CIS 189 Chapter 2
7. Which of the following are built-in user accounts? (Choose all that apply.) a. Administrator b. Operator c. Anonymous d. Guest
a. Administrator d. Guest
11. Which of the following members can belong to the global group? (Choose all that apply.) a. Computer accounts b. Global groups from any domain c. User accounts d. Universal groups
a. Computer accounts c. User accounts
4. Which of the following components are collectively grouped together and referred to as the object's security descriptor? (Choose all that apply.) a. DACL b. Object owner c. SACL d. OUs
a. DACL b. Object owner c. SACL
5. An account named SrAdmin created an OU named QandA under the Operations OU. Which of the following is true by default? a. Domain Admins is the owner of the QandA OU. b. SrAdmin is the owner of the QandA OU and all objects created inside it. c. SrAdmin has all standard permissions except Full control for the QandA OU. d. The Everyone group has Read permission to the QandA OU.
a. Domain Admins is the owner of the QandA OU.
20. Which direct group scope conversion is allowed? a. Domain local to universal provided no domain local group is already a member b. Global to domain local without restriction c. Domain local to global provided no domain local group is already a member d. Universal to global without restriction
a. Domain local to universal provided no domain local group is already a member
17. Which of the following is a valid group scope? (Choose all that apply.) a. Global b. Domain local c. Forest d. Domain global
a. Global b. Domain local
6. Which of the following are user account categories? (Choose all that apply.) a. Local b. Global c. Domain d. Universal
a. Local c. Domain
9. Which of the following are true about user accounts in a Windows Server 2016 domain? (Choose all that apply.) a. The name can be from 1 to 20 characters. b. The name is case sensitive. c. The name can't be duplicated in the domain. d. Using default settings, PASSWORD123 is a valid password.
a. The name can be from 1 to 20 characters. c. The name can't be duplicated in the domain.
10. Which of the following account options can't be set together? (Choose all that apply.) a. User must change password at next logon. b. Store password using reversible encryption. c. Password never expires. d. Account is disabled.
a. User must change password at next logon. c. Password never expires.
16. Which of the following are considered security principals? (Choose all that apply.) a. Contacts b. Computer accounts c. User accounts d. Distribution groups
b. Computer accounts c. User accounts
15. You have decided to follow Microsoft's best practices to create a group scope that will allow you to aggregate users with similar rights requirements. Which group scope should you initially create? a. Global b. Domain local c. Local d. Universal
b. Domain local
19. Which of the following can be a member of a universal group? (Choose all that apply.) a. User accounts from the local domain only b. Global groups from any domain in the forest c. Other universal groups d. Domain local groups from the local domain only
b. Global groups from any domain in the forest c. Other universal groups
3. You have hired a new junior administrator and created an account for her with the logon name JrAdmin. You want her to be able to reset user accounts and modify group memberships for users in the Operations department whose accounts are in the Operations OU. You want to do this with the least effort and without giving JrAdmin broader capabilities. What should you do? a. In Active Directory Administrative Center, right-click the Operations OU, click Properties, and click Managed By. b. In Active Directory Users and Computers, right-click the Operations OU and click Delegate Control. c. Open the Operations Security tab and add JrAdmin to the DACL. d. Add JrAdmin to the Password Managers domain local group.
b. In Active Directory Users and Computers, right-click the Operations OU and click Delegate Control.
1. Which of the following are true about organizational units? (Choose all that apply.) a. OUs can be added to an object's DACL. b. OUs can be nested. c. A group policy can be linked to an OU. d. Only members of Domain Administrators can work with OUs.
b. OUs can be nested. c. A group policy can be linked to an OU.
8. Which of the following is not a valid user account name? a. Sam$Snead1 b. Sam*Snead35 c. SamSnead!24 d. Sam23Snead
b. Sam*Snead35
13. Over the past several months, Tom, who has access to sensitive company information, has signed in to computers in other departments and left them without signing out. You have discussed the matter with him, but the problem continues to occur. You're concerned that someone could access these sensitive resources easily. What's the best way to solve this problem? a. Ensure that all computers Tom is signing in to have screen savers set to lock the computer after 15 minutes of inactivity. b. Specify which computers Tom can sign in to in the domain by using the Log On To option in his account's properties. c. Move Tom's account and computer to another domain, thereby making it impossible for him to sign in to computers that are members of different domains. d. Disable local logon for Tom's account on all computers except Tom's.
b. Specify which computers Tom can sign in to in the domain by using the Log On To option in his account's properties.
22. A domain user signing in to the domain becomes a member of which special identity group? a. Creator Owner b. System c. Authenticated Users d. Anonymous Logon
c. Authenticated Users
12. Jane has left the company. Her user account is a member of several groups and has permissions and rights to a number of forest-wide resources. Jane's replacement will arrive in a couple of weeks and needs access to the same resources. What's the best course of action? a. Find all groups Jane is a member of and make a note of them. Delete Jane's user account and create a new account for the new employee. Add the new account to all the groups Jane was a member of. b. Copy Jane's user account and give the copy another name. c. Disable Jane's account. When the new employee arrives, rename Jane's account, assign it a new password, and enable it again. d. Export Jane's account and then import it when the new employee arrives. Rename the account and assign it a new password.
c. Disable Jane's account. When the new employee arrives, rename Jane's account, assign it a new password, and enable it again.
21. Which of the following is true about the Users domain local group? a. It's in the Users folder. b. It can be converted to a global group. c. Domain Users is a member. d. Its members can log on locally to a domain controller.
c. Domain Users is a member.
24. A user is having trouble signing in to the domain from a computer that has been out of service for several months, and nobody else can seem to sign in from the computer. What should you try first to solve the problem? a. Reinstall Windows on the workstation and create a new computer account in the domain. b. Rename the computer and create a new computer account with the new name. c. Reset the computer account, remove the computer from the domain, and rejoin it to the domain. d. Disable the computer account, remove the computer from the domain, and rejoin it to the domain.
c. Reset the computer account, remove the computer from the domain, and rejoin it to the domain.
14. You have noticed the inappropriate use of computers for gaming and Internet downloads by some employees who come in after hours and on weekends. These employees don't have valid work assignments during these times. You have been asked to devise a solution for these employees that doesn't affect other employees or these employees' computers during working hours. What's the best solution? a. Install personal firewall software on their computers in an attempt to block the gaming and Internet traffic. b. Request that the Maintenance Department change the locks on their office doors so that they can enter only during prescribed hours. c. Set the Logon Hours options for their user accounts. d. Before you leave each evening and before the weekend, disable these employees' accounts and re-enable them the next working day.
c. Set the Logon Hours options for their user accounts.
18. What happens if a security group that's an ACE in a shared folder is converted to a distribution group? a. A security group can't be converted to a distribution group if it has already been assigned permissions. b. The group is removed from the DACL automatically. c. The group remains in the DACL, but the ACE has no effect on members' access to the resource. d. The group remains in the DACL, and permissions assigned to the group affect access to the resource as though it were still a security group.
c. The group remains in the DACL, but the ACE has no effect on members' access to the resource.
25. Which commands can you use together to change attributes of several users at once? a. dsget and dsadd b. dsget and dsmod c. dsquery and dsmod d. dsquery and dsget
c. dsquery and dsmod
2. You want to see the permissions set on an OU, so you open Active Directory Users and Computers, right-click the OU, and click Properties. After clicking all the available tabs, you can't seem to find where permissions are set in the Properties dialog box. What should you do? a. Log on as a member of Enterprise Admins and try again. b. In the Properties dialog box, click the Advanced button. c. Right-click the OU and click Security. d. In Active Directory Users and Computers, click View, Advanced Features.
d. In Active Directory Users and Computers, click View, Advanced Features.
23. Which of the following creates a file named disabled.txt containing a list of disabled Active Directory accounts? a. net accounts /show disabled b. ldifde -accounts -property=enabled -value=false c. Query-Account -Disable=True | disabled.txt d. Search-ADAccount -AccountDisabled > disabled.txt
d. Search-ADAccount -AccountDisabled > disabled.txt
