ch 4 labs 4-1 through 4-6 server 2019
What are the three Flexible Single Master Operations (FSMO) "domain-specific" roles assigned to the first domain controller installed in an Active Directory domain? a. RID master, PDC emulator, Infrastructure master b. RID master, PDC emulator, Global catalog server c. RID master, PDC emulator, Domain naming master d. RID master, PDC emulator, Schema master e. RID master, PDC emulator, Network time server
a. RID master, PDC emulator, Infrastructure master
Which of the following command line tools use an import file to add user objects in Active Directory? [Choose two that apply]. a. Dsadd.exe b. Ldifde.exe c. Net.exe d. Csvde.exe
Ldifde.exe Csvde.exe
Which of the following tools can be used for creating user accounts in an Active Directory domain? a. Credential Manager b. Ocsetup.exe c. Microsoft Management Console d. Control.exe
Microsoft Management Console
Which of the following methods are acceptable when it comes to implementing a group nesting strategy in a corporate network spanning more than one Active Directory domain? [Choose two that apply]. a. A-G-L-P b. A-G-P xc. A-G-DL-P xd. A-G-U-DL-P
a. A-G-L-P b. A-G-U-DL-P c. A-G-DL-P
Complete the following netsh.exe command that will configure a domain controller to have an alternate DNS server: netsh interface ip name=Ethernet addr=192.168.0.4 index=2. a. add dns b. second dns c. new dns d. alt dns
a. add dns
What are the two Flexible Single Master Operations (FSMO) "forest-specific" roles assigned to the first domain controller installed in an Active Directory forest root domain? a. Schema master, Services master b. Schema master, Domain naming master c. Schema master, Global catalog server d. Schema master, LDAP emulator
c. Schema master, Domain naming master
Which of the following tools can be used for monitoring Active Directory replication between domain controllers that are distributed in other Active Directory sites? a. Domainprep b. Sysprep c. Adprep d. Repadmin
d. Repadmin
True or False. A domain user account can sign-in on a Windows 10 computer that is not a member of an Active Directory domain.
false
True or False. You can convert a Security group type to Distribution group type without any effect on the permissions given to the group when it comes to accessing a network resource.
false
True or False. A forest trust relationship between two Active Directory domain forests is considered transitive.
true
A trainee Windows administrator has built an Active Directory lab in an isolated network segment in the company. The essential domain controllers have been placed in their respective AD sites and site links have likewise been created. He wants to use a tool for forcing a replication of AD data whenever a change is made on one of the domain controllers. Which of the following tools can he use? a. Active Directory Sites and Services b. Active Directory Domains and Trusts c. ADSI Edit d. Active Directory Users and Computers e. Active Directory Connector
a. Active Directory Sites and Services
The Server Help Desk security group was delegated permission to create and delete user objects in an organizational unit called Apprentices. One of the users named Ryan is currently signed-in to a Windows 10 running RSAT. He is managing user objects in the Apprentices OU. The domain administrator modified the delegated permission granted to Server Help Desk security group to include create and delete group objects. Ryan opened Active Directory Users and Computers but couldn't find the command to create a New Group. He can see the command to create a New User. What must be done to resolve this issue? a. Ask Ryan to sign out and sign back in to Windows 10 where RSAT is installed. b. Add user named Ryan to Account Operators group in the domain. c. Ask the domain administrator to re-run Delegate Control and explicitly add Ryan to have the permission to create and delete group objects. d. Use the Run as administrator to launch Active Directory Users and Computer.
a. Ask Ryan to sign out and sign back in to Windows 10 where RSAT is installed.
A visiting domain user called Lisa from a child domain called EMEA-CORP wants to test if she can access a shared resource in the parent domain called PRACTICELABS. At the moment, she does not have her company-issued Windows 10 laptop. Group nesting strategy has been successfully setup between the two domains indicated. Which of the following actions can you do to help visiting domain user so she can access the shared network resource, while in the premises of the PRACTICELABS domain? a. Ask the PRACTICELABS administrator to lend her a domain workstation so she can sign-in to the EMEA-CORP domain and subsequently connect to the shared resource. b. Ask the PRACTICELABS administrator to give her Remote Desktop Users group membership. c. Ask the PRACTICELABS administrator to enable the Guest account. d. Ask the PRACTICELABS administrator to add her account to the Domain Users group.
a. Ask the PRACTICELABS administrator to lend her a domain workstation so she can sign-in to the EMEA-CORP domain and subsequently connect to the shared resource.
A trainee Windows domain administrator would like to set granular permissions on an organizational unit called Sales. He opened the properties of Sales OU and noticed that Security tab is not displayed. How can he resolve this issue? a. He needs to select Advanced Features in the View menu of Active Directory Users and Computers. b. Use the ADSI Edit to perform a low-level edit on the Sales OU. c. Use Run as administrator command to launch Active Directory Users and Computers. d. The trainee Windows domain administrator does not have Enterprise Admins membership.
a. He needs to select Advanced Features in the View menu of Active Directory Users and Computers.
You are the local administrator of a standalone Windows Server 2016 computer. The Active Directory Domain Services has been successfully installed previously added. Which of the following cmdlet must be used to create the forest root domain on Windows Server 2016? a. Install-ADDSForest b. Add-ADDSForest c. New-ADDSForest d. Create-ADDSForest
a. Install-ADDSForest
A trainee, signed-in as a local administrator tried to promote a member server as the first domain controller in a child domain to an existing domain. The existing domain is connected to a lab network. After successfully installing the Active Directory Domain Services feature, he ran the "Install-ADDSDomain" cmdlet to create a child domain. He gets the following error message saying "Verification of user credential permissions failed. You must supply a user account name..." Please see the screenshot for your reference. What is the solution to resolve this error when creating a new child domain? PS C:\Users\Administrator> Install -ADDSDomain - NewDomainName NORTHAMERICA -ParentDomainName SafeModeAdministratorPassword: ******** Confirm SafeModeAdministratorPassword: ******** The target server will be configured as a domain controller and restarted when this operation is complete. Do you want to continue with this operation? [Y] Yes [A] Yes to All [N] No [l] No to All [S] Suspend [?] Help (default is "Y"): a Install -ADDSDomain : Verification of user credential permissions failed. You must supply a At line:1 char:1 + Install _ADDSDomain -NewDomainName NORTHAMERICA -ParentDomainName PRAC ... a. The user must sign-in as an administrator with the permission to create a child domain in the Active Directory network. b. The user must restart the Active Directory Domain Services in the domain controller found in the parent domain to refresh the service. c. The user must use the cmdlet Install-ADDSForest instead to create a child domain in the Active Directory network. d. The user must use the cmdlet Install-ADDSDomainController instead to create a child domain in the Active Directory network.
a. The user must sign-in as an administrator with the permission to create a child domain in the Active Directory network.
Which of the following tools can be used to enable a security group to have permissions in administering selected objects in an organizational unit n Active Directory? a. mmc.exe b. cmd.exe c. control.exe d. dism.exe
a. mmc.exe
Which of the following commands must be executed to be able to manage the Active Directory Schema on a Windows domain controller? a. regsvr32 schmmgmt.dll b. regsvr32 schemmgmt.dll c. register schmmgmt.dll d. dcomcnfg schmmgmt.dll
a. regsvr32 schmmgmt.dll
Which of the following tools can you use to verify the parent-child trust relationship following the installation of a new child domain in an existing Active Directory Domain network? a. Active Directory Sites and Services b. Active Directory Domains and Trusts c. Active Directory Users and Computers d. Computer Management
b. Active Directory Domains and Trusts
Two Active Directory domains in their respective forests were successfully created. You were tasked to configure an alternate DNS server on each domain controller of both domain forests. This is to ensure successful hostname resolution between the two AD forests. Which of the following tools can you use? a. Active Directory Domains and Trusts b. Command Prompt c. System Information d. Computer Management
b. Command Prompt
Which of the following is allowed by Windows Server running as Domain Controller when changing or converting Group Scopes? This is assuming group nesting between domains is not configured. [Choose two that apply]. a. Global group to Local group b. Global to Universal c. Universal to Domain local d. Domain local to Global
b. Global to Universal c. Universal to Domain local <A Security group's group scope can be changed at any given time, assuming group nesting is not enabled between domains. Converting a Security group's group scope follows the A-G-DL-P or A-G-U-DL-P group nesting strategy. ** I used AGUDLP nested group architecture imge to help me: >https://searchwindowsserver.techtarget.com/tip/Active-Directory-nesting-groups-strategy-and-implementation >
Complete the following Windows PowerShell command for creating a security group in Active Directory. New-ADGroup Sales -Path New-ADGroup Sales -Path "ou=Engineering,ou=EMEA,dc=practicelabs,dc=com" - Security -GroupScope Global a. GroupVariant b. GroupCategory c. GroupClassification d. GroupType
b. GroupCategory
A user template account was created to ease the creation of user accounts with common user properties. Which of the following user attributes or properties are copied from a template account? [Choose two that apply]. a. First name b. Home folder information c. Group membership d. Account is disabled setting
b. Home folder information c. Group membership d. Account is disabled setting
Which of the following are included in the naming contexts or partitions of Active Directory? a. Schema, Configuration, Global catalog b. Schema, Configuration, Domain c. Schema, Configuration, LDAP d. Schema, Configuration. Kerberos
b. Schema, Configuration, Domain
You are signed-in as a local administrator on Windows Server 2016. Complete the following Windows PowerShell cmdlet to install a new child domain in an existing Active Directory Domain network. Install-ADDSDomain -NewDomainName NORTHAMERICA -ParentDomainName PRACTICELABS.COM -InstallDNS a. -Credential (Get-User practicelabs\administrator) b. -Runas (Get-Credential practicelabs\administrator) c. -Credential (Get-Credential practicelabs\administrator) d. -LogonAs (Get-Credential practicelabs\administrator)
c. -Credential (Get-Credential practicelabs\administrator)
The HelpDesk security group was delegated the permission to create User objects and Reset their passwords in the Trainees organizational unit of the Active Directory domain. A new company policy will now mandate the HelpDesk security group to have the permission to create Group objects and modify their membership. This permission must be applied in the same Trainees OU. Which of the following tool can you use to modify the delegated permission to HelpDesk security group? a. LDP.exe b. Credential Manager c. Active Directory Users and Computers d. ADSI Edit
c. Active Directory Users and Computers
Group nesting is enabled between parent-child domain PRACTICELABS and NAMERICA. A domain user SalesUser1 from the NAMERICA child domain is a member of GSales Security group. GSales was unintentionally changed to a Distribution group. When SalesUser1 signed-in after a short break, he is unable to connect to the shared resource from the PRACTICELABS domain. GSales was changed back to being a Security group type. However, SalesUser1 is still unable to access the shared resource. What can you do to resolve this issue? a. Ask SalesUser1 to sign out and sign back in as Guest. Xb. Add SalesUser1 as a member of the Domain Users group in the parent domain. c. Ask SalesUser1 to sign out and sign back in. d. Add SalesUser1 as a member of the Domain Users group in the child domain.
c. Ask SalesUser1 to sign out and sign back in. <When a Security group is changed to a Distribution group type, this will have an impact on the members of the group as they will be unable to access network resources. If a Distribution group is changed back to Security group type, the member of the said group must sign out and sign back in, to refresh their group membership and access token.>
A Windows server apprentice with domain admin rights ran the command "Install-ADDSDomainController -InstallDNS -DomainName practicelabs.com" to create an additional domain controller in a test lab. He gets an error message as seen on the below screenshot. What is the cause of this error? PS C:\Users\Administrator.PRACTICELABS> Install-ADDSDomainController -InstallDNS -DomainName Install -ADDSDomainController : The term 'Install -ADDSDomainController' is not recognized as operable program. Check the spelling of the name, or if a path was included, verify that the At line:1 char:1 + Install -ADDSDomainController -InstallDNS -DomainName practicelabs.com + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFount: (install -ADDSDomainController:String) [], Comn + FullyQualifiedErrorID : CommandNotFoundException a. He must be signed-in with Configuration Admin rights to be able to create an additional domain controller in the existing domain. b. He must be signed-in with Schema Admin rights to be able to create an additional domain controller in the existing domain. c. He must be signed-in with Enterprise Admin rights to be able to create an additional domain controller in the existing domain. d. He must run "Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools" to install the Active Directory binaries or supporting files.
d. He must run "Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools" to install the Active Directory binaries or supporting files.
Which of the following network transport must be used when creating a site link between two sites that belong to the same Active Directory Domain? a. SMTP b.X.400 c. X.500 d. IP
d. IP
The TechSupport security group was granted permission to create and delete User objects in the domain through the Delegation Control wizard in Active Directory Users and Computers. John, a member of the said security group is using Windows 10 as management workstation. Upon sign-on, he couldn't find the Active Directory Users and Computers in the list of programs. What must be done to enable John to manage user objects in the domain? a. Install Active Directory Users and Computers on Windows 10. b. Run mmc.exe and add Active Directory Users and Computers snap-in from a remote server. c. Re-run Delegation of control wizard on the domain. d. Install Remote Server Administration Tools on Windows 10.
d. Install Remote Server Administration Tools on Windows 10.