Lesson 05 Exercises for Administer Active Directory Questions and Answers Flashcards
Question 1 : You are a domain administrator for a large domain.
Recently, you have been asked to make changes to some of the permissions related to OUs within the domain.
To restrict security for the Texas OU further, you remove some permissions at that level.
Later, a junior system administrator mentions that she is no longer able to make changes to objects within the Austin OU (which is located within the Texas OU).
Assuming that no other changes have been made to Active Directory permissions, which of the following characteristics of OUs might have caused the change in permissions?
Inheritance
Group Policy
Delegation
Object properties
Inheritance
Question 2 : Here’s how to rename an organization:
- Click Start > Administrative Tools.
- Double-click Active Directory Users and Computers to open the Active Directory Users and Computers console.
- In the left pane, expand ucertify.com.
- Right-click Denver, then click Rename.
- In the text box, type San Francisco and press Enter. The name of the Denver OU is now changed to San Francisco.
- Close all the windows.
Question 3 : Miguel is a junior-level system administrator, and he has basic knowledge about working with Active Directory.
As his supervisor, you have asked Miguel to make several security-related changes to OUs within the company’s Active Directory domain.
You instruct Miguel to use the basic functionality provided in the Delegation of Control Wizard.
Which of the following operations are represented as common tasks within the Delegation of Control Wizard?
(Choose all that apply.)
Reset passwords on user accounts.
Manage Group Policy links.
Modify the membership of a group.
Create, delete, and manage groups.
Reset passwords on user accounts.
Manage Group Policy links.
Modify the membership of a group.
Create, delete, and manage groups.
Question 4 : You are the primary system administrator for a large Active Directory domain.
Recently, you have hired another system administrator upon whom you intend to offload some of your responsibilities.
This system administrator will be responsible for handling help desk calls and for basic user account management.
You want to allow the new employee to have permissions to reset passwords for all users within a specific OU.
However, for security reasons, it’s important that the user not be able to make permission changes for objects within other OUs in the domain.
Which of the following is the best way to do this?
Create a special administration account within the OU and grant it full permissions for all objects within Active Directory.
Move the user’s login account into the OU that the new employee is to administer.
Move the user’s login account to an OU that contains the OU (that is, the parent OU of the one that the new employee is to administer).
Use the Delegation of Control Wizard to assign the necessary permissions on the OU that the new employee is to administer.
Use the Delegation of Control Wizard to assign the necessary permissions on the OU that the new employee is to administer.
Question 5 : You are the administrator of an organization with a single Active Directory domain.
A user who left the company returns after 16 weeks.
The user tries to log onto their old computer and receives an error stating that authentication has failed.
The user’s account has been enabled.
You need to ensure that the user is able to log onto the domain using that computer.
What do you do?
Reset the computer account in Active Directory. Disjoin the computer from the domain and then rejoin the computer to the domain.
Run the ADadd command to rejoin the computer account.
Run the MMC utility on the user’s computer, and add the Domain Computers snap-in.
Re-create the user account and reconnect the user account to the computer account.
Reset the computer account in Active Directory. Disjoin the computer from the domain and then rejoin the computer to the domain.
Question 6 : Maria is a user who belongs to the Sales distribution global group.
She is not able to access the laser printer that is shared on the network.
The Sales global group has full access to the laser printer.
How do you fix the problem?
Change the group type to a security group.
Add the Sales global group to the Administrators group.
Add the Sales global group to the Printer Operators group.
Change the Sales group to a local group.
Change the group type to a security group.
Question 7 : Isabel, a system administrator, created a new Active Directory domain in an environment that already contains two trees.
During the promotion of the domain controller, she chose to create a new Active Directory forest.
Isabel is a member of the Enterprise Administrators group and has full permissions over all domains.
During the organization’s migration to Active Directory, many updates were made to the information stored within the domains.
Recently, users and other system administrators have complained about not being able to find specific Active Directory objects in one or more domains (although the objects exist in others).
To investigate the problem, Isabel wants to check for any objects that have not been properly replicated among domain controllers.
If possible, she would like to restore these objects to their proper place within the relevant Active Directory domains.
Change Active Directory permissions to allow object information to be viewed in all domains.
Select the Advanced Features item in the View menu.
Promote a member server in each domain to a domain controller.
Rebuild all domain controllers from the latest backups.
Examine the contents of the LostAndFound folder using the Active Directory Users and Computers tool.
Select the Advanced Features item in the View menu.
Examine the contents of the LostAndFound folder using the Active Directory Users and Computers tool.
Question 8 : You are a consultant hired to evaluate an organization’s Active Directory domain.
The domain contains more than 200,000 objects and hundreds of OUs.
You begin examining the objects within the domain, but you find that the loading of the contents of specific OUs takes a long time.
Furthermore, the list of objects can be large.
You want to do the following:
- Use the built-in Active Directory administrative tools and avoid the use of third-party tools or utilities.
- Limit the list of objects within an OU to only the type of objects that you’re examining (for example, only Computer objects).
- Prevent any changes to the Active Directory domain or any of the objects within it.
Which one of the following actions meets these requirements?
Use the Filter option in the Active Directory Users and Computers tool to restrict the display of objects.
Use the Delegation of Control Wizard to give yourself permissions over only a certain type of object.
Implement a new naming convention for objects within an OU and then sort the results using this new naming convention.
Use the Active Directory Domains and Trusts tool to view information from only selected domain controllers.
Edit the domain Group Policy settings to allow yourself to view only the objects of interest.
Use the Filter option in the Active Directory Users and Computers tool to restrict the display of objects.
Question 9 : You are the administrator of an organization with a single Active Directory domain.
One of your senior executives tries to log onto a machine and receives the error “This user account has expired.
Ask your administrator to reactivate your account.”
You need to make sure that this doesn’t happen again to this user.
What do you do?
Configure the domain policy to disable account lockouts.
Configure the password policy to extend the maximum password age to 0.
Modify the user’s properties to set the Account Never Expires setting.
Modify the user’s properties to extend the maximum password age to 0.
Modify the user’s properties to set the Account Never Expires setting.
Question 10 : You need to create a new user account using the command prompt.
Which command would you use?
dsmodify
dscreate
dsnew
dsadd
dsadd
Question 11 : You are the administrator for a small organization with four servers.
You have one file server named Paniva that runs Windows Server 2012 R2.
You have a junior administrator who needs to do backups on this server.
You need to ensure that the junior admin can use Windows Server Backup to create a complete backup of Paniva.
What should you configure to allow the junior admin to do the backups?
The local groups by using Computer Management
A task by using Authorization Manager
The User Rights Assignment by using the Local Group Policy Editor
The Role Assignment by using Authorization Manager
The local groups by using Computer Management