Chapter 1-9 Lab Questions CIST 2412
The ADMX central store holds policy definition files used for updating changes between domain controllers. What is the file extension of these files? a. .csadm b. .csxml c. .xml d. .admx
.admx
The ADMX central store holds policy definition files used for updating changes between domain controllers. What is the format of these files? a. .adm b. .admx c. .xml d. .xlsx
.xml
You are creating a new Active Directory (AD)forest. How many naming contexts for the entire AD Forest?
1
You have three sites, and each site has five domains. How many global catalog servers should you add in each site? a. 1 b. 5 c. 10 d. 3
1
When creating a federated web SSO with forest trust, how many forests are involved? a. 1 b. 2 c. multiple
2
How many domain functional levels does Windows Server 2016 support? a. 5 b. 7 c. 9 d. 10
5
To allow WinRM service to receive network requests, which port should you open in the Windows Firewall policy? 5985 8080 443 53 80
5985
Windows Server 2000 includes the original domain functional levels provided by AD. Which of the choices is not included? a. AES support b. universal groups c. SID history d. group conversion
AES support
Which snap-in should you use to check whether the domain controller is a global catalog server? a. Active Directory Domains and Trusts b. Active Directory Sites and Services c. Server Manager d. Active Directory Users and Computers
Active Directory Sites and Services
The command "Add-WindowsFeature AD-Domain-Services" is used to _________> a. Add a domain feature b. Add AD DS c. Update the GC d. None of these
Add AD DS
Group Policy Container (GPC) contains which of the following attributes? a. name of the GPO b. file path to GPT c. version d. status e. all of the above
All of the above
In Active Directory the administrator account is NOT a member of which of the following domains? a. Enterprise admins b. Schema admins c. Domain admins d. Protected users e. All of these
All of these
When adding Roles and Features with Server Manager, which of the choices are recommended in the Domain Services Configuration Wizard? a. Administrator account has a strong password b. Your network settings are configured c. The latest security updates are installed d. All of these
All of these
When configuring autoenrollment, which choice is available? a. enroll subject without requiring any user input b. prompt the user during enrollment c. prompt the user during enrollment and require user input when the private key is used d. all of these are correct
All of these are correct
When preparing a DC for cloning, which of the following statements should be true ? a. The DC to be cloned must be running Windows Server 2012 or later b. The PDC emulator FSMO role must be running Windows Server 2012 or later c. A GC server must be available d. The following server roles must not be installed on the source DC: DHCP, Active Directory Certificate Services (AD CS), and Active Directory Lightweight Directory Services (AD LDS) e. All statements are true
All statements are true
Which acronym best describes a document that describes how a CA issues certificates? a. AD C5 b. CPR c. CRL d. CPS
CPS
When installing AD DS on a domain controller, what must also be present or installed? a. GC server b. DNS Server role c. AD child domains d. None of these
DNS Server role
The PowerShell cmdlet Get-Command-module GroupPolicy can be used to perform which of the following functions? a. Imports settings from a backed-up GPO to an existing GPO b. Links a GPO to a site, domain or OU c. Displays a list of all group policy-related cmdlets d. Gets information about one GPO or all GPOs in the domain e. None of these are correct
Displays a list of all group policy-related cmdlets
You have a forest named PLAB.com and two domains, PLABA and PLABB. You want to add the users from both the domains to a group that should be restricted within the PLABA domain. Which type of group scope should you set for this group? Global Either Global or Universal Universal Domain Local
Domain Local
Which of the following services does Windows 10 provide?
FTP
(T/F) One of the benefits introduced with Windows Server 2008 for RODC installation was the ability to replicate with Windows Server 2003.
False
In which condition is a RODC not an option? a. Creating IFM data b. First DC in a domain c. Creating a GC server d. Multiple DC's
First DC in a domain
The PowerShell cmdlet Get-GPO can be used to perform which of the following functions? a. Imports settings from a backed-up GPO to an existing GPO b. Links a GPO to a site, domain or OU c. Displays a list of all group policy-related cmdlets d. Gets information about one GPO or all GPOs in the domain e. None of these are correct
Gets information about one GPO or all GPOs in the domain
What does the group nesting depend on?
Group scope of the groups being nested
If you enable WinRM using a GPO, which protocol does it use? SSH HTTPS RDP1 HTTP
HTTP
The PowerShell cmdlet Import-GPO can be used to perform which of the following functions? a. Imports settings from a backed-up GPO to an existing GPO b. Links a GPO to a site, domain or OU c. Displays a list of all group policy-related cmdlets d. Gets information about one GPO or all GPOs in the domain e. None of these are correct
Imports settings from a backed-up GPO to an existing GPO
Why should there be more than one domain controller in a domain? [Choose all that apply.]
Improved performance redundancy Enhance recoverability
What is the output of the following command? Enter-PSSession -ComputerName PLABDM01
It will open a remote PowerShell session on PLABDM01.
You are configuring common GPO properties for folders. You want to specify that only portable computers that are docked have a preference applied. Which choice will accomplish this? a. item-level targeting b. stop processing items in this extension if an error occurs c. run in logged-on user's security context (user policy option) d. apply once and do not reapply
Item-level targeting
Which of the following tool allows you to modify the Active Directory Schema? Windows PowerShell CSVDE LDIFDE Dsadd
LDIFDE
Which of the following tools is likely to provide an output in the following manner: dn: OU=APAC,DC=PRACTICELABS,DC=COMdn: OU=IT,OU=APAC,DC=PRACTICELABS,DC=COMdn: CN=GlobalIT,OU=IT,OU=APAC,DC=PRACTICELABS,DC=COM a. CSVDE b. Windows PowerShell c. Dsadd d. LDIFDE
LDIFDE
The PowerShell cmdlet New-GPlink can be used to perform which of the following functions? a. Imports settings from a backed-up GPO to an existing GPO b. Links a GPO to a site, domain or OU c. Displays a list of all group policy-related cmdletsd. Gets information about one GPO or all GPOs in the domaine. None of these are correct
Links a GPO to a site, domain or OU
On your Windows 10 system, if you execute the command gpedit.msc in the Run dialog box, which of the following snap-in will open? Local Group Policy Editor Group Policy Editor Local Security Policy Editor Group Policy Management Console
Local Group Policy Editor
When a group or user group policy setting is in the scope of a GPO it is manage by a GPO. What type of scope is changed to its original configuration outside the GPO? a. managed policy setting b. unmanaged policy setting c. log on locally d. none of these
Managed policy setting
What new feature in Server 2016 provides a light-weight server geared toward use of virtual machines?
Nano Server
Which of the following command should you use to verify the existence of SRV records? a. telnet b. Nslookup c. Ping d. Netstat
Nslookup
During the installation of the first DNS server on your domain, what would allow you to create DNS delegation? a. First DC b. No other DC's c. Other DC's present d. None of these
Other DC's present
You are configuring fine-grained password policies to configure multiple password and account lockout policies for different sets of user accounts. Which acronym describes the Active Directory object you are configuring? a. GPO b. PPl c. PSO d. FGPP
PSO
Which RODC Password Replication option is NOT available to the domain local users group? a. Password replication to RODC b. Password expiration c. Password time restrictions d. All of these
Password replication to RODC
Which is the Windows Server command-line interactive scripting environment?
PowerShell
Which choice is NOT an AD RMS Certificate type? a. SCP b. SLC c. RAC d. CLC e. Machine certificate
SCP
How is a RID master identified on the internal domain? a. SID b. RID c. PDC emulator d. none of these
SID
Which of the following records are created when a new domain controller is created in a Windows Active Directory domain? a. AAAA b. SRV c. CNAME d. MX e. A
SRV
When configuring DNS options, which choice is a shared system folder that is replicated to other domain controllers? a. SYSVOL b. database c. log files d. all of these
SYSVOL
What single interface in the Server desktop allows you to install, configure, and remove server roles and features?
Server manager
Which Kerberos authentication and authorization component is also known as a session ticket? a. ticket-granting tickets b. service ticket c. timestamp d. renewal ticket
Service ticket
Which PowerShell cmdlet would change the MSA settings? a. Set-ADServiceAccount b. Get-ADServiceAccount c. Set-ADSA d. all of the above
Set-ADServiceAccount
Which of the following task must you perform before deleting the files from the C:\Windows\SoftwareDistribution folder? Assign write permission on the folder Kill the Windows Update process Disconnect the system from the domain Stop the wuauserv service
Stop the wuauserv service
You have been asked to set up Kerberos constrained delegation on a domain account used as a service account. This would limit delegation to specific services on specific servers. Which Delegation tab option would you choose? a. do not trust this user for delegation b. trust this user for delegation to specified services only c. trust this user for delegation to any service (Kerberos only) d. restrict service delegation
Trust this user for delegation to specified services only
If a domain is set in the Mixed mode and not in the native mode, which of the following group scope is unavailable? Universal Domain Local Global Both Global and Universal
Universal
You want to see what a command in PowerShell cmdlet does without executing it. Which parameter will accomplish this? a. -Help b. -Whatif c. Get-Help d. Add
Whatif
Which new feature in Server 2016 allows you to run applications so they are isolated from the OS and other applications?
Windows containers
Which groups are granted Add workstations to domain rights by default? a. domain admins b. account operators c. authenticated users d. all of the above
all of the above
When creating an external trust which domains are not supported? a. Windows 2008 b. Windows 2003 c. Windows 2000 d. Windows NT e. all of these are supported
all of these are supported
According to the text, when using the certutil -viewstore command to view the AD certificate store, which tool is used? a. run box b. command prompt c. PowerShell d. all of these
command prompt
You administer a corporate domain consisting of the main office and several national branch offices. When evaluating the trusts between these local and remote servers you find that a Windows 2000 domain is not present and cannot be configured. What can be done to resolve this issue efficiently? a. upgrade the remote server OS b. reset remote domain services c. upgrade remote server to Kerberos v5 d. create external trust
create external trust
The New-GPO cmdlet can be used to facilitate which of the following functions in PowerShell? a. links to a GPO to a site, domain or OU b. displays a list of all group-policy related cmdlets c. gets information about one GPO or all GPOs in the domain d. creates a GPO
creates a GPO
Which local group is used as a security measure to prevent sensitive passwords from being stored on RODCs? a. denied RODC password replication group b. domain admins c. enterprise admins d. schema admins
denied RODC password replication group
Which statement is true regarding the Active Directory Recycle Bin? a. disabled by default b. can be disabled easily c. runs on Windows Server 2003 or later d. all of the above
disabled by default
How often does Garbage collection run on a DC? a. every 180 days b. every 12 hours c. based on tombstone settings d. any of these
every 12 hours
Claim rules are conditions that determine what attributes are required in a claim and how claims are processed by the federation server. There are two types of claim rules. Which choice is NOT applicable? a. relying party trust claim rules b. claims provider trust claim rules c. federation server claim rules
federation server claim rules
When working with managed service accounts to be used on multiple servers, which account type would be used? a. GSA b. MgSA c. gSA d. gMSA
gMSA
Which action would you take to apply Group Policies to a computer account? a. use Active Directory Users and Computers b. move computer account into a custom OU c. change default location d. none of these
move computer account into a custom OU
A multinational organization will generally have _________ domains. a. one b. two c. three d. multiple
multiple
When a DC database becomes corrupted, what method is used to restore it? a. restartable active directory b. active directory metadata c. nonauthoritative restore d. none of these
nonauthoritative restore
When a client's certificate revocation status is checked, which option does not download the certificate revocation list? a. online responder b. smart card c. NDES d. KRA
online responder
You need to establish a trust to integrate users running Windows, Linux, UNIX, and Mac OS systems. What type of external trust would you use? a. transitive b. conditional c. referral d. realm
realm
You are in the process of establishing trusts with external domains and are experiencing significant delays. What would be the cause? a. two-way trusts take longer b. transitive trusts take longer c. referrals take longer d. forest trusts take longer
referrals take longer
A computer has been offline for 60 days. When you bring it online, it will not access the domain. How do you resolve this? a. synchronize the computer password b. reset computer password c. reset computer account d. all of the above
reset computer account
Using AD FS terminology, the trusting company is referred to as which of the following choices? a. account partner b. resource partner c. relying party d. relying partner
resource partner
In you AD forest you want some but not all forest users to be authenticated. What is your solution? a. selective authentication b. forest-wide authentication c. disable authentication for selected forest d. remove server from forest
selective authentication
You administer a corporate forest consisting of the main office and several national branch offices. When evaluating the trusts between these local and remote servers you find that one is not present and cannot be configured. What could be a contributing factor on the missing server? a. trusts are not automatically configured b. server is running Windows Server 2003 c. server is running Windows Server 2008 d. all of these are correct
server is running Windows Server 2003
When deciding between a Standalone CA and an Enterprise CA, which would offer services to non-Windows clients? a. enterprise b. standalone c. both of these d. neither of these
standalone
What type of trust does a shortcut trust take? a. one-way b. two-way c. transitive d. conditional
transitive
You are experiencing delays establishing a trust to an external domain. How can you quickly resolve this? a. use referral b. use a shortcut trust c. initiate trust from remote domain d. all of these would work
use a shortcut trust
You have been asked to add a temporary group to escalate their capabilities. What is the best solution? a. add group to desired level then remove b. set temporary membership c. raise group functional level d. use privileged access management
use privileged access management
You have changed an Active Directory local security policy secret and the new settings cannot wait for the normal update interval. How would you handle this scenario? a. update directly in policy editor b. update local DC policy c. use urgent replication d. force update
use urgent replication
What is considered the simplest implementation of AD FS? a. federated SSO b. forest trust c. web SSO d. these are all simple implementations
web SSO
