Windows Servers Exam 1

Which of the following best defines a computer used as a server?

a. Computer hardware that includes fast disk drives and a lot of memory

b. A computer with OS software that has a web browser and Client for Microsoft Networks

c. A computer with OS software that includes directory services and domain name services

d. A computer with Linux installed

c. A computer with OS software that includes directory services and domain name services

Server and client computers are best defined by the software they are running. A computer running a directory service and a domain name service is providing services to other computers and is therefore a server.

Which of the following best describes a Windows client OS?

a. Supports up to 64 processors

b. Includes fault-tolerance features, such as RAID-5 and clustering

c. Supports network connections based on the number of purchased licenses

d. Supports a limited number of signed-in network users

d. Supports a limited number of signed-in network users

A Windows client OS such as Windows 10 or 11 only allows up to 20 signed-in users because the OS is not designed to support large numbers of users; that is what Windows Server is for.

Which of the following is a service supported by Windows 11? (Choose all that apply.)

a. File and Printer Sharing

b. Active Directory

c. Hyper-V

d. Distributed File System

a. File and Printer Sharing, and c. Hyper-V

Windows 11, although designed as a client OS, can be used to share resources in a limited capacity. In addition, Hyper-V can be installed on Windows 11 to allow users to run virtual machines on their desktops; however, Hyper-V on Windows 11 does not have the same feature set as Hyper-V running on Windows Server.

Which server feature provides fault tolerance?

a. FTP

b. Failover clustering

c. DNS

d. Internet Printing Protocol

b. Failover clustering

Failover clustering is a fault-tolerance feature that allows multiple servers to work together. If a server running a particular service fails, another server running the same service will be enabled to handle requests for that service.

Which Windows Server core technology can you use to install, configure, and remove server roles and features?

a. AD DS

b. NTFS

c. Microsoft Management Console

d. Server Manager

d. Server Manager Server Manager is a GUI tool installed on Windows Server that allows you to manage all aspects of the server, including installing and removing server roles and features.

With which Windows Server core technology do you use snap-ins?

a. AD DS

b. NTFS

c. Microsoft Management Console

d. Server Manager

c. Microsoft Management Console

The Microsoft Management Console gets its functionality from snap-ins you install that provide

various management features such as certificate management, disk management, and an event viewer.

You are signed in to a server named Mktg-Srv1 that is part of the Marketing workgroup. What kind of

server are you signed in to?

a. Domain controller

b. Member server

c. Standalone server

d. Cluster server

c. Standalone server

A standalone Windows server is assigned to a workgroup rather than being a member of a domain.

The IT department sent out a memo stating that it will start delivering desktop computer interfaces through

the IT datacenter via a web browser interface. What technology is the IT department using?

a. Public cloud computing

b. Server clustering

c. Directory server

d. Virtual desktop infrastructure

d. Virtual desktop infrastructure

Virtual desktop infrastructure (VDI) is a technology that allows the user interface of a virtual machine

running on a virtualization server to be accessed across the network using a web browser interface.

Which component of a network connection specifies the rules and format of communication between

network devices?

a. Network protocol

b. Network interface card

c. Network client

d. Device driver

a. Network protocol

A network protocol defines the rules of communication between two devices. A device driver

communicates with a hardware device like a network interface card, and a client can be defined as a

software component in a client/server relationship or as a computer that uses network resources.

Which type of networking component is File and Printer Sharing for Microsoft Networks?

a. Network interface protocol

b. Server software

c. Client software

d. Device driver

b. Server software

File and Printer Sharing for Microsoft Networks is the server software component of file sharing

between two Windows computers.

Which term describes a computing model in which local datacenter resources are used in conjunction with

IaaS resources from a cloud provider?

a. SaaS

b. Private cloud

c. Hybrid cloud

d. Public cloud

c. Hybrid cloud

A hybrid cloud uses on-premises, or local, datacenter resources combined with resources from a cloud

provider.

You’re a consultant for a small business with four computer users. The company’s main reason for

networking is to share the Internet connection, two printers, and several documents. Keeping costs down is

a major consideration, and users should be able to manage their own shared resources. Which networking

model best meets the needs of this business?

a. Domain

b. Workgroup

c. Management

d. Client/server

b. Workgroup

A workgroup does not require a dedicated server running a more expensive server operating system on

expensive server hardware, so a workgroup is typically less expensive to implement than the domain

model or client/server model.

Which networking component includes a device driver?

a. Network server software

b. Network client software

c. Network protocol

d. Network interface

d. Network interface

A network interface is a computer hardware component that requires a device driver to communicate

with it on behalf of applications and the operating system

If you want to share files on your computer with other Windows computers, what should you have installed

and enabled on your computer?

a. Client for Microsoft Networks

b. File and Printer Sharing for Microsoft Networks

c. Active Directory

d. Domain Name System

b. File and Printer Sharing for Microsoft Networks

File and Printer Sharing for Microsoft Networks is the server component for sharing files with other

computers. Client for Microsoft Networks is the client component that requests access to shared files.

If you want to make a computer a domain controller, which of the following should you install?

a. Client for Microsoft Networks

b. File and Printer Sharing for Microsoft Networks

c. Active Directory

d. Domain Name System

c. Active Directory

Active Directory is a server role that, when installed on Windows Server, makes the computer a

domain controller.

Jose is an entrepreneurial software developer who is just starting up a new business for an application he

wants to develop. Jose doesn’t have the financial resources to purchase the needed development

environment for this application, so he turns to a cloud provider. What cloud computing model will Jose

most likely need?

a. SaaS

b. PaaS

c. IaaS

d. XaaS

b. PaaS

Platform as a service (PaaS) is a cloud service that provides a development platform and tools for

software developers.

Which of the following is the common framework in which most Windows Server 2022 administrative

tools run?

a. Windows Management Center

b. Microsoft Management Console

c. Server Configuration Manager

d. Windows Configuration Manager

b. Microsoft Management Console

Microsoft Management Console (MMC) provides a shell for snap-ins that contain individual

management tools. The MMC provides a common interface so all the snap-ins have a similar look and

feel.

You have been asked to advise a business on how to best set up its Windows network. Eight workstations

are running Windows 11. The business recently acquired a new contract that requires running a network

application on a server. A secure and reliable environment is critical to run this application, and security

management should be centralized. There are enough funds in the budget for new hardware and software, if

necessary. Which Windows networking model should you advise this business to use?

a. A Windows domain using Active Directory

b. A Windows workgroup using Active Directory

c. A peer-to-peer network using File and Printer Sharing

d. A peer-to-peer network using Active Directory

a. A Windows domain using Active Directory

A secure, centrally managed environment that can afford new hardware and software calls for a

Windows domain using Active Directory. A peer-to-peer network is not centrally managed and lacks

the security of a domain environment.

Which of the following is NOT an attribute typically found in cloud computing?

a. Scalable

b. Legacy

c. Agile

d. Current

b. Legacy

Legacy refers to older technology that should be upgraded or phased out. Cloud computing, while not

very new, is still on the rise and is not considered a legacy technology.

Which of the following standard server roles should you install if you want to create and manage virtual

machines on Windows Server 2022?

a. VirtualBox

b. Server Manager

c. Hyper-V

d. DHCP Server

c. Hyper-V

Hyper-V is the virtualization technology in Windows Server, and it can be installed as a server role.

Hyper-V allows you to create, run, and manage virtual machines on the server.

Which of the following best describes a directory service?

a. A service similar to a list of information in a text file

b. A service similar to a database program but with the capability to manage objects

c. A program for managing the user interface on a server

d. A program for managing folders, files, and permissions on a distributed server

b. A service similar to a database program but with the capability to manage objects

A directory service is a database of objects used to manage a domain; these objects include

organizational units as well as user, group, and computer accounts. Besides reading and writing the

objects, some objects can also be managed by assigning rights, permissions, and group policies.

The protocol for accessing Active Directory objects and services is based on which of the following

standards?

a. DNS

b. LDAP

c. DHCP

d. ICMP

b. LDAP

Lightweight Directory Access Protocol (LDAP) is the underlying protocol used by Active Directory to

access objects and services.

Which of the following is a feature of Active Directory? (Choose all that apply.)

a. Fine-grained access controls

b. Can be distributed among many servers

c. Can be installed on only one server per domain

d. Has a fixed schema

a. Fine-grained access controls, b. Can be distributed among many servers

Active Directory allows fine-grained access controls, and it is a distributed database that can be

installed on many servers to provide redundancy for a domain. In addition, you can modify the default

schema.

Which of the following is a component of Active Directory’s physical structure?

a. Organizational units

b. Domains

c. Sites

d. Folders

c. Sites

There are two components of the Active Directory physical structure: sites and domain controllers.

Which of the following is the responsibility of a domain controller? (Choose all that apply.)

a. Storing a copy of the domain data

b. Providing data search and retrieval functions

c. Servicing multiple domains

d. Providing authentication services

a. Storing a copy of the domain data, b. Providing data search and retrieval functions,

d. Providing authentication services

A domain controller stores domain data, provides searches and retrieval of data, and provides

authentication services using Kerberos. A domain controller can service only one domain.

Which of the following is not associated with an Active Directory tree?

a. A group of domains

b. A container object that can be linked to a GPO

c. A common naming structure

d. Parent and child domains

b. A container object that can be linked to a GPO

An Active Directory tree is a namespace, not a container object. A tree is comprised of one or more

domain names with a parent-child relationship that share a common first- and second-level domain

name. It cannot be linked to a GPO.

Which of the following is not part of Active Directory’s logical structure?

a. Tree

b. Forest

c. DC

d. OU

c. DC

The physical structure of Active Directory is comprised of sites and domain controllers (DCs); the

logical structure is comprised of trees, forests, domains, and organizational units (OUs).

Which of the following is associated with an Active Directory forest? (Choose all that apply.)

a. Can contain trees with different naming structures

b. Allows independent domain administration

c. Contains domains with different schemas

d. Represents the broadest element in Active Directory

a. Can contain trees with different naming structures, b. Allows independent domain

administration, d. Represents the broadest element in Active Directory

An Active Directory forest has a common schema throughout all of the domains in the forest.

Which of the following is associated with installing the first domain controller in a forest?

a. RODC

b. Child domain

c. Global catalog

d. DHCP

c. Global catalog

The first domain controller in a forest is always a global catalog server.

When installing an additional DC in an existing domain, which of the following is an option for reducing

replication traffic?

a. New site

b. Child domain

c. GC server

d. IFM

d. IFM

Install from media (IFM) is a method for installing a domain controller in an existing domain where

the Active Directory database is loaded from media created from another DC to prevent excessive

network usage when the new Active Directory database synchronizes with existing DCs.

Which MMC is added after Active Directory installation? (Choose all that apply.)

a. Active Directory Domains and Trusts

b. Active Directory Groups and Sites

c. ADSI Edit

d. Active Directory Restoration Utility

a. Active Directory Domains and Trusts, c. ADSI Edit

Both Active Directory Domains and Trusts and ADSI Edit are MMCs that you will find in Server

Manager under Tools after Active Directory is installed.

Which of the following is the core logical structure container in Active Directory?

a. Forest

b. OU

c. Domain

d. Site

c. Domain

The domain is the core logical container in Active Directory, as it contains initial user accounts and

groups and is where most management tasks are performed. OUs are organization container objects

and forests represent an administrative and schema boundary. Sites are physical components of Active

Directory.

Which of the following defines the types of objects in Active Directory?

a. GPOs

b. Attribute values

c. Schema attributes

d. Schema classes

d. Schema classes

Schema classes define the structure and properties of each object in Active Directory.

Which of the following defines the types of information stored in an Active Directory object?

a. GPOs

b. Attribute values

c. Schema attributes

d. Schema classes

c. Schema attributes

Schema attributes define the types of information stored in an Active Directory object, such as name,

password, location, and other fields found in Active Directory objects.

Which of the following specifies what types of actions a user can perform on a computer or network?

a. Attributes

b. Rights

c. Permissions

d. Classes

: b. Rights

Rights define what types of actions a user can perform, such as logging in to a computer or opening

Control Panel. Permissions determine the type of access a user has to an object, such as no access,

read, or write.

Which of the following is considered a leaf object? (Choose all that apply.)

a. Computer account

b. Organizational unit

c. Domain controller

d. Shared folder

a. Computer account, c. Domain controller, d. Shared folder

Leaf objects don’t contain other Active Directory objects, so computer accounts, domain controllers,

and shared folders are leaf objects. (A folder contains files, but those are not Active Directory objects.)

An organizational unit is a container object because it can contain other Active Directory objects.

Which of the following is a default folder object created when Active Directory is installed?

a. Computers

b. Domain Controllers

c. Groups

d. Sites

a. Computers

Computers is a folder object that is created when Active Directory is installed. It is different from an

organizational unit in that it can’t have a GPO linked to it. Domain Controllers is an OU and Groups is

an account object. Sites are a physical component of Active Directory.

Which type of account is not found in Active Directory?

a. Domain user account

b. Local user account

c. Built-in user account

d. Computer account

b. Local user account

Active Directory accounts include domain user, built-in user, and computer accounts. Local user

accounts are located in the security accounts manager (SAM) database on Windows computers that do

not have Active Directory installed.

Which of the following is a directory partition? (Choose all that apply.)

a. Domain directory partition

b. Group policy partition

c. Schema directory partition

d. Configuration partition

a. Domain directory partition, c. Schema directory partition, d. Configuration partition

Domain, schema, and configuration are the names of Active Directory partitions; group policy is not a

partition.

Which of the following is responsible for management of adding, removing, and renaming domains in a

forest?

a. Schema master

b. Infrastructure master

c. Domain naming master

d. RID master

c. Domain naming master

The domain naming master must be available when domains are added, removed, or renamed.

All domains in the same forest have which of the following in common? (Choose all that apply.)

a. Domain name

b. Schema

c. Domain administrator

d. Global catalog

b. Schema, d. Global catalog

All domains in a forest share the same schema and global catalog. The schema defines the types of

objects that can exist in the domain and the global catalog holds a partial list of all objects in the forest

to facilitate object searches.

You have an Active Directory forest of two trees and eight domains. You haven’t changed any operations

master domain controllers. On which domain controller is the schema master?

a. All domain controllers

b. The last domain controller installed

c. The first domain controller in the forest root domain

d. The first domain controller in each tree

c. The first domain controller in the forest root domain

The schema master is a forest-wide FSMO and resides in the forest root on the first domain controller

created in the forest.

To which of the following can a GPO be linked? (Choose all that apply.)

a. Trees

b. Domains

c. Folders

d. Sites

b. Domains, d. Sites

GPOs can be linked to sites, domains, and organizational units.

Which container has a default GPO linked to it?

a. Users

b. Printers

c. Computers

d. Domain

d. Domain

The domain and the Domain Controllers OU have default GPOs linked to them so that there is a

baseline of security for all objects in the domain and for the domain controllers.

By default, when are policies set in the User Configuration node applied?

a. Every five minutes

b. Immediately

c. At user logon

d. At computer restart

c. At user logon

User Configuration group policies are applied when a user logs in and Computer Configuration

policies are applied when the computer boots.

Which of the following are true about organizational units? (Choose all that apply.)

a. OUs can be added to an object’s DACL.

b. OUs can be nested.

c. A GPO can be linked to an OU.

d. Only members of Domain Administrators can work with OUs.

b. OUs can be nested., c. A GPO can be linked to an OU.

OUs can be nested, meaning that an OU can be created inside another OU. Group Policy Objects

(GPOs) can be linked to an OU to make the objects in the OU subject to the policies defined in the

GPO. Other users can work with OUs if they have the proper permissions. OUs can’t be added to a

discretionary access control list (DACL) because an OU is not a security principal.

You want to see the permissions set on an OU, so you open Active Directory Users and Computers, rightclick the OU, and click Properties. After clicking all the available tabs, you can’t seem to find where

permissions are set in the Properties dialog box. What should you do?

a. Log on as a member of Enterprise Admins and try again.

b. In the Properties dialog box, click the Advanced button.

c. Right-click the OU and click Security.

d. In Active Directory Users and Computers, click View and then click Advanced Features.

d. In Active Directory Users and Computers, click View and then click Advanced Features.

The Advanced Features option must be enabled to see the Security tab, which contains the permissions

for an OU.

You have hired a new junior administrator and created an account for her with the logon name JrAdmin.

You want her to be able to reset user accounts and modify group memberships for users in the Operations

department whose accounts are in the Operations OU. You want to do this with the least effort and without

giving JrAdmin broader capabilities. What should you do?

a. In Active Directory Administrative Center, right-click the Operations OU, click Properties, and

click Managed By.

b. In Active Directory Users and Computers, right-click the Operations OU and click Delegate

Control.

c. Open the Operations Security tab and add JrAdmin to the DACL.

d. Add JrAdmin to the Password Managers domain local group.

b. In Active Directory Users and Computers, right-click the Operations OU and click

Delegate Control.

The Delegate Control wizard allows an administrator to assign a variety of permissions to a user that

lets the user manage aspects of Active Directory without being given administrator access.

Which of the following are user account categories? (Choose all that apply.)

a. Local

b. Global

c. Domain

d. Universal

a. Local, c. Domain

User account categories are Local and Domain.

Which of the following is a built-in user account? (Choose all that apply.)

a. Administrator

b. Operator

c. Anonymous

d. Guest

a. Administrator, d. Guest

Two accounts are created when Windows is installed: Administrator and Guest. These accounts are

built in and cannot be deleted; however, they can be disabled or renamed.

Which of the following is not a valid user account name?

a. Sam$Snead1

b. Sam*Snead35

c. SamSnead!24

d. Sam23Snead

b. Sam*Snead35

User account names cannot have asterisks (*).

Which of the following are true about user accounts in a Windows Server 2016 domain? (Choose all that

apply.)

a. The name can have 1 to 20 characters.

b. The name is case sensitive.

c. The name can’t be duplicated in the domain.

d. Using default settings, PASSWORD123 is a valid password.

a. The name can have 1 to 20 characters., c. The name can’t be duplicated in the domain.

User accounts can have up to 20 characters. A username must be unique within the domain and is not

case sensitive. Passwords are case sensitive. Also, each password must meet complexity requirements,

meaning it must have at least three characters of the following types: uppercase letters, lowercase

letters, numbers, and special characters.

Which of the following account options can’t be set together? (Choose all that apply.)

a. User must change password at next logon

b. Store password using reversible encryption

c. Password never expires

d. Account is disabled

a. User must change password at next logon, c. Password never expires

If the “Password never expires” option is set, the account password never has to be changed; therefore,

the option and the “User must change password at next logon” option are mutually exclusive.

Which of the following members can belong to a global group? (Choose all that apply.)

a. Computer accounts

b. Global groups from any domain

c. User accounts

d. Universal groups

a. Computer accounts, c. User accounts

Computer accounts and user accounts can belong to a global group. Neither global groups from

another domain nor universal groups can be members of a global group.

Jada has left the company. Her user account is a member of several groups, and it has permissions and

rights to a number of forest-wide resources. Jada’s replacement will arrive in a couple of weeks, and the

replacement will need access to the same resources. What’s the best course of action?

a. Find all groups that Jada is a member of and make a note of them. Delete Jada’s user account and

create a new account for the new employee. Add the new account to all the groups that Jada was a

member of.

b. Copy Jada’s user account and give the copy another name.

c. Disable Jada’s account. When the new employee arrives, rename Jada’s account, assign it a new

password, and enable it again.

d. Export Jada’s account and then import it when the new employee arrives. Rename the account and

assign it a new password.

c. Disable Jada’s account. When the new employee arrives, rename Jada’s account, assign it

a new password, and enable it again.

If Jada’s account is disabled and renamed, the new employee will retain the same rights, permissions,

and file access that Jada had, making the transition to Jada’s replacement easier

Tom has access to sensitive company information. Over the past few months, he has signed in to computers

in other departments and left them without signing out. You have discussed the matter with him, but the

problem continues to occur. You’re concerned that someone could access these sensitive resources easily.

What’s the best way to solve this problem?

a. On all computers that Tom is signing in to, have screen savers set to lock the computer after 15

minutes of inactivity.

b. Specify which domain computers Tom can sign in to by using the “Log On To” option in his

account’s properties.

c. Move Tom’s account and computer to another domain, thereby making it impossible for him to

sign in to computers that are members of different domains.

d. Disable local logon for Tom’s account on all computers except Tom’s.

b. Specify which domain computers Tom can sign in to by using the “Log On To” option in

his account’s properties.

The “Log On To” option allows you to specify particular computers that Tom can sign in to. This

option prevents Tom from signing in to computers in other departments.

You have noticed the inappropriate use of computers for gaming and Internet downloads by some

employees who come in after hours and on weekends. These employees don’t have valid work assignments

during these times. You have been asked to devise a solution for these employees that doesn’t affect other

employees or these employees’ computers during working hours. What’s the best solution?

a. Install personal firewall software on their computers in an attempt to block the gaming and

Internet traffic.

b. Request that the Maintenance Department change the locks on the employees’ office doors so that

they can enter only during prescribed hours.

c. Set the Logon Hours options for their user accounts.

d. Before you leave each evening and before the weekend, disable these employees’ accounts and reenable them the next working day.

c. Set the Logon Hours options for their user accounts.

You can restrict the hours that employees can log on to the network; disabling logons after hours and

on weekends will solve this problem.

You have decided to follow Microsoft’s best practices to create a group scope that will allow you to

aggregate users with similar rights requirements. Which group scope should you create and then use to

assign permissions to a resource?

a. Global

b. Domain local

c. Local

d. Universal

b. Domain local

Best practices suggest that accounts are made members of Global groups, Global groups are made

members of Domain local groups, and Domain local groups are assigned permissions to resources

(AGDLP).

Which of the following are considered security principals? (Choose all that apply.)

a. Contacts

b. Computer accounts

c. User accounts

d. Distribution groups

b. Computer accounts, c. User accounts

Computer accounts and user accounts are security principals, as are security groups. All of these

account types can be assigned permissions and rights, which is why they are called security principals.

Which of the following are valid group scopes? (Choose all that apply.)

a. Global

b. Domain local

c. Forest

d. Domain global

a. Global, b. Domain local

On a domain controller, valid group scopes are domain local, global, and universal. Local groups are

found on standalone and member computers.

What happens if a security group that’s an ACE in a shared folder is converted to a distribution group?

a. A security group can’t be converted to a distribution group if it has already been assigned

permissions.

b. The group is removed from the DACL automatically.

c. The group remains in the DACL, but the ACE has no effect on members’ access to the resource.

d. The group remains in the DACL, and permissions assigned to the group affect access to the

resource as though it were still a security group.

c. The group remains in the DACL, but the ACE has no effect on members’ access to the

resource.

Distribution groups are not security principals, so membership is not affected by assigned rights and

permissions.

Which of the following can be a member of a universal group? (Choose all that apply.)

a. User accounts from the local domain only

b. Global groups from any domain in the forest

c. Other universal groups

d. Domain local groups from the local domain only

b. Global groups from any domain in the forest, c. Other universal groups

Global groups and other universal groups can be members of universal groups, but domain local

groups cannot be. User accounts from any domain can be members of universal groups.

Which direct group scope conversion is allowed?

a. Domain local to universal, provided no domain local group is already a member

b. Global to domain local, without restriction

c. Domain local to global, provided no domain local group is already a member

d. Universal to global, without restriction

a. Domain local to universal, provided no domain local group is already a member

Domain local groups can be converted to Universal groups only if no Domain local group is already a

member of the group. Domain local groups cannot be members of Universal groups.

Which of the following is true about the Users domain local group?

a. It’s in the Users folder.

b. It can be converted to a global group.

c. Domain Users is a member.

d. Its members can log on locally to a domain controller.

c. Domain Users is a member.

Domain Users is a default group created when Active Directory is installed. Domain Users, a global

group, is automatically made a member of the Users domain local group when Active Directory is

installed.

A domain user signing in to the domain becomes a member of which special identity group?

a. Creator Owner

b. System

c. Authenticated Users

d. Anonymous Logon

c. Authenticated Users

Authenticated Users is a dynamic special identity group. Accounts that authenticate to the domain are

automatically made a member of this group and removed when the account logs off.

A user is having trouble signing in to the domain from a computer that has been out of service for several

months, and nobody else can seem to sign in from the computer. What should you try first to solve the

problem?

a. Reinstall Windows on the workstation and create a new computer account in the domain.

b. Rename the computer and create a new computer account with the new name.

c. Reset the computer account, remove the computer from the domain, and rejoin it to the domain.

d. Disable the computer account, remove the computer from the domain, and rejoin it to the domain.

c. Reset the computer account, remove the computer from the domain, and rejoin it to the

domain.

The password for computer accounts periodically changes, and if the computer account does not sign

in for a long period of time, the password becomes unsynchronized between the account and the

computer. If this happens, the computer cannot authenticate to the domain; the account must be reset

and the computer rejoined to the domain.

Which of the following service accounts can be managed across multiple servers?

a. AD managed service account

b. Group managed service account

c. Multimanaged service account

d. Managed service account

b. Group managed service account

A group managed service account (gMSA) can be used and managed by multiple servers—for

example, in a load-balancing or failover cluster.

Which of the following are built-in service accounts? (Choose all that apply.)

a. Anonymous Logon

b. Local System

c. Network Service

d. Authenticated Users

b. Local System, c. Network Service

Local System, Local Service, and Network Service are all built-in service accounts

Which of the following are advantages of using a managed service account instead of a regular user

account for service logon? (Choose all that apply.)

a. The system manages passwords.

b. You can assign rights and permissions precisely.

c. You can use the account to log on interactively.

d. You can’t be locked out.

a. The system manages passwords., d. You can’t be locked out.

The OS manages the password for a managed service account (MSA), so nobody has to remember the

password and it gets changed automatically at periodic intervals, increasing security.

Which of the following is used to uniquely identify a service instance to a client?

a. SPN

b. KDC

c. Service ticket

d. TGT

a. SPN

A service principal name (SPN) uniquely identifies a service instance to a client.

You have created an MSA on DC1 to run a service on the ldsServ1 server. What’s the last thing you should

do before using the Services MMC to configure the service to use the new MSA?

a. On DC1, run the Install-ADServiceAccount cmdlet.

b. On ldsServ1, run the Install-ADServiceAccount cmdlet.

c. On DC1, run the Add-ADComputerServiceAccount cmdlet.

d. On ldsServ1, run the Add-ADComputerServiceAccount cmdlet.

b. On ldsServ1, run the Install-ADServiceAccount cmdlet.

The Install-ADServiceAccount cmdlet must be used before configuring a service to use an

MSA. This cmdlet must be run on the server on which the service is run, not on the domain controller.

You have four servers running a service in a load-balancing configuration, and you want the services on all

four servers to use the same service account. What should you do?

a. Create a group and add the servers’ computer accounts to it. Run the NewADServiceAccount cmdlet.

b. Run the New-ADServiceAccount cmdlet and configure constrained Kerberos delegation.

c. Run the New-gMSAServiceAccount cmdlet and specify the four servers in the SPN.

d. Move the four servers’ computer accounts to the Managed Service Accounts folder in Active

Directory.

: a. Create a group and add the servers’ computer accounts to it. Run the NewADServiceAccount cmdlet.

The New-ADServiceAccount cmdlet takes as an argument a server name or group name that

contains server accounts.

In your Windows Server 2022 domain, you have a member server that is also running Windows Server

2022. You want to install the LocSvc service, which will access only local resources. You need to

configure authentication for this service but don’t want to use one of the built-in service accounts; also, you

want to use the least administrative effort. What should you do?

a. Create a local user on the server and configure the service to log on as that user.

b. Create an MSA with PowerShell and configure the service to log on as the MSA.

c. Create a domain user, and in the Delegation tab, select LocSvc.

d. Configure the service to log on as NT Service\LocSvc.

d. Configure the service to log on as NT Service\LocSvc.

The NT Service\ServiceName syntax refers to a virtual account or managed local account that is

created automatically when you configure a service to log on using that syntax. Because you don’t

need to create this account or manage it in any way, it is the simplest solution.

Which of the following is a process that allows users to sign in using one set of credentials without having

to enter credentials again to access remote services and applications?

a. SSPR

b. SSO

c. MFA

d. AADDS

b. SSO

Single sign-on (SSO) allows users to sign in one time; their credentials are then used to access other

systems or services that are configured for SSO.