server exam study guide
Which setting determines how long user accounts are locked out?
Account lockout duration
What is the last step in configuring a group managed service account?
Configure the service to use the group
Which option best describes what a UPN looks like on a Microsoft Windows 2016 server?
E-mail address
How can you, as a Microsoft Windows 2016 server administrator, allow single sign-on for users in other domains and allow them access to the resources in your domain or vice versa outside the forest?
External trust
You need to backup a GPO. When you right-click a GPO link, the backup option is unavailable. What is the problem?
GPO links cannot be backed up
Which PowerShell cmdlet can be used to view inactive user accounts?
Search-ADAccount
Which Forest Functional Level is required to deploy a RODC?
Server 2008
You would like members of the Boston_IT group to have the ability to create password settings objects. What should you do?
Set permissions on the Password Settings container
Which PowerShell cmdlet is used to block GPO inheritance for an OU?
Set- GPOInheritance
Which attributes are not copied over to users created from a user template?
Phone number
Which are valid fields within a DNS SRV Record?
Port Weight
Which Set-ADAccountPassword parameter does not require knowledge of the current password?
Reset
You are deploying drive mappings to user stations using Group Policy Preferences. You need to ensure users get the mapped drive only if they have the required permissions. Which option should you select?
Run in logged-on user's security context
What determines the certificate validity period?
Certificate template
While viewing Group Policy Preference you notice multiple registry settings with a green triangle icon. What does the icon imply?
Create
Which command configures Active Director on Server Core?
Install-ADDSDomainController
You need to create multiple GPOs that have similar security settings to be applied to different OUs. What should you do?
create a starter GPO, create GPO's, link to OU's
You are planning a Skype Business Server Standard Edition installation. What must be done to accommodate database requirements?
dcgpofix
You have provisioned a computer account for offline domain join. After coping te provisioning file to the target computer, which command should you run?
djoin.exe /requestODJ
You would like to configure a custom web app service named webapp1 to use a virtual account. The service runs on a host called Server1. What should you type in for the virtual account name?
NT Service\Webapp1
Which tools can be used to manage password settings objects? Choose two
New-ADFineGrainedPasswordPolicy
Which certificate checking mechanism is a simple HTTP query and response?
OCSP
Which command can be used to display SPNs?
SetSpn
Which command line tool is used for private key recovery?
certutil
Which statement is correct?
.ADM templates can be imported
Which file format is supported for software deployment?
.MSI
What is the default value for Group Policy slow link detection?
500 Kbps
Which certificate template permission allows certificates to be issued without user and administrator intervention?
Autoenroll
Which command forces a delta group policy refresh?
gpupdate/force
You need different local group policy settings on a station for administrators and regular users. Which snap-in should you add to MMC?
group policy object editor
What URL is used to support device registration with an Active Directory domain called earthfarm.com?
https://enterpriseregistration.earthfarm.com
Which command displays status of Active Directory replication?
repadmin
What command is used to transform a security template to a GPO?
scwcmd transform
You need to ensure that domain-linked GPOs are not blocked in subordinate OUs. What should you do?
set the GPO enforced option
Which PowerShell cmdlet us used to backup certificate services?
Backup-CARoleService
Which of the following statement is true?
GPO's cannot be linked to containers
Which Domain Controller options are enabled by default?
Global Catalog
Which are valid fields within a DNS SRV Record?
Group Membership Expiration
You are sharing a folder and assigning share permission. Which three permission options are available?
Read, Modify, and Full Control
What must be defined in AD FS in order to support Pre-Authentication on a Web Application Proxy?
Relying Party Trust
When should the PowerShell -PassThru parameter be used?
To generate output
What is the default location of the database and log files when you are deploying a domain controller?
C:\Windows\NTDS
Where in Group Policy are Kerberos settings configured?
Computer Configuration, Policies, Windows Settings, Security Settings, Account Policies
Where is Group Policy certificate auto-enrollment configured?
Computer Configuration, Policies, Windows Settings, Security Settings, Public Key Policies
Where is Kerberos contained delegation configured?
Computer properties
How do Active Directory OUs and containers differ?
Containers cannot have GPOs directly linked to them
You need to create an Active Directory group in the EarthFarm domain whose members come from other domains in the forest. The group must be used to assign permissions to shared folders in the Earthfarm domain. Which type of group should you create?
Domain Local, Security
Which term describes group policy settings controlled by the Group Policy Client service?
Managed
Which password policy setting prevents users from immediately resetting their password multiple times back to the same password?
Minimum password age
Which sequence of commands is required to configure a service account?
New-ADServiceAccount, Add-ADComputerServiceAccount, Install-ADServiceAccount
Which PowerShell cmdlet is used to add a new user account?
New-ADUser
Which command creates the file required to deploy a new Domain Controller using the Install from Media option?
Ntdsutil
Which command sequence is used to transfer a FSMO role?
Ntdsutil, roles, connections, connect to server, quit, transfer role_name
JChavez is a member of the All_Staff and HR groups. You need to determine which permissions JChavez has to the Projects folder. What should you do?
Project folder properties, Security, Advanced, and Effective Access
Which FSMO role allocates blocks of unique IDs to Domain Controllers?
RID Master
Which process best describes where the packets or the presentation of authentication information between forests will be examined and processed on a Microsoft Windows 2016 server?
SID filtering
Which record defines the services that are available within the site on a Microsoft Windows 2016 DNS server?
SRV record
Which AD DS partition contains definition of objects and attributes?
Schema
Which Attribute is stored in the CRL when a certificate is revoked?
Serial number
On a Microsoft Windows 2016 server, which option would you consider as the connective tissue between two or more sites?
Site links
Your organization needs a CA in the perimeter network that can satisfy Internet client certificate needs. What should be installed?
Standalone CA
If the root CA is taken offline for security purposes, how are certificates issued?
Subordinate CA
Which statement regarding Group Policy Preferences file deployment is true?
Users do not require individual file system permissions
Which format are WMI queries written in?
WQL
Which statement is correct?
When combining NTFS and Share permissions, the most restrictive permissions prevail
All users within the domain require the same security settings with the exception of an OU named Admins. What should you do?
block inheritance on the Admins OU
You are attempting to prepopulate user credentials for users at a remote branch office where a RODC is deployed, however the credentials never replicate to the RODC. What should you check?
Allowed RODC Password Replication Group
Which of the following special character is not allowed in an AD DS username?
Ampersands
You need a static user GPO configuration on machine regardless of which user logs on. What should you do?
enable loopback processing with the replace option
Which PowerShell cmdlet is used to add multiple members to the same group?
Add-ADGroupMember
You want to identify which files will be retained, when only some existing objects will be overwritten. Which of the following Active Directory restoration methods should be used?
Authoritative Restore
Which of the following command creates an organizational unit?
Correct New-ADOrganizationalUnit
Which of the following option is not a valid reason to implement a multiple forest AD DS infrastructure?
Different versions of Windows Server
Which built-in group can add pre-staged computers to an Active Directory domain?
Domain Admins
You have configured a certificate template to issue user EFS certificates. The CA is configured to use the certificate. Domain users complain that when they request a certificate through Active Directory Enrollment, the EFS certificate template is not shown. What should you do?
Grant users the Enroll permission
Your company uses Group Policy restricted groups to control group membership. What will happen to group memberships when the Group Policy is removed?
Group memberships will remain the same
Which of the following methods will successful enable your recycle bin on a new active directory installation? Choose two
In the Active Directory Administration Center: Select the domain, the select "Enable Recycle Bin"
Which PowerShell command installs the Active Directory Certification Authority?
Install-WindowsFeature ADCS-Cert-Authority
Which technology should you use to supply access to resources within a domain on a Microsoft Windows 2016 server?
Active Directory domains and trust
Where do you need to go to move a domain controller from one site to another?
Active Directory sites and services
If you are working in an environment using Microsoft Windows 2016 server and you have a branch office connected over a wide area network link with desktops in the location, but there are no domain controllers in the location and you do not want to enable the replication traffic for users to log in on the remote environment. What should you do to configure this correctly?
Automatic site coverage
Which of the following Active Directory backup solution allows incremental backups?
Azure Backup
Which of the following is NOT a method of pre-authentication to choose when publishing an app with WAP?
Kerberos
You are configuring the domain cloning feature to rapidly deploy serveral new domain controller vitual machines. Which file contains the new server name and IP address information?
DCCloneConfig.xml
How can you enable a single sign-on experience across forests on a Microsoft Windows 2016 server?
Forest to forest trust
You are building a script that will show members of all Active Directory groups. Which PowerShell cmdlet should the script use?
Get-ADGroupMember
Which forms of authentication are available only for intranet logons to ADFS?
Windows
What is the minimum forest functional level required to make use of the Active Directory Recycle Bin?
Windows 2008 R2
You have an external trust or a forest trust and you do not want the scope of potential authentication to be all users in one domain or forest to be able to access all resources in another domain and forest. What can you put in place on a Microsoft Windows 2016 server?
Trust firewall
Your Active Directory environment consists of two forests. Each forest contains two domains. How many Active Directory schemas exist in this configuration?
Two
Which Domain Controller attributes shows that a Global Catalog is active?
isGlobalCatalogReady
To compliment your backup solution, you would like to have an additional copy of Active Directory objects and their attributes stored in a file. Which command should you use?
ldifde
You need to change GPO settings references from Server1 to Server2 while upgrading to a Server 2016 environment. What should you configure?
migration table