TestOut Server 2016 Chapter 7 (7.1.4, 7.2.8, 7.3.5, 7.4.6, 7.5.9, 7.6.5, 7.7.6, 7.8.8, 7.9.5, 7.10.4)
You are the administrator of the westsim.com domain. Within the domain, you have OUs for the accounting, manufacturing, sales, and administration departments. You also have smaller OUs within each department OU, such as the ITAdmins OU in the Administration OU. You need to follow the principle of least privilege as you use the delegation of control wizard to complete the following: - Give one user in each OU the rights necessary to manage user accounts in their OU - Give your assistants in the ITAdmins group rights to nmanbage passwords for all users in the domain. Which of the following approaches can you use as you delegate control? (Select two.)
-Create a UnderAdmin group in each department OU -Make the user in each OU a member of the USerAdmin group -In each department OU, delegate control the the UserAdmin group to perform user account tasks -Create a PasswordAdmin group in the ITAdmins OU -Make your assistants members of the PasswordAdmin group -In the westsim.com domain, delegate control to the PasswordAdmin group to perform password tasks
You are the network manager for the westsim.private domain. The SRV1 server runs all file and print services for the network. The DNS database has an A record that maps srv1.westsim.private to the IP address of 192.168.16.10. You want to create a PTR record that maps the IP address to the host name. Which zone should you create the record in?
16.168.192.in-addr.arpa
You enter the ipconfig /all command and see, as a part of the results, the information shown in the image below. If you enter the nslookup command on this same system, which of the following do you expect to see as the address of the default server?
163.128.80.93
Match each active directory component on the left with the appropriate description on the right. (Each component may be used once, more than once, or not at all.)
A group of related domains that share the same DNS namespace - Tree A collection of related domain trees - Forest A server that holds a copy of the Active Directory database - Domain Controller The process of copying changes to the Active Directory database between domain controllers - Replication A collection of network resources that share a common directory database - Domain Can make changes to the Active Directory database - Domain Controller
You need to add a new Windows server to an Active Directory domain. You intend to make this new server a domain controller. This server was installed with a server core deployment, so you'll need to install the Active Directory Domain Services role from the PowerShell console. From the drop-down list, select the name of the service you would enter to complete the following PowerShell command: Install-WindowsFeature __________
AD-Domain-Services
You manage a network with a single active directory domain called westsim.com. You have just deployed an azure ad domain controller in the azure cloud. You have created a user account for yourself in the new azure AD domain. You are now testing the configuration of the azure ad domain from home by trying to join your home computer to this domain. Click on the option in the system menu in the settings app that allows you to join your computer to the domain in azure AD.
About (bottom)
You need to use the New Share wizard on a Windows server to create a new share for the C:\Shares\WidgetProject folder. Sales reps for your organization will connect to the share using Windows notebook systems. You want to configure the share so that Windows will hide the file or folder from users that do not have at least read permissions to a file or folder . Which option on the Settings screen should you enable?
Access-based enumeration
You manage a network with a single domain named eastsim.com. The network currently has three domain controllers. During installation, you did not designate one of the domain controllers as a global catalog server. now you need to make the domain controller a global catalog server. Which tool should you use to accomplish this task?
Active Directory Users and Computers or Active Directory Sites and Services
Match each zone type on the left with the corresponding characteristics on the right. Each zone type may be used once, more than once, or not at all. Multiple servers hold read-write copies of the zone data
Active Directory-integrated The only writeable copy of the zone database Primary A read-only copy of the zone database Secondary Secondary The replication scope specifies domain controllers that can receive a copy of zone data Active Directory-integrated
SRV02 holds a shared folder named Forecast for the Managers group. Maria is a member of the Managers group. You would like to grant the Managers group full control to the folder named Forecast, but limit Maria's access to read only. You have added the Managers group to the access list for the Forecast folder and granted Full Control access. You now need to limit Maria's access to the folder. What should you do? (Choose two. Each choice is a complete solution.)
Add Maria to the NTFS permissions for the folder. Grant read access. Remove Maria's account from the Managers group and grant read access.
You have added a new color printer to the network. You have only given certain users throughout the network permission to send print jobs to this printer. Some of these users are complaining that it takes a long time to find the new color printer in active Directory to add it to their list of printers. What can you do to make this printer faster to find?
Add a global catalog server
You manage a Windows server that is used to store user data files. You install a tape drive in the server. Following the installation, you check Device Manager and the device appears to be working correctly. You run Windows Server Backup and start the Backup Schedule wizard. After configuring the schedule, you get a message stating that there is no available backup destination. What should you do?
Add a new external hard disk to the system.
You have connected a print device to the Srv11 server and created a printer for it. You have shared the printer as Printer1 and granted the Everyone group permission to print to it. A third-party technician is visiting your company today to clean the company's printers. You check the print queue and find numerous jobs in the queue. An identical print device is attached to Srv5. The printer on Srv5 is shared as Printer2. You want to let the technician clean the printer attached to Srv11 while allowing the print jobs in queue to print. What should you do?
Add a new local port and configure Printer1 to print to it.
You are the administrator of a network with two active directory domains. Each domain currently includes 35 global groups and 75 domain local groups. You have been reading the windows server help files and have come to the conclusion that universal groups may be the answer to ease administrative management of these groups You decide to incorporate universal groups. How can you make sure to not include changes to any group that will affect group member's assigned permissions?
Add global groups to universal groups and then add those to domain local groups
On your Windows server, you share the D:\Reports folder using a share name Reports. You need to configure permissions on the shared folder as follows: • Members of the Accounting group should be able to view files but not be able to modify them. • Phil, a member of the Accounting group, needs to be able to open and edit files in the Shared folder. You need to assign the necessary permissions without assigning extra permissions beyond what is required and without affecting other access that might already be configured on the computer. You need to complete the task using the least amount of effort possible. What should you do?
Add the Accounting group and assign the read permission. Add the Phil user account and assign read/write permission
You have created a group policy that prevents users in the accounting department from accessing records in a database that has confidential information. The group policy is configured to disable the search function for all users in the Accounting OU no matter which workstation is being used. After you configure and test the policy, you learn that several people in the Accounting OU have valid reasons for using the search function. These users are part of a security group named Managers. What can you do to prevent the Group Policy object (GPO) that you have configured from applying to members of the Managers group?
Add the Managers group to the GPO's discretionary access control list (DACL). Deny the apply Group Policy and read permissions to the Managers group.
Which of the following describes an additional domain?
Additional domains are second-level domains with names registered to an individual or organization for use on the Internet.
You've configured an NFS share on your Windows Server to support Linux client systems that are not joined to your domain. Click the option in the NFS Advanced Sharing window you would use to allow these clients to use anonymous access when connecting to the share.
Allow Linux systems that are not joined to your domain you must allow anonymous access by selecting the No server authentication option.
Click on the user right policy that is used to grant a user local access to the desktop of a Windows server.
Allow log locally
You are an administrator over several Windows servers. You also manage a domain in Active Directory. Your responsibilities include managing permissions and rights to make sure users can do their jobs while also keeping them from doing things they should not be doing. With Windows Server systems and Active Directory, the concepts of permissions and rights are used to describe specific and different kinds of tasks. Drag the concept on the left to the appropriate task examples on the right. (Each concept can be used more than once.)
Allow members of the Admins group to back up the files in the Marketing folder on the CorpFiles server. -Rights Assign members of the Admins group read-only access to the files in the Marketing folder on the CorpFiles server -Permissions Allow members of the Admins group to restore the files in the Marketing folder on the CorpFiles server. -Permissions Allow members of the Admins group to log on locally to the CorpFiles server. -Rights Allow members of the Admins group to shut down the CorpFiles server. -Rights Allow members of the Marketing group to send print jobs to the Marketing color printer. -Permissions
Match each active directory component on the left with the appropriate description on the right. (Each component may be used once, more than once, or not at all.)
An object that cannot be created, moved, renamed, or deleted - Generic Container A database that contains a partial replica of every object from every domain - Global Catalog Facilitates faster searches - Global Catalog A type of container object that can be created by the administrator to simplify security administration - Organizational Unit Identifies the types of objects that can exist in the tree - Schema Information about an object, such as a user's name - Attributes Used to logically organize network resources within a domain - Organizational Unit
You have connected a print device to the Srv9 server and created a printer for it. You have shared the printer as Printer1 and published it to Active Directory. You are leaving on vacation and want to let Chad pause, restart, and delete print jobs on the printer while you are gone. Chad should not be allowed to delete the printer or change its properties. Chad is a member of the Help Desk Technicians domain local group. Currently, the Everyone group has the allow print permission to the printer. What should you do?
Assign Chad the allow manage documents permission to the printer.
You manage a Windows server that has an attached printer that is used by the Sales department. The sales manager has asked you to restrict access to the printer as follows: • Sally needs to connect to a printer, print documents, and pause and resume her own print jobs. • Damien needs to pause and resume documents for all users, but does not need to change printer properties. You want to assign the most restrictive permissions that meet the sales manager's requirements. What should you do? (Choose two. Each choice is part of the correct solution.
Assign Damien the manage documents permission.
You are the network administrator for your company. A Windows server named Srv1 has a shared folder called SalesResearch that shares the F:\Sales\Research folder. This folder has three subfolders, Projects, Analysis, and Reports. Permission inheritance is enabled on F:\Sales\Research and all subfolders and files. Only the Administrators group and one designated employee have permission to each subfolder. Permissions are configured as follows: Resource Type of Permission Effective Permissions SalesResearch share Share Everyone: Allow-Full Control F:\Sales\Research NTFS Administrators: Allow-Full Control F:\Sales\Research\Analysis NTFS Anne: Allow-Modify Administrators: Allow-Full Control F:\Sales\Research\Projects NTFS Billy: Allow-Modify Administrators: Allow-Full Control F:\Sales\Research\Reports NTFS Gavin: Allow-Modify Administrators: Allow-Full Control Stan needs to read all of the documents within the SalesResearch share and its subfolders. Stan does not need to make changes to these documents. You need to give Stan appropriate permissions without giving him unnecessary permissions. What should you do?
Assign Stan the allow read NTFS permission to F:\Sales\Research.
You need to share a folder that contains data used by your accounting department. You want Phil, the manager of the department, to be able to add and remove files. You want members of the department to be able to connect to the share and see the files it contains, but you do not want them to have the ability to make changes. Everyone else in the company should be blocked from connecting to the share. There is a global group called Accounting that contains all the accounting department users, including Phil. You need to configure permissions on the share. What should you do?
Assign allow change permissions for Phil, allow read for Accounting, and nothing else.
You are configuring access for a shared folder on a Windows server. There is a global group called Appusers who need read-only access. However, there is a member of Appusers, jsmith, who should not have any access at all. How can you configure your share so that the members of Appusers have access but jsmith does not while creating the least disruption to your existing administrative structure?
Assign allow read permission to Appusers and assign deny read permissions to jsmith.
On your Windows server, you share the D:\Apps folder using the share name Apps. You need to configure permissions to the share as follows: • Members of the Appusers group should be able to open and view files in the shared folder. • User JohnS should not have any access to files in the shared folder. JohnS is a member of the Appusers group. You need to assign the necessary permissions without assigning extra permissions beyond what is required and without affecting other access that might already be configured on the computer. You need to complete the task using the least amount of effort possible. What should you do?
Assign allow read permissions to Appusers and assign deny read permissions to JohnS.
You are the administrator for a small network with several servers. There is only one printer, which is centrally located. Although indications are that this printer is over-utilized, there is neither space nor budget to add additional printers at this time. There are often cases where a document is needed urgently, but when it is printed, it goes into the queue and is printed in the order received, not the order of the document's priority. You would like to allow Gladys, the administrative assistant, to have the ability to maintain the print queue. Specifically, you want her to be able to alter the order of printing for the documents waiting to be printed. You need to permit Gladys to make this change without adding her to the local Administrators group or making significant changes to the way your office operates. What should you do?
Assign the manage documents permission for the printer to Gladys.
You want to monitor processor and memory utilization on Srv4. You create a single data collector set configured to save log files every day. You add the processor and memory data collectors to the data collector set. After running the data collector set for several days, you have several separate log files. You would like to compare the statistics for the first day with the statistics reported for the last day. In particular, you would like to be able to see a single graph that lines up the processor utilization on an hour-by-hour basis. What should you do?
At a command prompt, run Perfmon /sys multiple times to open a view of each log file. Use the Compare option to transparently overlay each log onto the first log.
You want to monitor processor and memory utilization on Srv4. You create a single data collector set configured to save log files every day. You add the processor and memory data collectors to the data collector set. After running the data collector set for several days, you have several separate log files. You would like to combine the multiple files into a single view so you can see a graphic in Performance Monitor for the entire time period. What should you do? (Select two. Each choice is a possible solution.)
At a command prompt, run the Relog command. Open the resulting log in Performance Monitor. In Performance Monitor, use the View Log Data option to select all log files in the range. Expand the date range to include all log files.
You manage the intranet servers for EastSim Corporation. The company network has three domains: eastsim.com, asiapac.eastsim.com, and emea.eastsim.com. The main company website runs on the web1.eastsim.com server with a public IP address of 101.12.155.99. A host record for the server already exists in the eastsim.com zone. You want Internet users to be able to use the URL http://www.eastsim.com to reach the website. What type of DNS record should you create?
CNAME
You manage a group of 10 Windows workstations that are currently configured as a workgroup. Which are advantages you could gain by installed Active Directory and adding the computers to a domain? (Select two.)
Centralized authentication Centralized configuration control
You want Windows Defender to automatically report malware infections to Microsoft. Click the option you must use to make that change.
Click Settings to access the option where you can enable automatic sample submission, which is in the Settings app.
Drag the Windows Defender feature on the left to the appropriate description on the right. Provides real-time protection by sending Microsoft information about potential security threats discovered by Windows Defender
Cloud-based protection Checks file system locations that are most likely to be infected by spyware. Quick scan Allows Windows Defender to send information to Microsoft for use in analyzing and identifying new malware. Automatic sample submission Alerts you when spyware or potentially unwanted software attempts to install itself or run on your computer. Real-time protection Causes the system to reboot and Windows Defender to run a scan in an isolated state before returning to Windows. Offline scanning
You are the administrator of a network with a single Active Directory domain. The domain includes two domain controllers. Your company's security policy requires that locked out accounts are unlocked by administrators only. Upon reviewing the account lockout policy, you notice the account lockout duration of 99999. You need to configure your domain's account lockout policy to comply with your company's security policy. What should you do next?
Configure Account lockout duration as 0.
You are the network administrator for eastsim.com. The network consists of one Active Directory domain. Several users have received new computers to replace their older systems that were out of warranty. You are preparing to join the new computers to the domain. Your company has several limitations on what users can do with their workstations. For example, users are not allowed to use USB removable media devices or create any kind of executable files. You must make sure each new computer configuration is in compliance with these limitations, but you do not want to go from computer to computer to make the changes. Which of the following can you perform to meet these requirements with the least possible effort?
Configure Group Policy preferences.
You are the network administrator for a small manufacturing company. You have ten regional sales people who travel extensively and have been provided Windows laptop computers. The mobile users have complained that, although they can take copies of important files with them into the field, occasionally they have been caught with out of date documents because no one told them the files had been updated. Additionally, some of these files need to be distributed to all the other sales staff. You need to address this problem and easily provide the appropriate access to these shared files. What should you do?
Configure Offline Files for the folder that contains these files.
You manage a network with two locations, San Jose and Oakland. The two networks are connected with a WAN link, and each site has its own Internet connection. You decide to implement a WSUS solution with a single WSUS server in the San Jose location. You want to make sure that client computers only download updates that have been approved on the WSUS server. To minimize bandwidth use between the two locations, all client computers in Oakland should download the updates from the Microsoft Update website using the local Internet connection. You install WSUS on Srv1 in the Oakland location. What should you do to complete the configuration for hosts in Oakland? (Select two. Each choice is a required part of the solution.)
Configure Srv1 to not store updates locally. In a GPO that applies to all client computers in Oakland, edit the Specify Intranet Microsoft Update service location policy and specify Srv1.
You manage a network with two locations, San Jose and Oakland. The two networks are connected with a WAN link, and each site has its own Internet connection. Srv1 is in San Jose, and Srv2 is in Oakland. You decide to implement a WSUS solution using Srv1 and Srv2 as WSUS servers. Your solution should meet the following requirements: • Client computers should contact the WSUS server in their site for a list of approvals and download the updates from the WSUS server in their site. • All updates for both sites are approved from Srv1. • You must minimize traffic on the WAN link between the two sites. You have completed the configuration of the WSUS server in the San Jose location. How should you configure Srv2 in Oakland to meet the design requirements?
Configure Srv2 to synchronize with Srv1 as a downstream server to Srv1. Configure the server to store updates locally and download updates from Microsoft Update.
You are the systems administrator for WestSim Corporation. You have been assigned to set up a new branch office in Tulsa. The branch will be represented by a single domain. You install a single DNS server called TulsaDNS and configure a primary zone for the branch office domain. You test name resolution and find that hosts can only resolve names for hosts within the domain. You need to enable clients in the Tulsa location to resolve names for hosts in other domains within your private network. You would like to minimize traffic across the WAN link between the sites. What should you do?
Configure TulsaDNS to use forwarders.
You manage several Windows workstations in your domain. You want to configure a GPO that will make them prompt for additional credentials whenever a sensitive action is taken. What should you do?
Configure User Account Control (UAC) settings.
You are the network administrator for eastsim.com. The network consists of one Active Directory domain. You have been instructed to map a drive to a department share for all users. The company no longer uses login scripts, so you must ensure that the department share is mapped using Group Policy. What should you do?
Configure a Drive Maps policy in a GPO linked to the domain.
You would like to prevent users from running any software with .exe or .com extensions on computers in the domain unless they have been digitally signed. The rule should apply to all known and unknown software. How should you configure this rule in AppLocker?
Configure an executable rule with a publisher condition.
You have a folder on your Windows server that you would like members of your development team to access. You want to restrict network and local access to only specific users. All other users must not be able to view or modify the files in the folder. What should you do? (Select two. Each choice is a required part of the solution.)
Configure both share and NTFS permissions. Place the files on an NTFS partition.
You manage a network with a single location. You have previously deployed a WSUS server in your location to specify the approved list of updates. All client computers are configured to download updates from your local WSUS server. Members of the accounting department report that a new system update causes instability with their accounting software. You want to prevent this update from being applied to the accounting department computers, but you still want to ensure that all other updates are being applied properly. What should you do?
Configure client-side targeting on the WSUS server and computers in the accounting department.
You are a network engineer working for WestSim Corporation. The company has an Internet domain named westsim.com. The private network uses the namespace of private.westsim.com. Your company manages its own Domain Name System (DNS) servers that are authoritative for both of the company's name spaces. p y p Your network consists of several subnets at multiple locations. Sites are connected with WAN links. www.private.westsim.com is an intranet web server that is commonly used throughout the company. You want to ensure that users can always access this server by name, even if an authoritative DNS server is not available. What should you do?
Configure each client computer's HOSTS file with an entry for www.private.westsim.com.
You are an administrator for a company that uses Windows servers. In addition to Active Directory, you also provide file and print services, DHCP, DNS, and email services. There is a single domain and a single site. There are two member servers, one that handles file and print services only, and one database server. You are considering adding additional servers as business Your company produces mass mailings for its customers. The mailing list and contact informationincreases. provided to your company by its clients is strictly confidential. Because of the private information sometimes contained in the data (one of your clients is a hospital), and because of the importance of the data to your operation, the data can also be considered a trade secret. You want to ensure the data stored on your member servers is only accessed by authorized personnel for business purposes. You've set file permissions to restrict access, but you want to track the authorized users. How should you configure your security policy to track access to the data files?
Configure object access auditing in a GPO and link it to the domain.
You are the network administrator for your company. Your network consists of two Active Directory domains, research.westsim.local and sales.westsim.local. Your company has two sites, Dallas and Houston. Each site has two domain controllers, one domain controller for each domain. Users in Houston report slow performance when logging on. Users in Dallas do hot have any problems. You want to fix the Houston problem. What should you do?
Configure one of the domain controllers in Houston to be a global catalog server
You are the server administrator for the Srv12 server. This server is running the File Services role and is used for user home folders. Each user has a folder that they can use for storing personal files. Management wants a solution that meets the following requirements: • Allow only the specified user to save files in their home folder. • User should not be allowed to view or edit files in other user's home folders. • The list of files and folders that users can view should show only the files that they have rights to access. What should you do?
Configure share and NTFS permissions with access-based enumeration.
You are the security administrator for a large metropolitan school district. You are reviewing security standards with the network administrators for the high school. The school's computer center has workstations for anyone's use. All computers in the computer center are members of the Computer Center Computers global group. All workstations are currently located in the Computers container. The computer center computers have access to the Internet so users can perform research. Any user who uses these computers should be able to run Internet Explorer only. Other computers in the high school should not be affected. To address this security concern, you create a Group Policy object (GPO) named Computer Center Security. How can you configure and apply this GPO to enforce the computer center's security?
Configure the Computer Configuration node of the Computer Center Security GPO to restrict software to Internet Explorer only. Link the GPO to the domain and allow access to the Computer Center Computers group only.
User Account Control (UAC) prompts the user for credentials or permission in an effort to minimize the dangers of unwanted actions or unintended software installations. Configure a GPO to enforce UAC settings on all client computers
Configure the User Account Control: Behavior of the elevation prompt for standard users setting in Group Policy to prompt for credentials.
You are the network administrator for eastsim.com. The network consists of a single domain. All the servers run Windows Server. You support a print server named PS1 that provides print services for 100 users. After installing a new printer on the print server, you observe that the print spooler needs to be restarted more frequently. You believe the problem is related to the new printer driver that has just been installed. However, investigation of the event logs is inconclusive. You need to determine if the driver for the new printer is the cause of the recent failures using the least amount of administrative effort. Your solution must not affect the ability of users to print to the new printer. What should you do?
Configure the print driver isolation settings for the new driver.
You have connected a print device to Srv3 and created a printer for it. You have shared the printer as Printer1 and granted the Everyone group permission to print to it. Users in the art department frequently send multiple page graphics to the printer. The jobs often take a long time to print. Other users, whose jobs are typically short, must wait for a long time for their documents to print. You want to prevent large print jobs from delaying the print jobs of non-art users. You want to accomplish this with least amount of administrative effort. What should you do?
Configure the priority of Printer1 to 1. Add a new printer and set the priority to 99. For the new printer, deny the print permission for users in the art department. Instruct all users except those in the art department to use the new printer.
You manage a Windows server that is used to hold user data files. You configure a script that runs as a scheduled task that runs wbadmin start backup and saves backups to a shared folder. The first day, the script runs correctly, and the backup is made as required. The second day, you arrive at work and find that the backup has failed. Not only that, but the backup from the previous day no longer exists. You want to make sure that you can save multiple backups to the shared folder if possible. If a backup fails, it should not affect existing backups. What should you do?
Configure the script to save the backups in subfolders in the shared folder.
You are the administrator for ABC Corporation. The network has a single active directory domain called xyz.com The Sales team has a shared folder on Srv1 that is used to hold sales contact information. You need to control access to this folder so that only members of the sales team can access the folder. You create a group called Sales and add all members of the sales team as members of the group. However, when you try to assign permissions to the shared folder, the sales group you created does not show in the list of available objects. You check the properties of the group and fine the details down in the image. What do you need to do to assign permissions to the sales team?
Convert the group to a security group
You are the administrator for a network with two domains, westsim.com and sales.westsim.com. You have a shared folder called reports on the sales1 server in the sales.westsim.com domain. The following two users need access to this shared folder: - Mark in the westsim.com domain - Mary in the sales.westsim.com domain You create a global group called sales in westsim.com. You grant this group the necessary permissions to the reports shared folder. you add mark as a member of the group; however you are unable to add mary as a group member. What should you do? (Select two.)
Convert the group to a universal group Delete the exisiting group. Create a domain local group in sales.westsim.com. Add mary and mary as members and assign permissions to the share
You are the administrator of a multi-domain active directory forest. You have a universal group called salesexecs. This group has successfully been used as an email distribution group. Later, you try to assign the group permissions to a shared folder, but salesexecs does not appear as a choice. What should you do?
Convert the salesexec group from a distribution group to a security group
You are the network administrator for eastsim.com. The network consists of a single Active Directory domain. The company has a main office in New York and several international locations, including facilities in Germany and France. You have been asked to build a domain controller that will be deployed to the eastsim.com office in Germany. The network administrators in Germany plan to use Group Policy administrative templates to manage Group Policy in their location. You need to install the German version of the Group Policy administrative templates so they will be available when the new domain controller is deployed to Germany. What should you do?
Copy the German .ADML files to the appropriate directory in the SYSVOL on a local domain controller.
You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. Mary Hurd is a manager in the sales department. Mary is a member of the managers global group. This group also has members from other organization units. The managers group has been given read share permission to the reports shared folder. You need to create several new user accounts that have the same group membership and permission settings as the mhurd user account. How can you complete this configuration with the least amount of effort?
Copy the mhurd user account. Assign the new account the change share permission to the reports shared folder
You've just deployed a new Active Directory domain, as shown in the figure below. You now need to deploy Group Policy objects (GPOs) to apply configuration settings and enforce security policies. Click the container(s) to which a GPO can be applied.
Corp Domain Controllers
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As you manage Group Policy objects (GPOs), you find that you often make similar user rights, security options, and Administrative Template settings in different GPOs. Rather than make these same settings each time, you would like to create some templates that contain your most common settings. What should you do? (Select two. Each choice is a possible solution.)
Create GPOs with the common settings. Take a backup of each GPO. After creating new GPOs, import the settings from one of the backed up GPOs. Create GPOs with the common settings. When creating new GPOs, copy one of the existing GPOs.
You are in charge of managing the servers in your network. Recently, you have noticed that many of the domain member servers are being shut down. You would like to use auditing to track who performs these actions. What should you do to only monitor the necessary events and no others? (Select two. Each choice is a required part of the solution.)
Create a GPO to configure auditing. Link the GPO to the domain. Audit successful system events.
Your organization has been using an in-house custom-developed application. The team that developed that application created a Group Policy template in the form of an ADMX file, which you have used to assign necessary rights to a group of users who use the application. Another group of users now needs to have the same rights. This group belongs to an OU that one of your assistants has full control management rights to. When your assistant tries to use the Group Policy template to assign rights to this group, she cannot find the template in Active Directory. What must you do to give your assistant access to this Group Policy template?
Create a central store on the SYSVOL share and copy the ADMX file into it.
You manage a single domain named widgets.com. Organization units (OUs) have been created for all company departments. Computer and user accounts have been moved into their corresponding department OUs. The CEO has requested the ability to send emails to managers and team leaders. He'd like to send a single email and have it automatically forwarded to all users in the list. Because the email list might change frequently, you do not want the email list to be used for assigning permissions. What should you do?
Create a distribution global group. For each user on the email list, make their user account a member of the group
You are the domain administrator for a single domain forest. You have 10 file servers that are member servers running windows server. Your company has designed its top-level OU structure based on the 15 divisions for your company. Each division has a global security group containing the user accounts for division managers. Division managers have permissions to folders on all file servers. They need different permissions for folders. What should you do?
Create a global group called AllMgrs; make each of the existing managers groups a member
You are the administrator for a network with two domains, westsim.com and branch.westsim.com. User accounts for the sales team are in both domains. You have a shared folder called reports on the sales1 server in the westsim.com domain. You also have a shared folder called contacts on the sales6 server in the branch.westsim.com domain., All sales users need access to both shared folders. What do you need to do to implement a group strategy to provide access to the necessary resources?
Create a global group in each domain. Add users within each domain to the group Create a universal group in westsim.com Add the global groups from each domain to the universal group Add the universal group to domain local groups in each domain Assign permissions to the domain local groups
You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. The support department have very high turnover. Nearly every week you need to add new user accounts. All user accounts have the same department and fax number settings. Each user account must also have permission to the orders shared folder. You want to create a template account to use when creating new accounts in the future, What should you do? (Select three.)
Create a group called support. make the template account a member of the support group. assign permissions for the group to the orders shared folder Disable the user account Create a user account with the department and fax number settings
You are the network administrator of a network that spans two locations, Atlanta and Dallas. Your organization started in Atlanta, and that's where you installed your first Active Directory domain controller. The Dallas location was later added to the domain with its own domain controller. Atlanta and Dallas are connected using a dedicated WAN link. You have not made any changes to default sites. Dallas users complain of long login times. Dallas users have been authenticating to DC in Atlanta. What is the first step in solving this problem?
Create a new site object and move the server object for the Dallas domain controller into the new site
You are a systems administrator for WestSim Corporation. As part of a new security initiative, the IT department has developed a custom application that reports the host name of all clients that try to access three sensitive servers in the accounting department. The application has been working for the last three months. The company expands and adds a new building with a LAN connection to the rest of the network. This building has its own subnet, 192.168.5.0. You create a scope on an existing DHCP server for this subnet. During a random check of the reporting software, you discover that the application reports the IP address but not the host name for clients on the new subnet. Everything works as designed for hosts on other subnets. You check the DNS database and find that none of the hosts on that subnet have an associated PTR record. What should you do?
Create a primary reverse lookup zone for subnet 192.168.5.0.
You are the administrator for the westsim.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. Computers in the accounting department use a custom application. During installation, the application creates a local group named AcctMagic. This group is used to control access to the program. By default, the account used to install the application is made a member of the group. You install the application on each computer in the accounting department. All accounting users must be able to run the application on any computer in the department. You need to add each user as a member of the AcctMagic group. You create a domain group named Accounting and make each user a member of this group. You then create a GPO named Acct Software linked to the Accounting OU. You need to define the restricted group settings. What should you do?
Create a restricted group named AcctMagic. Add the Accounting domain group as a member.
You manage a Windows server server that is used to store user data files. You will use Windows Server Backup to configure a backup schedule. You want to perform a complete system backup daily. You want to be able to restore the entire system or individual files from the backup. What should you do? (Select three. Each choice is a complete solution.)
Create a scheduled task that runs wbadmin start backup. Save backups to a shared folder. Use Windows PowerShell cmdlets for Windows Server Backup to schedule the backups. Save the backups to an external hard drive attached to the server. In Windows Server Backup, run the Backup Schedule wizard. Save backups to a shared folder.
You want to prevent users from running any file with a .bat or .vbs extension unless the file is digitally signed by your organization. How should you configure this rule in AppLocker?
Create a script rule with a publisher condition.
You get a call from a user one day telling you that his password no longer works. As you inquire about the reasons why the password doesn't work, he tells you that yesterday he got a call from an administrator asking for his user account passwords, which he promptly supplied. You want to reset all account passwords and force users to change on next login. What should you do? (Select two.)
Create a script that runs Dsmod. Specify the new password and account properties in the script. Run the script Run Ldifde to export user account information. Edit the .ldif file to modify the user account properties and passwords. Run Ldifde to modify the existing accounts
You have connected a print device to the Srv2 server and created a printer for it. You have shared the printer as Printer1 and published it to Active Directory. During the hours of 11:00 am to 2:00 pm, you want to restrict access to the print device to members of the Help Desk Reports group. No other users should be able to print to your print device during those hours. During all other hours, all users in the company should have equal access to the print device. What should you do?
Create a second printer for your print device and name it Printer2. Keep the default configuration for Printer1, but configure Printer1's availability to 2:00 pm to 11:00 am. For Printer2, remove permissions for the Everyone group and grant the print permission to the Help Desk Reports group.
You are the domain administrator for a single domain forest. Your company has based its top-level OU structure on the four divisions for your company, manufacturing, operations, marketing, and transportation. Each division has a global security group containing the user accounts for division managers. You want to have a single group that can be used when you need grant access to resources to all of your organization's mangers. What should you do? (Select two.)
Create a universal security group called AllMgrs and make each of the existing division manager groups a member Create a global security group called AllMgrs and make each of the existing division manager groups a member
You want to find out who has been running a specific game on the client computers. You do not want to prevent users from running the program, but instead want to log information when the file runs. The application is not digitally signed. How should you configure this rule in AppLocker?
Create an executable rule with a path condition that identifies the file. Set the enforcement mode to audit only.
You are the network administrator for a company with a single Active Directory domain. The corporate office is locate din Miami, and there are satellite offices in Boston and Chicago. AD sites configured for all three locations. Default site was renamed Miami. Each location has a single IP subnet, and each office has several DCs. Boston office has expanded, each new floor having a subnet. DCs for Boston as on one floor in the same subnet. You notice that users working on the new floors are authenticating to domain controllers from other locations. What should you do to the Active Directory Sites and Services configuration?
Create subnets for the new floors in the Boston office and link them to the Boston site
You are the network administrator for Corpnet.com. A small group of software developers in your organization have to use Linux workstations. You are creating a share for these Linux users on your file server, which is named File1. How can you allow clients running Linux-based operating systems to connect to a share on File1?
Create the share using the Network File System (NFS).
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As part of your security plan, you have analyzed the use of Internet Explorer in your organization. You have defined three different groups of users. Each group has different needs for using Internet Explorer. For example, one group needs ActiveX controls enabled, and you want to disable ActiveX for the other two groups. You would like to create three templates that contain the necessary settings for each group. When you create a GPO, you want to apply the settings in the corresponding template rather than manually set the corresponding Administrative Template settings for Internet Explorer. What should you do?
Create three starter GPOs with the necessary settings. When creating the GPOs, select the starter GPO with the desired settings.
You have configured Active Directory Sites and Serivces to represent the physical layout of your network. As shown in the table below, each site has its own domain controller and subnet: Atlanta / DC-ATL / 192.168.1.0/24 Chicago / DC-CHI / 192.168.2.0/24 Denver / DC-DEN / 192.168.3.0/24 Phoenix / DC-PHX / 102.168.4.0/24 A user authenticates from a workstation with an IP address of 192.168.2.255 and a subnet mask of 255.255.255.0. Which domain controller is Active Directory going to send this authentication request to?
DC-CHI
You are system administrator with hundreds of host workstations to manage and maintain. You need to enable hosts on your network to find the IP addresses of alphanumeric host names such as srv1.myserver.com. Which of the following would you use?
DNS server
You are the administrator of the eastsim.com domain. Your Active Directory structure has organization units (OUs) for each company department. You have assistants who help resetting passwords and managing group memberships. You also want your assistants to help create and delete user accounts. Which of the following tools can you use to allow your assistants to perform these additional tasks?
Delegation of Control Wizard
Your Active Directory network uses the internal DNS namespace private.westsim.com. Several other Active Directory domains also exist, which are children to the private.westsim.com domain. On the Internet, your company uses westsim.com for its public domain name. Your company manages its own DNS servers that are authoritative for the westsim.com zone. The private.westsim.com zone has been delegated to your company's Active Directory domain controllers, which are also DNS servers. Computers that are members of the private.westsim.com domain and all child domains must be able to resolve DNS names of Internet resources. However, to help secure your network, DNS queries for resources in the private.westsim.com domain and all child domains must never be sent to Internet DNS servers. Queries for Internet names must go first to your public DNS server that is authoritative for the westsim.com domain. You need to configure your company's DNS servers to meet these requirements.What should you do? (Choose two. Each correct choice is part of the solution.)
Delete root hints to Internet DNS servers on all DNS servers that are authoritative for the private.westsim.com zone or any child zone. On all DNS servers that are authoritative for the private.westsim.com zone or any child zone, create a forwarders list. Forward to DNS servers that are authoritative for the parent zone.
Your company uses westsim.com as its public Internet domain name. Your private network has a single Active Directory domain named westsim.local. All westsim.local authoritative DNS servers are configured to forward DNS requests across a firewall to external westsim.com authoritative DNS servers. Based on your security policy, the westsim.local authoritative DNS servers are not to contact other computers across the firewall. You manage all DNS servers that are authoritative for the westsim.com and westsim.local DNS domains. All client computers are members of the westsim.local Active Directory domain and are configured to use westsim.local authoritative DNS servers. Currently, all DNS servers have a root zone. Also, all DNS servers have the default configured cache.dns file in their %systemroot%\dns folder. Client computers on your network must resolve names in the Internet namespace and names in the westsim.local domain. You need to configure your company's DNS servers to meet these requirements. What should you do? (Select three. Each correct answer is part of the correct solution.)
Delete the root zone on all westsim.com authoritative DNS servers. Delete the root zone on all westsim.local authoritative DNS servers. Delete the cache.dns file on all westsim.local authoritative DNS servers.
You manage the DNS servers for the eastsim.com domain. You have a domain controller named DC1 that holds an Active Directory-integrated zone for the eastsim.com zone. You would like to configure DC1 to use forwarders and root name servers to resolve all DNS name requests for unknown zones. You edit the DNS server properties for DC1. On the Forwarders tab, you find that the Use root hints if no forwarders are available option is disabled. You also find that the entire Root Hints tab is disabled, and you are unable to add any root hint servers. How can you configure the server to use the Internet root name servers for name resolution?
Delete the zone named . on DC1.
Drag the organizational model on the left to the appropriate example OU on the right.
Denver OU - Physical Printers OU - Object Sales OU - Corporate Engineering OU - Corporate Brazil OU - Physical Brazil OU containing the Sales OU - Hybrid
Members of the Accounting group use a set of special printers in a locked room for printing all print jobs. You want to make sure that these printers and any others you might add for the group are always available for any member of the Accounting group, regardless of the computer they are using. You create a Group Policy object (GPO) called AcctGroup that is linked to the Accounting OU. All computers and users in the Accounting department are in this OU. What should you do?
Deploy the printers in the AcctGroup policy, adding the printers to the User Configuration section.
You are the network administrator for an Active Directory forest with a single domain. The network has three sites with one domain controller at each site. You have created and configured sites in Active Directory Sites and Services, and replication is operating normally between sites. You configure two universal groups for use in securing the network. All users are members of one universal group or the other. After configuring the universal groups, users at sites 2 and 3 report slow login and slow access to the corporate database. Users at site 1 can log in and access the corporate database with acceptable performance. You want to improve login and resource speeds. What should you do?
Designate the domain controllers at sites 2 and 3 as global catalog servers
You manage a single domain named widgets.com. Recently, you noticed that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You want to only enable auditing that shows you the old and new values of the changed objects. Which directory service auditing subcategory should you enable?
Directory Service Changes
When Active Directory is installed, several containers are created by default. Which default container would you be able to apply a Group Policy to?
Domain Controllers OU
Which of the following DNS components automatically creates and deletes host records when an IP address lease is created or released?
Dynamic DNS
You are the administrator for the corp.westsim.com domain. The network has two child domains, acct.corp.westsim.com and sales.corp.westsim.com. You need to configure DNS name resolution properties on the Srv2.sales.corp.westsim.com server. When a single label name is submitted for name resolution, you want the server to search using the following suffixes: • sales.corp.westsim.com • acct.corp.westsim.com • corp.westsim.com • westsim.com What should you do?
Edit the DNS suffix search list policy to configure the custom search suffixes of sales.corp.westsim.com, acct.corp.westsim.com, corp.westsim.com, and westsim.com.
You have three shared printers that are used by the sales team. To simplify administration, you use a Group Policy object (GPO) to deploy these printers to all sales team members. You have received a new printer to replace one of the older printers. You install the printer and deploy it in the same GPO as the other printers. You check and find that the printer is automatically added to the sales team members' computers. You need to remove the printer object for the older printer from all sales team members' computers. What should you do?
Edit the GPO and remove the specific deployed printer.
You manage a network with a single location. You want to use WSUS to make sure that only approved updates are applied to all client computers. Client computers should download all approved updates from a WSUS server in your location. You install WSUS on one server. You synchronize the list of updates on the server and approve the updates that you want applied to client computers. You check the client computers and find that only the approved updates are being applied, but updates are being downloaded from the Microsoft Update website, not your local WSUS server. What should you do?
Edit the WSUS server properties to store updates locally on the server.
You manage a single domain named widgets.com. Recently, you noticed that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You enable successful auditing of directory service access events in a GPO and link the GPO to the domain. After several days, you check Event Viewer, but you do not see any events listed in the event log indicating changes to Active Directory objects. What should you do?
Edit the access list for the OU. Identify specific users and events to audit.
You are the network administrator for your company. Rodney, a user in the research department, shares a computer with two other users. One day, Rodney notices that some of his documents have been deleted from the computer's local hard drive. You restore the documents from a recent backup. Rodney now wants you to configure the computer so he can track all users who delete his documents in the future. You enable auditing of successful object access events in the computer's local security policy. Rodney then logs on and creates a sample document. To test auditing, you then log on and delete the document. However, when you examine the computer's security log, no auditing events are listed. How can you make sure an event is listed in the security log whenever one of Rodney's documents is deleted?
Edit the advanced security properties of the folder containing Rodney's documents. Configure an auditing entry for the Everyone group. Configure the entry to audit success of the Delete permission.
You manage a company network with a single Active Directory domain running on two domain controllers. The two domain controllers are also DNS servers and hold an Active Directoryintegrated copy of the zone used on the private network. The network has five subnets with DHCP servers delivering IP address and other configuration to host computers. All host computers run Windows 10. You want to ensure that all client computers use the DNS server for DNS host name resolution. Hosts should not be able to automatically discover DNS host names, even for computers on their own subnet. What should you do?
Edit the default domain Group Policy object (GPO). Enable the Turn off Multicast Name Resolution policy.
The D:\ drive in your Windows server is formatted with NTFS. The Sales group on your computer has been given allow modify permissions to the D:\Sales folder. The Mary user account is a member of the Sales group. You want to accomplish the following: • Mary should not be allowed access to the D:\Sales\2013sales.doc file. • Mary should be able to read, write, and create new files in the D:\Sales folder. • Your solution should not affect the abilities of other Sales group members to access files in the D:\Sales folder. What should you do?
Edit the properties for the file; assign Mary the deny full control permission.
You want to monitor memory statistics on your Windows server named Srv12. During the afternoon, users report that the server is running slow. You want to gather memory statistics for the server every week day between the hours of 12:00 pm and 4:00 pm. You do not need data for the server outside of those hours. In Performance Monitor, you create a new data collector set and add the required data collectors for the statistics you want to monitor. What should you do to complete the configuration? (Select two. Each choice is a required part of the solution.)
Edit the properties of the data collector set. Configure a stop condition overall duration of four hours. Edit the properties of the data collector set. Create a schedule for Monday through Friday at 12:00 pm.
After configuring a password policy to require users to create strong passwords, you start to notice sticky notes stuck to monitors throughout the organization. The sticky notes often have strings of characters written on them that appear to be passwords. What can you do to prevent the security risk that this practice presents?
Educate users on how to create and remember strong passwords.
You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. At 5:30 pm, you get a call from Mary Hurd, a user in the sales department, stating that she can't log in. You use the Active directory users and computers and see the information shown in the image. (Her account is disabled) How can you make sure Mary can log in?
Enable Mary's Account
You are the manager for Windows servers at your company. You have configured Windows Server Backup to take regular backups once per day and save those backups to an external disk. You find that users working on a new project are constantly overwriting files and asking you to restore older versions of files that exist on backups from as far back as a week ago. You would like to implement a solution that allows users to restore files without an administrator's help. What should you do?
Enable VSS on the volume that holds user data.
You are the server manager for your company. You have just installed a new Windows server. You have configured Windows Server Backup to take regular backups once per day and save those backups to an external disk. You find that users working on a new project are constantly overwriting files and asking you to restore older versions of files that exist on backups from as far back as a week ago. You would like to implement a solution so that users can restore files without an administrator's help. What should you do?
Enable VSS on the volume that holds user data.
You are the server administrator for the westsim.com domain. You have a server named FS12 that holds a shared folder named Reports. Within this folder, subfolders have been created for each company department. All company employees have read access to the shared folder. The board of directors uses a subfolder in the shared folder named BoardReports for their reports. They would like this subfolder to only be visible to members of the board of directors and specific people that they authorize to see the folder and its contents. What should you do?
Enable access-based enumeration on the shared folder. Configure NTFS permissions on the BoardReports folder to control access.
The image shows the current scavenging settings for the eastsim.com domain. As you check records in the zone, you find several records that have not been updated for 16 days or longer. You need to make sure that records are automatically removed if they have not been updated in the last 14 days. What should you do?
Enable automatic scavenging on the zone.
You are setting up a new network in a single location with a single domain named eastsim.com. You install a DHCP server and configure it with a scope for the single subnet. You install a DNS server with a primary zone for the domain. What should you do to use dynamic updates to update DNS records in the zone automatically?
Enable dynamic updates on the eastsim.com zone.
You have connected two identical print devices to the Srv12 server and created two printers for them named Printer1 and Printer2. You have shared both printers using their default names and granted the Everyone group permission to print to them. Printer1 receives the vast majority of print jobs submitted from users on the network. You want to distribute the printing load evenly between the two print devices. You want to do this while minimizing hardware costs. What should you do?
Enable printer pooling for Printer1 and configure it to print to both local printer ports in use by your print devices.
You are the network administrator for a single domain with three subnets. Two subnets have all Windows 10 computers. The conference room uses the third subnet. Traveling salesmen come to the conference room and plug in their laptops to gain network access. You have configured a DHCP server to deliver configuration information to hosts on this subnet. DNS is configured for dynamic updates. Over time, you notice that the size of the DNS database continues to grow. It is beginning to have an adverse effect on DNS server performance. What should you do?
Enable scavenging of stale resource records on the zone and the DNS server.
Which of the following is a task that you are not able to perform with the Volume Shadow Copy service (VSS)?
Enable shadow copies on specific folders or files.
You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. From your workstation, you create a GPO that configures settings from a custom .admx file. You link the GPO to the Sales OU. You need to make some modifications to the GPO settings from the server console. However, when you open the GPO, the custom administrative template settings are not shown. What should you do?
Enable the Administrative Templates central store in Active Directory. Copy the .admx file to the central store location.
You are the network administrator of a small network consisting of three Windows servers and 150 Windows workstations. Your network has a password policy in place with the following settings: • Enforce password history: 10 passwords remembered • Maximum password age: 30 days • Minimum password age: 0 days • Minimum password length: 8 characters • Password must meet complexity requirements: Disabled • Store password using reversible encryption: Disabled One day, while sitting in the cafeteria, you overhear a group of co-workers talk about how restrictive the password policy is and how they have found ways to beat it. When required to change the password, they simply change the password 10 times at the same sitting. Then they go back to the previous password. Your company has started a new security crackdown, and passwords are at the top of the list. You thought you had the network locked down, but now you see that you need to put an end to this practice. Users need to have passwords that are a combination of letters and numbers and do not contain a complete dictionary word. Users should not be able to reuse a password immediately. What should you do? (Choose two. Each answer is part of the solution.)
Enable the Minimum password age setting. Enable the Password must meet complexity requirements setting.
You have been asked to troubleshoot a Windows workstation that is a member of your domain. The director who uses the machine said he is able to install anything he wants and change system settings on demand. He has asked you to figure out why User Account Control (UAC) is not being activated when he performs a sensitive operation. You verify that the director's user account is a standard user and not a member of the local Administrators group. You want the UAC prompt to show. What should you do?
Enable the Run all administrators in Admin Approval Mode setting in the Group Policy
You are the administrator for a small company that uses a windows server to host a single domain. MAry Hurd, a user in the sales department, calls and reports that she is unable to log in using her computer (Sales1). You use active directory users and computers and see the screen shown in the image. (Sales1 is disabled) What can you do to allow Mary to log in?
Enable the computer account
You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows servers for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. Computer accounts for workstations are located in the Workstations OU. You are creating a security template that you plan to import into a GPO. What should you do to log whenever a user is unable to log on to any computer using a domain user account? (Select two. Each choice is a required part of the solution.) Link the GPO to the Member Servers and Workstations OU.
Enable the logging of failed account logon events. Link the GPO to the Domain Controllers OU.
Your server runs a regularly scheduled backup of user data and the server's system state. A user has accidentally deleted an important file and has no backup. You begin the recovery wizard, which brings you to the recovery type screen shown below. Select the option you would use to recover only the file the user accidentally deleted.
Files and folders option. This allows you to navigate through the file system to select just the file that needs to be recovered.
Which of the following contain objects are Active Directory built-in containers?
ForeignSecurityPrincipals ManagedServiceAccounts Users Computers
Active Directory uses certain objects to represent the logical organization of a computer network and other objects to represent its physical structure. Drag the representation type on the left to the types of objects it uses on the right.
Forest - Logical Site - Physical Subnet - Physical Domain - Logical OU - Logical
You manage a Windows server that stores user data files. You have previously configured several scheduled backups in Windows Server Backup. A user comes to you wanting a file restored from a recent backup. You check your backup media and find that you have a DVD from today. You also have a hard disk with a backup taken last night, but that disk is stored in an offsite location. You need to restore the file as soon as possible with the least amount of disruption to other users. What should you do?
Get the hard disk with last night's backup. Run the Recovery wizard using the backup on the disk.
On a Windows server, you share a folder named Public using the default share name and share permissions. Later you receive a phone call from Sally, a member of the Sales group, claiming that she cannot save a file to the Public shared folder. You examine the NTFS permissions for the folder and see share and NTFS permissions shown in the exhibits. No other permissions are granted or denied. Sally is not a member of any other groups. You want to make sure Sally and other members of the Sales group can open, edit, save, and delete files to the Public shared folder. You want to make as few assignments as possible without affecting permissions for other users. What should you do?
Grant Everyone the change share permission. Grant the Sales group the allow modify NTFS permission.
You have configured a new GPO. You use a scoping method to prevent it from applying to a specific user using a specific computer. Which tool can you use to see if your scoping method is successful?
Group Policy Results
Click on the tool you can use to configure Restricted Groups to control membership for groups that require high security.
Group policy Management
You want to prevent users in your domain from running a common game on their machines. This application does not have a digital signature. You want to prevent the game from running even if the executable file is moved or renamed. You decide to create an AppLocker rule to protect your computer. Which type of condition should you use in creating this rule?
Hash
Match each default active directory object on the left with the appropriate description on the right.
Holds the default service administrator accounts - Builtin container The default location for new user accounts and groups - User container The default location for domain controller computer accounts - Domain controller OU The root container to the hierarchy - Domain container The default location for workstations when they join the domain - Computers container
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. How can you make the change with the least amount of effort? (Select two.)
Implement a granular password policy for each user in the Directors OU. Create a group for the members of the Directors OU and then apply a granular password policy to the group.
You are a technical consultant for many businesses in your community. One of your clients, a small law firm, has a single Active Directory domain and two Windows servers. Both servers are configured as domain controllers while also serving as file and printer servers. This client is calling you on a regular basis because users are deleting or damaging their files. You must visit the client's site and restore the files from backup. Your client has asked you to create an alternate solution. What should you do?
Implement shadow copies on the relevant data
You are the administrator of the eastsim.com domain, which has two domain controllers. Your Active Directory structure has organizational units (OUs) for each company department. You have assistant administrators who help manage Active Directory objects. for each OU, you grant one of your assistants Full Control over the OU. You come to work one morning to find that while managing some user accounts, the administrator in charge of the Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to configure the OU to prevent accidental deletion. What should you do so you can configure this setting?
In Active directory Users and Computers, select View > Advanced Features
Your company's internal namespace is westsim.local. This domain has two additional child domains named support.westsim.local and research.westsim.local. Due to security concerns, your company's internal network is not connected to the Internet. Following are the DNS servers that you manage for your company: • Dns1, authoritative for . and westsim.local, IP address = 192.168.1.1 • Dns2, authoritative for support.westsim.local, IP address = 192.168.2.1 • Dns3, authoritative for research.westsim.local, IP address = 192.168.3.1 All internal DNS domains are Active Directory-integrated domains. You have configured Dns1 with appropriate delegation records for the child zones. How should you configure root hints for Dns2 and Dns3?
In DNS Manager, edit the properties for Dns2 and Dns3. On the Root Hints tab, remove all default root hints entries and then add an entry for Dns1
You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. You have hired a temporarily worker named John Miller to work in the shipping department during the holidays. John should only be allowed to log on to the Ship01 workstation and no others. What should you do?
In John's user account, add Ship01 to the log on to list
You are troubleshooting a custom application on a Windows server named Srv4. On a periodic basis, the application writes or modifies several registry entries. You want to monitor these registry keys so that you can create a report that shows their corresponding settings over the next five days. What should you do?
In Performance Monitor, define a configuration data collector.
You manage a network with two locations, San Jose and Oakland. The two networks are connected with a WAN link, and each site has its own Internet connection. You decide to implement a WSUS solution using a WSUS server in each location. Srv1 is in San Jose, and Srv2 is in Oakland. Client computers should contact the WSUS server in their site for a list of approvals, with all approved updates being downloaded directly from the Microsoft Update website. You want to centrally manage all updates, approving updates for both sites from Srv1. You configure Srv1 and Srv2 as WSUS servers, with Srv2 as a replica of Srv1. How should you complete the configuration for the Oakland location? (Select two. Each choice is a required part of the solution.)
In a GPO that applies to all client computers in Oakland, edit the Specify Intranet Microsoft Update service location policy and specify Srv2. Configure Srv2 to not store updates locally
You manage a network with a single location. You want to use WSUS to make sure that only approved updates are applied to all client computers. Client computers should download all approved updates from the Microsoft Update website. You install WSUS on one server. You synchronize the list of updates on the server and approve the updates that you want applied to client computers. You check the client computers and find that they are downloading updates from the Microsoft Update website, but they are downloading updates that you have not approved. What should you do?
In a GPO that applies to all client computers, edit the Specify intranet Microsoft Update service location policy and specify your internal WSUS server
You want to monitor memory statistics on your Windows server named Srv12. You want the monitor to run continuously and create a new log file every hour. In Performance Monitor, you create a new data collector set and add the required data collectors for the statistics you want to monitor. How should you complete the configuration? (Select two. Each choice is a required part of the solution.)
In the Data Collector Set properties, deselect Overall duration. In the Data Collector Set properties, select When a limit is reached, restart the data collector set and configure a limit of one hour.
You want to monitor memory statistics on your Windows server named Srv12. You want the monitor to run continuously, saving an hour's worth of data in a new file. In Performance Monitor, you create a new data collector set and add the required data collectors for the statistics you want to monitor. In the data collector set properties, you select When a limit is reached, restart the data collector set and configure a limit of 1 hour. You manually start the data collector set. The next day, you view the report. There is a single file, and its contents shows data for only the first minute after you started the data collector set. What should you do to capture the data as desired?
In the data collector set, set the overall duration to zero seconds.
You are the domain administrator for north.westsim.com, which is a child domain in westsim.com You have a high-end color laser printer that is shared on a server in north.westsim.com. Because of the high price per page, you have removed the print permission from the everyone group. You need to grant the print permissions to marketing users in the north.westsim.com, east.westsim.com, and west.westsim.com domains. What should you do?
In the north domain, create a domain local group called CLR-PRT In all three domains, create a global group named Marketing Add all three global groups to the north clr-prt group and assign the print permission to the group
Mary is in charge of DNS administration for her network. The private network consists of a single Active Directory domain called private.westsim.com. DNS data is stored in an Active Directoryintegrated zone. The sales department has just installed a web server called SalesWeb. This server will host an intranet site for use by the sales team. They want this server to be accessible using the URL sales.westsim.com. What should Mary do?
In the westsim.com domain, create a CNAME record called sales. Identify SalesWeb.private.westsim.com as the target.
The serial number contained within the Start of Authority (SOA) record for a DNS zone on the primary server has been incremented. What condition does this indicate?
Information within the DNS zone has been changed, and secondary servers should initiate a zone transfer.
You have completed the installation of the Active Directory Domain Services role on a new server. Now you want to promote this server to be a domain controller in an existing domain. The server was installed with a Server Core deployment, so you will need to make this server a domain controller in an existing domain from the Powershell command line. Which of the following powershell cmdlets will you need to enter? (Select two.)
Install-ADDSDomainController Import-Module ADDSDeployment
You are the network administrator of the westsim.com domain. You have several users in the Sales OU who use Windows laptop machines because they travel frequently. These laptops are all in the Computers OU along with the desktop computers used by other users in the Sales OU. The Computers OU is a child of the Sales OU. There is a service preference that need to be applied to the laptops that does not need to be applied to desktop computers. You configure a Group Policy preference for this service that you want to apply to just the laptops. You link this Group Policy to the Computers OU. Click on the Group Policy preferences Common option setting you would use to configure the preference to apply only to the laptop computers in the Computers OU.
Item level targeting
You are the network administrator for eastsim.com. The network consists of a single domain. All of the servers run Windows server. The company has one main office. The main office has 200 Windows client computers, 10 Linux workstations, and 20 Windows servers. The Linux workstations do not have a graphical user interface. There is one print server named PS1. Which printer role service must you install on PS1 to provide printing services to the Linux workstations?
Line Printer Daemon (LPD)
Your network consists of a single Active Directory domain. The OU structure of the domain consists of a parent OU named HQ_West and the child OUs Research, HR, Finance, Sales, and Operations. You have created a Group Policy Object (GPO) named DefaultSec, which applies security settings that you want to apply to all users and computers. You have created a second GPO named HiSec, which has more restrictive security settings that you want to apply to the HR and research departments. Both GPOs use custom security templates. You also want to ensure that strong password policies are applied to all client computers. How should you link the GPOs to the OUs? (Select three. Each correct answer is part of the complete solution.)
Link HiSec to the HR and Research OUs. Configure password policies on a GPO linked to the domain. Link DefaultSec to the HQ_West OU.
You are the administrator for a network with a single Active Directory domain called westsim.com. All computer accounts reside in organizational units (OUs) that correspond to departments. You have previously deployed a WSUS server in your location to specify the approved list of updates. All client computers are configured to download updates from your local WSUS server. You decide that you need to configure a separate update approval list for all computers in the Marketing department. You want the update list to be automatically identified based on the department membership for the computer. What should you do? (Select three. Each choice is a required part of the solution.)
Link a GPO to the Marketing OU. In the GPO, edit the Enable client-side targeting policy and specify the Marketing Computers group. In the WSUS console, edit the options for Computers and specify Use Group Policy or registry settings on computers. In the WSUS console, create a Marketing Computers group.
You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows Server domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. You are creating a security template that you plan to import into a GPO. You want to log all domain user accounts that connect to the member servers. What should you do to be able to check each server's log for the events? (Choose two. Each choice is a required part of the solution.)
Link the GPO to the Member Servers OU. Enable the logging of logon events.
You are managing rights on a standalone server. You want to make changes to the settings of the Restore Files and Directories policy. Which of the following is the tool you must use to make changes to this policy?
Local Group Policy Editor
You have decided to install third-party anti-malware software on your Windows notebook system. During the installation, the installer warns you that the third-party anti-malware conflicts with Windows Defender, which is already running on the system. Which tool do you use to disable Windows Defender so you can proceed with the installation?
Local Group Policy Editor
Drag each Active Directory term on the left to its corresponding definition on the right.
Logical organization of resources - Organization Unit Collection of network resources - Domain Collection of related domain trees - Forest Resource in the directory - Object Group of related domains - Tree User or group of users - Object
You are consulting with the owner of a small network that has a Windows server functioning as a workgroup server. There are six Windows desktop computers. There is no Internet connectivity. The server contains possibly sensitive information, so the owner wants to make sure that no unauthorized access occurs. You suggest that auditing be configured so that access to sensitive files can be tracked. What can you do to make sure that the files generate audit results? (Choose three. Each correct answer is part of the required solution.)
Make sure the correct users and groups are listed in the auditing properties of the files. Make sure the files to be audited are on NTFS partitions. Make sure the Object Access auditing policy is configured for success and failure.
Your organization's IT department has developed a custom application that reports the host name of each client that tries to access three servers in the accounting department that store sensitive information. You do a random test and find that the program is not reporting the host names for some clients, even though it properly records their IP addresses. This is because the custom application submits reverse lookup requests to the DNS server to discover the host names for the specified IP addresses. As you investigate further, you learn that the clients whose host names could not be reported have static IP addresses and are on subnet 192.168.3.0. What should you do?
Manually create a PTR record in the 3.168.192.in-addr.arpa zone for each host.
You have a folder on your Windows server that you would like to share with members of your development team. Users should be able to view and edit any file in the shared folder. You share the folder and give everyone full control permission to the shared folder.
Modify the NTFS permissions on the folder.
You are the network administrator for Corpnet.com. You install the Windows Server Backup feature on a Windows Server file server named File1 and schedule a nightly backup to a network shared folder. When you attempt to perform a restore, you discover that only the last backup is available. You need to ensure that multiple backups of the server are available for restores. What should you do?
Modify the backup location for the schedule backup.
You are the network administrator of a network that spans three locations, Atlanta, Chicago, and Denver. Your organization started in Atlanta, and that's where you installed your first Active Directory domain controller. The Chicago and Denver locations were later added to the domain with their own domain controllers. these three locations each have their own subnet and are connected using dedicated WAN links. Which of the following steps must you perform to complete this configuration? (Select three.)
Move the Chicago and Denver server objects into their respective site objects Create site objects for Chicago and Denver Create subnet objects for Chicago, Denver and Atlanta, and then link them to their respective sites
You are a domain administrator for a large multi-domain network. There are approximately 2,500 computers in your domain. Organization units (OU) have been created for each department. Group policies (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied. What should you do?
Move the computer accounts from their current location to the correct OUs
You need to configure the ENSERV16-VM03 server as a global catalog server. Where do you click in the properties dialog to open the page that will allow you to select the global catalog option?
NTDS Settings...
You configured the IP address and DNS name of a new internal web server named WEB3. Your first test from a web browser on your workstation was successful. But when you came to work this morning, you were not able access WEB3 from the same workstation using the same browser. You get an error that this site cannot be reached. You have not changed the server's IP configuration since the successful test of the night before. You ping WEB3 using its IP address, and you get a response back. Next, you ping WEB3 using its fully qualified domain name (FQDN), and you get a message indicating that the host could not be found. What can you assume from this message?
Name resolution is not working properly.
You are the network administrator of the westsim.com domain. You have several users who use Windows laptop machines because they travel frequently. When they are on the road, they need to use a VPN connection to access network resources in the domain. Click on the Group Policy preferences Control Panel setting you would use to configure these laptops with the correct VPN connection settings.
Network Options
You are the network administrator for westsim.com. There is one main office and seven branch offices. You have been asked to create a script that can be used in the event of a disaster that destroys the entire network. Thee script must be able to recreated the company's active directory users, computers, and groups, as well as sites and subnet objects. Which command should you use in your script?
New-ADObject
Your company's Internet namespace is westsim.com, and your company's internal namespace is internal.westsim.com. Your network has two DNS servers, DNS1 and DNS2. DNS1 is configured with a root zone and is authoritative for the internal.westsim.com domain. DNS2 is authoritative for the westsim.com domain. All client computers are members of the internal.westsim.com domain and are configured to use DNS1 as the primary DNS server. Client computers on your internal network cannot resolve Internet DNS names. You verify that client computers can resolve internal DNS names successfully. You also verify that the internal DNS server is configured to forward all unresolvable DNS names to the company's Internet DNS server. You must keep your internal network as secure as possible while making sure that all client computers can resolve Internet DNS names successfully. What should you do?
On DNS1, delete the . zone.
You have a Windows server named Srv9 running Server Core. You want to view the current operating statistics of Srv9 from another Windows Server server named Srv3. From Srv3, you open Performance Monitor and try to connect to Srv9. You get the following error: When attempting to connect to the remote computer the following system error occurred: The RPC server is unavailable. What should you do?
On Srv9, start the Remote Registry service. Try the connection again from Srv3.
Your network has a single domain named southsim.com. DNS data for the domain is stored on the following servers: • DNS1 holds the primary zone for southsim.com. • DNS2 and DNS3 hold secondary zones for southsim.com. All three DNS servers are located on domain controllers. The DNS zone for the domain is configured to allow dynamic updates. You want to allow client computers to send DNS updates to any of the three servers and allow any of the three servers to update DNS records in the zone. What should you do?
On all three servers, change the zone type of the DNS zone to Active Directoryintegrated.
You are the DNS manager for the eastsim.com domain. You have a domain controller named DC1 that holds an Active Directory-integrated zone for the eastsim.com zone. Users have complained about multiple DNS name resolution errors. You have examined the configuration, but can't see anything wrong. To help identify the problem, you would like to track the DNS packets sent and received by the server. You would also like to filter by IP address. What should you do?
On the DNS server, enable debug logging.
You are the administrator for the corp.westsim.com domain. The network has two child domains, acct.corp.westsim.com and sales.corp.westsim.com. You need to configure DNS name resolution properties on the Srv2.sales.corp.westsim.com server. When an unqualified name is submitted for name resolution, you want the server to search using the following suffixes: • sales.corp.westsim.com • corp.westsim.com • westsim.com You want to configure the solution with the least amount of effort possible. What should you do?
On the DNS tab, select Append parent suffixes of the primary DNS suffix.
You are the administrator for a network with a single Active Directory domain named widgets.local. The widgets.local domain has an organizational unit object for each major department in the company, including the information systems department. User objects are located in their respective departmental OUs. Users who are members of the Domain Admins group belong to the Information Systems department. However, not all employees in the Information Systems department are members of the Domain Admins group. To simplify employees' computing environment and prevent problems, you link a Group Policy object (GPO) to the widgets.local domain that disables the control panel for users. How can you prevent this Group Policy object from applying to members of the Domain Admins group?
On the Group Policy object's access control list, deny the apply Group Policy permission for members of the Domain Admins group.
You need to view a list of infected files that Windows Defender has quarantined. Click the option in Windows Defender you would use to do this.
On the History tab in Windows Defender, you can view quarantined items and/or allowed items.
You want to monitor the processor utilization on your Windows server named Srv12. You want to generate a report that shows the processor utilization on the server over the next three days, capturing utilization data every five minutes. You want to save all data from the report in a single file. What should you do? (Select two. Each choice is a required part of the solution.)
On the Performance Counters tab for the data collector, configure a sample interval of five minutes. On the Stop Condition tab for the data collector set, configure an overall duration of three days. Create a new data collector set with a performance counter data collector.
You have installed WSUS on a single member server for your entire network. You have configured the server to automatically approve new versions of previously approved updates. You store updates locally on the D:\WSUS\content folder, and clients download updates directly from your WSUS server. You verify that clients are downloading the updates. You get an email notifying you of a new security patch. You check a client system and find that the newest update has not yet been applied. On the WSUS server, you see the new patch in the list of available updates, but it is not being applied to client systems. What should you do?
On the WSUS server, approve the new update.
You manage user accounts in the southsim.com domain. Each department is represented by an Organizational Unit (OUs). Computer and user accounts for each department have been moved to their respective OUs. You want to control access to a new color printer named ColorMagic. To do this, you create the following groups: - A domain local group named ColorMagic-DL - A global group named Sales-GG You want all users in the sales department to have access to the new printer. What should you do? (Select three.)
On the member of tab for the sales-gg group, add the colormagic-dl group on the colormagic printer object, assign permissions to the colormagic-dl group on the members tab for the sales-gg group, add all sales user accounts
You have a Windows server named Print1 that is the print server for five shared printers. You have configured a printer object for each printer and shared each printer. Users start complaining that one of the printers, the FastPrint 6000, is missing parts of graphics when it prints. You check the manufacturer's website and find an updated printer driver that is supposed to fix the problem. You need to update each client computer with the new driver. You need to do so as quickly as possible with the least amount of effort. What should you do?
On the server, update the printer object with the new driver.
You manage the DNS servers that are authoritative for the private.westsim.com zone. Two servers are authoritative for the zone. DNS1 hosts the primary DNS zone, and DNS2 holds a secondary copy of the zone. You have just manually created an A resource record for a new web server on your network that is configured with a static IP address. From your workstation, you open a browser and try to connect to the new web server. You get an error message stating that the web site is not found. You run ipconfig /all and find that your workstation is correctly configured to use the DNS1 server as its preferred DNS server. But, as you continue to troubleshoot the problem, you discover that you incorrectly typed the server's IP address while creating its A resource record. You correct the IP address in the A record and retry connecting to the web site. However, you get the same error on your workstation. What should you do?
On your computer, run ipconfig /flushdns.
You want to manage printing to a network printer on your local subnet. The printer is connected directly to the network and uses an IP address of 192.168.1.14. Your management server is Srv1. What should you do?
Open the Print Management console on Srv1 and create a new TCP/IP printer using the 192.168.1.14 IP address. Select the appropriate printer driver according to the make and model of the printer.
You have been hired as a consultant for a small business that is using Windows Server. Three months ago, they installed a new server. Since that time, they report that from time to time, the system has had slowdowns and crashes. You want to look at a report that shows important events for the server since it was installed. You'd like to see when software was installed and any hardware or application failures. You want to view this information with as little effort as possible. What should you do?
Open the System Stability chart in Reliability Monitor.
Management is concerned that users are spending time during the day playing games and have asked you to create a restriction that will prevent all standard users and administrators from running the Games app. Click on the option you would use in Group Policy Management Editor to implement this restriction.
Packaged app Rules
You want to monitor the processor utilization on your Windows server named Srv12. You want to get an email notification every time the processor utilization exceeds 90%. You create a new Data Collector set in Performance Monitor. What type of Data Collector should you create?
Performance counter alert
You configured the IP address and DNS name of a new internal web server named WEB3. Your first test from a web browser on your workstation was successful. But when you came to work this morning, you were not able access WEB3 from the same workstation using the same browser. You get an error message stating that this site cannot be reached. You have not changed the server's IP configuration since the successful test the night before. Which troubleshooting step should you try first to discover what the problem might be?
Ping WEB3 using its IP address.
You manage a network with a single active directory domain called westsim.com. You have just deployed an azure ad domain controller in the azure cloud so tat remote users can authenticate to the westsim.coim domain over the internet. By default, replication is set to occur on this domain controller every 180 minutes. Your manager wants you to change this setting so that replication occurs every six hours. Which of the following must you perform to make it possible to configure replication on the azure ad domain controller?
Place the azure ad domain controller in its own site
You are in charge of designing the active directory tree. You have a small company that has only one location. You have determined that you will have approximately 500 objects in your completed tree. Your company is organized with four primary departments, accounting, manufacturing, sales, and administration. Each area is autonomous and reports directly to the CEO. The managers in each department want to make sure that some management control of their users and resources remains in the department. Which of the following design plans will best meet these requirements?
Plan 3 -Create an OU object for each department -Train a member of each department for an admin task -Use Delegation Wizard for principle of least privilege for appropriate OU
You are the network administrator for your company. Your company has three standalone servers that run Windows Server. All servers are located in a single location. You have decided to create a single active directory domain for your network. Currently, each department has one employee designated as the department's computer support person. Employees in this role create user accounts and reset passwords for the department. As you design active directory, your goal is to allow these users to maintain their responsibilities while not giving them more permissions than they need. Which of the following design plans will best meet your goals?
Plan 4 -Create department OUs -Use Delegation wizard to grant support user permissions to specific OU
You manage a single domain named widgets.com. This morning, you noticed that a trust relationship you established with another forest has changed. You reconfigured the trust, but you want to be able to identify if this change happens again in the future. You want to configure auditing to track this event. Which auditing category should you enable?
Policy change events
You are the network administrator for westsim.com. The network consists of a single active directory domain. A user named Mary Merone is working on location in Africa. She called to report that her laptop had failed. The hardware vendor replaced the laptop, and now you need to join the new computer to the domain. However, there is no connectivity from the current location to the domain. What should yo do first?
Prepare the computer to perform an offline domain join by creating an active directory account for the computer using the djoin /provision command
You have just ordered several laptop computers that will be used by members of the programming team. The laptops will arrive with windows. You want the computer account for each new laptop to be added to the developer ou in active directory. you want each programmer to join his or her new laptop to the domain. What should you do?
Prestage the computer accounts in active directory. grant the programmers the rights to join the workstation to the domain
Scoping allows you to target a given GPO to specific users and/or computers. Drag the scoping method on the left to the appropriate description on the right. (Methods can be used once, more than once, or not at all.)
Prevents settings in GPOs linked to parent objects from being applied to child objects. -Block Inheritance Causes computer settings to be reapplied after user login. -Loopback Processing Prevents inheritance from being blocked for a specific GPO. -Enforced Causes computer settings to take precedence over user settings. -Loopback Processing
Windows printing uses the concept of a logical printer. Which of the following are the components of a logical printer? (Select three.)
Print device Print spooler Printer driver
Listed below are several DNS record types. Drag the record type on the left the appropriate function on the right.
Provides alternate names to hosts that already have a host record. -CNAME Points an IP address to a host name. -PTR Points a host name to an IPv6 address. -AAAA Points a host name to an IPv4 address. -A Identifies servers that can be used to deliver mail. -MX
You have just started a new job as the administrator of the eastsim.com domain. The manager of the accounting department has overheard his employees joke about how many employees are using "password" as their password. He wants you to configure a more restrictive password policy for employees in the accounting department. Before creating the password policy, you open the Active Directory users and computers structure and see the following containers and OU: - eastsim.com - Builtin - Users - Computers - Domain controllers Which steps must you perform to implement the desired password policy? (Select three.)
Put the accounting employees user objects into the OU created for the accounting employees Configure the password policy and link it to the OU created for the accounting employees. Create an OU in eastsim.com for the accounting employees
You have a computer running Windows. Prior to installing some software, you turn off User Account Control (UAC), reboot the computer, and install the software. You turn UAC back on, but it does not prompt you before performing sensitive actions. You want the protection of UAC, but it is not working at all. What should you do?
Reboot the machine.
You manage a Windows server named Srv12. Srv12 hosts an application that stores data in a custom database. You configure Windows Server Backup to back up the volume for the application and its data. The application has a VSS writer, and it is running when the backup completes. The hard disk holding the application and data has crashed. You check your backup media and find that you have a DVD from today. You also have a hard disk with a backup taken last night, but that disk is stored in an offsite location. You want to restore the application and its data as quickly as possible, but leave the database in an unrecovered and offline state. What should you do? (Select two. Each choice is a required part of the solution.)
Recover the application and its data from disk. Recover the backup to the original location. Do not perform roll-forward recovery.
You manage a network with a single active directory domain called westsim.com. Most of your users work from the office and access your on-premise domain controllers when they authenticate and use network resources. Your company has just moved to office365 and is using the cloud-hosted versions of Exchange and SharePoint for employees who work from home. You are considering using Azure AD to allow these employees to authenticate to the domain. Which of the following are advantages of deploying Azure AD? (Select two.)
Remote users can have single sign-on access to Exchange and SharePoint Remote users can authenticate to the domain from any location that has internet access
You have a Windows server that is maintained by multiple administrators. Sally wants to access a file in the Reports folder. A group named Sales has been granted the full control permission to the Reports folder and all subfolders and files. You add Sally as a member of the Sales group, but she still cannot access the file that she needs. You want to let Sally access the Reports folder. What should you do?
Remove Sally from any other groups that have been explicitly denied access to the Reports folder.
You share a folder named Public and configure the following permissions. Share Permissions NTFS Permissions Everyone = Full Control Administrators = Full Control Sales = Modify Assistants = Deny Modify You receive a phone call from Sally, a member of the Sales group and Assistants group, claiming that she cannot save a file to the Public shared folder. You want to make sure that members of the Sales group (who are not members of the Assistants group) can save new files to the Public shared folder and access, update, and delete existing files in the Public share. You want to continue to ensure that members of the Assistants group cannot modify files in the Public shared folder even if they are members of the Sales group. However, you also want to let Sally update files in the Public share. What should you do?
Remove Sally from the Assistants group.
You are the manager of eastsim.com domain. Your active directory has organizational units (OUs) for each company department. Assistant administrators help you manage active directory objects. For each OU, you grant one of your assistants full control over the OU. You come to work one morning to find that while managing some user accounts the administrator in charge of the sales ou has deleted the entire ou. You restore the ou and all of its objects from a recent backup. You want to make sure that your assistants can't delete the ous they are in charge of. What should you do? (Select two.)
Remove full control permissions from each ou. run the delegation of control wizard for each ou, granting permissions to perform the necessary management tasks Edit the properties for each ou to prevent accidental deletion
You have connected a print device to Srv4 and created a printer for it. You have shared the printer as Printer1 and published it to Active Directory. You assign the allow print permission for the printer to the Help Desk Technicians domain local group. However, you discover that users who are not members of the Help Desk technicians group can print to the printer. You want only members of the Help Desk Technicians group to print to Printer1. What should you do?
Remove the Everyone group from the printer's access control list.
On your Windows server, you share the D:\Promo folder using the share name Promo. The share has been assigned the following permissions: User/Group Permission Telesales group Allow read Training group Deny full control Managers group Allow change Mary user Allow change The Mary user account is a member of the Training group. NTFS permissions allow all access. Mary needs to be able to edit documents in the shared folder but cannot. You need to modify the share permissions to allow her the necessary access. What should you do? (Choose two. Each choice is a possible solution.)
Remove the Mary user account from the Training group. Change the Training group permission to allow read.
You have decided to create a shared folder that will contain sensitive information about planned changes in the personnel structure. Most users will be denied access to the share, which is named REORG. You have successfully created the share and set appropriate permissions. However, management feels the effect of having this share on the server, which denies access to most users, is damaging morale. You need to keep the information available to the users who currently access it. What can you do to avoid having the REORG share listed when users view shares on the network?
Remove the REORG share. Share the folder again as REORG$ with the same permissions as before.
Mr. Yamashita needs to be able to modify the contents of the Promo share, a shared folder on one of your Windows servers. The share has been assigned the following permissions: User/Group Permission Telesales global group Allow read Training global group Deny full control Managers global group Allow change Mr. Yamashita user Allow change
Remove the Training group from the share. Change the Training group's permission to allow Read. Remove Mr. Yamashita's user account from the Training group.
You are the administrator for a small network. you have approximately 50 users who are served by a single windows server. You are providing active directory, dns, and dhcp with this server. Your clients will use windows workstations. An employee quit, and a replacement is on the way. They will need all the previous worker's settings. What should you do?
Rename the existing account, changing the name fields to match the new employee
You are the administrator for a large single-domain network. You have several windows server domain controllers and member servers. Your 3,500 client computers are windows workstations. Today, one of your users has called for help. Their computer cannot establish trust to DC. Nothing seems wrong with the account. Need to allow user to log in. What should you do?
Reset the computer account and rejoin the domain
You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. What should you do?
Reset the computer account in active directory
You have a Windows server named Print1 that is the print server for five shared printers. You have configured a printer object for each printer and shared each printer. Your network has several hundred users. You would like users to be able to search for printers based on capabilities such as color, duplex, and other features, and to be able to select the printer that is appropriate for a specific task. What should you do?
Right-click each printer and choose List in Directory.
Your Windows system has been infected with malware that has replaced the standard boot loader on the hard disk with its own malicious software. Which type of exploit is being used in this scenario?
Rootkit
Prior to installing active directory on your network, you set up a test network in your lab. You created several user accounts that correspond to actual network users. Want to move accounts from test to new domain. Want to use Ldifde command and set new passwords. How can you perform this task with the least amount of effort?
Run Ldifde to export the user accounts. Run ldifde to import the user accounts. Edit the .ldif file to specify user account passwords. Run LDifde to modify the existing accounts
You manage a Windows server that is used to hold user data files. You will use Windows Server Backup to configure a backup schedule. You are about to make some configuration changes to the server. You want to create a backup of the system state only right now, before making the changes. What should you do? (Select two. Each choice is a complete solution.)
Run wbadmin. Save the backup to a local disk. Run Windows Server Backup and start the Back up Once wizard. Save the backup to a shared folder on the network.
You are the network administrator for Corpnet.com. You have a server named File1 that has a number of volumes that need to be backed up. Management has requested an assessment to identify which volumes on the server can be backed up using Windows Azure Online Backup. Volume Name File System Disk Type Bitlocker Encrypted Volume 1 NTFS Internal SATA No Volume 2 NTFS Internal IDE No Volume 3 NTFS USB External Drive No Volume 4 NTFS Internal SATA Yes Volume 5 NTFS iSCSI RAID 5 Array No For each volume, identify whether it can be backed up using Windows Azure Online Backup or whether it must be backed up using Windows Server Backup. Drag the appropriate backup solution from the left to each volume on the right. Volume 1 Volume 2 Volume 3 Windows Azure Online Backup Windows Azure Online Backup Windows Server Backup System State Windows Server Backup Windows Azure Online Backup Windows Server Backup Explanation The Windows Azure Online Backup cannot be used to back up the System State, removable media, or any drives that have been configured with Bitlocker drive encryption. References LabSim for Server Pro 2016, Section 12.3. [AllQuestions_ServerPro_2017.exm BACKUP 02]
Save backups to a shared folder. Create a scheduled task that runs wbadmin start backup.
You manage a Windows server that is used to hold user data files. The system volume is drive C:, while all user data is on drive E:. You will use Windows Server Backup to configure a backup schedule. You want to back up only the E: volume twice per day. You want to be able to restore individual files and folders. What should you do? (Select two. Each choice is a required part of the solution.)
Save the backup to an external hard disk. Create a backup schedule in Windows Server Backup.
You want to follow server backup best practices so you can successfully recover from failed storage devices.
Schedule backups to run automatically. Test your backups occasionally
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You would like to configure all computers in the Sales OU to prevent the installation of unsigned drivers. Which GPO category would you edit to make the necessary changes?
Security Options
You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its security database. How can you create a policy that meets these requirements?
Select Failure for Audit account logon events.
You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to change a user's group membership in a computer's local database. How can you create a policy that meets these requirements?
Select Failure for Audit account management.
You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to manipulate files on computers that have been secured through NTFS permissions. How can you create a policy that meets these requirements?
Select Failure for Audit object access.
You manage a network with a single active directory domain called westsim.com. You have just deployed an azure ad domain controller in the azure cloud. You have created a user account for yourself in the new azure AD domain. You have successfully joined your home computer to this domain, so you are ready to make sure you can log on to the domain with your azure ad user account. Which of the following steps do you need to perform to log on to the azure ad user account? (Select two.)
Select Other user and sign in using the azure ad user account credentials Sign out as the local user
You are the network administrator for Corpnet.com. A small group of software developers in your organization have to use Linux workstations. You are creating a share for these Linux users on your file server, which is named File1. Which feature must be installed on the Windows server to accomplish this?
Server for NFS
You are the network administrator of the westsim.com domain. You have several users who use Windows laptop machines because they travel frequently. These users have very sensitive information on their laptops, so you have been asked to take additional security measures with these machines. You install smart card readers on each laptop so that no one can access a lost or Click on the Group Policy preferences Control Panel setting you would use to configure thesestolen laptop unless the also have the smart c rd. laptops so the Smart Card Reader service starts when the laptop is powered on.
Services
You are the network administrator for your network. Your network consists of a single Active Directory domain. Your company recently mandated the following user account criteria: • User accounts must be deactivated after three unsuccessful logon attempts. • User account passwords must be at least 12 characters long. • User accounts must be manually reset by an administrator once they are locked out. You must make the changes to affect everyone in the domain. You are editing the Default Domain Group Policy object. What should you do? (Choose three. Each correct choice represents part of the solution.)
Set Account lockout threshold to 3. Set Minimum password length to 12. Set Account lockout duration to 0.
Sally is an employee in the sales department. Important documents are stored in the D:\SalesDocs folder on a Windows server. Sally is a member of the Domain Users and Sales groups. The SalesDocs folder has been shared, and the following permissions are currently assigned to the SalesDocs folder: NTFS Permissions Share Permissions Domain Users = Allow-Read Sales = Allow-Modify Domain Users = Allow-Read Sales = Allow-Change Sally needs to read and modify all files in the SalesDocs folder except StyleGuide.doc. Sally should be able to read StyleGuide.doc, but not modify it. What should you do?
Set Sally's NTFS permission for StyleGuide.doc to deny write.
You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. Maria Hurd is going on a seven-week sabbatical and will not be in to work during that time. Which of the following can you perform to secure her user account to prevent it from being used to access network resources while she is away? (Select two.)
Set account expiration time for the last day Maria will be in office Disable the user account
You have connected a print device to the SRV12 server and created a printer for it. You have shared the printer as Printer1 and granted the Everyone group permission to print to it. Terry, the company vice president, informs you that he just submitted a print job to your printer and needs it in five minutes. Upon checking the printer, you find that there are numerous print jobs ahead of Terry's. You need to print Terry's print job without causing other users to lose their print jobs. What should you do?
Set the priority of Terry's document to 99 and all others to 1.
The image shows the current scavenging settings for the eastsim.com zone. Automatic scavenging has been configured on the zone to run every hour. You want to modify the existing settings so that DNS records are deleted within 10 days after they have not been refreshed. What should you do?
Set the refresh interval to 3.
You have not yet installed Active Directory Domain Services (ADDS) on a new windows server system. You are planning to use this computer as a domain controller in Active Directory. Which of the following steps is it recommended that you perform before you install the ADDS role (Select two.)
Set the system time and time zone Configure the computer name
SRV03 is a Windows server that holds the SalesDept folder. This folder contains documents specific to the sales department. You create two user groups: • The Sales group includes all members of the sales department. • The SalesAdmin group includes about ten members of the sales department who manage sales-related documents. You want the Sales group to have read only access to the content in the SalesDept folder. Members of the SalesAdmin group should have all permissions to the folder. No other users should have access. All access will be through the network. You want to assign as few permissions as possible. What should you do?
Share the SalesDept folder. Grant read permissions to the Sales group and full control permissions to the SalesAdmin group. Remove the Everyone group.
Your Windows server has a folder named D:\SalesDept. The D: drive is formatted with FAT32. You need to allow network access to the folder as follows: • Members of the Sales group should have read-only access to the content in the folder. • Members of the SalesAdmin group should be able to open, edit, and add new files to the folder. • No other users should have access. Members of the SalesAdmin group are also members of the Sales group. What can you do to configure the needed access while assigning as few permissions as possible?
Share the SalesDept folder. Grant the read permission to the Sales group and the change permission to the SalesAdmin group. Remove Everyone from the access control list.
Active directory uses two broad categories of objects to represent the various components of a network: - Network resources - Security Principals Drag the category on the left to the object on the right that belongs to that category.
Shared folder - Network Resource User - Security Principal Group - Security Principal Printer - Network Resource Computer Account - Security Principal
Your organization has two sites that are members of the same active directory domain. Three domain controllers are deployed at each site. You have just installed three virtual domain machines in the azure cloud and made them domain controllers in the same domain. The virtual domain machines in the azure cloud will support your organization as it adds branch offices in various locations. You will not have to hire additional server administrators for the branch offices because users in these locations will be able to use these cloud-based domain controllers for authentication. You need to ensure that domain authentication and synchronization traffic remains secure in their deployment. Click the network segments where a vpn connection will need to be used.
Site A to Azure VM Site B to Azure VM
You would like to have better control over the applications that run on the computers in your domain, so you have decided to implement AppLocker. You have created default rules and an executable rule that only allows the company's accounting application to run. When you test these rules, you find that you can still run any program on your test client. What should you do? (Select two. Each correct answer is part of the solution.)
Start the Application Identity service on the client.
A server named RODC1 is a read-only domain controller located in a branch office. RODC1 uses Bitlocker to encrypt all drives for extra security. You have been notified that RODC1 failed. After obtaining the necessary hardware to repair the server, you need to perform a bare metal restore of the server. What should you do?
Start the computer from the Windows Server installation disk.
You have installed WSUS on a single member server for your entire network. You have configured the server to automatically approve new versions of previously approved updates. You store updates locally on the D:\WSUS\content folder, and clients download updates directly from your WSUS server. You verify that clients are downloading the updates. You get an email notifying you of an updated security patch that applies to an update that you have previously approved. You check a client system and find that the newest update has not yet been applied. On the WSUS server, you do not see the new update listed. What should you do?
Synchronize your WSUS server with Microsoft Update.
Sally, a member of the sales department, is borrowing a laptop computer from her supervisor to do some work from home in the evenings. Sally contacts you and indicates that she cannot access the C:\Reports folder on the laptop. This folder contains documents that she needs to edit. You log on to the laptop as a domain administrator to check the folder's access control list. You are denied access to view the permissions. You contact Sally's supervisor to verify that Sally should receive access to the folder. Sally's supervisor indicates that Sally should be able to read, change, and delete documents in the folder, but that only the supervisor should be able to configure permissions. You need to grant Sally appropriate permissions to the C:\Reports folder. What should you do? (Choose two. Each correct choice is part of the solution.)
Take ownership of the C:\Reports folder. Grant Sally the allow modify permission to the C:\Reports folder.
An employee has quit under difficult circumstances. Unfortunately, the user had several files that are needed, and before the employee left, they assigned deny full control permission to domain users to all the files and folders. All users, including you, are now blocked from accessing these important files. You need to make these files available as quickly as possible. What should you do?
Take ownership of the files and change the permissions.
You manage a single domain running Windows Server. You have configured a restricted Group Policy as shown in the image. When this policy is applied, which action will occur?
The Backup Operators group will be made a member of the Desktop Admins group.
You manage a single domain running Windows Server. You have configured a restricted Group Policy as shown in the image. When this policy is applied, which actions will occur? (Select two.)
The Desktop Admins group will be made a member of the Backup Operators group. Any other members of the Backup Operators group will be removed.
You are the administrator for a domain named internal.widgets.com. This domain spans a single site (the Default-First-Site-Name site). You want to configure password and account lockout policies that Active Directory domain controllers will enforce. You have created a Group Policy object with the settings you want to apply. Most of the domain controllers are located in the Domain Controllers OU, although you have moved some domain controllers to a sub-OU called Secure Domain Controllers. Where should you link the Group Policy object that you created?
The internal.widgets.com domain.
The Domain Name service is made up of several components. Drag each component on the left to its appropriate description on the right. (Each component may used once, more than once, or not at all.)
The last part of a domain name (.com, .edu, .gov). -Top-level domain (TDL) Used to store entries for host names, IP addresses, and other information in the zone -Records Also called the root domain, it denotes a fully qualified, unambiguous domain name. -. (dot) domain A DNS server that has a full and complete copy of all the records for a particular domain. -Authoritative server Maps a DNS host name to an IPv4 (32-bit) address. -Records Includes the host name and all domain names separated by periods. -Fully qualified domain name (FQDN)
User Account Control (UAC) is a tool that generates an alert when a task or operation needs administrative privileges. You use the UAC settings in Control Panel to configure the sensitivity of UAC. Drag the UAC notification level on the left to the appropriate description of what it does on the right. The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is not displayed.
The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is not displayed. -Notify me only when apps try to make changes to my computer (do not dim the desktop) A UAC prompt and the secure desktop are displayed for 150 seconds. The user cannot perform any other actions until they respond to the prompt. -Always notify The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is displayed for 150 seconds. -Notify me only when apps try to make changes to my computer If logged on as a standard user, all actions requiring privilege elevation are automatically denied. -Never notify
You've configured an NFS share on your Windows server to support Linux client systems already joined to your domain. Click the options in the NFS Advanced Sharing window you would use to allow these clients to connect to the share. (Select three.)
To allow Linux systems already joined to your domain to connect to an NFS share, select the three Kerberos authentication options.
You have been hired as a consultant for a small business that is using Windows Server. Over the past week, the system has become unstable. You check the System Stability chart in Reliability Monitor and find the following information for the stability index each day: Monday = 9.19 Tuesday = 5.2 Wednesday = 6.4 Thursday = 8.7 Friday = 7.5 You want to look at information for the day that indicates the least stability. Which day would you look at first?
Tuesday
You manage a network with a single active directory domain called westsim.com Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. At 5:30pm, you get a call from Mary Hurd, a user in the sales department, stating that she can't log in. You use active directory users and computers and see the information shown in the image. You need to make sure Mary can log in. What should you do? (Select three.)
Unlock Mary's account Change the log in hours to extend past 5:30 pm Change Mary's account to never expire
You want to give the TPlask user the right to log on to any of the domain controllers in your domain and gain access to the desktop. This user does not belong to any of the default groups that have the Allow log on locally right by default. Which of the following steps can you take to give the Allow log on locally right to this user? (Select two. Each correct answer is a complete solution.)
Use Active Directory Users and Computers to add the TPlask user account to the Administrators group. Use Group Policy Management Editor to add the TPlask user account to the Allow log on locally policy.
Recently, some users in your domain have downloaded and installed an open source program that contains malware. After download, the application is installed by running a program with a .msi extension. The file is not digitally signed. You have a copy of this open source program running on your server, and it did not install any malware. The users that got the malware likely obtained the program from a website they did not know was malicious. How can you prevent users from installing this software if it has been tampered with?
Use AppLocker to create a Windows installer rule with a file hash condition.
You are the administrator of a network with a single active directory domain. You need to create 75 user accounts in the domain users container. You have a list of new user accounts that include an IP telephone number. The user accounts are available via an export from your company's HR application in the form of a comma-delimited file. You want to create the new accounts as quickly and easily as possible. What should you do?
Use Csvde to import user account using the .csv file.
You are the server manager for your company. You have just installed a new Windows server. You need to design a backup and recovery strategy for the server that meets the following requirements: • You will use Windows tools for the backups. • Backups are to be taken to an offsite location for storage after they are performed. • Backups should only save data changed since the last backup. • You need to be able to recover individual files and folders.
Use Windows Server Backup to create scheduled backups to a removable hard disk.
You manage user accounts in the southsim.com domain. Each department is represented by an organizational unit (OU). Computer and user accounts for each department have been moved to their respective OUs. When a new employee is hired in the sales department, you create the user account, add the user account to multiple groups, assign the user permissions to the sales contact database, and configure permissions to home and shared folders. Because of high turnover, you find that as users leave the organization, you spend several hours tracking down file ownership and reassigning permissions to other users. How can you simplify this?
Use a programming language to create a deprovisioning solution. Write scripts or routines that run automatically and reassign ownership and permissions when the user account is deleted
You manage a Windows computer that is shared by multiple users. Recently, a user downloaded and installed two malware programs on the computer. The applications had a .msi extension. What is the first line of defense in protecting your system against applications like these from being copied or downloaded to your system?
Use antimalware software that provides real-time protection.
You are the administrator for the westsim.com domain, which has five domain controllers running windows server. The active directory structure is shown in the image. All user and computer accounts have been placed in the department OUs. Main offices are located in Orlando, with additional offices in Boston, new york, and Chicago. There are three departments within the company, sales,. marketing, and accounting. Employees from each department are at each location. You want to appoint an employee in each department to help with changing passwords for users within their department. They should not be able to perform any other tasks. What should you do?
Use the Delegation of Control wizard. Grant each user administrator permissions to modify passwords for their department OU
You are the administrator of a network with a single active directory domain. The domain currently includes 75 user accounts. You have been asked to add 50 additional accounts. Your human resources manager has an existing database of employees that can be imported to active directory. you would like to use an automated method for data import if possible. What should you do? (Select two.)
Use the Ldifde.exe utility Use the Csvde.exe utility
You are the network administrator for westsim.com. The network consists of a single domain. The company has a file server named FS1 that hosts a share named SalesData for the sales department. You need to configure the SalesData share so that users will be allowed to view only the files and folders to which they have rights. What should you do?
Use the Shares panel in Server Manager to enable Access-based Enumeration (ABE) on the SalesData share.
You are the network administrator for eastsim.com. The network consists of a single domain. The main office contains a file server named FS1, which is running out of space. Another file server, which is named FS2, is available. It has 500 GB of free space. You need to move the C:\SalesData folder from FS1 to FS2. Before you move the folder, you need to perform a backup of the C:\SalesData folder in the minimum amount of time. What should you do?
Use the Windows Server Backup feature to perform a custom backup. On the Select Items for Backup page, select the C:\SalesData folder.
Your Windows Server has two volumes, C: and D:. For the D:\Reports\Finances.xls file, you explicitly grant the Mary user account the allow modify NTFS permission. You need to move the file from the existing folder to the C:\Reports2 folder. You want to keep the existing NTFS permissions on the file. You want to accomplish this with the least amount of effort possible.
Use the robocopy command to copy the file to the C:\Reports2 folder.
Select the policy node you would choose to configure who is allowed to manage the auditing and security logs.
User Right Assignments
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You have two OUs that contain temporary users, TempSales and TempMarketing. For all users within these OUs, you want to restrict what the users are able to do. For example, you want to prevent them from shutting down the system or accessing computers through a network connection. Which GPO category would you edit to make the necessary changes?
User Rights
Drag the DNS term on the left to the appropriate definition on the right. (Each term may be used once, more than once, or not at all.)
Uses the IP address to find the host name (or FQDN). Reverse lookup Client computers submit a DNS request to the DNS server and wait for a complete response. Recursion The process by which a DNS server or host uses root name servers and subsequent servers to perform name resolution. Recursion Uses the hostname (or the FQDN) to find the IP address. Forward lookup
You are the administrator of a network with a single active directory domain. Your domain contains three domain controllers and five member servers. Your security policy states that all accounts should be locked out after three unsuccessful logon attempts and that accounts must be reset only by an administrator. A GPO enforces these settings. You get a call, seven users are unable to log on. All seven accounts are locked out. Need to unlock with lease amount of effort. What should you do next?
Using Active Directory Users and Computers, select Unlock Account for each account
You want to use Restricted Groups to manage the membership of local groups on the domain member servers that you manage. You can define a restricted group in one of two ways: • Members of this group • This group is a member of The This group is a member of option is the preferred method for most use cases. Which of the following explains why this is the preferred method?
Using the This group is a member of option does not remove existing members of the group if they are not part of the restricted group.
You manage the branch office for your company network. The branch office has a single Active Directory domain, branch1.westsim.private. All computers in the branch office are members of the domain. The branch office consists of two subnets and 50 host computers. Each subnet has its own DHCP server, while a single server on Subnet2 is both the domain controller and DNS server. Dynamic updates are enabled on the DNS zone. On Subnet1, you have a shared printer attached to Wrk5. Only computers on Subnet1 use this shared printer. How can you most easily make sure that all hosts on Subnet1 will continue to connect to the shared printer by name, even if the DNS server becomes unavailable?
View the settings in the Default Domain GPO to verify that theTurn off Multicast Name Resolution option is not enabled.
You manage a network with a single active directory domain called westsim.com. Most of your users work from the office and access your on-premise domain controllers when they authenticate and use network resources, but you also have a few users who work remotely. Your company has just moved to office365 and is using the cloud-hosted versions of exchange and sharepoint for employees who work from home. You are considering using Azure AD to allow these employees to authenticate to the domain. Which of the following are options for deploying Azure AD? (Select two.)
You can deploy active directory domain controllers using the windows azure active directory saas cloud service You can install active directory domain controllers on windows azure virtual machines in the cloud
You are the network administrator for your company. You recently replaced the previous network administrator. The sales manager, Jim, calls you and reports that he cannot update a file in the \\ACCTSRV1\Reports share, which the previous network administrator created for him last Wednesday. Jim is a member of the Managers group, which should have full control of all files in the share. You examine the Reports share and the D:\Data\Reports folder on the server. Following is a summary of the current configuration: Folder NTFS Permissions Share Permissions D:\Data\Reports Shared as Reports Administrators (Allow-Full Control) Managers (Allow-Full Control) Everyone (Allow-Read) Everyone (Allow-Read)
change the Reports share permissions for the Everyone group to allow full control.
You are the administrator of a network with a single active directory domain. You would like to create a script to distribute to the help desk support staff for their needs when creating domain user accounts. The help desk staff will input various user account values and these values will be used in the script. Which of the following commands should your script include?
dsadd
You are the administrator of a network with a single active directory domain. the domain includes a user account named bob smith. you have been asked by the network security group to provide a listing of all domain groups to which bob smith is a member. You would prefer to use a command line utility so that the output can be saved and printed. Which command should you use?
dsget
You manage a windows server that is an active directory domain controller for your organization. You need to use command line tools to generate a list of all users in the domain and then view the value of the office property of each user. Which command should you use?
dsquery user -name * | dsget user -display -office
You need to use a powershell to generate a list of all active directory computer accounts located in just the computers container (cn=computers,dc=testoutdemo,dc=com)/ Which cmdlet should you use?
get-adcomputer -filter * -SearchBase "cn=Computers,dc=testoutdemo,dc=com"
You are the network administrator for westsim.com. The company is opening a new branch office in new york that will have 100 new users. all the information on the new accounts is contained in a file named branch.csv, which specifies a unique name and password for each user. You need to run a script to create the new accounts contained in the branch.csv file. The new accounts must be assigned the appropriate passwords as contained in the branch.csv file. Which commands should you run? (Select two.)
import-csv new-ADUser
After reconfiguring the static address of an internal web server named WEB3, your computer can no longer connect to WEB3. However, other users are still able to connect to the same web server. You suspect that your computer still has the old IP address for WEB3 in its DNS cache. Which command can you use to verify that this is the case before clearing the DNS cache on your computer?
ipconfig /displaydns
You manage a windows server that functions as your company's domain controller. You want to test a new network application in a lab environment prior to rolling it on to your production network. To make the test as realistic as possible, you want to export all active directory objects from your production domain controller and import them to a domain controller in the test environment. Which tools could you use to do this? (Select two.)
ldifde csvde
You manage a windows server that functions as your company's domain controller. Your organization was recently acquired by a larger organization, and the company name has changed as a result. You need to modify the company property of each user account in active directory. Which tools could you use to make this change? (Select two.)
ldifde dsmod
You have created an NFS share on your file FS1 server in the corpnet.com domain. The path of the shared folder is C:\Shared\NFSShare. You are now testing the configuration by trying to mount it to the /mnt directory on your Linux workstation. Use the drop-down list to fill in the blank in the following to correctly enter the command that will mount this share.
mount -t nfs
You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of admin remote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. You want the new computer to be joined to the domain using the same name as the old computer. Wh\at commands should you run?
netdom reset and then netdom join
Listed below are several DNS record types. Match the record type on the left with its function
srv mx a Ptr
You are visiting one of your company's branch offices to set up a new server and complete some general server management tasks. Employees in the branch office tell you they have been experiencing intermittent issues accessing a server in the home office. You send ICMP requests to the server at the home office from a workstation at the branch office using ping with the -t option. As it continues to send ping requests and receive replies, you find that the ping request times out every few minutes. You suspect that one of the routers between the branch office and the home office may be experiencing issues. Which troubleshooting tool can you use from a Windows workstation to see a map of the routers between the branch office and the home office?
tracert
Windows Defender is configured to regularly scan your system; however, you also want to scan a removable storage device you have just connected to your Windows system. Click the scan option you should use to accomplish this task.
use the Custom scan option.
Your server runs a regularly scheduled backup of user data and the server's system state. A user has accidentally deleted an important file and has no backup. You use the recovery wizard, which brings you to the recovery options screen shown below. Select an option you could use to make sure you don't copy over a potentially newer version of
• Another location: saving the file in another location will prevent overwriting a possibly newer file that might exist in the original location. • Create copies so that you have both versions: saving a copy of the file you are recovering with a different name gives you the chance to compare the files to see which one should be kept.
You have connected a print device to Srv6, which runs Windows Server. You have also shared the printer as Printer1 and granted the Everyone group permission to print to it. The department manager prints an important document. After waiting a few minutes for the document to print, he calls you to say it hasn't printed yet. You examine the print queue and notice two large documents ahead of his document in the queue. You increase the priority of his document so it will print as soon as possible. You want to configure the printer so that the manager's documents print as quickly as possible in g p g p q y p the future. What should you do?
• Create a second printer called Printer2. • Configure permissions on Printer2 to allow only the manager to print. • Set the priority on Printer1 to 1, and set the priority on Printer2 to 99.
Group Policies can be used to set the same notification levels at the domain level that can be set for local machines using the User Account Control (UAC) tool. You need to configure the Notify me only when programs try to make changes to my computer notification level using Group Policy. Which of the following Group Policies must be set to complete this configuration?
• The Behavior of the elevation prompt for administrators in Admin Approval Mode policy setting is set to Prompt for consent for non-Windows binaries. • The User Account Control: Switch to the secure desktop when prompting for elevation policy setting is enabled.