WS2016 Identity

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

ADMX and ADML files are placed under what directory within Windows?

%systemroot%\PolicyDefinitions

The folders containing Group Policy Templates (GPTs) can be found under what folder on a domain controller?

%systemroot%\SYSVOL\sysvol\domain\Policies

An administrative template file using what file extension provides a language specific user interface in the Group Policy Management Editor?

.adml

The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon?

/sync

An authenticated user can add up to how many computer accounts to the domain, by default?

10

A service ticket by default lasts for how long

10 hours

By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely?

180 days

How often is the password for a computer account changed by Active Directory?

30 days

The Default Domain Policy sets the maximum password age to what value?

42 days

By default, the maximum tolerance for computer clock synchronization is set to what value

5 minutes

How often are Group Policy Objects updated on domain controllers

5 minutes

A slow link, by default, is a network connection that's less than which of the following?

500 Kbps

By default, Windows password policy requires a minimum password of what length?

7 characters

By default, what is the maximum period during which a TGT can be renewed?

7 days

Select the special character below that cannot be used within an account username. # ? . !

?

What are the two main functions of user accounts in Active Directory?

A method for user authentication to the network Provide detailed information about a user

What feature, once activated, can not be disabled without reinstalling all domain controllers within a forest?

Active Directory Recycle Bin

When a GPO is linked to a site object, what will be affected?

All users and computers physically located at the site

Which special identity group specifically includes any user account (except the Guest) logged into a computer or domain with a valid username and password

Authenticated Users

How can an administrator test an MSA to ensure that it can access the domain with its current credentials, or can be installed on a member computer?

By using the Test-ADServiceAccount cmdlet

Under the Computer Configuration, which folder contains settings related to the Regional and Language Options, User Accounts, and Personalization options?

Control Panel

What policy is a GPO linked to the Domain Controllers OU and specifies the default policy settings for all domain controllers?

Default Domain Controllers Policy

An administrator has discovered that several critical parts of Active Directory have been deleted. What boot mode can be used to perform restoration?

Directory Services Restore Mode (DSRM)

What Active Directory replication method makes use of remote differential compression (RDC)?

Distributed File System Replication (DFSR)

Select the true statement regarding the conversion of group scope: a. Universal groups can be members of global groups b. Domain local groups can be converted to universal, the domain local group must not contain other domain local groups c. Global groups can't be converted to universal groups d. Universal groups that are members of other universal groups can be converted to domain local groups

Domain local groups can be converted to universal, the domain local group must not contain other domain local groups

Select the GPO permission that provides the ability to change existing settings, import settings, and enable or disable a GPO, but is not granted to any user by default.

Edit settings

Select the term used to describe forcing inheritance of settings on all child objects in the GPO's scope, even if a GPO with conflicting settings is linked to a container at a deeper level.

GPO enforcement

Which of the following are ways to change default GPO inheritance?

GPO enforcement blocking inheritance

What defines the objects that a Group Policy Object affects

GPO scope

What defines which objects are affected by settings in a GPO?

GPO scope

An administrator needs to know which servers carry forest-wide roles. What PowerShell cmdlet can be used to display this information?

Get-ADForest

What specific tool allows you to create GPOs, view a GPO's settings, link and unlink GPOs with containers, and manage the inheritance settings of GPOs?

Group Policy Management Console

Select the specific tab within the Group Policy Management Console that will allow you to view which policies affect a domain or OU and where the policies are inherited from.

Group policy inheritance

Settings in the Computer Configuration node of Administrative Templates will impact which registry key below?

HKEY_LOCAL_MACHINE

Settings under the User Configuration node affect what Registry key?

HKEY_LOCAL_USER

What PowerShell cmdlet below will install the Active Directory Domain Services role?

Install-WindowsFeature AD-Domain-Services

What specific authentication protocol used in a Windows domain environment to authenticate logons and grant accounts access to domain resources?

Kerberos

What component of Kerberos is responsible for storing keys for encrypting and decrypting data in the authentication process?

Key Distribution Center

Select the GPO state where the GPO is in the Group Policy Objects folder but hasn't been linked to any container objects.

Link status: unlinked

The name of the command-line utility used to generate IFM data.

NTDSUTIL

What PowerShell cmdlet will link a GPO to a site, domain or OU?

New-GPLink

What is the primary container object for organizing and managing resources in a domain?

OUs

An administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated?

PDC emulator

Select the operations master role that is responsible for providing backward compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers.

PDC emulator master

If a central store for policy definition files has been created, where should the Policy Definitions folder reside?

SYSVOL folder

Select the specific Windows folder that is a shared folder containing file-based information that is replicated to other domain controllers.

SYSVOL folder

What Active Directory partition contains the information needed to define objects and object attributes for all domains in the forest?

Schema directory partition

What specific database stores local user accounts on local computers, and allows users to sign in to and access resources only on the computer where the account resides?

Security Accounts Manager

Which of the following are text files with a .inf extension that contain information for defining policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO?

Security Templates

Which of the following statements is not true regarding the built-in Administrator account?

The Administrator account can be deleted

Using default settings, if a computer's clock differs more than 5 minutes than a Kerberos message's timestamp, what happens?

The Kerberos message is considered invalid

After a template account has been created, what can be done to ensure that the template account does not pose a security risk?

The account should be disabled

Which of the following uses queries to select a group of computers based on certain attributes, and then applies or doesn't apply policies based on the query's results?

WMI filtering

What folder within the Computer Configuration node contains settings related to Event Viewer, File Explorer, Windows PowerShell, and Windows Update?

Windows Components

Select the Account Lockout Policy item that determines how many failed logins can occur on an account before the account is locked.

account lockout threshold

Which of the following is not one of the five folder objects that are created when Active Directory is installed? built-in computers foreign security principals administrators

administrators

What policy setting can be used to force synchronous processing?

always wait for the network at computer startup and logon

What type of application can be installed automatically when the user logs on to a computer in the domain?

assigned

What tool within Windows Server 2016 must be used in order to change the default auditing settings?

auditpol.exe

Which of the following is the primary identifying and administrative unit in Active Directory? schema OU tree domain

domain

OU-linked policies are applied last so they take precedence over which policies?

domain site

How often are computer and user policies applied after a user has logged into a computer?

every 90 minutes

What Windows servers are the only domain controllers that hold universal group membership information?

global catalog

In order to force a computer to immediately download and apply all group policies, what command should be run

gpudate /force

What type of account provides the same functions as managed service accounts but can be managed across multiple servers as in a server farm or a load-balancing arrangement?

group managed service account

Select the operations master role responsible for ensuring that changes made to object names in one domain are updated in references to the object in other domains.

infrastructure master

What type of Active Directory replication takes place between domain controllers in the same site?

intrasite

What command can be used to cause a group policy refresh remotely on Windows Vista and later clients?

invoke-gpupdate

What enables you to target specific users or computers based on criteria?

item-level targeting

What GPO policy will take precedence over all other GPO policies when they are being applied?

last policy applied takes precedence

Select below the option that is not one of the three built-in service accounts. a. Local Operator b. Local System c. Network Service d. Local Service

local operator

In what order are group policy settings applied?

local, site, domain, OU

What setting specifies how long a service ticket can be used before a new ticket must be requested to access the resource for which the ticket was granted?

maximum lifetime for service ticket

What process makes one group a member of another group

nesting

By default, replication between DCs when no changes have occurred is scheduled to happen how often?

once per hour

What Active Directory object enables an administrator to configure password settings for users or groups that are different from those defined in a GPO linked to the domain?

password settings object

An administrator has attempted to change the forest functional level, but the attempt failed due to the failure of an FSMO role. Which FSMO role should be investigated?

schema master

Which of the following choices is one of the two forest-wide FSMO roles? schema master infrastructure master RID master PDC emulator master

schema master

Which of the following is a series of commands saved in a text file to be repeated easily at any time?

script

Which of the following uses permissions to restrict objects from accessing a GPO?

security filtering

When you first create a group, what is the default setting that is applied

security group with global scope

When a client computer wants to connect to a service instance, what specific name type does it use to find the service?

service principal name

Which of the following choices is not one of the three user account types defined in Windows Server 2016? service user account built-in user account domain user account local user account

service user account

Which command line utility below can be used to change an SPN?

setspn

In the User Configuration node, where are policies that determine whether a user can publish DFS root folders in Active Directory?

shared folders

If the slow link detection policy is set at 0, what does this indicate?

slow link detection is disabled

Which policy below requires synchronous processing to ensure a consistent computing environment?

software installation policies

During garbage collection, what setting controls how long deleted objects remain within the database before such objects are completely removed?

tombstone lifetime

In Active Directory, what defines how security principals from one domain can access network resources in another domain?

trust relationship

What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy or manually?

unmanaged policy setting

Approximately 42 days after a service was configured to use a normal user account, the service has stopped working and refuses to run. An administrator has verified that the account still exists on the domain. Assuming default domain policy settings, what could be the issue

user account password expired

When creating a new user, the "User cannot change password" option can't be used in conjunction with what other option?

user must change password at next logon

Which of the following is a user account that is copied to create users with common attributes?

user template

How can an administrator initiate a system state recovery using the command line

wbadmin start systemstaterecovery

By default, what policies will be downloaded and processed by a Group Policy client?

changed policies only

What option limits the delegation to specific services running on specific computers?

constrained delegation

What specific commands can import or export Active Directory data in bulk?

csvde ldifde

What command below can be used to reset the default GPOs to their original settings?

dcgpofix

Select the term used to describe the process, within the context of Active Directory, that allows a person with higher security privileges to assign authority to a person of lesser security privileges to perform certain tasks.

delegation of control

Which of the following stores information about computer network objects and offers features for retrieving and managing that information?

directory service


Set pelajaran terkait

physics 101 test 2 practice exam

View Set

1.3 Internal Audit Ethics - Introduction and Principles

View Set

Chapter 59: Assessment and Management of Problems Related to Male Reproductive Processes

View Set

MATCHING CRANIAL NERVES AND ROMAN NUMERALS

View Set

05.01 Triangle Congruence and Similarity

View Set

Evolve: Cardiovascular, Blood, and Lymphatic System

View Set

unit 3 day 1 - rise of the ming dynasty, global studies

View Set

Chapter 16: Labor and Birth Processes

View Set