Elance Active Directory Test Answers 2015

·


What is an example of a scenario when you would need to rename a domain controller?
When logging out.
When replacing computer hardware.
When logging in.
When registering another user.


What group must you be a member of to configure the site link schedule?
The Realm Admins group in Active Directory.
The Network Admins group in Active Directory.
The Forest Admins group in Active Directory.
The Enterprise Admins group in Active Directory.


Five people in Accounting have the need to print checks on a network computer. No one else should have access to this printer. What is the best way to set this up?
Include the printer as an object in Active Directory Users and Groups, create a security group of those users who can print to that printer, then give them exclusive rights to print.
Set up a subnet on the corporate switch for the port that is attached to the printer. Give the printer an IP address on that subnet, then set up routes on the computers of the users who will print to that printer.
Setup a new resource domain, add those users to that need to print to that printer and the printer in Active Directory Users and Groups, then create a one way forest-to-forest trust in Active Directory Domains and Trusts to allow only those users to print to that printer.
Make sure that the printer can be reached by name on the network. In Active Directory Group Policy Manager create a group policy that hides the printer name for all users except for the group in Accounting.


Members of which of the following groups can perform actions in multiple domains within a forest?
Enterprise Admins
Power Users
Forest Admins
Domain Admins


What is an alternative to disabling administrative and guest accounts on domains for security purposes?
Deleting them.
Moving them.
Encrypting them.
Renaming them.


If you need to change the default file size of the staging folder, where do you change the staging space limit registry entry?
HKEY_Local_Machine\NtFrs\Parameters
System\CurrentControlSet\Services\NtFrs\Parameters\HKEY_Local_Machine
HKEY_Local_Machine\System\CurrentControlSet\Services\NtFrs\Parameters
HKEY_Local_Machine\User\Share\Etc\NtFrs\Parameters


What best practice ensures that all trust relationships are preserved within a domain?
Rebuilding the system every year.
Performing regular backups.
Keeping the system running.
Performing annual backups.


What two ways can trust relationships be defined?
Open, or closed.
Four-way, or two-way.
Inside, or outside.
One-way, or two-way.


What is SYSVOL referring to in the context of Active Directory?
The Active Directory SYSVOL system.
The Active Directory SYSVOL shared folder.
The Active Directory shared network.


What does it mean when a “trust” exists?
Two domains block each other so only users can access the computer.
The authentication coming from each domain trusts the authentications coming from the other domain.
Authentication is allowed for all users.
Authentication is only allowed for administrators.


The ADSIEDIT tool is used to:
Edit DNS records of Active Directory members.
Filter SID components in the DHCP registry.
Remove inactive objects in the Active Directory.
Directly add, delete or modify components in the Active Directory.


To add a new user via Windows PowerShell you would use the following cmdlet:
New-ADUser
New-Item
Set-ADUser
New-DSObj


Which one of the following is NOT one of the 5 Operation Master (FSMO) Roles?
RID Master Role
NTLM Master Role
Domain Naming Master Role
Infrastructure Master Role


When creating a domain for the first time, what must be configured properly to easily join computers to your domain?
DNS Server and services
LDAP
Default Domain Policy (GPO)
IIS
DCHP Server


How are multiple sites connected for replication in Active Directory?
They are connected by Link Bot objects.
They are connected by Network objects.
They are connected by Site Link objects.
They are connected by Connection objects.


One can change the Active Directory Path while creation of the Active Directory
Yes
No


Which of the following is NOT a DNS Zone?
Forward Lookup Zone
Stub Zone
Primary Zone
Internal Lookup Zone


What is Windows Time Service responsible for?
Synchronizing the system clock so the system runs better.
Synchronizing the time of all the computers running on the network.
Setting the system time to the appropriate time zone.
Setting Active Directory's clock timing.


What two operations masters roles exist in each forest?
The schema master, and the domain naming master.
The operations master, and the domain controlling master.
The system master, and the user master.
The super master, and the user master.


Which one is NOT FSMO role?
Flexible Master
Schema Master
Infrastructure Master
RID Master


When is it necessary to manage domain and forest trusts?
When your organization needs to collaborate with users or resources in other domains, forest trusts, or realms.
Never. They are automatically managed.
Only when your organization needs to access other domains.
When your organization needs to access other forest trusts only.


What is a Global Catalog?
The listing of all Group Policies in an Active Directory domain and their implementation schema.
An historical catalog of all authentication traffic in the entire forest.
A listing of all users information that is published by intervals from the Active Directory to Microsoft Exchange.
A database of every object in an active directory tree, containing the most frequently used object attributes.


What version of Windows Server was the Read Only Domain Controller (RODC) introduced?
Windows 2008
Windows 2000
Windows 2003 R
Windows 2012


An Active Directory Forest is ___________________
a collection of different domains connected via two way trusts that don't share the same DNS name space, but share authentication and policy management.
the sum total of all the objects both physical and logical including their properties in an Active Directory domain and managed from a PDC.
the different databases and their interactions that comprise the Active Directory for the management of objects, domain security and policy.
a method for visualizing autonomous sites that are connected via high speed networks but independent of domain hierarchies.


The Active Directory database is stored in the ______ directory.
%windir%\etc
%windir%\sysvol
%windir&\ntds
%windir%\inf


What security practice does not involve the configuration of software or hardware?
Computer security.
Domain security.
Physical security.
Network security.


What is a DSRM password used for?
It is used to log onto a domain controller that has been rebooted into DSRM mode to take its copy of Active Directory off-line.
It is used to log into Active Directory in the case that DSRM needs to be taken off-line.
It is used to log onto a domain controller that has been rebooted into DSRM mode to delete its copy of Active Directory.
It is used to log into the system.


Which of the following is NOT an Active Directory role?
Active Directory Domain Services
Active Directory Network Object Services
Active Directory Federated Services
Active Directory Certificate Services


What benefit is gained from using global or universal groups when specifying permissions on domain directory objects?
Permissions are transparent across the system, leaving less opportunities for intrusion.
Permissions are granted to fewer users.
Permissions are totally deleted.
Access is allowed to all users.


What is KCC?
It is the Knowledge Consistency Checker used to generate the replication topology in Active Directory Domains and Trusts.
It is the Key Collection Center, the database used in conjunction with Key Distribution Center for exchange Kerberos keys during authentication.
It is the Knowledge Capture Client, used by the Schema Manager in mapping and maintaining domain morphology.
It is the Kerberos Consignment Client, which checks and passes Kerberos authentication packets between clients.


When you move the database file, where are registry entries that Ntdsutil.exe edits located?
MACHINE\SYSTEM\SET\Services\NTDS\
\SYSTEM\CurrentControlSet\Services\NTDS\HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Utilities\NTDS\


Are the different types of trusts set automatically, or must they be set manually?
All trusts are set automatically.
All trusts are set automatically, and they cannot be changed.
All trusts must be set manually.
The trusts that need manual configuration are contingent upon how Active Directory is organized, and whether different versions of Windows coexist on the network.


You are trying to determine the name of a host but only have the IP Address, what command can you run to finds it's name?
ping -h (IP Address)
tracert (IP Address)
ping -a (IP Address)
ping (IP Address)


Should you log in to your computer as an administrator to complete administrative tasks?
Yes. You should always log in as an administrator, but log out after you are finished.
Yes.
No. Use “Run as” to complete them.
Yes, and stay logged in continually.


What kind of trust is a parent-child trust?
One-way trust.
Four-way trust.
Forest trust.
Two-way trust.


Command to create / run Active Directory Services
tracert
Fixboot
dcpromo.exe
ADSI
traceroute


Fred in Marketing needs to share files with his small team on a confidential project. What should you do to help?
Create and share a folder on Fred's PC and write a login script that will map a drive to that folder for each member of Fred's team.
Create an Active Directory Security Group and assign Fred and his team to it. Create a directory on the file server and give that group exclusive rights to the directory. Share that folder with Fred's team.
Dedicate a computer to Fred's group and give each person local rights to the computer .
Create a Group policy that identifies each member of Fred's team that will redirect and map a drive to a hidden folder on the server.


A domain computer is no longer authenticating on the domain. How do you fix the problem?
Rename the computer and reboot it.
From the computer, change the computer's login password in Local Security Manager, then reboot.
From the computer, remove from the computer from the domain reboot, and rejoin it to the domain
From the Active Directory Users and Groups Manager find the computer in the directory and delete it.


What is Kerberos?
A security protocol used for authentication in Active Directory.
A messaging protocol used in Active Directory for intersite transport in multi-site domains.
The script complier used for parsing and interpreting SYSVOL scripts.
The program that underlies Active Directory Group Policy management.


Why is documentation one of the most critical aspects of Active Directory security administration?
It is essential for security audits.
It is essential for performance audits.
It is essential for network administration.
It is essential for domain audits.


You are deploying a new web based application that only company personnel will use to submit their hours when out of the office. What Active Directory Service would you deploy to enable login security.
Deploy an RDP server accessible via a URL on the internet that will allow users to login to a Window's session to access a secure browser.
Set up a nightly scheduled process that executes the Active Directory Users and Groups Directory Export Services (DE) to create a secure text file that is uploaded into the application's database.
Deploy Active Directory Federated Services (FS) via IIS to extend and integrate Windows Login within the application and make it available on the internet.
Deploy the replication feature in Active Directory Domains and Trusts that will allow the users PC to automatically exchange certificate tokens when opening the applications URL and securing the users login.


In relation to backup and restore procedures, what provides a default location for files that must be shared for common access throughout a domain?
HKEY
SYSKEY
SYSVOL
VOLSYS


Which of the following is NOT an Active Directory object?
Domain Server
Email Address
Computer
Domain user


Which of the following are NOT a logical component of Active Directory?
OU
Domain
Branch
Forest


How must drives containing database files, or log files, be formatted?
FAT12
FAT32
ext2
NTFS


You update a GPO and return to the users computer to see the results but they don't show up. What is the least disruptive way to see the results?
Perform a warm boot of the computer
Run the command: ipconfig /flushdns
Run the command: gpupdate /force
Run the command: nbtstat /R


What is LDAP?
Local Directory Application Programming Interface.
Local Domain Administration Protocol.
Logical Directory Access Protocol.
Lightweight Directory Access Protocol.


What do Domain Controllers do?
Store the database, maintain the policies and provide the authentication of domain logons
Assign IP addresses to domain computers
Control granular settings in a domain environment
Receive and relay domain commands


A user is complaining that they can't login to the domain because they have tried to login too many times with their password
In the Active Domain Domains andTrusts, find the users login server right click and choose Replicate Now, then ask the user to login
Ask the user to get someone else to login for them.
In the Active Directory Users and Computers, find and open the user object, choose the Account tab and unlock the account.
Tell the user to turn off the computer and restart it, then log in.


What is an OU?
Operational Unit
Organizational Unit
Optional Upgrade
Organizational Utility Services


Your company and its partner want to share files on servers in both of their laboratories. What's the easiest way to make this happen?
Utilize Active Directory Cloud Authentication Services (CA) to create user groups from both companies to access shared data.
Set up a server on the internet and utilize Windows R-Sync to replicate data from the servers from each partners servers. Set up a Radius Server with user accounts then provide the users with VPN access to the data.
Create a group in your company's Active Directory Users and Groups, then create user accounts for the people who will need access to resources in your domain, restrict resources to that group. Have your partner do the same on their domain.
Set up a Two Way External Trust via Active Directory Domains and Trusts, then setup security groups to share directories.


An Active Directory Forest comprised of Windows 2008 R2 domain controllers will need to incorporate a Windows 2003 R2 Domain controller. What version level will the Forest function?
It will function at the Windows 2003 R2 level.
All domain objects created on the 2008 R2 domain controllers will function as 2008 R2 those from the incorporated 2003 R2 servers will continue to operate as 2003 objects.
It will function at the 2008 R2 level.
It depends on the site the 2003 R2 domain controller is located.


To protect the Active Directory schema, how should users be managed?
All users have full access to Active Directory's schema.
There is no schema in Active Directory.
No one has access to Active Directory's schema.
Users should only be added when changes to the schema need to be made.


What command line tool can you use to remove and object from the Active Directory
rmdr.exe
rmdsob.exe
obdel.exe
dsrm.exe


In the following list, which methods can NOT be used to manage Active Directory tasks?
Active Directory Web Interface
Command Line
Windows PowerShell
Microsoft Management Console


How much maintenance does the Active Directory database require on a daily basis?
It has to be debugged and backed up hourly.
It has to be backed up hourly.
It has to be backed up daily.
None besides backups during ordinary operations.


With the launch of Windows Server 2003, comes a tool to make trust configuration easier. What is it?
The Authentication Wizard.
The Configuration Wizard.
The Trust Tool.
The Trust Wizard.


What happens if the global catalog is removed?
The domain controller immediately stops trusting in DNS as a global forest server.
The domain controller immediately stops advertising in trusts as a global realm server.
The domain controller immediately stops advertising in DNS as a global catalog server.
The domain controller immediately stops advertising in the system as a global hardware server.


What tool is required to make any changes in Windows Time Service?
TIMEnt.exe
T32v.exe
ntp.exe
W32tm.exe


What is used to enable and optimize replication traffic?
The Knowledge Consistency Optimizer.
The Knowledge Consistency Checker.
The Knowledge Replication Checker.
The Knowledge Network Checker.


What does Windows Time Service use to manage time settings?
System Time Protocol.
Greenwich Time Protocol.
Windows Time Protocol.
Network Time Protocol.


If you want to see a list of users from the command line or in a script you would use the ______ utility.
dsadd.exe
adfind.exe
adquery.exe
dsget.exe


What is a NetBIOS name?
A legacy naming convention used under Lan Manager.
A legacy naming convention used to differentiate hardware and software resources.
A name used to differentiate performance characteristics of NICs.
The corresponding name of the first 4 dactyls in a MAC address.


What is Active Directory's global catalog used for?
Forest-wide directory searching and facilitating domain client logons when universal groups are available.
Global directory searching and facilitating domain client logons when universal groups are available.
System-wide directory searching and facilitating domain client logons when universal groups are available.
Network-wide directory searching and facilitating domain client logons when universal groups are available.


You are having difficulty with remote domain controllers not syncing. What tool would you use to investigate the problem?
Active Directory Domains and Trusts
DNS Manager
Windows Remote Server Manager
Active Directory Federated Services


If you needed to know the default number of days that a domain controller preserves knowledge of a deleted object, how would you find the answer?
Check the value of the systemLifetime attribute in the ForestTreeDomain object.
Check the value of the deletedLifetime attribute in the RecycleBinDomain object.
Check the value of the tombstoneLifetime attribute in the ForestRootDomain object.
Check the value of the treeherderLifetime attribute in the ShepardOfTheForestDomain object.


Should all system state components be backed up together?
No. They cannot be backed up.
Yes. It is impossible to back them up otherwise because their relationship is contingent upon each other.
No.
Yes, though it is impossible to back them up together, they can be scheduled at similar times.


What does FSMO stand for?
Flexible Single Master Operations
File Share Master Operations
Family Services Master Operations
Flexible Schema Master Operations


What is unique about the tasks that operations masters perform?
Any domain controllers are permitted to perform them.
No other domain controllers are permitted to perform them.
They are encrypted.
They can operate any other system.


What database engine is used to house the Active Directory?
JET database
MS SQL Server
T-SQL
rebase


Which of the following protocols are NOT needed for Replication?
SMB
RPC
IRC
SMTP


What command line tool can you use to manage Domain Trusts?
netdom.exe
dfsutil.exe
dcdiag.exe
replmon.exe


You have need to check on a security property in the Systems folder in Active Directory Users and Groups but you are having a hard time finding it.
There is no Systems folder in the Active Directory Users and Groups manager
On the View menu check Advanced Features
Log out of the server and log back in as a Domain Administrator then reopen Active Directory Users and Groups
Right click on the Domain icon and choose Show Hidden Features.


What does the ISTG do?
The ISTG manages and assigns GUIDs to objects in the Active Directory.
The ISTG is the database that stores all Group Policy Objects and the hierarchy schema.
The ISTG is used to publish Federation Services via an internet proxy.
The ISTG is responsible for managing connections between different domain sites.


A Schema Partition in Active Directory is the:
Partition that contains all of the information about the structure of the entire forest including sites and trusts.
Partition that contains all of the information in a Domain about users, groups and OUs.
Partition that contains all of the definitions of the objects that can be created in the Active Directory and there rules for creating and managing them.
Partition that contains all of the information that is used and collected by applications and utilities in the Active Directory such as DNS


Why should default users be granted equal rights across the system?
Only administrators should be granted equal rights on the server.
Default users are granted varying degrees of rights. Equality in the varied degrees of granted rights reduces the occurrence of discontinuities that may allow security breaches.
Granting rights equally means that there are no variations in rights granted.
Default users should never be granted rights on the system.


When Windows Server receives a file through replication, or prior to being replicated, where must it be stored?
In the Windows area.
In the sandbox area.
In the replication area.
In the staging area.


What policy would you implement to rid the system of LM hashes?
“Do Not Store LAN Hash Value on Next Password Change”
“Do Not Store LAN Manager Hash Value on Next Startup”
“Do Not Store Hash Value on Next Password Change”
“Do Not Store LAN Manager Hash Value on Next Password Change”


Which of the following protocols is used for communications in Active Directory Domains and Trusts?
FTP
SMTP
UDP
SMS


Which virus scanning software is known to cause problems when installed on an Active Directory domain controller?
McAfee VirusScan 8.0.
AVG Virus Scan.
VirusScan2000.
Norton System Works.


For which of the following reasons would you NOT deploy a Read Only Domain Controller (RODC)?
Your remote office is complaining about login times.
The network connection to a remote office is tenuous.
Your remote office is in a high crime neighborhood.
Marketing tells you they want their own Domain Controller.


You need to remove a large number of user accounts in the Active Directory because of an acquisition. Which utility would you use?
CSVDE
RMDsob
LDIFDE
DSMoD


To install a new Active Directory Domain Services (AD DS) Forest you need to be a:
A member of the Domain Admins group.
A local administrator on the server.
A member of the Domain Network Services group.
A member of the Enterprise Admins group.


How many operations masters roles are allocated to each domain?
4
5
2
3


An application you are installing has a service that needs to run on a server where it will interact and modify other network services and components. How do you set it up?
Create a new user in Active Directory Users and Groups. Then on the server add the new domain user you created into the Local Admins group. Use this account to install the application.
Create a new user in Active Directory Users and Groups. Add the users to the Network Services group. Use this account when installing the service on the server where the application is to run.
Create a new user in Active Directory Users and Groups. Add the users to the Network Configuration Operators group. Use this account when installing the service on the server where the application is to run.
You need to do nothing since it is a network application and will be installed on a network server, those functions are already built in.


What are Group Policies?
Group Policies are used to manage and segregate domain resources based on rules in the OU defined by group membership.
Group Policies are ways to normalize the behavior of controllable applications and procedures on the domain.
Group Policies are used to provide security as well as filter and manage content from the internet.
Group Policies are used to maximize login efficiency by creating a hierarchies based on user profiles.


How many levels of readiness are allocated for the global catalog?
6
4
2
10

Subscribe to: Posts (Atom)