Windows Server Test 2
Which MMC is added after Active Directory installation?
* Active Directory Domains and Trusts * ADSI Edit
Which of the following best describes DNS?
* Hierarchical Database * Distributed Database
Which of the following is true about OU (Organizational Units)?
* OU (Organizational Units) can be nested * a group policy can be linked to an OU (Organizational Units)
Which of the following is true about stub zones?
* Their records are updated by the primary server automatically. * They contain SOA and NS records.
Which of the following is a built-in user account?
* administrator * guest
which of the following is associated with an Active Directory forest?
* can contain trees with different naming structures * allows independent domain administration * represents the broadest element in Active Directory
Which of the following is considered a leaf object?
* computer account * shared folder
Which of the following is considered a security principal?
* computer accounts * user accounts
You want a DNS server to handle queries for a domain with a standard primary zone hosted on another DNS server, and you don't want the server to be authoritative for that zone. How should you configure the server? (Choose all that apply)
* configure a stub zone on the DNS server * configure a forwarder on the DNS server
Which of the following is a directory partition?
* domain directory partition * schema directory partition * configuration partition
to which of the following can a GPO (Group Policy Object) be linked?
* domains * sites
which of the following is a feature of Active Directory?
* fine-grained access controls * can be distributed among many servers
Which of the following is a valid group scope?
* global * domain local
Which of the following can be a member of a universal group?
* global groups from any domain in the forest * other universal groups
Which of the following is a user account category?
* local * domain
Which of the following is a local GPO on window s8.1 computer?
* local administrators * local non-administrators
Which of the following is an inbound and outbound rule type you can create with Windows Firewall with Advanced Security?
* program * port
all domains in the same forest have which of the following in common?
* schema * global catalog
which of the following is the responsibility of a domain controller?
* storing a copy of the domain data * providing data search and retrieval functions * providing authentication services
None of the computers in an OU seem to be getting computer policies from the GPO linked to the OU, but users in the OU are getting user policies from this GPO. Which of the following is a possible reason that computer policies in the GPO aren't affecting the computers? (Choose all that apply.)
* the Computer Configuration settings are disabled * the computer accounts have a Deny Read permission
Which of the following is true about user accounts in a Windows Server 2012/R2 domain?
* the name can be from 1 - 20 characters * the name can't be duplicated in the domain
You're having trouble with logons and other domain operations in your domain named csmtech.local. You want to verify that your domain clients can find domain controllers. Which of the following can you do?
* use the dcdiag /test:DNS /DnsRecordRegistration command. * look at the %systemroot%\system32\config\netlogon.DNS file.
Which of the following account options can't be set together?
* user must change password at next logon * password never expires
which commands can you use together to change attributes of several users at once?
*dsquery* and *dsmod*
Your company just opened a small branch office where 10 computer users will work. You have installed a single Windows Server 2012/R2 computer configured as a member server for basic file and print server needs. Users require DNS for internet access and to resolve names of company resources. You decide to install DNS on the existing server. Which of the following types of installations makes the most sense?
A primary server hosting a standard zone
A resource record containing an alias for another record is which of the following record types?
CNAME
Which is the correct order in which DNS client tries to resolve a name?
Cache, hosts file, DNS server
You're having replication problems with your GPOs and suspect that the version numbers have somehow gotten out of sync between the GPT and the GPC. What can you do to verify the version numbers on a GPO?
Check the versionNumber attribute of the GPC and open the GPT.INI file
You're in charge of a standard primary zone for a large network with frequent changes to the DNS database. You want changes to the zone to be transmitted as quickly as possible to all secondary servers. What should you configure and on what servers?
Configure DNS notifications on the primary zone server
You want to create policies in a new GPO that affects only computers with Windows 7 installed. You don't want to reorganize your computer accounts to do this, and you want computers that are upgraded to Windows 8.1 to fall out of the GPO's scope automatically. What can you do?
Configure a WMI filter on the GPO that specifies Windows 7 as the OS. Link the GPO to the domain
You have a DNS server outside your corporate firewall that's a stand-alone Windows Server 2012 R2 server. It hosts a primary zone for your public Internet domain name, which is different from your internal Active Directory domain names. You want one or more of your internal servers to be able to handle DNS queries for your public domain and to serve as a backup for the primary DNS server outside the firewall. Which configuration should you choose for internal DNS servers?
Configure a standard secondary zone
You're a consultant for a small company that uses eight Windows 8.1 computers in a workgroup configuration. The owner asked you to set restrictive policies on users to prevent them from making Control Panel, desktop, and other changes. The owner wants to be exempt from these policies but shouldn't be a member of the local Administrators group. What should you do?
Configure the Local computer Policy object, and then configure a user-specific GPO for the owner.
Jane has left the company. Her user account is a member of several groups and has permissions and rights to a number of forest-wide resources. Jane's replacement will arrive in a couple of weeks and needs access to the same resources. What's the best course of action?
Disable Jane's account. When the new employee arrives, rename Jane's account, assign it a new password, and enable it again.
Which of the following is true about the Users domain local group?
Domain Users is a member
You have Windows Server 2012/R2 DNS servers, Windows Server 2008 DNS servers, and two old Windows Server 2000 DNS servers in a Windows domain. You just created a new zone, newzone.com, that you want replicated by Active Directory to all DNS servers. Where should you store the zone?
Domain partition
You have a zone containing two A records for the same hostname, but each A record has a different IP address configured. The host records point to two servers hosting a high-traffic Web site, and you want the servers to share the load. After some testing, you find that you're always accessing the same Web server, so load sharing isn't occurring. What can you do to solve the problem?
Enable the round robin option on the server.
A DNS server that can't resolve a query from its local data sends a recursive query to a root server. True or False?
False
A user-specific local GPO takes precedence over a site-linked GPO. True or False?
False
DNS ServerA forwards a query to ForwarderB, which replies with a "not found" message. DNS ServerA continues the lookup by querying a root server. True or False?
False
Global groups can have domain local groups as members. True or False?
False
Sam*Snead is a valid user account? True or False
False
The Users domain local group int eh Builtin folder can be a member of the local Administrators group on a Windows client OS computer
False
To resolve a query, a DNS server looks in its local cache first. True or False?
False
What type of record does DNS create automatically to resolve the FQDN of an NS record?
Glue A records
when installing an additional DC in an existing domain, which of the following is an option for reducing replication traffic?
IFM (Istall From Media) method
You have two DCs, each with three Active Directory-integrated zones. You're getting inconsistent DNS lookup results and suspect a problem with Active Directory replication. What tool can you use to investigate the problem?
IPCONFIG
You have hired a new junior administrator and created an account for her with the logon name JrAdmin. You want her to be able to reset user accounts and modify group memberships for users in the Operations department whose accounts are in the Operations OU. You want ot do this with the least effort and without giving JrAdmin broader capabilities. What should you do?
In Active Directory Users and Computers, right-click the Operations OU and click Delegate Control.
A user is having trouble logging on to the domain from a computer that has been out of service for several months, and nobody else can seem to log on from the computer. What should you try first to solve the problem?
Reset the computer account, removed the computer from the domain, and rejoin it to the domain.
Which of the following creates a file named *disabled.txt* containing a list of disabled Active Directory accounts?
Search-ADAccount -AccountDisabled > disabled.txt
which of the following is *not* associated with an Active Directory tree?
a container object that can be linked to a GPO (Group Policy Object)
You want to configure an inbound firewall rule that allows a connection only if the computer trying to make the connection is authenticated. What option should you select?
allow the connection if it is secure
by default, when are policies set in the user configuration node applied?
at user logon
Which of the following is the core logical structure container in Active Directory?
domain
which container has a default GPO (Group Policy Object) linked to it?
domain
an account names SrAdmin created an OU named QandA under the Operations OU. Which of the following is true by default?
domain admins is the owner of the QandA OU.
which direct group scope conversion is allowed?
domain local to universal, provided no domain local group is already a member
which is responsible for management of adding, removing and renaming domains in a forest?
domain naming master
Which of the following is associated with installing the first domain controller in a forest?
global catalog
Which of the following accurately represents an FQDN?
host.subdomain.domain.top-level-domain
you want to see the permissions on an OU (Organizational Units), so you open Active Directory Users and Computers, right-click the OU, and click Properties. After clicking all the available tabs, you can't seem to find where permissions are set in the properties dialog box. What should you do?
in Active Directory Users and Computers, click View, Advanced Features
which type of account is *not* found in Active Directory?
local user account
You have created a GPO named RestrictU and linked it to the Operations OU (containing 30 users) with link order 3. RestricU sets several policies in the User Configuration node. After a few days, you realize the Operations OU has three users who should be exempt from the restrictions in this GPO. You need to make sure these three users are exempt from the RestrictU's settings, but all other policy settings are still in effect for them. What's the best way to proceed?
move the three users to a new OU. Create a GPO with settings appropriate for the three users, and link it to the new OU.
Which of the following defines the types of information stored in an Active Directory object?
permissions
When a DNS server responds to a query with a list of name servers, what is the response called?
referral
Which of the following specifies what types of actions a user can perform on a computer or network?
rights
Which of the following defines the types of objects in Active Directory?
schema classes
which of the following best describes a directory service?
similar to a database program but with the capability to manage objects
which of the following is a component of Active Directory"s physical structure?
sites
you have an Active Directory forest of two trees and eight domains. You haven't changed any operations master domain controllers. On which domain controller is the schema master?
the first domain controller in the forest root domain
All your domain controllers are running Windows Server 2012 R2. You're noticing problems with the GPT replication. What should you check?
verify that DFSR is operating correctly
You want to have a library of GPOs that specify baseline settings for different policy categories, and you can use this library to create new GPOs with baseline settings already configured. What's the best way to accomplish this?
Create Starter GPOs for each policy category you want to configure.
You want to make changes to policy settings that affect File Explorer. The settings are in the Administrative Templates folder of the User Configuration node. You want the settings to affect all users in the domain. Which of the following is the best way to accomplish this?
Create a GPO, configure the policy, and link the GPO to the Domain object.
You have several hundred client computers using WINS to resolve names of some enterprise servers. Many of the client computers are laptops used to connect to the network remotely. You're trying to eliminate WINS from your network to reduce the number of protocols and services you must support. What can you do, with the least administrative effort, that allows you to stop using WINS yet still allows clients computers to use a single-label name for accessing enterprise servers?
Create a GlobalNames zone and add CNAME records for enterprise servers.
You have been working with the ADMX files to modify the existing Administrative Templates and create new templates. You work on different domain controllers, depending on your location. Despite a concerted effort, your ADMX files are getting out of sync. How can you solve this problem?
Create an ADMX store in SYSVOL share, and copy the ADMX files to the ADMX store.
Your network consists of three sites and two domains, with some computers from both domains at each site. Each site has certain security settings that should apply to all computers from both domains when they're located at the site. What's the best way to ensure that the correct security settings are applied to the computers at each site?
Create three GPOs, one for each site, with the appropriate security settings. Apply the GPOs to the corresponding site, and enforce the GPO
In Active Directory, all your computer accounts are in the Computers folder, and all your user accounts are in the Users folder. you need to configure an AppController policy that affects users who log on to the computers in the Engineering Department. Which of the following is the best way to accomplish this?
Move the Engineering Department computer accounts to a new OU named Eng. Create a new GPO, configure the AppController policy, and link the GPO to the Eng OU.
a domain user logging on to the domain becomes a member of which special identity group?
Authenticated Users
You want to verify whether a PTR record exists for server1.csmtech.local host, but you don't know the server's IP address. Which of the following commands should you use to see whether a PTR record exists for server1.csmtech.local?
Nslookup server1.csmtech.local, and then nslookup IPAddress returned from the first nslookup
You manage the DNS structure on your network. The network security group has decided that only one DNS server should contact the Internet. Under no circumstances should other servers contact the Internet for DNS queries, even if the designated server is down. You have decided that the DNS server named DNS-Int should be the server allowed to contact the Internet. How should you configure your DNS structure to accommodate these requirements?
On each DNS server except DNS-Int, configure a forwarder pointing to DNS-Int. Disable the use of root hints if no forwarders are available. No changes are necessary on DNS-Int.
What type of resource record is necessary to get a positive response from the command nslookup 192.168.100.10?
PTR
You have just finished setting up your DNS infrastructure, and the DNS process seems to be working well. You want to be able to create a baseline of performance data so that if slowdowns occur later, you have information for comparison purposes. Which tool should you use?
Performance Monitor
which of the following is *not* part of Active Directory's logical structure?
DC (Domain Controller)
Where is a GPT stored?
In a folder named the same as the GUID of the GPO in the SYSVOL share
The DNS server at your headquarters holds a standard primary zone for the abc.com domain. A branch office connected by a slow WAN link holds a secondary zone for the abc.com. Updates to the zone aren't frequent. How can you decrease the amount of WAN traffic caused by the secondary zone checking for zone updates?
In the SOA tab of the zone's Properties dialog box, increase the refresh interval.
Which type of connection security rule should you configure if you want to prevent computers in your domain from connecting to to computers outside the domain?
Isolation
You're scanning the local cache on a DNS client, and you come across the notation ::1. What does it mean
It's the IPv6 localhost address
the protocol for accessing Active Directory objects and services is based on which of the following standards?
LDAP
You have created a GPO that defines settings only in the Local Policies node. You want the settings to apply to all computes in the domain and take precedence over any other GPOs. Which of the following is the best approach?
Link the new GPO to the domain, and then right-click the new GPO and click Enforced.
Which of the following represents the correct order in which GPOs are applied to an object tha falls within the GPO'S scope?
Local GPOs, site, domain, OU
Which of the following is t a default folder object?
computer
You have noticed inappropriate use of computers for gaming and internet downloads by some employees who come in after hours and on weekends. These employees don't have valid work assignments during these times. You have been asked to devise a solution for these employees that doesn't affect other employees or these employees' computers during work hours. What's the best solution?
Set the Logon Hours options for their user accounts.
Over the past several months, Tom, who has access to sensitive company information, has logged on to computers in other departments and left them without logging off. you have discussed the matter with him, but the problem continues to occur. You're concerned that someone could access these sensitive resources easily. What's the best way to solve this problem?
Specify which computers Tom can log on to in the domain by using the Log On To option in his account's properties.
Which of the following sets the profile for each network connection on your computer?
The Network Location Awareness feature
What happens if a security group that's an ACE in a shared folder is converted to a distribution group?
The group remains in the DACL, but the ACE has no effect on members' access to the resource.
Objects in an OU with the Block Inheritance option set are affected by a domain-linked GPO with the Enforced option set. True or False?
True
When a policy setting in Computer Configuration and User Configuration in the same GPO conflict, the Computer Configuration policy setting takes precedence. True or False?
True
You want to configure an encrypted and authenticated connection between two gateway computers. What rule type should you configure in the New Connection Security Rule Wizard?
Tunnel
What group policy feature should you use if you have a policy linked to an OU that contains computer accounts but want the policy to affect only computers running Windows 7? You don't know exactly which computer accoutns represent the computers running Windows 7.
WMI filtering
You're concerned that some domain controllers and workstations don't meet security requirements. What should you do to verify security settings on a computer against a list of known settings?
create a security database from a template and run *secedit.exe*.
