Network Administration - Test 2

Domain controllers store local user accounts within a SAM database and domain user accounts within Active Directory. True or False?

False

Which of the following occurs when you join a computer to an Active Directory domain? (Choose all that apply.)
1. The Domain Users group is added to the local Users group
2. A computer account is created within Active Directory, if one has not been prestaged
3. The Domain Admins group is added to the local Administrators group
4. The SAM database is replaced by the Active Directory database

1. The Domain Users group is added to the local Users group
2. A computer account is created within Active Directory, if one has not been prestaged
3. The Domain Admins group is added to the local Administrators group

You can use the Install-ADDSDomain cmdlet within Windows PowerShell to configure a new forest root domain. True or False?

False

Which of the following trust relationships can be created between two domains in separate Active Directory forests?
1. Forest trust
2. Shortcut trust
3. Realm trust
4. External trusts

4. External trusts

Which of the following group scopes can contain objects from any domain within the forest? (Choose all that apply.)
1. Global
2. Domain local
3. Distribution
4. Universal

2. Domain local
4. Universal

You must be a member of the Enterprise Admins group in order to add a trust relationship. True or False?

True

Which of the following domain functional levels provides Kerberos armoring? (Choose all that apply.)
1. Windows Server 2008 R2
2. Windows Server 2012
3. Windows Server 2012 R2
4. Windows Server 2016

2. Windows Server 2012
3. Windows Server 2012 R2
4. Windows Server 2016

The schema and configuration partitions of the Active Directory database are replicated forest-wide. True or False?

True

Your domain consists of two separate physical locations. Each location contains several domain controllers, and you have noticed that domain controller replication traffic consumes a large amount of your Internet bandwidth. What can you do within Active Directory Sites and Services to ensure that replication occurs outside of business hours? (Choose all that apply.)
1. Create a site object for each physical location, and ensure that domain controller objects are placed within the correct site object.
2. Create subnet objects for each site. Ensure that the properties of each subnet object contains a schedule that excludes business hours.
3. In the properties of a site link object, configure a replication schedule that excludes business hours.
4. Modify the NTDS Site Settings for each site to include a replication schedule that excludes business hours.

1. Create a site object for each physical location, and ensure that domain controller objects are placed within the correct site object.
3. In the properties of a site link object, configure a replication schedule that excludes business hours.

Which functions does the global catalog provide? (Choose all that apply.)
1. Fast object searching
2. Time synchronization
3. Universal group membership
4. Domain authentication using UPNs

1. Fast object searching
3. Universal group membership
4. Domain authentication using UPNs

If a global catalog cannot be placed within a branch office site, you can enable UGMC on the site to ensure branch office domain controllers provide fast authentication. True or False?

True

Which of the following FSMO roles are stored on one domain controller within each domain? (Choose all that apply.)
1. Schema Master
2. PDC Emulator
3. RID Master
4. Domain Naming Master

2. PDC Emulator
3. RID Master

Before installing Active Directory on a Windows Server system to function as an additional domain controller within a forest, you must first ensure that the Windows Server is configured to contact a DNS server that contains the appropriate service records for the forest. True or False?

True

You wish to add a copy of the global catalog to a domain controller within Active Directory Sites and Services. For which object must you right-click and select Properties?
1. Server
2. NTDS Settings
3. NTDS Site Settings
4. Site link

2. NTDS Settings

The Active Directory Recycle Bin can be enabled using the Active Directory Domains and Trusts tool. True or False?

False

Which default folder under a domain within Active Directory Users and Computers contains the Administrator user account and Domain Admins group?
1. Builtin
2. Default
3. Users
4. ForeignSecurityPrinciples

3. Users

Which of the following PowerShell cmdlets can be used to move or seize a FSMO role?
1. Move-FSMORole
2. Move-ADDirectoryServerOperation MasterRole
3. Transfer ADOperationMasterRole
4. Set-DirectoryServerOperation Master

2. Move-ADDirectoryServerOperation MasterRole

Creating OUs within the Active Directory database is also called prestaging. True or False?

False

You have created a template user account within Active Directory Users and Computers. What must you do to create additional user accounts based on this template user account?
1. Create a new user account and select the template user account when prompted
2. Create a new user account and specify the name of the template user account in the User Principle Name text box
3. Right-click the template user account, and click Copy
4. Right-click the template user account, and click Import

3. Right-click the template user account, and click Copy

If a RODC is stolen, you can delete the computer account to reset affected user and computer accounts. True or False?

True

What does SAM stand for?

Security Accounts Manager

What is a Windows Server system that is part of a workgroup often called?

standalone server

What MMC snap-in can you use to create local user and group accounts?

Local Users and Groups

What item is used to verify your identity within an Active Directory domain and lists your domain user account and any domain group accounts that you are a member of?

Token (sometimes called a ticket)

What is a computer account?

An encryption key created for your computer within the Active Directory database that is used to secure communication with a domain controller during authentication.

What is a Windows Server system that is joined to an Active Directory domain but is not a domain controller and does not hold a copy of the Active Directory database called?

member server

What does LDAP stand for?

Lightweight Directory Access Protocol

What are domain user, group, and computer accounts stored as within the Active Directory database?

objects

The Active Directory ______ stores a list of all available object types (called _______) and their associated properties (called __________).

schema, classes, attributes

What are the objects within the Active Directory database that represent a user account, group account, or computer account called?

leaf objects

What are objects that can contain leaf objects called?

container objects

What are the three main container objects within the Active Directory database called?

domains, organizational units (OUs), and sites

What is the Active Directory equivalent to a folder in a filesystem?

organizational unit (OU)

What is each leaf object given by LDAP that identifies the common name (CN) of the object and its position within Active Directory?

distinguished name (DN)

What are Active Directory forests used for?

To provide for multiple domains within the same organization.

An LDAP distinguished name identifies the ______ ____ of the object and its position within Active Directory.

common name (CN)

What is the first domain in a forest called?

forest root domain

What are sperate domains that share the same core domain name called?

tree

What is the core domain name in a tree called?

parent domain

What are trees in a forest that do not share the same DNS domain name called?

disjointed namespace

What are trees in a forest that do share the same DNS domain name called?

contiguous namespace

What allows users to access resources within other domains that they have been granted access to within the resource's ACL?

trust relationships or trusts

What property minimizes the number of trust relationships needed within a forest?

transitive property (Two-way trust)

What are default trusts between a parent and child domain called?

internal trusts

True or False? You can create a trust relationship with a domain outside of your forest.

True, called an external trusts.

True or False? You cannot create trust relationships in Active Directory with a UNIX Kerberos realm.

False, that would be a realm trust and is possible.

What three group scopes are defined by Microsoft that allow administrators to organize the assignment of rights and permissions across multiple domains?

Global, domain local, and universal

What are the two main types of group accounts within Active Directory?

Distribution and security

What is the default group type within Active Directory?

Security

What is the difference between global and universal group scopes?

Global security groups can only contain objects from the same domain in which they are created.

What stores a read-write copy of a SAM database in a Windows NT4 domain?

Primary domain controller (PDC)

What stores a read only copy of a SAM database in a Windows NT4 domain?

Backup domain controller (BDC)

What are the three main directory partitions that make up the Active Directory database?

Schema, configuration, domain

What does the schema partition contain?

The Active Directory schema

What does the configuration partition contain?

The structure and layout of the forest

What does the domain partition contain?

All objects in a domain (user, groups, OUs, etc.).

True or False. To minimize bandwidth, replication between sites only occurs between a single domain controller within each site called a bridgehead server.

True