have a trust, A and C automatically have a trust as well.
True False
AGDLP is an abbreviation meaning "account, global, domain local, permission".
True False
AGUDLP is an abbreviation meaning "account, global, universal, domain local, permission".
True False
According to Microsoft, you should create subdomains for internal use (like corp.example.org, dmz.example.org, extranet.example.org) and make sure you've got your DNS configuration setup correctly.
True False
Active Directory Directory Services tools such as Active Directory Users and Computers (ADUC) can only be installed on an Active Directory Domain Controller.
True False
All OUs should be protected against accidental deletion.
True False
An AD domain name and a DNS name are the same thing
True False
An Organizational Unit cannot be nested within another Organizational Unit
True False
An Organizational Unit cannot be nested within another Organizational Unit.
True False
By default, Organizational Units are protected against accidental deletion in Active Directory with Server 2016 functional levels.
True False
By default, user objects are protected against accidental deletion in Active Directory with Server 2016 functional levels
True False
DHCP gives centralized control over assigning TCP/IP configuration to network clients
True False
DHCP scopes provide a pool of IP addresses for DHCP clients.
True False
Each Active Directory domain controller is equal to every other domain controller. If information on one DC changes, such as the creation of an account, it is replicated to all other DCs in a process called multimaster replication.
True False
Exclusions are addresses or a range of addresses that are not distributed by a DHCP server.
True False
GPOs with larger link order numbers have precedence over GPOs with smaller link order numbers.
True False
Group Policies can be used to prevent a user from being able to access the Control Panel or specific Control Panel options.
True False
If more than one GPO are linked to an OU, the GPO processing order is determined by the link order.
True False
If you delete an OU, you will likely also delete user and computer accounts.
True False
If you don't know what type of group to create, you should select security and not distribution.
True False
If you register a public DNS name, you own it and it ensures you will not have future name conflicts
True False
In an Active Directory forest, all trees use the same schema
True False
In scripts and profile assignments, it is best to use environment variables instead of user names
True False
Microsoft strongly recommends that you register a public domain and use subdomains for the internal DNS
True False
Roaming profiles can result in excessively slow user logins.
True False
The LDIFDE utility imports and exports directory objects using CSV format.
True False
The order in which GPOs are processed is significant because when policy is applied, it overwrites policy that was applied earlier.
True False
Tools and utilities can be added as snap-ins to the Microsoft Management Console.
True False
Windows Server 2019 uses Active Directory to manage accounts, groups, and managed network services
True False
Writable copies of information in Active Directory are contained in one or more domain controllers (DCs), which are servers that have the Active Directory Domain Services (AD DS) server role installed.
True False
Group Policy Objects are sets of policies that govern security, configuration, and a wide range of other settings for objects within containers in Active Directory.
True False
The order in which GPOs are processed is significant because when policy is applied, it overwrites policy that was applied earlier.
True False
What defines the objects and the information pertaining to those objects stored in Active Directory?
a. Classes b. Schema c. Characteristics d. Attributes
The following structure is used for administrative purposes to allow flexibility in managing resources associated with a business unit, department, or division.
a. Domain b. Group c. Organizational Unit d. Object
What type of group is typically used to manage resources in a domain?
a. Domain local group b. Local group c. Universal group d. Global group
What statement regarding Active Directory objects that can be members of a domain local group is NOT accurate?
a. Domain local groups in the same domain can be members of the group. b. Universal groups in any domain in a tree or forest can be a member of the domain local group, without requiring a trust relationship. c. Global groups in any domain in a tree or forest, as long as a transitive or two-way trust relationship is maintained, can be a member of the group. d. user accounts in the same domain can be members of the group.
A tree contains one or more domains in a common relationship and has the the following characteristics.
a. Domains are represented in a contiguous namespace and can be in a hierarchy b. All domains use the same global catalog c. Two-way trust relationships exist between parent domains and child domains d. All domains in a single tree use the same schema for all types of common objects
What statement regarding trust relationships between domains is accurate?
a. Due to the trust relationship between parent and child domains, any one domain can have access to the resources of all others. b. The security in a two-way trust relationship between domains is based on RADIUS security techniques. c. A new domain joining a tree has no trust relationships with the other domains in the same tree. d. If domain A and B have a trust and domain B and C have a trust, domain A does not automatically trust domain C
Under what conditions can a global group be converted to a universal group?
a. It can be converted as long as it is not nested in another global group or in a universal group. b. It can be converted regardless of nested memberships. c. It can be converted as long as it is not nested in a domain group. d. It can be converted as long as it is not nested in a local group
What type of group is typically used to manage user accounts in a domain?
a. Local group b. Domain local group c. Universal group d. Global group
What type of group is typically used to manage resources in a domain?
a. Local group b. Global group c. Universal group d. Domain local group
How are changes made within Active Directory maintained on different domain controllers?
a. Multimaster replication is used to replicate changes to other DCs. b. The configurations will copy to each domain controller one at a time. c. The primary domain controller on the network must be notified of the changes, after which other secondary DCs will pull changes from the master. d. The domain controllers must manually sync their configurations.
When replication occurs between sites, what servers are involved in replication?
a. Replication only occurs between two bridgehead servers. b. Replication between the two sites occurs between global catalog servers on both sides. c. Replication between the sites is handled by randomly picked DCs on both sides. d. All the servers in one site sync directly with the servers of the remote site.
According to Microsoft, what is the minimum number of DCs that should be present in any organization using Active Directory?
a. Six b. Two c. Three d. Four
After deleting an account, what happens to the associated GUID?
a. The GUID will be permanently deleted and never re-used. b. The GUID will be recycled and reused by another newly created user or object. c. The GUID will be reused, but only by another account using the same name. d. The GUID remains in the domain database information to provide restoration options
What happens if a user attempts to sign in while the global catalog server for the domain is offline?
a. The user will be allowed to sign in to the network with cached credentials. b. The user will be allowed to sign in only to the local computer. c. The user will not be allowed to log in. d. The user will be allowed to log in, but group membership information will not be loaded
At the highest level in an Active Directory design is
a. a domain b. a tree c. a forest d. an organizational unit
What kind of group is used for e-mail or telephone lists, to provide quick, mass distribution of information?
a. domain local groups b. global groups c. universal groups d. distribution groups
What kind of group is used for e-mail or telephone lists, to provide quick, mass distribution of information?
a. global groups b. universal groups c. distribution groups d. domain local groups
Which command opens the Microsoft Management Console?
admin.msc mmc.exe eventvwr.exe mrt.exe
Which utility is the BEST choice to modify properties for a bunch of Active Directory objects?
csvde dsadd ldifde netdom
A command-line tool used to add single objects to Active Directory.
dsadd import csvde dsget
A utility to import and export data from Active Directory Domain Services (AD DS) using files containing data in the comma-separated value (CSV) format.
dsget dsadd csvde import
If your DNS domain name is example.com, which of the following is the BEST choice for your Active Directory name?
example.com example.local ad.example.com example.lan
In the following comma-separated data, what is the user's sn? DN,objectClass,sAMAccountName,givenName,sn,userPrincipalName"cn=JoyTurner,OU=Employees,DC=AD,DC=Example,DC=Com",user,jturner,Joy,Turner,[email protected]
user jturner Joy Turner
To assign administration tasks to a group, you delegate control of what type of objects?
users computers organizational units (OUs) groups
What information is NOT in a DNS stub zone?
SOA record NS records A records for authoritative name servers MX records
To hide a shared folder or drive in Windows, you add a/an ___ to the end of the share name.
% $ & @
The Kerberos Key Distribution Center (KDC) uses the Active Directory Domain Services database as its security account database. The KDC provides what two services?
Authentication Server (AS) Ticket-Granting Server (TGS) Service Server (SS) Client Server (CS)
What happens when a Group Policy setting is defined in User Configuration and in Computer configuration?
Both policies are disabled until the conflict is resolved. The User configuration items take precedence over the Computer configuration items. The Computer configuration items take precedence over the User configuration items. The Group Policy Management Editor prompts the Administrator to rectify the policy conflict before the policy can be saved.
Group Policy settings are divided into what two categories?
Policy Configuration settings Group Configuration settings Organizational Configuration settings Computer Configuration settings User Configuration settings
To view the "Protect object from accidental deletion" property in Server 2016 Active Directories using ADUC, you first must
Right-Click the object and select Properties Click View and select Advanced Features Click Format and select Advanced Features Right-Click the object and select Advanced Features
This profile is read-only. Only system administrators can make profile changes and changes made by users are lost when the user logs off.
Roaming User Profiles Local User Profiles Mandatory User Profiles Temporary User Profiles
Match the FSMO roles and description
Schema Master E. Responsible for performing updates to the directory schema. The DC with this role is the only one that can process updates to the directory schema. Domain Naming Master D. Responsible for making changes to the forest-wide domain name space of the directory. The DC with this role is the only one that can add or remove a domain from the directory. RID Master B. Responsible for processing relative identification pool requests from all DCs within a given domain. The DC with this role is also responsible for removing an object from its domain and putting it in another domain during an object move. PDC Emulator C. This role is necesary to synchronize time in an enterprise. Infrastructure Master A. Responsible for updating an object's SID (security identifier) and distinguished name in a cross-domain object reference.
Group Policies be applied to which Active Directory containers?
Sites Domains Organization Units All the above
This profile is stored on the computer's local hard disk and is created the first time the user logs into he computer. Changes made to the profile are specific to the user and to the computer on which the changes are made.
Temporary User Profiles Local User Profiles Mandatory User Profiles Roaming User Profiles
What scheme is Microsoft's recommendation for implementing role-based access controls (RBAC) using nested groups in a single Active Directory (AD) domain?
a. AGDLP b. AGUDLP c. AGLP d. AUGDLP
What scheme is Microsoft's recommendation for implementing role-based access controls (RBAC) using nested groups in an Active Directory (AD) forest consisting of two or more domains?
a. AUGDLP b. AGDLP c. AGUDLP d. AGLP
What is the most typically used boundary for an Active Directory site?
a. A site boundary is typically defined by an administrative boundary. b. A site boundary is typically defined by a domain. c. A site boundary is typically defined by a network or subnet boundary. d. A site boundary is typically defined by an OU.