AD-70-640-DISC Flashcards by Lewis Davis

What allows businesses to define, manage, access, and secure network resources including files, printers, people, and applications?
network service.
directory service.
Directory Infrastructure.
NT directory.

directory service

How well did you know this?

Not at all

Perfectly

A \_\_\_\_\_\_\_\_\_\_ is defined as one or more IP subnets that are connected by fast links.
domain.
network.
site.
forest.

site

How well did you know this?

Not at all

Perfectly

What contains the rules and definitions that are used for creating and modifying object classes and attributes within Active Directory?
Configuration NC.
Schema NC.
Domain NC.
DC NC.

Schema NC

How well did you know this?

Not at all

Perfectly

What shared folder exists on all domain controllers and is used to store Group Policy objects, login scripts, and other files that are replicated domain-wide?
SYSVOL.
AD.
C$.
VOLMGR.

SYSVOL

How well did you know this?

Not at all

Perfectly

What new Windows Server 2008 feature is a special installation option that creates a minimal environment for running only specific services and roles?
Minimal Installation Option.
Server Core.
Server Standard.
Minimal Server Environment (MSE).

Server Core

How well did you know this?

Not at all

Perfectly

What is the minimum amount of storage space required for the Active Directory installation files?
100 MB.
150 MB.
200 MB.
250 MB.

200 MB

How well did you know this?

Not at all

Perfectly

When modifying the schema, Microsoft recommends adding administrators to what group only for the duration of the task?
Schema Admins.
Enterprise Admins.
Global Admins.
Forest Admins.

Schema Admins

How well did you know this?

Not at all

Perfectly

When you install the forest root domain controller in an Active Directory forest, the Active Directory Installation Wizard creates a single site named \_\_\_\_\_\_\_\_\_\_.
Default-Site
Site-Default
Default-Site-Name
Default-First-Site-Name

Default-First-Site-Name

How well did you know this?

Not at all

Perfectly

What command-line tool used for monitoring Active Directory provides functionality that includes performing connectivity and replication tests?
dcdiag.
netdiag.
dcpromo.
netstat

dcdiag

How well did you know this?

Not at all

Perfectly

When replicating information between sites, Active Directory will designate a \_\_\_\_\_\_\_\_\_\_ server in each site to act as a gatekeeper in managing site-to-site replication.
primary.
masthead.
bridgehead.
global catalog.

bridgehead

How well did you know this?

Not at all

Perfectly

What defines a chain of site links by which domain controllers from different sites can communicate?
site link bridge.
site chain.
site chain bridge.
site link chain

site link bridge

How well did you know this?

Not at all

Perfectly

How many FSMO roles does Active Directory support?
2.
5.
10.
12.

How well did you know this?

Not at all

Perfectly

How many RID Masters can a domain have?
1.
2.
3.
5.

How well did you know this?

Not at all

Perfectly

What procedure is used only when you have experienced a catastrophic failure of a domain controller that holds a FSMO role and you need to recover that role?
role transfer.
role migration.
role seizure.
role separation

role seizure

How well did you know this?

Not at all

Perfectly

What special identity group contains all authenticated users and domain guests?
Power Users.
Everyone.
Batch.
Authenticated Users.

Everyone

How well did you know this?

Not at all

Perfectly

\_\_\_\_\_\_\_\_\_\_ name refers to each user’s login name.
Common.
Distinguished.
SAM account.
AD Name

SAM account

How well did you know this?

Not at all

Perfectly

You cannot manually modify the group membership of or view the membership lists of \_\_\_\_\_\_\_\_\_\_ groups.
distribution.
domain local.
special identity.
universal

special identity

How well did you know this?

Not at all

Perfectly

What can be used to add, delete, or modify objects in Active Directory, in addition to modifying the schema if necessary?
DCPROMO.
LDIFDE.
CSVDE.
NSLOOKUP

LDIFDE

How well did you know this?

Not at all

Perfectly

Which of the following is a benefit of implementing a public key infrastructure (PKI)?
Users no longer need to remember passwords.
All information is stored on the smart card, making it difficult for anyone except the intended user to use or access it.
Smart cards can be used from remote locations, such as a home office, to provide authentication services.
All of the above

All of the above

How well did you know this?

Not at all

Perfectly

What method of authentication requires a smart card and a PIN to provide more secure access to company resources?
two-factor authentication.
dual authentication.
complex authentication.
strong authentication.

two-factor authentication

How well did you know this?

Not at all

Perfectly

What dedicated workstation allows an administrator or another authorized user to preconfigure certificates and smart cards on behalf of a user or workstation?
PKI server.
smart card enrollment station.
smart card verification station.
Certification Authority (CA).

smart card enrollment station

How well did you know this?

Not at all

Perfectly

Passwords for Windows Server 2008, Windows Vista, Windows Server 2003, and Microsoft Windows XP clients can be \_\_\_\_\_\_\_\_\_\_ characters in length.
97.
68.
127.
142.

127

How well did you know this?

Not at all

Perfectly

What is a method of controlling settings across your network?
Group Policy.
Active Directory.
FSMO roles.
MMC

Group Policy

How well did you know this?

Not at all

Perfectly

What contains all of the Group Policy settings that you wish to implement to user and computer objects within a site, domain, or OU?
Group Policies
Group Policy Settings
Group Policy Objects
Group Policy Links

Group Policy Objects

How well did you know this?

Not at all

Perfectly

What allows the Group Policy processing order to circle back and reapply the computer policies after all user policies and logon scripts run?
Reverse Processing
Switchback Processing
Loopback Processing
Repeat Processing

Loopback Processing

How well did you know this?

Not at all

Perfectly

Local GPO settings are stored in what folder on a computer?
%systemroot%/System32/GroupPolicy.
%systemroot%/System32/Drivers/GroupPolicy.
%systemroot%/System32/Drivers/Etc/GroupPolicy.
%systemroot%/System/GroupPolicy.

%systemroot%/System32/GroupPolicy.

How well did you know this?

Not at all

Perfectly

What policies can be applied to one or more users or groups of users, allowing you to specify a more or less stringent password policy for this subset than the password policy defined for the entire domain?
Fine-Grained Password Policies.
Fine-Tuned Password Policies.
Restricted Password Policies.
Custom Password Policies.

Fine-Grained Password Policies.

How well did you know this?

Not at all

Perfectly

Where can you configure the Group Policy refresh interval?
Computer Configuration\System\Group Policy.
User Configuration\Administrative Templates\System\Group Policy.
Computer Configuration\Administrative Templates\System\Group Policy.
Computer Configuration\Administrative Templates\Group Policy.

Computer Configuration\Administrative Templates\System\Group Policy

How well did you know this?

Not at all

Perfectly

Microsoft Windows Server 2008 uses the Windows Installer with Group Policy to install and manage software that is packaged into what type of file?
.exe
.msi
.mse
.inf

.msi

How well did you know this?

Not at all

Perfectly

Modifications to .msi files require transform files, which have the \_\_\_\_\_\_\_\_\_\_ extension.
.msit
.mse
.msx
.mst

.mst

How well did you know this?

Not at all

Perfectly

When configuring Software Restriction policies, which option prevents any application from running that requires administrative rights, but allows programs to run that only require resources that are accessible by normal users?
Unrestricted.
Restricted.
Basic User.
Disallowed.

Basic User

How well did you know this?

Not at all

Perfectly

What tab displays groups and users with permission to link, perform modeling analyses, or read Group Policy Results information?
Linked Group Policy Objects.
Group Policy Inheritance.
Delegation.
Management.

Delegation

How well did you know this?

Not at all

Perfectly

What setting will prevent policy settings from applying to all child objects at the current level and all subordinate levels?
Block Policy Propagation.
Block Policy Inheritance.
Remove Policy Inheritance.
Remove Policy Propagation.

Block Policy Inheritance.

How well did you know this?

Not at all

Perfectly

How many WMI filters can be configured per GPO?
one.
two.
three.
five.

one

How well did you know this?

Not at all

Perfectly

To perform a System State restore in Windows Server 2008, you will boot the DC into what mode?
Active Directory Restore.
Active Directory Maintenance.
Directory Services Maintenance.
Directory Services Restore.

Directory Services Restore

How well did you know this?

Not at all

Perfectly

In Windows Server 2008, you must back up \_\_\_\_\_\_\_\_\_\_ rather than only backing up the System State data.
critical volumes.
system volumes.
MBR records.
MX records.

critical volumes

How well did you know this?

Not at all

Perfectly

To back up Active Directory, you must install what feature from the Server Manager console?
Active Directory Backup Client.
Windows Backup Utility.
Windows Server Backup.
BackupExec.

Windows Server Backup

How well did you know this?

Not at all

Perfectly

What is the process by which one DNS server sends a name resolution request to another DNS server?
resolution.
translation.
referral.
propagation

referral.

How well did you know this?

Not at all

Perfectly

What DNS server contains no zones and hosts no domains?
secondary domain controller.
global catalog server.
secondary DNS server.
caching-only server.

caching-only server

How well did you know this?

Not at all

Perfectly

What Windows Server 2008 service can you use to protect sensitive data on a Windows network?
AD FS
AD FTP
AD FSMO
AD RMS

AD RMS

How well did you know this?

Not at all

Perfectly

What enables network administrators and owners to configure access rights for users during the users’ entire lifecycle within an organization?
Identity Lifecycle Management.
General Lifecycle Management.
Microsoft Lifecycle Management.
Lifecycle of Software Management.

Identity Lifecycle Management

How well did you know this?

Not at all

Perfectly

What are small physical devices on which a digital certificate is installed that are usually the size of a credit card or keychain fob?
RSA SecureID.
digital certificates.
smart cards.
biometric device.

smart cards

How well did you know this?

Not at all

Perfectly

What service responds to requests from clients concerning the revocation status of a particular certificate, returning a digitally signed response indicating the certificate’s current status?
Web Enrollment.
Web Responder.
enterprise CA.
Online Responder.

Online Responder

How well did you know this?

Not at all

Perfectly

What protocol has become an industry standard that enables data exchange between directory services and applications?
NTDS
LDPA
NDIS
AD

LDPA

How well did you know this?

Not at all

Perfectly

What is the process of replicating DNS information from one DNS server to another?
replication
DNS push
zone transfer
DNS update

zone transfer

How well did you know this?

Not at all

Perfectly

What DLL must be registered to use the Schema Management snap-in?

schmmgnt32. dll
schemamanagement. dll
schmmgmt. dll
adschm. dll

schmmgmt.dll

How well did you know this?

Not at all

Perfectly

Certain operations, such as a password change or an account lockout, will be transmitted by using \_\_\_\_\_\_\_\_\_\_ replication, which means that the change will be placed at the “beginning of the line” and applied before any other changes that are waiting to be replicated.
Urgent.
Immidate.
Fast.
Pushed,

Urgent

How well did you know this?

Not at all

Perfectly

Which FSMO role has the authority to manage the creation and deletion of domains, domain trees, and application data partitions in the forest?
Relative Identifier Master.
Infrastructure Master.
Domain Naming Master.
Schema Master.

Domain Naming Master.

How well did you know this?

Not at all

Perfectly

What types of memberships are stored in the global catalog?
Domain local.
Universal.
Global.
Local Workstation.

Universal.

How well did you know this?

Not at all

Perfectly

What console must be used to move the Domain Naming Master FSMO role?
Active Directory Users and Computers.
Active Directory Forests and Domains.
Active Directory Schema.
Active Directory Domains and Trusts.

Active Directory Domains and Trusts

How well did you know this?

Not at all

Perfectly

What command-line utility is used to import or export Active Directory information from a comma-separated value (.csv) file?
NETDIAG
NSLOOKUP
CSVDE
DCPROMO

CSVDE

How well did you know this?

Not at all

Perfectly

What special identity group is used by the system to allow permission to protected system files for services to function properly?
Network Service.
Restricted.
Service.
Self.

Service

How well did you know this?

Not at all

Perfectly

When using CSVDE, what is the first line of the text file that uses proper attribute names?
Header row.
Header record
Name row
name record

Header record

How well did you know this?

Not at all

Perfectly

Which of the following is not a characteristic of a strong password?
at least eight characters in length.
at least one character from each of the previous character types.
is not your birth date.
differs significantly from other previously used passwords

is not your birth date

How well did you know this?

Not at all

Perfectly

What types of certificates are generated by the enterprise CA and used to generate a smart card logon certificate for users in the organization?
enrollment agent.
enrollment credential.
enrollment verification.
enrollment authority.

enrollment agent

How well did you know this?

Not at all

Perfectly

What process applies Group Policy settings to various containers within Active Directory?
Attaching.
Linking.
Connecting.
Nesting

Linking.

How well did you know this?

Not at all

Perfectly

The \_\_\_\_\_\_\_\_\_\_ Policy is linked to the domain, and its settings affect all users and computers in the domain.
Default Domain Controller.
Default Domain.
Default.
Domain

Default Domain

How well did you know this?

Not at all

Perfectly

What policies work with folder redirection to provide the ability to cache files locally?
registry-based.
software installation.
folder redirection.
offline file storage

offline file storage

How well did you know this?

Not at all

Perfectly

What is the path to the default GPT structure for a domain?
%systemroot%\sysvol\sysvol\domain.com\Policies.
%systemroot%\sysvol\domain.com\Policies.
%systemroot%\domain.com\Policies.
%systemroot%\Policies

%systemroot%\sysvol\sysvol\domain.com\Policies

How well did you know this?

Not at all

Perfectly

What section of GPO Local Policies allows administrators to log successful and failed security events such as logon events, account access, and object access?
Local Policy.
Security Policy.
Audit Policy.
None of the above

Audit Policy

How well did you know this?

Not at all

Perfectly

What provides administrators with the ability to redirect the contents of certain folders to a network location or to another location on the user’s local computer?
Folder Sharing.
Folder Redirection.
Desktop Redirection.
Profile Redirection

Folder Redirection

How well did you know this?

Not at all

Perfectly

Settings available in the \_\_\_\_\_\_\_\_\_\_ area of Group Policy allow greater administrative control in establishing rules and governing the issuance, maintenance, and guidelines within a public key infrastructure (PKI).
PKI Policies.
Secure Key Policies.
Public Key Policies.
Private Key Policies

Public Key Policies

How well did you know this?

Not at all

Perfectly

Which of the following is a software restriction rule that can be used to govern which programs can or cannot run on your network?
hash rule.
certificate rule.
Path rule.
all of the above

all of the above

How well did you know this?

Not at all

Perfectly

What is the sum of the policies applied to a user or computer after all filters, security group permissions, and inheritance settings, such as Block Policy Inheritance and Enforce, have finished processing?
Effective Permissions.
Resultant Set of Policy.
Effective Set of Policy.
Applied Policy

Resultant Set of Policy

How well did you know this?

Not at all

Perfectly

Rather than simulating policy effects like the Group Policy Modeling Wizard, what obtains RSoP information from the client computer to show the actual effects that policies have on the client computer and user environment?
Group Policy Simulator.
Group Policy Planning.
Group Policy Modeling.
Group Policy Results

Group Policy Results

How well did you know this?

Not at all

Perfectly

What refines the application of a GPO to include or exclude certain users, groups, or computers based on the ACL that is applied to the GPO?
Block Policy Inheritance.
Policy Delegation.
Group Based Filtering.
Security Group Filtering.

Security Group Filtering

How well did you know this?

Not at all

Perfectly

What manual process defragments the Active Directory database in addition to reducing its size?
online defragmentation.
local defragmentation.
remote defragmentation.
offline defragmentation

offline defragmentation

How well did you know this?

Not at all

Perfectly

What is the command-line component of the Windows Server Backup snap-in?
wbadm
wbadmin
backadm
ntbackup

wbadmin

How well did you know this?

Not at all

Perfectly

Server Backup does not support the use of which type of backup media?
CD
DVD
HDD
Magnetic Tape

Magnetic Tape

How well did you know this?

Not at all

Perfectly

What type of zone contains the master copy of the zone database in which administrators make all changes to the zone’s resource records?
secondary zone.
stub zone.
primary zone.
forwarder zone

primary zone

How well did you know this?

Not at all

Perfectly

In terms of AD FS, what organizations contain the user accounts that are accessing the resources controlled by resource organizations, similar to a trusted domain in a traditional Windows trust relationship?
user organizations.
account organizations.
computer organizations.
resource organizations

account organizations

How well did you know this?

Not at all

Perfectly

What role in ILM is to provide services for managing public key certificates that can be used by any security system that relies on a PKI for authentication or authorization?
Active Directory Users and Computers.
Group Policy.
Active Directory Certificate Services.
Active Directory Domains and Trusts

Active Directory Certificate Services

How well did you know this?

Not at all

Perfectly

What enables a user to manually create a certificate request file using the Certificates MMC snap-in?
PKI
Certificate Request Wizard.
Autoenrollment Wizard.
Enrollment ACL

Certificate Request Wizard

How well did you know this?

Not at all

Perfectly

What is used to request certificates on behalf of a user, computer, or service if self-enrollment is not practical or is otherwise an undesirable solution for reasons of security or auditing?
enrollment agents.
smart cards.
Certificate Authority.
access point

enrollment agents

How well did you know this?

Not at all

Perfectly

Interoperability with prior versions of Microsoft Windows is available in Windows Server 2008 through the use of \_\_\_\_\_\_\_\_\_\_.
domain controllers,
functional levels.
global catalogs.
DNS servers.

functional levels

How well did you know this?

Not at all

Perfectly

Active Directory uses \_\_\_\_\_\_\_\_\_\_ relationships to allow access between multiple domains and/or forests, either within a single forest or across multiple enterprise networks.
Trust
Domain.
Forest.
Global

Trust

How well did you know this?

Not at all

Perfectly

What processes can be used by Windows Server 2008 DNS to clean up the DNS database after DNS records become “stale” or out of date?
searching and destroying.
aging and scavenging.
seeking and removing.
finding and deleting

aging and scavenging

How well did you know this?

Not at all

Perfectly

How often does intersite replication occur by default?
5min
10min
15min
1hr

15min

How well did you know this?

Not at all

Perfectly

For both intrasite and intersite replication, what protocol does Active Directory use for all replication traffic?
RPC over SMTP.
RPC over TCP
RPC over IP
RPC over ARP

RPC over IP

How well did you know this?

Not at all

Perfectly

What process is used when you move a FSMO role gracefully from one domain controller to another?
Role seizure.
Role Transfer.
Role Migration.
Role Seperation

Role transfer

How well did you know this?

Not at all

Perfectly

What Windows Server 2008 feature stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server?
global group membership caching.
domain group membership caching.
local group membership caching.
universal group membership caching

universal group membership caching

How well did you know this?

Not at all

Perfectly

What is the process of confirming that an authenticated user has the correct permissions to access one or more network resources?
authorization.
authentication,
administration.
allocation.

authorization

How well did you know this?

Not at all

Perfectly

What describes the process of configuring one or more groups as members of another group?
group nesting.
group hierarchy.
group leveling.
group forests

group nesting.

How well did you know this?

Not at all

Perfectly

What provides a robust scripting method that supports a multitude of administrative tasks including creating Active Directory objects, mapping drives, connecting to printers, modifying environment variables, and modifying registry keys?
Windows Script Host.
JavaScript.
Windows Powershell.
CMD.EXE.

Windows Script Host

How well did you know this?

Not at all

Perfectly

What component issues and manages certificates for individuals, computers, and organizations?
enrollment agent
PKI server
certificate server
Certification Authority

Certification Authority

How well did you know this?

Not at all

Perfectly

Which OU is created by default when Active Directory is installed?
Domain Controllers.
Users.
Computers.
Member Servers

Domain Controllers

How well did you know this?

Not at all

Perfectly

What can be measured by tangible benefits, such as implementation costs and ongoing support?
return on implementation.
total cost of investment.
total cost of ownership.
return on investment.

return on investment

How well did you know this?

Not at all

Perfectly

What means that each policy must be read and applied completely before the next policy can be invoked?
asymmetric processing.
symmetric processing.
asynchronous processing.
synchronous processing.

synchronous processing

How well did you know this?

Not at all

Perfectly

What policy can specify software that you wish to run on computers?
Local Policies.
Event Log Policies.
Software Restriction Policies.
Account Policies

Software Restriction Policies

How well did you know this?

Not at all

Perfectly

What setting logs events related to successful user logons to a domain?
Account Logon Events.
Logon Events.
System Events.
Policy Change Events

Account Logon Events

How well did you know this?

Not at all

Perfectly

What option allows users to install the applications that they consider useful to them?
Assign.
Require.
Amend.
Publish

Publish

How well did you know this?

Not at all

Perfectly

What Software Restriction Policy properties allow an administrator to control how certificate rules are handled?
enforcement.
designated file types.
security settings.
trusted publishers

trusted publishers

How well did you know this?

Not at all

Perfectly

Group Policy Management started being natively installed with what version of Windows Server?
NT4
2000
2003
2008

2008

How well did you know this?

Not at all

Perfectly

What component of the Microsoft Windows operating system allows administrators to create queries based on hardware, software, operating systems, and services?
VBScript.
Windows Scripting Language.
Windows Management Instrumentation..NET Framework

Windows Management Instrumentation

How well did you know this?

Not at all

Perfectly

What database of information includes hardware, Group Policy Software Installation settings, Internet Explorer Maintenance settings, scripts, Folder Redirection settings, and Security settings?
CICOM
CIMOM
DOM
DCOM

CIMOM

How well did you know this?

Not at all

Perfectly

Changes in Active Directory are referred to as \_\_\_\_\_\_\_\_\_\_.
Buffers
Transactions
Modifications.
Alterations

Transactions

How well did you know this?

Not at all

Perfectly

What logging setting should you use if Minimal logging is not producing sufficient error messages to allow you to troubleshoot a particular issue?
Basic.
Extensive.
Verbose.
Internal

Basic

How well did you know this?

Not at all

Perfectly

What type of restore will restore Active Directory objects with their original Update Sequence Number (USN), which is the number that each domain controller assigns to every transaction that is either originated on the DC or replicated in from another domain controller?
nonauthoritative restore.
authoritative restore.
full restore.
incremental restore.

nonauthoritative restore

How well did you know this?

Not at all

Perfectly

What resource record provides the name-to-IP-address mappings that DNS name servers use to perform name resolution?
Start of Authority (SOA).
Name Server (NS).
Host (A).
Mail Exchange (MX)

Host (A)

How well did you know this?

Not at all

Perfectly

What has direct access to at least one name server and can also process referrals to direct its queries to other name servers when necessary?
name server.
DNS SERVER
host file
resolver

resolver

How well did you know this?

Not at all

Perfectly

What is a secret piece of information that is shared between two parties prior to being able to communicate securely?
Public Key
{Private Key
PKI
SHared Secret Key

Shared secret key

How well did you know this?

Not at all

Perfectly

Which of the following are not able to be performed by those with the Auditor predefined security role?
configure audit parameters.
read records and configuration information in the CA database.
define key recovery agents.
possesses the system audit user right.

define key recovery agents

How well did you know this?

Not at all

Perfectly

Each class or attribute that you add to the schema should have a valid \_\_\_\_\_\_\_\_\_\_.
Username.
Password.
OID.
SID

OID

How well did you know this?

Not at all

Perfectly

Active Directory \_\_\_\_\_\_\_\_\_\_ provide the means by which administrators can control replication traffic.
Services
Sites
Domains
forests

sites

How well did you know this?

Not at all

Perfectly

Which of the following is not a function performed by a global catalog server?
facilitating searches for objects in the forest.
maintaining universal group membership information.
maintaining a backup of all data stored on a domain controller.
maintaining a copy of all objects in the domain.

maintaining a backup of all data stored on a domain controller

How well did you know this?

Not at all

Perfectly

All default groups are \_\_\_\_\_\_\_\_\_\_ groups.
Distribution.
Domain local.
built-in
Security.

security

How well did you know this?

Not at all

Perfectly

What can be defined as a password that follows guidelines that make it difficult for a potential hacker to determine the user’s password?
complex password.
encrypted password.
strong password.
RSA SecureID

strong password

How well did you know this?

Not at all

Perfectly

Administrators find that Group Policy implementation helps them to achieve \_\_\_\_\_\_\_\_\_\_.
enhanced security.
faster performance.
centralized management.
virus-free networks

centralized management

How well did you know this?

Not at all

Perfectly

What folder located under the Computer Configuration node in the Group Policy Management Editor contains security settings and scripts that apply to all users who log on to Active Directory from that specific computer?
Software Settings.
Windows Settings.
Security Settings.
Administrative Templates

Windows Settings

How well did you know this?

Not at all

Perfectly

What advanced technique allows you to apply GPO settings to only one or more users or groups within a container by selectively granting the “Apply Group Policy” permission to one or more users or security groups?
Linking.
Nesting.
Security group filtering.
Group Policy filtering

Security group filtering.

How well did you know this?

Not at all

Perfectly

Which of these is not an option when configuring Fine-Grained Password Policies?
PasswordSettingsPrecedence.
PasswordCommonNameUsage.
PasswordCommonNameUsage.
LockoutThreshold.

PasswordCommonNameUsage

What option is helpful when you are deploying required applications to pertinent users and computers?
Assign
Require.
Amdend.
Publish.

Publish

When implementing multiple Software Restriction Policy rules, which rule is always applied last?
hash rule.
certificate rule.
path rule.
network zone rules

path rule

By default, the Software Restriction Policies area has what value in the Default Security Level setting?
Unrestricted.
Restricted.
Basic User.
Disallowed

Unrestricted

What MMC snap-in provides a single access point to all aspects of Group Policy that were previously spread across other tools such as Active Directory Users and Computers, Active Directory Sites and Services, Resultant Set of Policy (RSoP), and the Group Policy Management Editor?
Group Policy Editor.
Group Policy Management.
GPEdit.
GPUpdate

Group Policy Management

What command-line tool allows you to create and display an RSoP query from the command line?
GPResult.
GPUpdate.
GPClone.
GPRSoP

GPResult

WMI filters cannot be evaluated on which operating system?
Windows XP.
Windows 2000.
Windows Server 2003.
Windows Vista

Windows 2000

Which mode in the Resultant Set of Policy Wizard is useful for documenting and understanding how combined policies are affecting users and computers?
Logging.
Planning.
Implementation.
Auditing

Logging

Active Directory writes transactions to the \_\_\_\_\_\_\_\_\_\_ log file.
system.
security.
transaction.
DNS

transaction.

What command-line tool can analyze the state of the domain controllers in the forest or enterprise and report any problems to assist in troubleshooting?
dcdiag.
netdom.
repadmin.
nltest

dcdiag

Configuring Active Directory diagnostic event logging requires that you edit what registry key?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Diagnostics\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Which of the following is not a column of the host table?
IP address.
distinguished name.
host name.
comments

distinguished name

What can be configured to enable enterprise-wide NetBIOS name resolution for your clients and servers?
DNS.
WINS.
PPPoE
DHCP

DNS

What DNS server receives queries from other DNS servers that are explicitly configured to send them?
forwarder.
resolver.
secondary DNS server.
caching-only server

forwarder

The \_\_\_\_\_\_\_\_\_\_ Domain Controller contains a copy of the ntds.dit file that cannot be modified and does not replicate its changes to other domain controllers within Active Directory.
Secondary.
Primary.
Read-Only
Mandatory

Read-Only

What type of trust is new to Windows Server 2008 and is only available when the forest functionality is set to Windows Server 2008?
parent-child trust.
two-way transitive trust.
cross-forest trust.
simple trust.

cross-forest trust

What feature makes it possible to configure a user as the local administrator of a specific RODC without making the user a Domain Admins with far-reaching authority over all domain controllers in your entire domain and full access to your Active Directory domain data?
Role Delegation.
Admin Role Separation.
New Administrative Security Groups.
Domain Functional Levels

Admin Role Separation

What command-line tool is used to create, delete, verify, and reset trust relationships from the Windows Server 2008 command line?
adtrust.
netdom.
csvde
nslookup

csvde

What describes the amount of time that it takes for all domain controllers in the environment to contain the most up-to-date information?.
replication.
convergence.
completion.
propagation

convergence

How often does replication occur in intersite replication?
15
30
90
180

180

The ISTG automatically assigns one server in each site as the bridgehead server unless you override this by establishing a list of \_\_\_\_\_\_\_\_\_\_ bridgehead servers.
manual.
preferred.
static.
designated

preferred.

How many FSMO roles does Active Directory support?
2
5
10
12

Each object’s SID consists of two components: the domain portion and the \_\_\_\_\_\_\_\_\_\_.
FSMO role.
global catalog.
subnet mask.
relative identifier

relative identifier

\_\_\_\_\_\_\_\_\_\_ groups are used to consolidate groups and accounts that either span multiple domains or the entire forest.
Global.
Domain local.
Built-in.
Universal

Universal

Which of the following is an administrative benefit of using Group Policy?
Administrators have control over centralized configuration of user settings, application installation, and desktop configuration.
Problems due to missing application files and other minor application errors often can be alleviated by the automation of application repairs..
Centralized backup of user files eliminates the need and cost of trying to recover files from a damaged drive..
All of the above

All of the above

What directory object includes subcontainers that hold GPO policy information?
Group Policy template.
AD GPO template set.
Group Policy container.
AD GPO container set

Group Policy container

What policy setting is set to audit successes in the Default Domain Controllers GPO?
system events.
policy change events.
account management events.
logon events

account management events

How often are Computer Configuration group policies refreshed by default?
every 30 minutes.
every 60 minutes.
every 90 minutes.
every 120 minutes

every 90 minutes

What type of rule can be applied to allow only Windows Installer packages to be installed if they come from a trusted area of the network?
hash rule.
certificate rule.
path rule.
network zone rules

network zone rules

\_\_\_\_\_\_\_\_\_\_ GPOs can act as templates when creating new GPOs for your organization.
Template.
Base.
Starter.
Set

Starter

WMI Filtering uses filters written in what language, which is similar to structured query language (SQL)?
PostGRE SQL.
Microsoft SQL Server.
WMI Query Language.
WIM Query Language

WMI Query Language

What tool in Windows Server 2008 allows you to collect real-time information on your local computer or from a specific computer to which you have permissions?
Performance Log Viewer.
Performance Monitor.
Reliability and Performance Monitor.
Performance and Statistics Monitor

Reliability and Performance Monitor

If you find yourself in a position where you need to restore an object or container within Active Directory that has been inadvertently deleted, you need to perform what type of restore?
nonauthoritative restore.
authoritative restore.
full restore.
incremental restore

authoritative restore.

What represents the computer’s IP address in applications and other references?
client name.
dns name.
host name.
server name

host name

In what type of query does the server that receives the name resolution request immediately respond to the requester with the best information it possesses?
formative.
iterative.
recursive.
aligned

recursive

What type of zone forwards or refers requests to the appropriate server that hosts a primary zone for the selected query?
secondary zone.
stub zone.
primary zone.
forwarder zone

stub zone

What is the process by which private keys are maintained by the CA for retrieval by a recovery agent?
key distribution.
key archival.
public shared keys.
key revocation

key archival

In DNS what is a notify list?
Select one:
a. A Notify list is another name for a reverse lookup zone
b. A notify list is the list of DNS zones being provided by a DNS Server.
c. A notify list is the list of secondary servers that a primary dns server uses to let the secondary servers know that there is a change
d. A Notify list is another name for a forward lookup zone

c. A notify list is the list of secondary servers that a primary dns server uses to let the secondary servers know that there is a change

What did Windows OS use to resolve names before Windows 2000?
Select one:
a. NETBios
b. dhcp
c. dns
d. hosts file

a. NETBios

What do Microsoft recommend designing an internal and external DNS namespace?
Select one:
a. Create separate and unrelated internal and external domains
b. Make the internal domain a subdomain of the external domain (e.g. int.company.com)
c. Use the same domain name internally and externally
d. Use different Top level domains. (e.g. company.int and company.com)

b. Make the internal domain a subdomain of the external domain (e.g. int.company.com)

What is a WINS Server for?
Select one:
a. Resolving NETBios Names
b. Resolving FQDNs
c. Resolving A Records
d. Resolving PTR Records

a. Resolving NETBios Names

What tool can be used to create a custom application directory partition?
Select one:
a. Bcdedit
b. Boot.ini
c. NTDSutil
d. repadmin

c. NTDSutil

Which of the following is a resource record which identifies the name server that is the authority for the particular zone
Select one:
a. Service Record
b. Canonical Record
c. NS Record
d. AAAA Record

c. NS Record

Which zone is a copy of a primary zone which contains only SOA, NS records plus Host(A) records that identify authoritative servers?
Select one:
a. Stub Zone
b. Secondary Zone 
c. Reverse Look UP Zone
d. Primary zone

a. Stub Zone

What is a Certificate Trust List (CTL)?
Select one:
a. A list of certificates which are currently accepted within the organization
b. This is the list which shows which certificates are currently not trusted
c. A list of online responder services which are currently accepted within the organization
d. A list of reputable root CAs deemed to be reputable by the administrator

d. A list of reputable root CAs deemed to be reputable by the administrator

What is the default period for validity for the cerfiticate generated for the CA?
Select one:
a. 2 years
b. 7 years
c. 10 years
d. 5 years

What is the name of the protocol used by the NDES (Network Device Enrollment Service)?
Select one:
a. Online Certificate Revocation List Protocol (OCRLP)
b. Certificate Revocation List Protocol (CRLP)
c. Simple Certificate Enrollment Protocol (SCEP)
d. Online Certificate Status Protocol (OCSP)

c. Simple Certificate Enrollment Protocol (SCEP)

What type of CA integrates with AD?
Select one:
a. Enterprise
b. Internal
c. External
d. Standalone

a. Enterprise

What type of organisation would require CTLs?
Select one:
a. Organisations that are associated with Verisign
b. Organisations that do use CA’s
c. Organisations that provide internal Certificate Authorities.
d. Organisations that do not use CA’s

b. Organisations that do use CA’s

What Windows Server editions support autoenroll?
Select one:
a. 2008 onwards
d. 2003 onwards

2003

When deploying a windows based PKI within your organisation, what two different kind of CAs can be deployed?
Select one:
a. External CA and Enterprise CA
b. Standalone CA and an Enterprise CA
c. Internal CA and Standalone CA
d. Internal CA and External CA

Standalone CA and an Enterprise CA

Which command line tool is used to manage AD Certificate Services?
Select one:
a. dsacls
b. replmon
c. certutil
d. repadmin

certutil

What locator records within DNS allow clients to locate an Active Directory domain controller or global catalog?
A records
MX records
SRV records
SOA records

SRV records

What type of zone is necessary for computer hostname-to-IP address mappings, which are used for name resolution by a variety of services?
primary lookup
secondary lookup
forward lookup
reverse lookup

forward lookup

The \_\_\_\_\_\_\_\_\_\_ Policy is linked to the domain, and its settings affect all users and computers in the domain.
Default Domain Controller
Default Domain
Default
Domain

Default Domain

\_\_\_\_\_\_\_\_ is the highest available forest functional level.
Windows 2000
Windows Server 2003
Windows Server 2008
Windows 2009

Windows Server 2008

A \_\_\_\_\_\_\_\_\_\_ name references an object in the Active Directory directory structure by using its entire hierarchical path, starting with the object itself and including all parent objects up to the root of the domain.
common
DNS
schema
distinguished

distinguished

To raise the functional level of a forest, you must be logged on as a member of the \_\_\_\_\_\_\_\_\_\_ group.
Domain Admins
Enterprise Admins
Global Admins
Universal Admins

Enterprise Admins

What role provides developers with the ability to store data for directory-enabled applications without incurring the overhead of extending the Active Directory schema to support their applications?
AD LSD
AD SLD
AD DLS
AD LDS

AD LDS

What process is responsible for selecting a bridgehead server and mapping the topology to be used for replication between sites?
Intersite Bridgehead Replicator
Intersite Replication Generator
Intersite Bridgehead Generator
Intersite Topology Generator

Intersite Topology Generator

What allows a user to be able to log on using a cached copy of his or her logon credentials that have been stored on his or her local workstation?
cached login
cached credentials
stored login
stored credentials

cached credentials

Which FSMO role is responsible for reference updates from its domain objects to other domains?
Relative Identifier Master
Infrastructure Master
Domain Naming Master
Schema Master

Infrastructure Master

What is the process of confirming a user’s identity by using a known value, such as a password, pin number on a smart card, or user’s fingerprint or handprint in the case of biometric authentication?
authorization
authentication
administration
allocation

authentication

The two built-in user accounts that are created on a Windows Server 2008 computer are the Administrator account and the \_\_\_\_\_\_\_\_\_\_ account.
Network
Interactive
Power User
Guest

Guest

\_\_\_\_\_\_\_\_\_\_ groups are a collection of user accounts that are local to one specific workstation or member server.
Distribution
Local
Built-in
Security

Local

What command-line tool can be used with a standard user account to reduce the risks associated with the Administrator account?
runas
su
runadmin
launchas

runas

Password-cracking can be accomplished by intelligent guessing on the part of the hacker or through the use of an automated \_\_\_\_\_\_\_\_\_\_ attack.
brute force
dictionary
cracking
work

dictionary

What policies can be used to ensure that users always have the latest versions of applications?
registry-based
software installation
folder redirection
offline file storage

software installation

What Microsoft Management Console (MMC) snap-in is used to create and modify Group Policies and their settings?
Group Policy Management Editor
Group Policy Control Console
Group Policy GPO
Group Policy Management Console

Group Policy Management Console

Which of the following is not a type of GPO?
local GPO
advanced GPO
domain GPO
starter GPO

advanced GPO

What type of file can be written to allow non–Windows Installer–compliant applications to be deployed?
.msi
.exe
.zap
.ini

.zap

What Software Restriction Policy properties allow you to determine whether the policies apply to all files or whether library files, such as Dynamic Link Library (DLL), are excluded?
enforcement
designated file types
trusted publishers
security settings

enforcement

When a GPO is selected in Group Policy Management, which tab allows administrators to view the locations to which the policy is linked?
Scope
Details
Settings
Delegation

Scope

What would the syntax of the GPResult command be if you want to obtain RSoP information on computer and user policies that will affect a user named jsmith?
gpresult /user jsmith
gpresult jsmith
gpresult /user jsmith /v
gpresult /user jsmith /v /x

gpresult /user jsmith /v

What is responsible for managing changes to the Active Directory database?
Extensible Storage Engine
Extended Storage Engine
Extensible Change Engine
Stringent Change Manager

Extensible Storage Engine

What are the specific processes or events that you want to track in the Reliability and Performance Monitor?
performance objects
performance counters
performance items
performance classes

performance counters

Which backup type will update each file’s backup history and clear the Application log files?
Copy backup
VSS full backup
Incremental backup
Differential backup

VSS full backup

What resource record identifies which name server is the authoritative source of information for data within this domain?
Start of Authority (SOA)
Name Server (NS)
Host (A)
Mail Exchange (MX)

Start of Authority (SOA)

What resource record is the functional opposite of the A record, providing an IP address-to-name mapping for the system identified in the Name field using the in-addr.arpa domain name?
Service Record (SRV)
Name Server (NS)
Pointer (PTR)
Mail Exchange (MX)

Pointer (PTR)

What consists of a number of elements that allow two parties to communicate securely, without any previous communication, through the use of a mathematical algorithm called public key cryptography?
security certificates
public key infrastructure
WEP codes
passwords

public key infrastructure

Which functional level only allows Windows Server 2003 and Windows 2008 domain controllers?
Windows 2000 Native
Windows Server 2003
Windows Server 2008
Windows 2003 Mixed

Windows Server 2003

If the domains within a forest are separated by slow WAN links and the tree-walking process takes an exceedingly long time to allow user authentication across domains, you can configure a \_\_\_\_\_\_\_\_\_\_ trust.
two-way transitive
cross-forest
shortcut
parent-child

shortcut

Read-Only Domain Controllers provide added security in the way passwords are stored through what feature?
Password Integration Policy
Password Caching Policy
Password Storage Policy
Password Replication Policy

Password Replication Policy

What holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest?
domain controller
global catalog
DNS server
DHCP server

global catalog

Password-\_\_\_\_\_\_\_\_\_\_ is an attempt to discover a user’s password.
recovery
tracing
sniffing
cracking

cracking

What role allows administrators to configure Single Sign-On (SSO) for Web-based applications across multiple organizations without requiring users to remember multiple usernames and passwords?
AD FS
AD FTP
AD FSMO
AD RMS

AD FS

What does LDAP use to refer to each object?
Select one:
a. DN
b. GUID
c. SID
d. UPN

What process automatically maintains the local replication topology?
Select one:
a. Kerberos 
b. Netlogon
c. ISTG
d. The KCC

KCC

What tool is used to manage the Schema?
Select one:
a. ADS&amp;S 
b. Adsi edit
c. The AD Schema Tool
d. ADU&amp;C

The AD Schema Tool

What two Naming Context's are stored on every domain controller's ntds.dit file? They are stored on every DC within the forest
Select one:
a. The schema NC and application NC
b. The schema NC and configuration NC
c. The domain NC and configuration NC
d. The schema NC and domain NC Incorrect

b. The schema NC and configuration NC

What type of replication occurs when a DC updates other DC's on the network?
Select one:
a. Intrasite replication 
b. Intersite replication
c. Inbound replication
d. Outbound replication

d. Outbound replication

When raising the forest functional level, What role should the DC (which the forest functional level is being raised at) be?
Select one:
a. The Schema Master Role
b. Infrastructure master 
c. RID Master
d. PDC Emulator

a. The Schema Master Role

Which of the DC’s in a forest do you set up a cross forest trust with?
Select one:
a. A DC with the Infrastructure Master Role
b. Any Writeable DC
c. Any RODC or RWDC
d. the root DC

d. the root DC

Which of the following is NOT a W2K8 feature
Select one:
a. Multiple password policies per domain
b. Read-only Domain Controllers
c. Domain Rename
d. SYSVOL replication using DFSR instead of NTFRS

Domain Rename

Four types of trust can be manually established using windows Server 2008. Which one of the following is not correct?
Select one:
a. cross-forest trusts
b. Two Way Transitive
c. External trusts
d. realm trusts

Two Way Transitive

If the target server is a member of a domain, can it be created as a RODC?
Select one:
a. No, it must be part of a workgroup initially
b. Yes

What are the default LDAP ports?
Select one:
a. 88 and 25
b. 389 and 636
c. 3268 and 223
d. 223 and 137

3268 and 223

What is the default location of the SYSVOL folder?
Select one:
a. C:\Windows
b. C:\Windows\System
c. C:\Programs
d. C:\Windows\System32

C:\Windows

What trusts can netdom NOT be used to verify?
Select one:
a. realm trusts
b. external 
c. Shortcut
d. cross-forest trusts

realm trusts

What version of Windows Server was cross-forest trusts introduced in?
Select one:
a. Windows 2008 
b. Windows NT
c. Windows 2000
d. Windows 2003

2003

When removing an RODC, what option is NOT provided in terms of user passwords?
Select one:
a. Export the list of accounts that were cached on this RODC
b. Reset all passwords for computer accounts that were cached on this RODC
c. Reset all passwords for user accounts that were cached on this RODC
d. Disable all user and computer accounts that were cached on this RODC

Disable all user and computer accounts that were cached on this RODC

When running dcpromo on a core build, what do you need
to specify at the dcpromo stage?
Select one:
a. The name of the domain to be created
b. The IP of the parent DC
c. The unattended file to be used for DCPromo
d. The name of the parent DC

The unattended file to be used for DCPromo

Which of the following is NOT stored in the SYSVOL folder structure?
Select one:
a. GPOs
b. login scripts and other domain wide replicated files
c. Group Policy Template
d. Group Policy Container

Group Policy Container

Which security group(s) are/is created in Windows 2008
to allow configuration of RODC Password Replication Policy?
Select one:
a. Unrestricted RODC Password Replication Group and Basic RODC Password Replication Group
c. Denied RODC Password Replication Group and Allowed RODC
Password Replication Group
d. Allowed RODC Password Replication Group

Denied RODC Password Replication Group and Allowed RODC

Password Replication Group

If on two DCs, two administrators change an attribute for an object. This results in the version ID's being identical at replication. What is used to determine the correct version?
Select one:
a. The timestamp of the change
b. The SID
c. The RID
d. GUID

The timestamp of the change

In a multisite network, what is run by one DC at each site in order to create the topology of the sites?
Select one:
a. LDAP
b. Kerberos
c. KCC
d. ISTG

: ISTG

Once a KCC selects a replication partner, what does it create in terms of connection?
Select one:
a. A slow link
b. A connection object
c. A fast link
d. A site object

A connection object

There are four ways a KCC minimises latancy in intrasite replication. Which one is not correct?
Select one:
a. Three Hop Rule - only ever 3 hops to all originating DCs
b. Change Notification - Each DC holds a change for 15 seconds before forwarding it to its partner dcs
c. Dual Counter Rotating Ring - if a connection one way is lost, the KCC will go back the other way
d. Compresssion - reduces network load

Compresssion - reduces network load

What is a change notification?
Select one:
a. There is no initial pause - Each DC forwards information to its partners every 3 seconds
b. Each DC holds onto a change for 15 seconds. It then forwards its information to other dc every 3 seconds.
c. There is no initial pause - Each DC forwards information to its partners every 15 seconds
d. Each DC holds onto a change for 3 seconds. It then forwards its information to other dc every 15 seconds.

Each DC holds onto a change for 15 seconds. It then forwards its information to other dc every 3 seconds.

When does intrasite replication occur?
Select one:
a. Almost immediately (compressed)
b. Almost immediately (not compressed)
c. Every 15 mins by default (not compressed)
d. Every 15 mins by default (compressed)

Almost immediately (not compressed)

Which command line utilities are used to “monitor AD” and “force and view replication” respectively?
Select one:
a. Bcdedit and ntdsutil IncorrectIncorrect
b. Netsh and dcmon
c. Dcdiag and repadmin
d. Replmon and dcdiag

Dcdiag and repadmin

Which of the following is NOT a characteristic that all site link objects possess?
Select one:
a. They connect two sites using the same protocol
b. They represent the WAN links being used
c. They are defined manually
d. The KCC uses these links to create the topology

The KCC uses these links to create the topology

At object creation, what does the RID number become part of?
Select one:
a. The SID
b. The upn
c. The GUID
d. The unique name

The SID

By default, how many minute clock skew does AD allow between DCs?
Select one:
a. 5 minutes
b. 20 minutes
c. 15 minutes
d. 10 minutes

Here is a SID: S-1-5-21-A-B-C-RID. The first bit is standard for all SIDS and the RID part represents the the RID number. What is ABC used for?
Select one:
a. Numerical representation of distinguished name
b. Numerical representation of the UPN
c. Random number for each domain
d. The GUID

c. Random number for each domain

How many (if any) GCs should a site contain? Choose one of the following:
Select one:
a. At least 2 for fault tolerance
b. Each site can only contain 1 GC
c. None - the forest root domain is used primarily
d. At least one

d. At least one

In universal group caching, where are universal group memberships cached?
Select one:
a. The Infrastructure Master 
b. The Local DC
c. The RID Master
d. GC's

The Local DC

What command line can be typed to determine where the roles are in the domain?
Select one:
a. Replmon 
b. Bcdedit
c. Dsacls
d. Dcdiag

Dcdiag

What does the PAS (partial attribute set) contain?
Select one:
a. It only contains universal groups
b. It contains all class objects, but only a subset of their attributes
c. The Schema
d. A List of the local global catalog servers

b. It contains all class objects, but only a subset of their attributes

What should be considered when designing an infrastructure, regarding the GC? Choose three out of four? (not multi choice)
Select one:
a. Each site should have a GC
b. GC Replication takes a lot of bandwidth
c. For a GC, estimate 50% the size of other domain ntds.dit files will be added to the the dc which has been configured as the GC
d. RODCs should always be GC’s

RODCs should always be GC’s

Where is it defined what attributes are included in the GC?
Select one:
a. Configuration NC
b. Domain NC
c. Schema NC
d. SYSVOL Folder

Schema NC

Each class or attribute that you add to the schema should have a valid \_\_\_\_\_\_\_\_\_\_.
username
password
OID
SID

OID

\_\_\_\_\_\_\_\_\_\_ partitions are used to separate forest-wide DNS information from domain-wide DNS information to control the scope of replication of different types of DNS data.
DNA record
DNS type
DNS data
Application Directory

Application Directory

What tool is used to seize a FSMO role?
ntosutil
ntdsutil
dcpromo
adutil

ntdsutil

When a user logs on, what is created that identifies the user and all of the user’s group memberships?
access card
access token
access key
access session

access token

What Computer Configuration node setting includes three subcategories: Audit Policy, User Rights Assignment, and Security Options?
Account Policies
Local Policies
Event Log Policies
System Services Policies

Local Policies

Which of these is not an option when configuring Fine-Grained Password Policies?
PasswordSettingsPrecedence
PasswordCommonNameUsage
PasswordHistoryLength
PasswordHistoryLength
LockoutThreshold

PasswordCommonNameUsage

If you set the refresh interval to zero, the system attempts to update the policy at what interval?
every second
every 7 seconds
every minute
every 7 minutes

every 7 seconds

Which of the following is not a phase of the software life cycle?
planning
implementation
evaluation
removal

evaluation

What option is helpful when you are deploying required applications to pertinent users and computers?
Assign
Assign
Amend
Publish

Publish

When a user logs on, what is created that identifies the user to all memberships?
Select one:
a. An Access Token
b. A GUID
c. A RID
d. A SID

An Access Token

Where are universal groups stored?
Select one:
a. Schema Master Servers
b. Global catalog servers
c. Domain Controllers
d. Infrastructure Master Servers

Global catalog servers

Which of the following can be done for an Administrator account (choose one)?
Select one:
a. deleted only
b. disabled only
c. changed and deleted
d. changed only

changed and deleted

How many characters can a 2k8, vista, 2k3 and xp password be?
Select one:
a. 256
b. 255
c. 128 
d. 127

127

What is the name of the service which allows the "Run as…" feature to work? The service supports the principal of least privilege.
Select one:
a. NetLogon
b. BranchCache
c. Secondary Login
d. SSDPDiscovery

c. Secondary Login

When Active Directory Domain Services is installed, how many OUs are created?
Select one:
a. 2 
b. 1
c. 16
d. 0

Who should log on to a computer in order to create users?
Select one:
a. Someone from the Account Operators group
b. Someone from the PowerUsers group
c. Someone from the Distributed COM Users group
d. Someone from the administrators group

Someone from the Account Operators group

If you have multiple GPOs linked to one container object (e.g. an OU), which one is processed last (i.e. which gets applied).
Select one:
a. The one at the top of the list
b. They are applied asynchronously by default, so all at the same time
c. The one at the bottom of the list
d. It is impossible to tell

The one at the top of the list

In a start up script, how long do the scripts have before a timeout is applied?
Select one:
a. 60 seconds 
b. 600 seconds
c. 60 minutes
d. 6 minutes

600 seconds

Pick the one that is correct of the following, regarding gpos.
Select one:
a. Only one policy can ever apply to one container
b. You can link many policies to many containers
c. You can link many policies to one container
d. You can link one policy to many containers

You can link many policies to many containers

What is each AD GPC named using?
Select one:
a. It is provided by the user when created
b. A Name based on the RID of the domain in which it is created
c. The GUID which it is assigned when created
d. A random number to ensure security

The GUID which it is assigned when created

What is used to locate a GPT so that Active Directory knows where it is?
Select one:
a. A GPC is used to locate GPT’s via a link or connection to the template
b. The Local Name Resolution Service
c. It is always stored in SYSVOL, so requires no further location service
d. It is stored in DNS

A GPC is used to locate GPT’s via a link or connection to the template

When AD is installed, what two default policies are created?
Select one or more:
a. Default Domain Controller GPO
b. Default Domain GPO Correct
c. Default User GPO

Default Domain Controller GPO,

Default Domain GPO

You are working in a school. A teacher has an office, but does a lot of work in the classroom. They log on to their profile at both their office and classroom. A group policy setting for their User account is configured to ensure that they print out to their office printer, but when in the classroom the same policy is applied and they have to walk to their office to get their print out. What is a solution to this problem?
Select one:
a. Apply a local group policy to the classroom machine to ensure that the default printer is the classroom one.
b. Apply a computer group policy to the local machine and loopback processing so that it is the classroom printer that is applied.
c. Tell the teacher to stop complaining, and that exercise will do them good
d. Apply a starter GPO to ensure that the default printer is the teachers classroom printer

Apply a computer group policy to the local machine and loopback processing so that it is the classroom printer that is applied.

The ? extension is found on an administrative template?

.admx

What master database contains definitions of all objects in the Active Directory?
schema
global catalog
dns
dc

schema

What SRV record information serves as a mechanism to set up load balancing between multiple servers that are advertising the same SRV records?
priority
time-to-live
weight
port

priority

What is used to uniquely identify an object throughout the Active Directory domain?
security identifier
relative identifier
intermediate identifier
domain identifier

security identifier

Which of the following is not a type of user account that can be configured in Windows Server 2008?
local accounts
domain accounts
network accounts
built-in accounts

network accounts

What tool allows you to utilize a simple interface to delegate permissions for domains, OUs, or containers?
Delegation Wizard
Delegation of Control Wizard
Delegation of Administration Wizard
Administration Wizard

Delegation of Control Wizard

What process takes place from the time an application is evaluated for deployment in an organization until the time when it is deemed old or not suitable for use?
software life cycle
software longevity cycle
software duration cycle
software usage cycle

software life cycle

What allows published applications to be organized within specific groupings for easy navigation?
software classifications
software methods
software categories
software assignments

software categories

What in the event log is indicated by a red circle with an X on it?
warning
problem
driver issue
stop error

stop error

If you find yourself in a position where you need to restore an object or container within Active Directory that has been inadvertently deleted, you need to perform what type of restore?
nonauthoritative restore
authoritative restore
full restore
incremental restore

authoritative restore

What represents the computer’s IP address in applications and other references?
client name
dns name
host name
server name

host name

What type of zone forwards or refers requests to the appropriate server that hosts a primary zone for the selected query?
secondary zone
stub zone
primary zone
forwarder zone

stub zone

If an Account password Policy is applied to your particular OU, what is the only thing that can override the policy?
Select one:
a. The Local GPO
b. The Domain GPO
c. The parent OU GPOct
d. A fine-Grained Password Policy

d. A fine-Grained Password Policy

In days, what is the minimum and maximum background group policy refresh interval available (e.g. min-max) ?
Select one:
a. 0-25
b. 0-35 
c. 0-45
d. 0-15

0-45

There are 12 logs in the Event log category, however, these 12 logs make up four logs, one each of the three primary log files. What settings are configurable for each log?
Select one or more:
a. Retention policy 
b. Retain policy
c. Prevention of guests reading logs
d. Maximum size

Maximum size, Retain policy,

Prevention of guests reading logs

What does tattoing mean in relation to group policy?
Select one:
a. When a particular group policy is applied, it will remain applied, even if it is changed to “Not Configured” until a change which specifically overwrites the original group policy is implemented
b. For all group policies, when they are applied, they will remain applied, even if it they are changed to “Not Configured” until a change which specifically overwrites the original group policy is implemented

When a particular group policy is applied, it will remain applied, even if it is changed to “Not Configured” until a change which specifically overwrites the original group policy is implemented

What is another name for msds_PasswordSettings?
Select one:
a. The password Settings Template 
b. The Password Settings Object
c. The Password Settings container
d. The password Settings Volume

The Password Settings Object

What is the Schema object called msds_PasswordSettings used for?
Select one:
a. Restricts the use of GPO Password Policies
b. Enables the use of GPO Password Policies.
c. Restricts the use of FGPPs
d. Enables the use of FGPPs

Enables the use of FGPPs

When creating an auditing strategy, there are three things which can guide what needs to be audited. Which of the following is NOT one?
Select one:
a. Configure the size of your security logs carefully
b. Audit everything by default
c. Archive security logs to provide a documented history
d. Audit only pertinant items

Audit everything by default

Which tool CANNOT be used to create a Passwords Setting Object or Fine Grained Password Policy?
Select one:
a. Powershell
b. Dsadd
c. Adsiedit
d. Ldifde

Dsadd

You have configured the Administrators group in the restricted groups GPO for a specific domain controller with you and your administrator colleague as part of the group. Your colleague suggests that your third colleague (Steve), who requires administraive access should be added to the administrators group. Your colleague suggests using ADU&C to add Steve to the group. Regarding this approach, answer the following:
Select one:
a. W2K8 doesn’t allow this
b. It will be allowed, until the next group policy refresh
c. It will be alllowed
d. Do not do this as it is not best practice

It will be allowed, until the next group policy refresh

Brainscape's Knowledge GenomeTM

AD-70-640-DISC Flashcards

Brainscape's Knowledge Genome^TM