Question | Answer |
True or False
Members of the Backup Operators group can log on locally to and shut down domain controllers. | True |
True or False
Explicit permissions never override inherited perm
issions. | False |
True or False
By default, user account names are case sensitive. | False |
True or False
The administrator account can be renamed or disabled but can’t be deleted. | True |
True or False
.All computers assigned an address in a subnet require a router to communicate with one another. | False |
True or False
A schema can be changed by an administrator or an application to best suit an organizations needs. | True |
True or False
A site link is needed to connect two or more sites for replication purposes. | True |
True or False
A dedicated forest root domain contains only the forestwide administrative accounts and domain controllers needed to run the forestwide operations master roles. No additional OUs or server roles are installed. | True |
True or False
The ability to force a user to be disconnected after logon hours expire is a group policy setting. | True |
True or False
User account names in Active Directory need only be unique inside their container. | False |
11. Which of the following is not an advantage of running a dedicated forest root domain? | Reliability |
12. Which directory partition contains all objects in a domain, including users, groups, computers, OU’s, and other objects? | Domain Directory Partition |
13. The process for replicating Active Directory objects in which changes to the database can occur on any domain controller and are propagated, or replicated, to all other domain controllers. | Multimaster Replication |
14. Which command line tool displays an object’s properties onscreen by default, but can redirect output to a file? | DSGET |
15. Which operation master role is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains? | Infrastructure master |
16. What is the name of the default site link that is created when Active Directory is first installed? | DEFAULTIPSITELINK |
17. A(n) ____ is a one-way or two-way nontransitive trust between two domains that aren’t in the same forest. | External Trust |
18. Which command line tool finds and displays objects in Active Directory that meed specified criteria? | DSQUERY |
19. Which of the following answers is not a task that can be delegated. | Create, delete, and manage built-in user accounts |
20. Which of the following is not a benefit of using roaming profiles? | Bandwidth usage |
21. Each entry in the Discretionary access control list is referred to as an ACE. What does ACE stand for? | Access Control Entry |
22. After checking the folder, you find that the group the employee is in is part of the resource’s DACL, but seems to have no effect on the group’s permissions. The group’s permission entry is the only entry in the DACL. What is wrong? | The group has been converted from a security group to a distribution group |
23. What is Microsoft’s best practices recommendation for the structure of group scope nesting? | AGDLP |
24. The Lightweight Directory Accesss Protocol is based on which of the following technologies? | x.500` |
25. What directory partition contains information needed to define Active Directory objects and object attributes for all domains in the forest? | Schema directory partition |
26. If the Unlock Account checkbox is selected under a user accounts’s Properties dialog box, what does this mean? | The user has too many failed logon attempts and is locked out |
27. This command line tool modifies existing Active Directory objects? | DSMOD |
28. To verify who has been delegated control of an OU, you must ____. | View the OU's permission |
29. Where are local groups stored? | In the local SAM database |
30. A process called ____ runs on every domain controller to determine the replication topology which defines the domain controller path that Active Directory changes flow through. | KCC Knowledge Consistancy Checker |
31. To ensure no 1 uses public computer terminals after 5 pm, u’ve set the log on hours for the guest user accounts to deny log on after 5. U’ve noticed that users are using the terminals after 5p, while other users are denied the ability to log in? | The users were logged on prior to 5pm |
32. Select below a character that can be used in a user account name: | ! |
33. Employees in your office have recently been changing desktop wallpapers against company policy. You want to be able to lock down this ability, while preventing other profile changes as well. What is your best option? | Set up a mandatory profile |
34. Which of the following statements about operations master roles is correct? | There is only one domain naming master per forest, which must be available whenever domains are added, deleted, or renamed |
35. Sally, has been given an assignment. 2 give her the rights & perms necessary to complete these tasks, what domain local group will you add her 2? | Backup Operator |
36. A Directory access control list (DACL) ____. | is a list of security principals, with each having a set of permissions that define access to the object |
37. The group “TestGroup” had been added to objects DACL and assigned the Allow Full control perms. “TestUserA” is a member of “TestGroup”, which has been assigned Deny Write permissions for the object. What is “TestUserA”’s effective permissions? | TestUserA can do anything that Full Control would allow him to do, except write to the object. |
38. Which operations master role is responsible for providing backwards compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers? | PDC emulator master |
39. Where are user profiles stored by default in Windows Server 2008? | %SYSTEMDRIVE%\Users |
40. Which of the below utilities uses comma-separated values to bulk import or export Active Directory data? | CSVDE |
41. A ____ is configured manually between domains to bypass the normal referral process. | Shortcut trust |
42. What is a super mandatory profile? | A profile that requires a user's mandatory profile be available, or they will not be able to log on |
43. Which of the following is not an valid directory partition type? | Extended directory partition |
44. How do you change a profile into a mandatory profile? | Rename Ntuser.dat to Ntuser.man |
45. By default, a user’s profile is created… | When the user first logs on |
46. Inherited permissions cant be changed or removed without____? | Disabling permission inheritance first |
47. Which of the following is not an advantage of running a dedicated forest root domain? | Enterprise Admins |
48. Which command line tool removes, or deletes, objects from Active Directory? | DSRM |
49. Which of the following is not a valid operations master role? | User management master |
50. At about what interval does a computer change its computer account password? | 30 days |
51. Which statement is false? | Global groups can be members of any global group in the forest |
52. The user “TestUserA” has been added to an objects DACL and assigned the Allow Full control permission. “TestUserA” has inherited the Deny Full Control perms for the objects from its partent container. What is “TestUserA”’s effective permissions? | TestUserA has Full Control permissions |