AD Chapter 13-16 test questions

Active Directory keeps a naming convention for the domain that mirrors ______.
An Active Directory _____ consists of one or more separate domain trees.
An administrator needs to grant an e-mail distribution group of 100 members access to a database, how would the administrator proceed? The e-mail group is obsolete and can be dissolved.
Convert the distribution group to a security group and then assign the group access permissions.
Can a domain user, who does not possess explicit object creation permissions, create computer objects?
Yes, authenticated users can create workstation, but not server objects
Can an administrator launch the Group Policy Management console from a workstation?
Yes, if the workstation is running the Remote Server Administration Tools package
Configuring a Central Store of ADMX files help solve the problem of ________.
“SYSVOL bloat”
For Server Core installations, how does Windows Server 2012 differ from Windows Server 2008 when installing the AD DS role and promoting the system to a domain controller?
Windows Server 2012 now allows administrators to use PowerShell.
Group Policies applied to parent containers are inherited by all child containers and objects. What are the ways you can alter inheritance?
Using the Enforce, Block Policy Inheritance, or Loopback settings
Group Policy settings are divided into two subcategories: User Configuration and Computer Configuration. Each of those two are further organized into three subnodes. What are the three?
Software settings, Windows settings, and Administrative Templates
How do groups differ from OUs?
Groups are security principals, meaning you assign access permissions to a resource based on membership in a group. OUs are for organization and for assigning Group Policy settings.
How does CSVDE.exe differ from LDIFDE.exe?
Both utilities can import users, but only LDIFDE can modify or delete objects later
If an administrator creates a domain tree in an Active Directory forest, and then creates a separate and different domain tree, what is the relationship between the two domain trees?
Same security entity as one Active Directory forest, bidirectional trust between domain trees
If creating a Local Group Policy Object, then a secondary GPO, then a tertiary GPO, what policy settings are included in each GPO?
The first GPO contains both Computer Configuration and User Configuration settings, while the secondary and tertiary GPOs contain only User Configuration settings.
In Windows Server 2012, after a user logs on to Active Directory, a(an) ________ is created that identifies the user and all the user’s group memberships.
access token
Installing Windows Server 2012 Active Directory Domain Services installs two default policies: Default Domain Policy and Default Domain Controller Policy. The administrator needs different policy settings. How best to proceed?
Create new Group Policy Objects to augment or override the existing default settings.
Local GPOs contain fewer options than domain GPOs. Local GPOs do not support ______.
Folder redirection or Group Policy software installation
Members of a universal group can come ______.
from trusted forests
Of the default groups created when Active Directory is installed, what are the types of those groups?
Security groups
Of the key reasons for creating organizational units, which of the following is NOT one of them?
Assigning permissions to network resources
Regarding Group Policy in Windows Server 2008 and Windows Vista, Microsoft used the token-based administrative template (ADM) files. What did Microsoft replace ADM files with in Windows Server 2012?
ADMX files (XML-based file format)
Resource access for individuals takes place through their ______.
user accounts
Some of the following groups might grant or deny permissions to any resource located in any domain in the forest. Of them, which one’s membership is replicated only in the domain controllers of the same domain?
Global groups
The Delegation of Control Wizard is capable of ________ permissions.
The LDIFDE.exe utility is most similar to what other utility?
The command-line utility can create new user accounts by importing information from a comma-separated value file?
The three types of Group Policy Objects (GPOs) include local, domain and _____.
To perform an offline domain join, how many times would an administrator run the Djoin.exe command?
What administrative division in Active Directory is defined as a collection of subnets that have good connectivity between them to facilitate the replication process?
What allows administrators to grant users in one domain access to resources of another domain within the same domain tree?
Bidirectional trust relationship between domains
What application or interface allows you to configure security filtering?
Group Policy Management console
What are the different kinds of groups?
There are two types: security and distribution; and there are three group scopes: domain local, global, and universal.
What are the two basic classes of Active Directory objects?
Container and leaf objects
What are the two built-in user accounts are created on a computer running Windows Server 2012?
administrator and guest
What are the two types of user accounts in Windows Server 2012?
local and domain
What capability allows you to create specific GPO settings for one or more local users configured on a workstation?
multiple local GPOs
What command-line utility allows administrators to modify a group’s type and scope as well as add or remove members?
What command-line utility requires you know the SAM account name as well as the user login ID before creating user accounts?
What defines what objects exist as well as what attributes are associated with any object in the Active Directory?
Active Directory schema
What determines the functional level of an Active Directory forest?
The lowest version of Windows Server on a domain controller
What do you call the process that after you link a GPO to a site with multiple domains, the Group Policy settings are applied to all the domains and the child objects beneath them?
What graphical tool can create user and computer accounts and was redesigned for Windows Server 2012?
Active Directory Administrative Center
What is a container object that functions in a subordinate capacity to a domain, and still inherits policies and permissions from its parent objects?
Organizational unit
What is a key difference between a domain tree hierarchy and the organizational unit (OU) hierarchy within a domain?
What is an important difference between groups and OUs?
Group memberships are independent of the domain’s tree structure.
What is not a container, nor full-fledged security division and cannot have Group Policy settings applied directly to them?
What is the Microsoft Management Console (MMC) snap-in that you use to create GPOs and manage their deployment to AD DS objects?
Group Policy Management console
What is the PowerShell cmdlet for installing a domain controller to the domain “”?
Install-AddsForest -DomainName “”
What is the PowerShell cmdlet used to create user objects?
What is the fundamental component of the Active Directory architecture, functioning as the boundary for virtually all directory functions, including administration, access control, database management, and replication?
What is the global catalog?
An index of all AD DS objects in a forest
What is the group scope for Domain Admins, Domain Controllers, and Domain Users default groups?
What is the method for removing a domain controller in Windows Server 2012?
Using the Remove Roles and Features Wizard
What is the next level of Active Directory container object within a domain?
Organizational unit
What is the only OU created by default after installing Active Directory?
Domain Controllers OU
What is the order in which Windows systems receiving and process multiple GPOs.
LSDOU (local, site, domain, then OU)
What is the primary difference between universal groups and global groups in Windows Server 2012?
Global groups use less data in the global catalog. So, in considering replication traffic, universal groups should be within a site.
What is the primary means by which people access resources on an AD DS network?
By having a user account
What is the primary reason for creating different sites on an Active Directory network?
To control the traffic passing over relatively slow and expensive WAN links between locations
What is the process of granting the user access only to the resources he or she is permitted to use?
What is the proper term for associating a Group Policy to a set of AD DS objects?
What is the simplest way for administrators to upgrade their AD DS infrastructure to Windows Server 2012?
Add a new Windows Server 2012 DC to your existing Directory Services installation.
What is the technique called that you can modify the default permission assignments so that only certain users and computers receive the permissions and, consequently, the settings in the GPO?
security filtering
What kind of GPO serves as a template for the creation of domain GPOs based on a standard collection of settings?
starter GPO
What kind of GPO stores its settings on the local computer in the %systemroot%/System32/GroupPolicy folder?
local GPO
What nonlocal GPO has its properties stored in the Active Directory object Group Policy container (GPC), as well as a Group Policy template located in the SYSVOL share?
domain GPO
What special DNS resource record enables clients to locate domain controllers and other vital AD DS services?
What two common tools help create both User and Computer objects?
Active Directory Administrative Center and Active Directory Users and Computer
What user creation tool was redesigned in Windows Server 2012 to incorporate new features such as the Active Directory Recycle Bin and fine-grained password policies?
Active Directory Administrative Center (ADAC)
What versions of Windows began support of multiple local GPOs?
Windows Server 2008 R2 and Windows Vista
What would be a sufficient user account to provide temporary access to the network for a user such as a vendor representative or a temporary employee?
What would be the distinguished name (DN) for a user named Ella Parker, whose user account resides in the Marketing OU of the domain?
cn=Ella Parker,ou=Marketing,dc=adatum,dc=com
What you call the process of confirming a user’s identity by using a known value such as a password, a smart card, or a fingerprint?
What you call the process of confirming that a user has the correct permissions to access one or more network resources?
When is an Active Directory site topology created?
Site topology is manually configured dependent on WAN bandwidth and transmission speed.
When multiple GPOs are linked to a container, which GPO in the list has the highest priority?
the first
When would administrators choose to use a User Template?
When an administrator wants to save time while creating single users with many attributes
Where is the path to the default GPT structure for a domain?
Which of the following default groups is a universal group?
Enterprise Admins
Which of the following guidelines are NOT best practice for securing the Administrator account?
Renaming the Administrator account name so as not to distinguish it from non-administrative accounts
Which of the following is NOT a group scope?
Security groups
Which of the following is NOT an example of a special identity?
Dialup Service
Which of the following is a PowerShell cmdlet for creating user objects?
Which of these groups is not related to security and cannot have permissions assigned to it?
Distribution groups
Which of these groups would an administrator use to assign permissions to resources in the same domain?
Domain local groups
Which of these groups’ membership is stored in the global catalog?
Universal groups
Within a domain, the primary hierarchical building block is the _________.
organizational unit
What is the SAM account name and the User Principal Name for the account [email protected]?
SAM account name is ella, and the User Principal Name is [email protected]