Infrastructure
12. A user is logged on to a Windows Server 2012 R2 domain from a Windows 8.1 computer and requests access to a shared folder. What must the user account request before the shared folder can be accessed? a. A service ticket b. A TGT c. A KDC d. An access code
A
12. You maintain an RODC running Windows Server 2012 R2 at a branch office, and you want one employee with solid computer knowledge to perform administrative tasks, such as driver and software updates and device management. How can you do this without giving her broader domain rights? a. Assign the employee's account as a delegated administrator in the RODC's computer account settings. b. Create a local user on the RODC, and add it to the Administrators group. Have the user log on with this account when necessary. c. Create a script that adds the user to the Domain Admins group each day at a certain time, and then removes the user from the group one hour later. Tell the user to log on and perform the necessary tasks during the specified period. d. Send the user to extensive Windows Server 2012 R2 training, and then add the user to the Domain Admins group.
A
15. You have three users who travel to four branch offices often and need to log on to the RODCs at these offices. The branch offices are connected to the main office with slow WAN links. You don't want domain controllers at the main office to authenticate these four users when they log on at the branch offices. What should you do that requires the least administrative effort yet adheres to best practices? a. Create a new global group named AllBranches. Add the four users to this group, and add the AllBranches group to the Allowed RODC Password Replication group. b. Add the four users to a local group on each RODC. Add the local groups to the PRP on each RODC with an Allow setting. c. Add each user to the PRP on each RODC with an Allow setting. d. Create a group policy and set the "Allow credential caching on RODCs" policy to Enabled. Add the four users to the policy, and link the policy to the Domain Controllers OU.
A
17. You have a server named DNS1 with a zone named csmtech.local. Several computers use DHCP for IP address assignment, and their IP addresses change often. Client computers are often unable to communicate with some of these computers until they clear their local DNS caches. What can you do to reduce the problem? a. Set the minimum (default) TTL on the zone to a lower value. b. Set the Expires after timer to a higher value. c. Change the DNS records to static. d. Change the "Record time stamp" setting to a lower value.
A
18. Which of the following is used to uniquely identify a service instance to a client? a. SPN b. KDC c. Service ticket d. TGT
A
18. You manage a multidomain forest with domains named DomainA and DomainB. You want to use the GPOs from DomainA in DomainB without having to reconfigure all GPOs. What do you need to configure? a. Migration table b. GPO backup and restore c. Delegation d. RSoP
A
20. You have four servers running a service in a load-balancing configuration, and you want the services on all four servers to use the same service account. What should you do? a. Create a group and add the servers' computer accounts to it. Run the New-ADServiceAccount cmdlet. b. Run the New-ADServiceAccount cmdlet and configure constrained Kerberos delegation. c. Run the New-gMSAServiceAccount cmdlet and specify the four servers in the SPN. d. Move the four servers' computer accounts to the Managed Service Accounts folder in Active Directory.
A
21. Which of the following is the period between an object being deleted and being removed from the Active Directory database? a. Tombstone lifetime b. Defragmentation limit c. Object expiration d. Restoration period
A
6. What type of zone should you create that contains records allowing a computer name to be resolved from its IP address? a. RLZ b. FLZ c. Stub d. TLD
A
8. You're taking an older server performing the RID master role out of service and will be replacing it with a new server configured as a domain controller. What should you do to ensure the smoothest transition? a. Transfer the RID master role to the new domain controller, and then shut down the old server. b. Shut down the current RID master and seize the RID master role from the new domain controller. c. Back up the domain controller that's currently the RID master, restore it to the new domain controller, and then shut down the old RID master. d. Shut down the current RID master, and then transfer the RID master role to the new domain controller.
A
9. An OU structure in your domain has one OU per department, and all the computer and user accounts are in their respective OUs. You have configured several GPOs defining computer and user policies and linked the GPOs to the domain. A group of managers in the Marketing Department need different policies from the rest of the Marketing Department users and computers, but you don't want to change the top-level OU structure. Which of the following GPO processing features are you most likely to use? a. Block inheritance b. GPO enforcement c. WMI filtering d. Loopback processing
A
9. You have a DNS server outside your company's firewall that's a stand-alone Windows Server 2012 R2 server. It hosts a primary zone for the public Internet domain name, which is different from the internal Active Directory domain names. You want one or more of your internal servers to be able to handle DNS queries for the public domain and serve as a backup for the primary DNS server outside the firewall. Which configuration should you choose for internal DNS servers? a. Configure a standard secondary zone. b. Configure a standard stub zone. c. Configure a forwarder to point to the primary DNS server. d. Configure an Active Directory-integrated stub zone.
A
11. When can thresholds in a data collector set be configured to trigger an alert? (Choose all that apply.) a. The value in the counter falls below the threshold. b. The value in the counter is equal to the threshold. c. The value in the counter rises above the threshold. d. The value in the counter differs from the threshold by some percentage up or down.
A C
3. Which of the following is a reason for establishing multiple sites? (Choose all that apply.) a. Improving authentication efficiency b. Enabling more frequent replication c. Reducing traffic on the WAN d. Having only one IP subnet
A C
3. Which subtype of the Applications and Services logs in Event Viewer is hidden and disabled by default? (Choose all that apply.) a. Analytic b. Admin c. Debug d. Operational
A C
18. You can use auditpol to handle which of the following auditing tasks? (Choose all that apply.) a. Back up and restore audit policies to CSV files. b. Disable advanced auditing policies to return to basic policies. c. Display current audit policies. d. Configure global resource SACLs.
A C D
2. You can save event log information as a file in which format? (Choose all that apply.) a. Event log file format b. Log file format c. Tab delimited d. Comma delimited
A C D
5. In the Performance tab of Task Manager, which of the following components can you monitor? (Choose all that apply.) a. CPU use b. Process use c. Memory use d. Network adapters
A C D
6. In addition to monitoring system resources, you can do which of the following with Resource Monitor? (Choose all that apply.) a. Review and close processes that have stopped responding. b. Delete files. c. Control services. d. See what files are in use by applications.
A C D
7. Which of the following is a source of data for Performance Monitor? (Choose all that apply.) a. Configuration information b. Event trace data c. Task Manager data d. Performance counters
A C D
11. Which of the following is true about a stub zone? (Choose all that apply.) a. It's not authoritative for the zone. b. It holds mostly A records. c. It can't be Active Directory integrated. d. It contains SOA and NS records.
A D
13. The Users group has permission to do which of the following in Performance Monitor? (Choose all that apply.) a. View log files b. Access real-time data c. Create data collector sets d. Modify display properties
A D
17. Which of the following is an advantage of using a managed service account instead of a regular user account for service logon? (Choose all that apply.) a. The system manages passwords. b. You can assign rights and permissions precisely. c. You can use the account to log on interactively. d. You can't be locked out.
A D
5. Which of the following is included in account policies for a GPO? (Choose all that apply.) a. Password Policy b. Authorization Policy c. Account Lockout Policy d. Kerberos Policy
A D
Which of the following is a main function of user accounts? (Choose all that apply.) a. User authentication b. Biometric identity c. Autonomous access d. Detailed information
A D
1. The entire DNS tree is referred to as which of the following? a. Zone hierarchy b. Domain space c. DNS namespace d. Top-level domain
C
10. An alert in Performance Monitor can write an event to which log? a. Security b. System c. Application d. Error
C
10. You discovered that a user changed his password 10 times in one day. When you ask why he did this, he replied that the system required him to change his password. He wanted to use his favorite password, but the system wouldn't accept it until he changed it 10 times. What should you do to prevent this user from reusing the same password for at least 60 days? a. Change the value for the "Enforce password history" setting. b. Change the value for the "Maximum password age" setting. c. Change the value for the "Minimum password age" setting. d. Enable the "Password must meet complexity requirements" setting.
C
10. You need to install an RODC in a new branch office and want to use an existing workgroup server running Windows Server 2012 R2. The office is a plane flight away and is connected via a WAN. You want an employee at the branch office, Michael, to do the RODC installation because he's good at working with computers and following directions. What should you do? a. Add Michael to the Domain Admins group, and give him directions on how to install the RODC. b. Add Michael's domain account to the Administrators group on the server, and give him directions on how to install the RODC. c. Create the computer account for the RODC in the Domain Controllers OU, and specifyMichael's account as one that can join the computer to the domain. d. Create a group policy that specifies that Michael's account can join RODCs to the domain. Then use the Delegation of Control Wizard on the Domain Controllers OU.
C
11. You have a branch office connected to the main office with a sometimes unreliable and slow WAN link. Users are complaining about long logon times. Which Group Policy client feature are you most likely to configure to solve the problem? a. Synchronous processing b. Background processing c. Slow link processing d. Remote update processing
C
12. You have just made changes to a GPO that you want to take effect as soon as possible on several user and computer accounts in the Sales OU. Most of the users in this OU are currently logged on to their computers. There are about 50 accounts. What's the best way to get these accounts updated with the new policies as soon as possible? a. Configure a script preference that runs gpupdate the next time the user logs off. b. Configure the GPO to perform foreground processing immediately. c. Run the Get-ADComputer and Invoke-GPUpdate PowerShell cmdlets. d. Use the gpupdate /target:Sales /force command.
C
13. The DNS server at your company's headquarters holds a standard primary zone for the abc.com domain. A branch office connected by a slow WAN link holds a secondary zone for abc.com. Updates to the zone aren't frequent. How can you decrease the amount of WAN traffic caused by the secondary zone checking for zone updates? a. In the SOA tab of the zone's Properties dialog box, increase the minimum (default) TTL. b. In the Advanced tab of the DNS server's Properties dialog box, increase the expire interval. c. In the SOA tab of the zone's Properties dialog box, increase the Refresh interval timer. d. In the Zone Transfers tab of the SOA Properties dialog box, decrease the Retry interval timer.
C
14. A group of users in the Research Department has access to sensitive company information, so you want to be sure the group members' passwords are strong, with a minimum length of 12 characters and a requirement to change their passwords every 30 days. The current password policy requires passwords with a minimum length of 7 characters that users must change every 120 days. You don't want to inconvenience other users in the domain by making their password policies more stringent. What can you do? a. Create a GPO, configure the password policy for the Research Department, and link it to the domain. Block inheritance on all other OUs in the domain. b. Create a GPO, configure the password policy for the Research Department, and link it to the domain. Configure a security filter for the Research group. c. Create a PSO in ADAC, configure the password policy, and apply it to the Research Department group. d. Create a PSO in ADAC, configure the password policy, and link it to the Research Department OU.
C
16. A junior administrator a. Right click the GPO backup file in File Explorer and click Restore. b. Open the Active Directory Recycle Bin, right-click the GPO object, and click Restore. c. Right-click the Group Policy Objects folder and click Manage Backups. d. Create a GPO, right-click the new GPO, and click Restore from Backup.
C
16. Which of the following is the term for a DC in a site that handles replication of a directory partition for that site? a. Inter-Site Topology Generator b. Knowledge Consistency Checker c. Bridgehead server d. Global catalog server
C
16. You're in charge of a standard primary zone for a large network with frequent changes to the DNS database. You want changes to the zone to be transmitted as quickly as possible after a change has been made to all secondary servers. What should you configure and where? a. The notify option on slave servers b. The Expires after timer on slave servers c. The notify option on the master server d. The Expires after timer on the master server
C
19. What kind of group policy processing always occurs when a user is logged on to the computer at the time a group policy refresh occurs? a. Foreground processing b. Slow link processing c. Background processing d. Selective processing
C
19. Which command must you use to restore deleted Active Directory objects in a domain with two or more writeable DCs if the Active Directory Recycle Bin isn't enabled? a. wbadmin with the -authsysvol option b. wbadmin with the -restoreobject option c. ntdsutil with the authoritative restore command d. ntdsutil with the create snapshot command
C
2. Which of the following accurately represents an FQDN? a. host.top-level-domain.subdomain.domain b. domain.host.top-level-domain c. host.subdomain.domain.top-level-domain d. host.domain.top-level-domain.subdomain
C
22. You're configuring a Web-based intranet application on the WebApp server, which is a domain member. Users authenticate to the Web-based application, but the application needs to connect to a back-end database server, BEdata, on behalf of users. What should you configure? a. On the WebApp server, create a local user account, and grant it permission to BEdata. b. On the BEdata server, assign the Authenticate Users permission to the database files. c. On a domain controller, configure constrained delegation on the service account. d. Create an MSA on WebApp, and run Add-ADComputerServiceAccount with BEdata as the target.
C
24. Your company has had a major reorganization, and you need to transfer several hundred user accounts to another domain. Which of the following can help with this task? a. Create a system state backup and restore ntds.dit to the new domain. b. In Active Directory Users and Computers, select each account and export it. c. Create a snapshot and export the accounts with ldifde. d. Use the Export-ADUser PowerShell cmdlet.
C
3. You have created a GPO named RestrictU and linked it to the Operations OU (containing 30 users) with link order 3. RestrictU sets several policies in the User Configuration node. After a few days, you realize the Operations OU has three users who should be exempt from the restrictions in this GPO. You need to make sure these three users are exempt from RestrictU's settings, but all other policy settings are still in effect for them. What's the best way to proceed? a. Move the three users to a new OU. Create a GPO with settings suitable for the three users, and link it to the new OU. b. Create an OU under Operations, and move the three users to this new OU. Create a GPO, and link it to this new OU. Configure the new OU to block inheritance of the RestrictU GPO. c. Create a global group, and add the three users as members. Configure GPO security filtering so that the global group is denied access to the GPO. d. Set the Enforced option on RestrictU with a WMI filter that excludes the three user accounts.
C
6. Which of the following configurations should you avoid? a. Domain naming master and schema master on the same domain controller b. PDC emulator and RID master on the same computer c. Infrastructure master configured as a global catalog server d. Schema master configured as a global catalog server
C
7. A junior administrator is configuring settings for the Password Policy of a new GPO he created and sets the minimum password length to 4. He links the GPO to the EngUsers OU containing the user and group accounts for the Engineering Department. A user in the Engineering Department calls and says he's trying to change the password on his domain user account to A$c1, but the system isn't taking the new password. What's the problem? a. The user doesn't belong to the Engineering group. b. The user's computer account isn't in the EngUsers OU. c. Password policies can be set only at the domain level. d. The user can't use the $ symbol in the password.
C
Which of the following is not a function of the global catalog? a. Facilitates forest-wide searches b. Keeps universal group memberships c. Facilitates intersite replication d. Facilitates forest-wide logons
C
12. Protocol analyzers provide information on which of the following? (Choose all that apply.) a. Network throughput b. Network speed c. Protocols in use on the network d. Contents of network packets
C D
3. Which of the following can you use to create user accounts on a domain controller? (Choose all that apply.) a. Create-Account user b. netsh user add c. New-ADUser d. dsadd user
C D
10. The IP address for the DNS server for the primary domain csmpub.local has just been changed. You have a stub zone named csmpub.local on another server. You need to update the NS record in the stub zone. True or False?
FALSE
11. An "Account lockout duration" setting of 0 means user accounts are never locked out. True or False?
FALSE
13. Users usually notice a failure of the domain naming master immediately. True or False?
FALSE
14. Performance-monitoring tools can't be used for network monitoring. True or False?
FALSE
15. When you restore a GPO, it's automatically linked to any containers it was linked to at the time you performed the backup. True or False?
FALSE
16. Advanced auditing policies can't be overridden by broader basic policies. True or False?
FALSE
7. When you create a standard zone, you must specify the replication scope. True or False?
FALSE
8. In a Windows domain running Windows Server 2012 R2, account lockout is enabled by default. True or False?
FALSE
You can set filters in Event Viewer for multiple logs. True or False?
False
14. You want to create an HTML report that shows which policies and GPOs are applied to a particular user and computer. Which command should you use? a. gpupdate b. gpresult c. rsop d. Invoke-GPReport
B
17. Where would you find files related to logon and logoff scripts in an Active Directory environment? a. C:\Windows\NTDS b. %systemroot%\SYSVOL c. %Windir%\ntds.dit d. C:\Windows\edb.log
B
17. You were hired to fix problems with group policies at a company. You open the GPMC to look at the default GPOs and see that extensive changes have been made to both. You want to restore settings to a baseline so that you know where to start. What should you do? a. Delete the default GPOs and create new GPOs with the same names. b. Run gpofix. c. Create a domain and use GPO migration. d. Run gpupdate /revert.
B
18. Which of the following commands backs up the Registry, boot files, the Active Directory database, and the SYSVOL folder to the B drive? a. robocopy C:\Windows /r /destination:B: b. wbadmin start systemstatebackup -backuptarget:B: c. backup %systemroot% -selectsystemstate > B: d. ntdsutil create snapshot -source C:\Windows\ntds -dest B:
B
19. You have created an MSA on DC1 to run a service on the ldsServ1 server. What's the last thing you should do before using the Services MMC to configure the service to use the new MSA? a. On DC1, run the Install-ADServiceAccount cmdlet. b. On ldsServ1, run the Install-ADServiceAccount cmdlet. c. On DC1, run the Add-ADComputerServiceAccount cmdlet. d. On ldsServ1, run the Add-ADComputerServiceAccount cmdlet.
B
2. Where are user accounts stored on a stand-alone computer? a. SQL database b. SAM database c. Active Directory d. A flat file
B
23. You have four DCs in your domain. Active Directory appears to be corrupted on one of the DCs, and you suspect a failing hard drive. You attempt to remove it from the domain, but the procedure fails. You take the DC offline permanently and will replace it with another DC of the same name. What must you do before you can replace the DC? a. Restore the system state. b. Perform metadata cleanup. c. Back up SYSVOL. d. Transfer the FSMO roles.
B
3. What type of DNS server maintains a database containing addresses of name servers for domains such as microsoft.com, yahoo.com, netacad.net, and data.gov? a. Root server b. TLD server c. Cache-only server d. Secondary server
B
4. A resource record containing an alias for another record is which of the following record types? a. A b. CNAME c. NS d. PTR
B
4. Which of the following logs in Event Viewer do you use to create an event subscription? a. System b. Forwarded Events c. Security d. Setup
B
5. You need to move some user and computer accounts in Active Directory, but before you do, you want to know how these accounts will be affected by the new group policies they'll be subject to. What can you do? a. Run secedit.exe with the planning option. b. Run Group Policy Modeling. c. Run Group Policy Results. d. Run RSoP in logging mode.
B
6. You don't have policies that force settings for the look of users' computer desktops. Each user's chosen desktop settings are applied from his or her roaming profile to any computer he or she logs on to. You think it's important for users to have this choice, but you'd like a consistent look for computers used for product demonstrations to customers. What's the best way to do this without affecting users when they log on to other computers? a. Configure desktop policies in the Computer Configuration node of a GPO, and link this GPO to the OU containing the demonstration computers. b. Configure loopback policy processing in Computer Configuration. Configure the desktop settings in User Configuration, and link the GPO to the OU containing the demonstration computers. c. Create a user named Demo. Configure Demo's desktop settings, and use only this user account to log on to demonstration computers. d. Create a GPO with a startup script that configures desktop settings suitable for demonstration computers when these computers are started. Link the GPO to the OU containing the demonstration computers. Instruct users to restart demonstration computers before using them.
B
7. User authentications are taking a long time. The domain controller performing which FSMO role will most likely decrease authentication times if it's upgraded? a. RID master b. PDC emulator c. Infrastructure master d. Domain naming master
B
8. You have a DNS server running Windows Server 2012 R2 named DNS1 that contains a primary zone named csmtech.local. You have discovered a static A record for a server name DB1 in the zone, but you know that DB1 was taken offline several months ago. Aging and scavenging are enabled on the server and the zone. What should you do first to ensure that stale static records are removed from the zone? a. Change the default TTL on static records. b. Enable the Advanced View setting in DNS Manager. c. Configure the "Expires after" value in the SOA. d. Change the "No-refresh interval" timer to a lower number.
B
9. Which of the following is true about an RODC installation? a. A Windows server running at least Windows Server 2012 is required. b. The forest functional level must be at least Windows Server 2003. c. Adprep /rodcprep must be run in Windows Server 2008 forests. d. Another RODC must be available as a replication partner.
B
15. You want a DNS server to be able to respond to queries for a domain in a standard primary zone hosted on another DNS server. You don't want the server to be authoritative for that zone. How should you configure the server? (Choose all that apply.) a. Configure a secondary zone on the DNS server. b. Configure a stub zone on the DNS server. c. Configure a conditional forwarder on the DNS server. d. Configure a delegation on the DNS server.
B C
16. Which of the following is a built-in service account? (Choose all that apply.) a. Anonymous Logon b. Local system c. Network Service d. Authenticated Users
B C
4. None of the computers in an OU seem to be getting computer policies from the GPO linked to the OU, but users in the OU are getting user policies from this GPO. Which of the following is a possible reason that computer policies in the GPO aren't affecting the computers? (Choose all that apply.) a. The GPO link is disabled. b. The Computer Configuration settings are disabled. c. The computer accounts have Deny Read permission. d. The OU has the Block Inheritance option set.
B C
12. You have seven DNS servers that hold an Active Directory-integrated zone named csmpub. local. Three of the DNS servers are in the Chicago site, which is connected to three other sites through a WAN link with limited bandwidth. Only users in the Chicago site need access to resources in the csmpub.local zone. Where should you store the csmpub.local zone? a. ForestDNSZones partition b. csmpub.local.dns c. DomainDNSZones partition d. Custom application partition
D
13. You have just finished configuring a GPO that modifies several settings on computers in the Operations OU and linked the GPO to the OU. You right-click the Operations OU and click Group Policy Update. You check on a few computers in the Operations department and find that the policies haven't been applied. On one computer, you run gpupdate, and the policies are applied correctly. What's a likely reason the policies weren't applied to all computers when you tried to update them remotely? a. The Computer Configuration node of the GPO is disabled. b. A security filter that blocks the computer accounts has been set. c. The Operations OU has Block Inheritance set. d. You need to configure the firewall on the computers.
D
14. You have installed an RODC at a branch office that also runs the DNS Server role. All DNS zones are Active Directory integrated. What happens when a client computer attempts to register its name with the DNS service on the RODC? a. The DNS service rejects the registration. The client must be configured with a static DNS entry. b. The DNS service passes the request to another DNS server. After registration is completed, the DNS server that performed the registration sends the record to the DNS service on the RODC. c. The DNS service creates a temporary record in a dynamically configured primary zone. The record is replicated to other DNS servers and then deleted on the RODC. d. The DNS service sends a referral to the client. The client registers its name with the referred DNS server.
D
17. Global object access auditing allows you to do which of the following? a. Audit computers outside your domain. b. Audit computers over a WAN. c. Increase the number of objects that can be audited. d. Configure a single policy to audit access to all folders and files on a disk.
D
20. Users who log on from a branch office connected to the DC via a slow WAN link are complaining of slow logon times whenever you assign applications via group policies. What can you do to speed their logons? a. Perform a remote group policy update. b. Disable group policy caching. c. Configure synchronous processing when a slow link is detected. d. Configure asynchronous processing when a slow link is detected.
D
20. What's the term for removing deleted objects in Active Directory? a. Tombstoning b. Offline defragmentation c. Recycling objects d. Garbage collection
D
21. In your Windows Server 2012 R2 domain, you have a member server also running Windows Server 2012 R2. You want to install the LocSvc service, which will be accessing only local resources. You need to configure authentication for this service but don't want to use one of the built-in service accounts and want to do this with the least administrative effort. What should you do? a. Create a local user on the server, and configure the service to log on as that user. b. Create an MSA with PowerShell, and configure the service to log on as the MSA. c. Create a domain user, and in the Delegation tab, select LocSvc. d. Configure the service to log on as NT Service\LocSvc.
D
9. Which of the following is true about user accounts in a Windows Server 2012/R2 domain? (Choose all that apply.) a. The username can be from 1 to 20 characters. b. The username is case sensitive. c. The username can't be duplicated in the domain. d. Using default password policy settings, P@$$WORD is a valid password.
B C
8. Performance Monitor displays statistics in which of the following formats? (Choose all that apply.) a. Pie chart b. Histogram c. Report d. Line graph
B C D
4. Which of the following is true about GPOs? (Choose all that apply.) a. They affect all groups in their scope. b. They can be linked to a site. c. The Default Domain Policy affects only user accounts. d. Account policies are under the Computer Configuration node.
B D
10. You have created a GPO that sets certain security settings on computers. You need to make sure these settings are applied to all computers in the domain. Which of the following GPO processing features are you most likely to use? a. Block inheritance b. GPO enforcement c. WMI filtering d. Loopback processing
B
11. You have an application integrated with AD DS that maintains Active Directory objects containing credential information, and there are serious security implications if these objects are compromised. An RODC at one branch office isn't physically secure, and theft is a risk. How can you best protect this application's sensitive data? a. Configure the PRP for the RODC, and specify a Deny setting for the application object. b. Configure a filtered attribute set, and specify the application-related objects. c. Use EFS to encrypt the files storing the sensitive objects. d. Turn off all password replication on the RODC.
B
13. You're the network administrator for several Windows Server 2012 R2 servers in New York. Your company just opened an office in California, and you sent one of the servers to the new office. The server was up and running within two days after you sent it. Now you're having authentication problems between the server in California and the domain controllers in New York. There's nothing wrong with the WAN connection, and you never had problems with the California server before, which seems to operate okay in every other way. What's a possible cause of this problem? a. The California server's hard drive was damaged in the move. b. The time zone needs to be changed on the California server. c. The computer account needs to be reset. d. The authentication protocol is incorrect.
B
14. You have delegated a subdomain to a zone on another server. Several months later, you hear that DNS clients can't resolve host records in the subdomain. You discover that the IP address scheme was changed recently in the building where the server hosting the subdomain is located. What can you do to make sure DNS clients can resolve hostnames in the subdomain? a. Configure a forwarder pointing to the server hosting the subdomain. b. Edit the NS record in the delegated zone on the parent DNS server. c. Edit the NS record in the delegated zone on the DNS server hosting the subdomain. d. Configure a root hint pointing to the server hosting the subdomain.
B
22. Your Active Directory database has been operating for several years and undergone many object creations and deletions. You want to make sure it's running at peak efficiency, so you want to defragment and compact the database. What procedure should you use that will be least disruptive to your network? a. Create a temporary folder to hold a copy of the database. Restart the server in DSRM. Run ntdsutil and compact the database in the temporary folder. Copy the ntds.dit file from the temporary folder to its original location. Verify the integrity of the new database, and restart the server normally. b. Create a temporary folder and a backup folder. Stop the Active Directory service. Run ntdsutil and compact the database in the temporary folder. Copy the original data-base to the backup folder, and delete the ntds log files. Copy the ntds.dit file from the temporary folder to its original location. Verify the integrity of the new database, and restart the server. c. Create a temporary folder and a backup folder. Restart the server in DSRM. Run ntdsutil and compact the database in the temporary folder. Copy the original data-base to the backup folder, and delete the ntds log files. Copy the ntds.dit file from the temporary folder to its original location. Verify the integrity of the new database, and restart the Active Directory service. d. Create a temporary folder and a backup folder. Stop the Active Directory service. Run ntdsutil and compact the database in the temporary folder. Copy the original data-base to the backup folder, and delete the ntds log files. Copy the ntds.dit file from the temporary folder to its original location. Verify the integrity of the new database, and restart the Active Directory service.
D
4. Users of a new network subnet have been complaining that logons and other services are taking much longer than they did before being moved to the new subnet. You discover that many logons and requests for DFS resources from clients in the new subnet are being handled by domain controllers in a remote site instead of local domain controllers. What should you do to solve this problem? a. Create a new site and add the clients and new GC server to the new site. b. Change the IP addresses of the clients to correspond to the network of the DCs that are handling the logons. c. Compact the Active Directory database because fragmentation must be causing latency. d. Create a new subnet and add the subnet to the site that maps to the physical location of the clients.
D
5. What type of resource record is necessary to get a positive response from the command nslookup 192.168.100.10? a. A b. CNAME c. NS d. PTR
D
5. You want to decrease users' logon time at SiteA but not increase replication traffic drastically. You have 50 users at this site with one domain controller. Overall, your network contains 3000 user and computer accounts. What solution can decrease logon times with the least impact on replication traffic? a. Configure the domain controller as a domain naming master. b. Configure the domain controller as a global catalog server. c. Configure multiple connection objects between the domain controller in SiteA and a remote global catalog server. d. Enable universal group membership caching.
D
6. Which of the following best describes the "Account lockout threshold" setting? a. Specifies how many minutes a user's account is locked b. Defines the number of times a user can enter an incorrect username c. Specifies the number of minutes that must elapse between failed logon attempts d. Defines the number of times a user's password can be entered incorrectly
D
7. You want to create policies in a new GPO that affects only computers with Windows 7 installed. You don't want to reorganize your computer accounts to do this, and you want computers that are upgraded to Windows 8 to fall out of the GPO's scope automatically. What can you do? a. For each policy, use selective application to specify Windows 7 as the OS. b. Create a new OU, place all computer accounts representing computers with Windows 7 installed in this OU, and link the GPO to this OU. c. Create a group called Win7Computers. Place all computer accounts representing computers with Windows 7 installed in this group, and use this group in a security filter on the GPO. Link the GPO to the domain. d. Configure a WMI filter on the GPO that specifies Windows 7 as the OS. Link the GPO to the domain.
D
9. What should you do to get a better idea of normal and abnormal system performance on your network a. Talk to your users every day b. Create a baseline by recording monitor sessions at random times for later comparison. c. Watch for certain thresholds to be exceeded. d. Create a baseline by recording monitor sessions at peak and off-peak times for later comparison.
D
Chapter 10 Which of the following represents the correct order in which GPOs are applied to an object that falls within the GPO's scope? a. Site, domain, OU, local GPOs b. Local GPOs, domain, site, OU c. Domain, site, OU, local GPOs d. Local GPOs, site, domain, OU
D
15. Account policies configured in a GPO that's linked to an OU affect local user accounts on computers in the OU. True or False?
TRUE
15. An object must have an associated SACL to be audited. True or False?
TRUE
2. Objects in an OU with the Block Inheritance option set are affected by a domain-linked GPO with the Enforced option set. True or False?
TRUE
8. When a policy setting in Computer Configuration and User Configuration in the same GPO conflict, the Computer Configuration policy setting takes precedence. True or False?
TRUE
