Identify Infrastructure

Question 1

What is Active Directory Domain Services?

Answer 1

A directory service that is the central store for all domain objects.

Question 2

(AD DS) Logical or physical?

Partition

Answer 2

Logical

Question 3

(AD DS) Logical or physical?

Schema

Answer 3

Logical

Question 4

(AD DS) Logical or physical?

Domain

Answer 4

Logical

Question 5

(AD DS) Logical or physical?

Domain tree

Answer 5

Logical

Question 6

(AD DS) Logical or physical?

Forest

Answer 6

Logical

Question 7

(AD DS) Logical or physical?

OU

Answer 7

Logical

Question 8

(AD DS) Logical or physical?

Container

Answer 8

Logical

Question 9

(AD DS) Logical or physical?

Domain controller

Answer 9

Physical

Question 10

(AD DS) Logical or physical?

Data store

Answer 10

Physical

Question 11

(AD DS) Logical or physical?

Global catalog server

Answer 11

Physical

Question 12

(AD DS) Logical or physical?

Read-only domain controller

Answer 12

Physical

Question 13

(AD DS) Logical or physical?

Site

Answer 13

Physical

Question 14

(AD DS) Logical or physical?

Subnet

Answer 14

Physical

Question 15

What is an AD DS partition?

Answer 15

A portion (or naming context) of the AD DS database

Question 16

What is the default Active Directory database file location?

Answer 16

C:\Windows\NTDS

Question 17

What is the Active Directory database file name?

Answer 17

Ntds.dit

Question 18

What is the AD DS schema?

Answer 18

A set of definitions of the object types and attributes that you use to define the objects created in AD

Question 19

What is an AD domain?

Answer 19

A logical administrative container for storing and managing objects

Question 20

What is an AD DS domain tree?

Answer 20

A hierarchical collection of domains sharing a common root domain and a contiguous DNS namespace

Question 21

What is an AD DS forest?

Answer 21

A collection of one or more domains with a common AD DS root, schema, and global catalog

Question 22

What is an AD DS OU?

Answer 22

A container object for users, groups, and computers that provides framework for assigning administrative rights and administration by linking Group Policy Objects (GPOs)

Question 23

What is an AD DS container?

Answer 23

An object that provides an organization framework for use in AD DS

Question 24

What AD DS logical component cannot be linked to a container?

Answer 24

GPOs

Question 25

What is an AD domain controller?

Answer 25

A server that contains a copy of the AD DS database

Question 26

What is an AD DS data store?

Answer 26

The data stored on each domain controller

Question 27

What is an AD DS Global catalog server?

Answer 27

A domain controller that hosts the global catalog

Question 28

What is the name of a partial, read-only copy of all of the objects in a multiple-domain forest?

Answer 28

AD DS global catalog

Question 29

What purpose does a global catalog serve?

Answer 29

It speeds up searches for objects that might be stored on domain controllers in a different domain in the forest

Question 30

What is a special, read-only installation of AD DS?

Answer 30

Read-only domain controller (RODC)

Question 31

Where are read-only domain controllers commonly found?

Answer 31

Branch offices lacking optimal physical security and IT support

Question 32

What is an AD DS site?

Answer 32

A container for AD DS objects and services that are specific to a physical location

Question 33

What is an AD DS subnet?

Answer 33

A portion of the network IP addresses

Question 34

What is an AD DS managed service account (MSA)?

Answer 34

An object class used to facilitate service-account management

Question 35

What enables you to extend the capabilities of standard managed service accounts (MSA) to more than one server in your domain?

Answer 35

Group Managed Service Accounts (gMSA)

Question 36

For what does the acronym SPN stand?

Answer 36

Service Principal Name

Question 37

What is a managed domain account that provides provided automatic password management, simplified SPN management, and the ability to delegate this management to other admins?

Answer 37

Standalone Managed Service Account (sMSA)

Question 38

What are the two group types in a Windows Server enterprise network?

Answer 38

Security and distribution

Question 39

What are the four group scopes in Windows Server?

Answer 39

Local, domain-local, global, and universal

Question 40

What is a group object?

Answer 40

A representation of a group in AD DS.

Question 41

What is a group in AD DS?

Answer 41

A logical grouping of objects

Question 42

Which AD DS group type is security-enabled, and allows you to assign permissions to various resources?

Answer 42

Security group

Question 43

Which AD DS group type is not security-enabled?

Answer 43

Distribution group

Question 44

Which AD DS group type is commonly used by email applications?

Answer 44

Distribution group

Question 45

Based on scope, which Windows Server group is available only to the computer where they exist?

Answer 45

Local group

Question 46

Which Windows Server group scope only allows for the assignment of abilities and permissions for local resources?

Answer 46

Local group

Question 47

Which Windows Server group scope only allows for the assignment of abilities and permissions for domain-local resources?

Answer 47

Domain-local group

Question 48

Which Windows Server group scope is used for 1) standalone servers or workstations, 2) domain-member servers that are not domain controllers, or on 3) domain-member workstations?

Answer 48

Local group

Question 49

Which Windows Server group scope is used primarily for managing access to resources or to assign management rights and responsibilities?

Answer 49

Domain-local group

Question 50

Which Windows Server group scope is used primarily for consolidation of users who have similar characteristics?

Answer 50

Global group

Question 51

Which Windows Server group scope is used mostly in multidomain networks?

Answer 51

Universal group

Question 52

Which Windows Server group scope would you use to join users who are part of the same department or geographic location?

Answer 52

Global group

Question 53

What is a AD computer object?

Answer 53

A representation of a computer in AD

Question 54

Where is the default location for computers in AD?

Answer 54

The Computers container

Question 55

All the domains within a _____ share a contiguous namespace.

Answer 55

Tree

Question 56

All of the root domains within a _____ do not share a contiguous namespace.

Answer 56

Forest

Question 57

What four objects exist in the forest root domain?

Answer 57

The schema master role
The domain naming master role
The Enterprise Admins group
The Schema Admins group

Question 58

Which domain contains the schema master role, the domain naming master role, the Enterprise Admins group, and the Scheme Admins group?

Answer 58

Forest root domain

Question 59

An AD DS forest in often described to be serving as what two boundaries?

Answer 59

Security boundary and replication boundary

Question 60

Which objects exist in each domain (including the forest root)?

Answer 60

The RID master role
The Infrastructure master role
The PDC emulator master role
The Domain Admins group

Question 61

Which type of trust relationship is automatically generated between domains within a multiple-domain AD DS forest?

Answer 61

Two-way transitive trust

Question 62

Where does Windows Server store the trusted domain objects in AD DS?

Answer 62

The System container

Question 63

For what does the acronym “RSAT” stand?

Answer 63

Remote Server Administration Tools

Question 64

_______ ________ authenticate all users and computers in a domain.

Answer 64

Domain controllers

Question 65

For what does the acronym “FQDN” stand?

Answer 65

Fully Qualified Domain Name

Question 66

What is the default Active Directory SYSVOL folder location?

Answer 66

C:\Windows\SYSVOL

Question 67

This physical component of AD DS does not cache any user passwords by default.

Answer 67

Read-Only Domain Controller (RODC)

Question 68

_____ ______ is a collection of critical OS and server role files that include AD DS database and registry.

Answer 68

System state

Question 69

For what does the acronym “DSRM” stand?

Answer 69

Directory Services Restore Mode

Question 70

What is Directory Services Restore Mode (DSRM)?

Answer 70

A special boot mode for repairing or recovering Active Directory

Question 71

An operations master role is also known as a _____ ______ ______ ______ role.

Answer 71

Flexible Single Master Operation (FSMO) role

Question 72

Regarding operations master roles, which two roles does each forest have?

Answer 72

Schema master

Domain naming master

Question 73

Regarding operations master roles, which three roles does each AD DS domain have?

Answer 73

Relative ID (RID) master
Infrastructure master
Primary domain controller (PDC) emulator master

Question 74

Which domain controller do is contacted to add or remove a domain, or make domain name changes?

Answer 74

Domain naming master

Question 75

Which domain controller is contacted to make schema changes?

Answer 75

Schema master

Question 76

Which domain controller allocates blocks of relative IDs (RIDs) to each domain controller within a domain to use when building security IDs (SIDs)

Answer 76

RID master

Question 77

What is an AD DS security ID (SID)?

Answer 77

A unique identifying number assigned by the domain controller to a security principal object

Question 78

Which domain controller maintains interdomain object refernces?

Answer 78

Infrastructure master

Question 79

Which domain controller serves as the time source for the domain, as well as receives any urgent password changes?

Answer 79

Primary domain controller (PDC) emulator master

Question 80

A planned move of a DC role between two online domain controllers is known as _____ ___ ____.

Answer 80

“Transferring the role”

Question 81

A emergency move of a DC role from one domain controller to another is known as

Answer 81

“Seizing the role”

Question 82

Should you need to seize a DC role, which two tools can you use?

Answer 82

ntdsutil.exe CLI tool or Windows PowerShell

Question 83

What result will running “netdom query fsmo” yield?

Answer 83

A list of where the FSMO roles reside

Question 84

An AD DS _____ is the component that defines all the object classes and attributes that AD DS uses to store data.

Answer 84

schema

Question 85

Any changes to the AD DS schema originate at the schema ______.

Answer 85

master

Question 86

You define Group Policy settings within a ____ _____ _____.

Answer 86

Group Policy Object (GPO)

Question 87

______ _______ is a framework in Windows OSs that allow you to manage configurations in an AD DS domain.

Answer 87

Group Policy

Question 88

What are the two main nodes in the Group Policy Management Editor?

Answer 88

Computer Configuration

User Configuration

Question 89

The _____ of a GPO is the collection of users and computers that will apply the settings in the GPO.

Answer 89

scope

Question 90

To what three things can you link a GPO?

Answer 90

Sites

Domains

OUs

Question 91

You can further narrow the scope of a GPO with these two filter types:

Answer 91

Security

Windows Management Instrumentation (WMI)

Question 92

Arrange the following GPOs in the correct processing order:

Domain-linked GPOs
Local GPOs
Site-linked GPOs
Child OU-linked GPOs
OU-linked GPOs

Answer 92

1. Local GPOs
2. Site-linked GPOs
3. Domain-linked GPOs
4. OU-linked GPOs
5. Child OU-linked GPOs

Remember: “LSD, oh see!”

Question 93

In regards to GPO inheritance, the (higher/lower) the number, the (higher/lower) the precedence.

Answer 93

Lower, higher

Question 94

You can configure a domain or OU to prevent the inheritance of policy settings, which is known as ______ __________.

Answer 94

Block inheritance

Question 95

To evaluate the GPO precedence for an OU or domain, which tab would you select?

Answer 95

Group Policy Inheritence

Question 96

When AD DS is installed, which two default GPOs does Windows Server create?

Answer 96

Default Domain Policy GPO

Default Domain Controllers Policy GPO

Question 97

Which default GPO specifies password settings, account lockout settings, and Kerberos v5 authentication protocol policies?

Answer 97

Default Domain Policy GPO

Question 98

Which default GPO would you modify to implement auditing policies and to assign user rights that are required on domain controllers?

Answer 98

Default Domain Controllers Policy GPO

Question 99

Within both the Computer Configuration and User Configuration nodes are the ______ and __________ nodes.

Answer 99

Policy

Preference

Question 100

For what does the acronym “RSoP” stand?

Answer 100

Resultant Set of Policy

Question 101

In AD DS, it is best practice in a multi-domain enterprise to create a _____ _____ for .admx files.

Answer 101

Central Store