> > Active Directory MCQs > Basic Active Directory MCQs

Basic Active Directory MCQ

1. Your company's network has a single Active Directory domain. All servers run Windows Server 2003. You want to make an application available for all the users to install. You want to configure GPO for this. How will you complete this task?

Copy the application package on all the user computers one by one

Publish the application with file extension activation

Provide application CDs to users for manual installation

All of the above

Answer

Correct Answer: Publish the application with file extension activation

Note: This Question is unanswered, help us to find answer for this one

2.
Which of the following components are contained in the sysvol folder?

Active directory log files

NETLOGON

Windows NT 4.0 system policies

System state data back-up

Answer

Correct Answer: NETLOGON
Windows NT 4.0 system policies

Note: This question has more than 1 correct answers

Note: This Question is unanswered, help us to find answer for this one

3.
Which of the following partition information gets replicated during active directory replication?

Schema partition

Domain partition

System state partition

Sysvol partition

Configuration partition

Answer

Correct Answer: Schema partition
Domain partition
Configuration partition

Note: This question has more than 1 correct answers

Note: This Question is unanswered, help us to find answer for this one

4.
Your network consists of three Windows 2003 Domain Controllers named DC-1, DC-2 and DC-3. DC-3 doesnot hold any FSMO roles. After backing-up the System State Data Back-up of all DCs, DC-3 disk failed. You replaced the failed disk with a new disk and installed Server 2003 on the new disk. What should you do next on DC-3?

Restore the System State Data back-up from Directory Services restore Mode

Run Windows Back-up on DC-1 and restore the same on DC-3

Run Active Directory installation wizard to make the new computer a replica in the domain

Force replication from Active Directory Sites and Services to DC-3

Answer

Correct Answer: Run Active Directory installation wizard to make the new computer a replica in the domain

Note: This Question is unanswered, help us to find answer for this one

5.
You are the administrator of a Windows 2003 domain. According to company policy, you created an OU and applied a GPO restricting Control Panel access to users. Later on, your company policy changed and you allow Control Panel access to some of the users in that OU. The policy also states that their membership be kept as it is without moving them to other groups or OUs.How will you allow Control Panel access to some users thereby restricting access to others in the same OU?

Deny Apply Group Policy permission to users from the properties of Control Panel GPO.

Create a new security group, move all users to that group, and deny GPO permissions

Add users to Domain Administrator group

Select Block Policy Inheritance from the properties tab of OU.

Answer

Correct Answer: Deny Apply Group Policy permission to users from the properties of Control Panel GPO.

Note: This Question is unanswered, help us to find answer for this one

6.
You are the network administrator for the Big North Fishing Company. The network consists of one Windows Server 2003 domain named bignorthfishingco.com. You are installing a new domain bignorthfishingco1.com but during promotion you get an error message: The domain name specified is already in use on the network. What is the cause of the problem?

Duplicate IP address is detected

The default generated DNS domain name is already in use

Administrative privileges are missing

The default generated NetBios name is already in use

Answer

Correct Answer: The default generated NetBios name is already in use

Note: This Question is unanswered, help us to find answer for this one

7.
Which of the following are FSMO roles?

Schema role

PDC Emulator role

RID Master role

Infrastructure Master role

Domain Naming Master role

All of the above

Answer

Correct Answer: All of the above

Note: This Question is unanswered, help us to find answer for this one

8.
Your company is running on Windows Server 2003 DNS server with slaves.You changed DNS file manually on DNS server.But slave still doesn't pick up any changes. What will you do to apply those changes to slave?

Run ipconfig/flushdns command to clear DNS cache on slave

Start IXFR from Primary zone to Slave

Restart DNS services on slave

The SOA record serial number should be edited manually on the primary copy of the zone

Answer

Correct Answer: The SOA record serial number should be edited manually on the primary copy of the zone

Note: This Question is unanswered, help us to find answer for this one

9.
You are a network administrator and responsible for handling your company's domain, sales.microsoft.com running in Windows Server 2003. Your domain crashes accidentally and when you re-run the dcpromo command to promote it again, as domain controller with the same name, it fails. What can be the problem?

DNS zone conflicts with the same name

Some old objects with the same name conflict with the new server

Latest service pack is missing

Run ipconfig/flusdhns command

Answer

Correct Answer: Some old objects with the same name conflict with the new server

Note: This Question is unanswered, help us to find answer for this one

10.
State whether true or false.

A PDC Emulator is required for authentication purposes for Windows NT 4.0 clients.

True

False

Answer

Correct Answer: True

Note: This Question is unanswered, help us to find answer for this one

11.
Your company is planning to deploy Windows XP Professional on 200 computers. The network has one Windows Server 2003 domain controller (DC). You want the installation to be automated and centralized, and to be done only on authorized computers. What should you do?

Create a shared folder on DC, copy Windows XP installation files to that folder, and run unattended installation on licensed computers

Install RIS server on DC. Create user accounts for licensed users. Configure the RIS server to accept connections request only from authorized computers. Allow users to run unattended setup from the shared folder

Install RIS server on DC. Create computer accounts for licensed computers. Configure the RIS server to accept requests only from authorized computers. Allow users to run unattended setup from the shared folder

Copy installation files and answer file to a CD and run the setup from CD-ROM manually on each client computer

Answer

Correct Answer: Install RIS server on DC. Create computer accounts for licensed computers. Configure the RIS server to accept requests only from authorized computers. Allow users to run unattended setup from the shared folder

Note: This Question is unanswered, help us to find answer for this one

12.
How can an administrator predict the physical requirements for installing Windows Server 2003 Domain Controller ?

By using performance monitor

By using Active Directory Sizer tool

By using Exmerge utility

By using ADMT tool

Answer

Correct Answer: By using Active Directory Sizer tool

Note: This Question is unanswered, help us to find answer for this one

13.
Which of the following roles is responsible for allowing schema changes to Active directory objects?

PDC Emulator role

RID Master role

Infrastructure Master role

None of the above

Answer

Correct Answer: None of the above

Note: This Question is unanswered, help us to find answer for this one

14.
You are the network administrator of a company. Your company's network has Windows 2003 Server and Windows XP Professional computers. The network consists of a single Active Directory Domain named Expertrating.com. All user computers have computer accounts in an OU named expertrating users. You want to configure the network in such a way that all user computers are automatically updated when new critical updates are issued. Servers need to be updated manually. How will you perform this task?

Create a new GPO linked to the domain. Configure the GPO so that all the updates are automatically downloaded and installed on the user computers from an internal server on which you install and configure Software Update Services

Create a new GPO linked to the OU Expertrating users. Configure the GPO so that all the updates are automatically downloaded and installed on the user computers from an internal server on which you install and configure Software Update Services

Create a new GPO linked to the domain. Configure the GPO so that all the updates are automatically downloaded and installed on the user computers from Microsoft Update Servers from the internet

All of the above

Answer

Correct Answer: Create a new GPO linked to the OU Expertrating users. Configure the GPO so that all the updates are automatically downloaded and installed on the user computers from an internal server on which you install and configure Software Update Services

Note: This Question is unanswered, help us to find answer for this one

15.
You are the network administrator of a company. Your company's network has a single Active Directory domain. It has an OU named sales. You want to give permissions to a company's junior network administrator to create child OUs for sales OU. He should also be able to verify the existence of the OUs created by him. Which of the following permission set will be enough to accomplish this if you want to give him minimum permissions?

Write All Properties, Create All Child Objects

Read All Properties, All Extended Rights, Write All Properties

List Contents, All Extended Rights

Read All Properties, Create Organizational Unit Objects, List Contents

Answer

Correct Answer: Read All Properties, Create Organizational Unit Objects, List Contents

Note: This Question is unanswered, help us to find answer for this one

16.
You are the network administrator of an Aerospace Company. Your company's policy clearly states renaming of Guest account on all computers in domain. What would you do if you do not have the time to edit each name manually on each computer but you need to do it immediately?

Create a login script and apply it on Default Domain Group Policy

Instruct user to enable remote desktop and change their name from server using remote desktop

Use GPO to rename Guest account on the Default Domain Group Policy

Send network message to all users to rename guest account

Answer

Correct Answer: Use GPO to rename Guest account on the Default Domain Group Policy

Note: This Question is unanswered, help us to find answer for this one

17.
Which of the following commands provide maximum information related to capacity statistics such as megabytes per server and per object class, and information on how to compare two directory trees across replicas in the same domain?

repadmin

replmon

netdiag

dsastat

Answer

Correct Answer: dsastat

Note: This Question is unanswered, help us to find answer for this one

18.
After running authoritative restore command on crash Windows Server 2003 domain controller, how will it be checked if authoritative restore was successful by checking the version number increase in the directory?

ntdsutil

replmon

repadmin

netdiag

Answer

Correct Answer: repadmin

Note: This Question is unanswered, help us to find answer for this one

19.
You are the network administrator of a company. Your company's network has a single Active Directory domain named expertrating.com. This domain has two sites and each site contains two domain controllers. You purchase two servers and use each new server as a domain controller in each site, making a total of three domain controllers at each site. You want to configure the inter site replication to flow through these new domain controllers. What will you do?

Configure each new domain controller as preferred IP bridgehead server

Configure each new domain controller as preferred SMTP bridgehead server

Configure both new domain controllers as Global Catalog servers

All of the above

Answer

Correct Answer: Configure each new domain controller as preferred IP bridgehead server

Note: This Question is unanswered, help us to find answer for this one

20.
You are the network administrator for a company called ExpertRating. Your network contains one Windows Server 2003 Domain Controller. One day, when you reboot your DC, you receive an error message "Cannot find NTOSKERNL.EXE". Which of the following actions will you employ?

Automated System Recovery

Last Known Good Configuration

Safe Mode

Directory Services Restore Mode

Answer

Correct Answer: Automated System Recovery

Note: This Question is unanswered, help us to find answer for this one

21.
State whether true or false.

Once the forest functional level is raised to Windows Server 2003, one cannot add a Windows 2000 domain controller to the forest.

True

False

Answer

Correct Answer: True

Note: This Question is unanswered, help us to find answer for this one

22.
When running dcpromo command in Windows Server 2003, the administrator changed the NetBIOS name to production. But the real FQDN is sales.microsoft.com. After setup, what would be the FQDN?

sales.microsoft.com

production.microsoft.com

microsoft.sales.com

sales.com

Answer

Correct Answer: sales.microsoft.com

Note: This Question is unanswered, help us to find answer for this one

23.
Some applications are deployed that uses protocols that requires knowledge of the user's password for authentication purposes. Which policy can provide the best result in this scenario ?

Enable 'Store password using reversible encryption' policy

Decrease maximum service ticket lifetime for Kerberos

Increase minimum password length

Enable 'Enforce password policy'

Answer

Correct Answer: Enable 'Store password using reversible encryption' policy

Note: This Question is unanswered, help us to find answer for this one

24.
The administrator is trying to reset the external trust. But clients are unable to access resources in the domain outside of the forest. Which of the following FSMO role must be available for this reset?

Domain naming master

Infrastructure role

RID role

PDC Emulator master

Answer

Correct Answer: PDC Emulator master

Note: This Question is unanswered, help us to find answer for this one

25.
You are the network administrator of a Windows 2003 network having Windows XP clients.You want to secure your network by implementing a policy that supports encrypted TCP/IP communication. Which of the following is most secured?

Enable Internet Connection Firewall(ICF)

Enable Network Address Translator(NAT)

Enable secure Server IPSec POlicy

Enable Server IPSec Policy

Answer

Correct Answer: Enable secure Server IPSec POlicy

Note: This Question is unanswered, help us to find answer for this one

26.
Which of the following roles is responsible for the uniqueness of Active Directory objects in each domain?

PDC Emulator role

RID Master role

Schema Master role

Infrastructure Master role

Answer

Correct Answer: RID Master role

Note: This Question is unanswered, help us to find answer for this one

27.
Your company's domain consists of one OU named Sales. Sales OU consists of users from Sales Department. You need to assign one of the user of Sales OU named Paul, to create, add and modify user's objects only.They should not be able to change group's object properties.What should you do ?

Assign the Full Control permission on Sales OU to Paul

Run Delegation of Control wizard on sales OU and grant him permission to create and manage user's objects

Grant Paul the Domain Admins rights

Run Delegation of Control wizard on the Domain and select OU objects from custom tasks to delegate option

Answer

Correct Answer: Run Delegation of Control wizard on sales OU and grant him permission to create and manage user's objects

Note: This Question is unanswered, help us to find answer for this one

28.
State whether true or false.

We can only seize a role if the domain controller that holds that role fails.

True

False

Answer

Correct Answer: True

Note: This Question is unanswered, help us to find answer for this one

29.
You are planning to deploy Windows XP professional to client computers using RIS. What should you do to find out the GUIDs of all client computers?

Use Network Monitor to view DHCPOFFER packets

Use Network Monitor to view DHCPDISCOVER packets

Use performance Monitor to view DHCPREQUEST packets

Use Event Viewer to view RIS logging

Answer

Correct Answer: Use Network Monitor to view DHCPDISCOVER packets

Note: This Question is unanswered, help us to find answer for this one

30.
Suppose there are network connectivity problems between your HQ at Atlanta and Branch office in Atlanta which are causing packets to drop. How will you check where and what percentage of packets is dropped from the HQ?

By running tracert from HQ to Branch

By running tracert from Branch office to HQ

By running pathping from HQ to Branch

By running pathping from Branch to HQ

By running Network Monitor

Answer

Correct Answer: By running pathping from HQ to Branch

Note: This Question is unanswered, help us to find answer for this one

31.
Your network consists of one parent domain running on Windows Server 2003 and 1000 Windows XP clients.Your company's growth demands a child domain to be installed in one of the Branch Location.But when you run dcpromo command to join the child domain in parent,you get an error message that the existing domain cannot be contacted.What will you do to correct this problem?

Configure a domain controller of the child domain with the address of the DNS server of existing domain.

Create an Active Directory Integrated zone of child domain in the existing domain controller

Transfer PDC emulator role to a new child domain

Use ntdsutil to transfer domain naming master role to child domain

Answer

Correct Answer: Configure a domain controller of the child domain with the address of the DNS server of existing domain.

Note: This Question is unanswered, help us to find answer for this one

32.
You are the network administrator responsible for handling DNS server running on Windows server 2003. You receive a report that Windows Server 2003 CPU utilization rate is constantly exceeding 85 % of the CPU.How will you check if this problem arises only because of the DNS server?

Check DNS counters performance from System Monitor

Run ipconfig/displaydns command

Use Network Monitor to check the number of queries resolved by DNS

Use Event Viewer to check DNS performance

Answer

Correct Answer: Check DNS counters performance from System Monitor

Note: This Question is unanswered, help us to find answer for this one

33.
You are the administrator for ExpertRating's Branch office. Your company domain is running on Windows Server 2003. Your company's HQ is located at Atlanta and contains one Active-Directory Integrated DNS Server. An administrator at HQ instructs you to install and configure the DNS server as Active Directory Integrated zone. But when DNS is installed at the Branch office and a zone is tried to be created, the option to create Active-Directory Integrated zone is unavailable. What should be done in this scenario?

A new secondary Zone at the branch office configured with the address of DNS server located at HQ should be created

The HQ DNS server should be configured to approve the branch DNS server as Name Server

It should be ensured that HQ DNS server is configured as Standard Primary Zone

It should be ensured that Branch office server is promoted as Domain Controller, and then an Active Directory Integrated Zone should be created

Answer

Correct Answer: It should be ensured that Branch office server is promoted as Domain Controller, and then an Active Directory Integrated Zone should be created

Note: This Question is unanswered, help us to find answer for this one

34.
When an administrator runs dcpromo command in Windows Server 2003 to install Domain, setup fails with the following message "Active Directory installation failed. The network location could not be reached." What may be the problem ?

DNS

Default gateway

Network adapter

Administrative privileges

Answer

Correct Answer: Network adapter

Note: This Question is unanswered, help us to find answer for this one

35.
You are the back-up operator in a company and responsible for system-state data backup which is residing at two Windows Server 2003 domain controllers. How should you automate the process for every day at 12:00 mid-night?

Schedule a system state data backup for specified time

Schedule a full back-up of each domain controller once a day

Schedule a task to back-up ntds.dit file at late night

Schedule a task to back-up the entire drive having active-directory database and log files at late night

Answer

Correct Answer: Schedule a system state data backup for specified time

Note: This Question is unanswered, help us to find answer for this one

36.
Which of the following is a recommended tool for populating Active Directory with data from other directory services?

csvde

ldifde

ntdsutil

ADSI Edit MMC snap-in

Answer

Correct Answer: ldifde

Note: This Question is unanswered, help us to find answer for this one

37.
You are the administrator of a Windows 2003 domain. The domain has 100 users working on Windows XP. You want to allow all users to change their desktop setting if they try to work on any Windows XP computer. But their altered desktops should not be saved once they log off. What should you do in this scenario?

Edit GPO to set the customized desktop

Change the ntuser.dat file to ntuser.man in profiles directory

Schedule a batch to run at some interval to delete the user's home directory on each client computer

Configure a roaming profile for each user in the network

Answer

Correct Answer: Change the ntuser.dat file to ntuser.man in profiles directory

Note: This Question is unanswered, help us to find answer for this one

38.
The administrator for company ABC Toys configured RIS server in Windows Server 2003 for installing operating system Image to newly branded computers. But when he started the computers for obtaining addresses from RIS, they all are unable to connect to DHCP server. Later on, he discovered all branded computers were using network adapters that were not PXE compliant. How will he connect these computers to RIS server?

By creating RIS Bootable floppies from rbfg.exe

By creating RIS bootable floppies from ASR

By using riprep for installing image to client computers

By instaling DHCP relay Agent

Answer

Correct Answer: By creating RIS Bootable floppies from rbfg.exe

Note: This Question is unanswered, help us to find answer for this one

39.
You are the network administrator of Windows 2003 domain. The domain has one OU named Sales.You are using Windows Installer to publish sales relevant software to user's workstations. Currently, only members of Sales OU can run the software.But you want all users in the domain to be able to use the software from Start menu. What should you do ?

Assign the Windows Installer GPO from OU instead of publishing

Remove current GPO from Sales OU, create a new GPO that will upgrade the installed package and apply newly created GPO to sales OU

Remove the GPO from Sales OU,assign the GPO to domain and set the permissions to assign the package to all users

Create a new GPO and assign the package to all users in the domain. Grant the membership of Domain Admins to all the users

Answer

Correct Answer: Remove the GPO from Sales OU,assign the GPO to domain and set the permissions to assign the package to all users

Note: This Question is unanswered, help us to find answer for this one

40.
The network of ABC TOYS company consists of Windows Server 2003 and 5000 Windows XP Clients. Sometimes, users report missing data from the server. The network administrator wants to find the user deleting the files. He created a GPO and assigned it on the ABC Toys domain. Which actions should he audit?

Process tracking

Account login events

Object access

Privileged access

Answer

Correct Answer: Object access

Note: This Question is unanswered, help us to find answer for this one

41.
Your company has three domains located at different locations:

perl.com

geneva.perl.com

portland.perl.com

All three domains are in the Native Mode. Your geneva.perl.com branch is going to shut down and you want to migrate all users in that domain to perl.com. How will you move the users?

movetree /start /s dc1.geneva.perl.com /d dc2.perl.com /sdn cn=users,dc=geneva,dc=perl,dc=com /ddn cn=users,dc=perl,dc=com

Move the users from Active Directory Users and Computers

Move computer object from Active Directory Users and Computers to perl.com

movetree /continue /s dc1.geneva.perl.com /d dc2.perl.com /sdn cn=users,dc=geneva,dc=perl,dc=com /ddn cn=users,d=perl,dc=com

Answer

Correct Answer: movetree /start /s dc1.geneva.perl.com /d dc2.perl.com /sdn cn=users,dc=geneva,dc=perl,dc=com /ddn cn=users,dc=perl,dc=com

Note: This Question is unanswered, help us to find answer for this one

42.
You are the network administrator for your company running Domain Controller on Windows Server 2003. The domain has a Windows 2000 server named production. The production server is not a domain controller. You are allowed to logon locally for making the configuration. You want to run a script that will change the current environment variables setting when users log in.What would be the appropriate course of action?

Create a logon script and apply it on default domain group policies

Create a logon script and apply it on local group policies

Create a start-up script and apply it on the Default Domain Controller Group Policies

Copy the script to NetLogon share of the production server

Answer

Correct Answer: Create a logon script and apply it on local group policies

Note: This Question is unanswered, help us to find answer for this one

43.
You use Software deployment in Windows Server 2003 to distribute company's softwares on your Windows XP clients. The software image is clean and successfully published to clients. Clients have installed softwares in their desktops. But, when they run the setup from desktop shortcut, it gives an error message. Which of the following may be the reason for this error?

Software image is corrupted

Users have read only permission in the folder containing software image

The server gets restarted

Users with roaming profile are logging in two computers simultaneously

Answer

Correct Answer: Users with roaming profile are logging in two computers simultaneously

Note: This Question is unanswered, help us to find answer for this one

44.
A network consists of one Windows Server 2003 running as Domain Controller and 100 Windows XP Clients. The network administrator has created many OUs in domain and delegated control of OU to relevant administrators. His domain is configured with one OU, named sales, having one child, OU marketing. Two different administrators are appointed to be responsible for their respective OUs. But the marketing OU administrator complains that their OU is inheriting the Group Policies of its parent domain, even when they have blocked the inheritence. What may be the reason for that?

'No Override' is enabled on sales OU

'Block Policy Inheritance' is enabled on domain

Group policies are not refreshed

ntdsutil is run to overcome the situation

Answer

Correct Answer: 'No Override' is enabled on sales OU

Note: This Question is unanswered, help us to find answer for this one

45.
You are the network administrator of a company called Expertrating. Your company's network has a single Active Directory forest with a single domain named expertrating.com. Windows Server 2003 is running on all the servers and all the clients are Windows XP Professional computers. Your company has a test lab that contains a separate forest. You created a GPO (Group Policy Object) for testing and tested it successfully in that lab. Now, you want to implement this GPO on the network for all the computers and users in the domain. How will you accomplish this task by using minimum efforts?

Take a backup of the GPO created in the test lab by using the Group Policy Management Console and import it into the Domain

Create a new GPO linked to the domain. Include all the settings used in the old GPO (which was used for testing) in this GPO

Copy all the files in the SYSVOL folder from the test lab to the domain

None of the above

Answer

Correct Answer: Take a backup of the GPO created in the test lab by using the Group Policy Management Console and import it into the Domain

Note: This Question is unanswered, help us to find answer for this one

46.
You are the administrator of an OU named WebServers, created in Windows Server 2003 domain. The IPSec policies are defined at Domain level and No Override is not selected. All websites are configured to allow only anonymous users. A new GPO is applied at WebServers OU restricting local Administrators group to login locally. Users report that they are unable to access any of the Web Sites on the servers. What will you do for allowing users access to the websites from the servers in WebServers OU without affecting overall security?

Add all users to the Domain Admins group

Create a GPO that allows local Administrators and Guests to login locally and link GPO to WebServers OU

Create a GPO that allows local Administrators and Guest to login locally and link GPO to Domain level

Set Basic Authentication in each Web Server

Answer

Correct Answer: Create a GPO that allows local Administrators and Guests to login locally and link GPO to WebServers OU

Note: This Question is unanswered, help us to find answer for this one

47.
You are the network administrator of a company running on Windows Server 2003 environment.The network consists of a single forest that contains two domains named Domain-A and Domain-B.You are responsible for handling Domain-A having one Active-Directory Integrated zone server .Your company policies state that name resolution traffic from Domain-B should be locally resolved by Domain-A. What should you do ?

Create a primary zone for Domain-B

Configure Domain-B as a forwarder

Create a secondary zone for Domain-B on Domain-A

Configure Domain-B as the DNS client of Domain-A

Answer

Correct Answer: Create a secondary zone for Domain-B on Domain-A

Note: This Question is unanswered, help us to find answer for this one

48.
You want to transfer the FSMO role. When you tried to transfer it, the transfer was unsuccessful. What will you do now?

Seize the role

Delete the role

Copy the role

None of the above

Answer

Correct Answer: Seize the role

Note: This Question is unanswered, help us to find answer for this one

49.
You are the network administrator of a company. Your company's network has Windows 2003 Server and Windows 2000 Professional computers. You use a security policy to configure a server named Delta1. Now you have to deploy the security configuration on server Delta1 to the computers on your company's network. How will you accomplish this task by using minimum efforts?

Create a new GPO linked to the domain. Include all the settings used in the server (Delta1) in this GPO

Use the Security Configuration and Analysis snap-in to export all the security settings from server Delta1 to a template file. Then, import the template file into the GPO for applying to multiple computers

Use the Security Configuration and Analysis snap-in to export all the security settings from server Delta1 to a template file. Then, apply the template to each computer by using the Security Configuration and Analysis snap-in

All of the above

Answer

Correct Answer: Use the Security Configuration and Analysis snap-in to export all the security settings from server Delta1 to a template file. Then, import the template file into the GPO for applying to multiple computers

Note: This Question is unanswered, help us to find answer for this one

50.
You are the administrator of your company.Your network is running on Windows Server 2003 domain controller and Windows XP as a clients.You have configured Software Deployment to distribute softwares to users. You have published softwares but by using Group Policies. Softwares appear in Add/remove Programs in control Panel but when users try to install them, they get an error message "The feature you are trying to install cannot be found in the setup directory" and the setup fails. Identify the cause.

The software was not assigned

Users were not the members of the administrative group

Proper permissions to users on folders containing software image were not granted

The server was not restarted

Answer

Correct Answer: Proper permissions to users on folders containing software image were not granted

Note: This Question is unanswered, help us to find answer for this one

51.
Which of the following things can be done once the DNS Advanced option is enabled from DNS console View tab in Windows Server 2003?

Open network monitor

Enable Advanced in View tab of DNS console

Use performance monitor to view DNS cache

Use Event Viewer from DNS console

Answer

Correct Answer: Enable Advanced in View tab of DNS console

Note: This Question is unanswered, help us to find answer for this one

52.
Once DNS Advanced option is enabled from DNS console View tab in Windows Server 2003, which of the following things can be done ?

Cached data can be deleted record by record

Zone transfer can be done forcibly

SOA serial number can be incremented

nslookup command can be run directly

Answer

Correct Answer: Cached data can be deleted record by record

Note: This Question is unanswered, help us to find answer for this one

53.
Your Company has different OUs named sales, production and finance. All are child objects under Departments OU. You created a new GPO used to assign software required for all departments. Sales and production users can see the shortcut in start menu and can successfully install the software but finance users report that this shortcut is not appearing in their start menu. What will you do?

Publish the software instead of assign

Remove Block-Policy Inheritance from finance OU

Grant all finance users to Domain Admins group

Package is corrupt so rebuild it

Answer

Correct Answer: Remove Block-Policy Inheritance from finance OU

Note: This Question is unanswered, help us to find answer for this one

54.
You are the network administrator for your company. One user account named Mike often needs to be moved between sales and marketing group. But the changes are not taking effect. Which of the following FSMO role may be responsible for that?

RID Role

Infrastructure role

PDC emulator role

Domain naming role

Answer

Correct Answer: Infrastructure role

Note: This Question is unanswered, help us to find answer for this one

55.
DNS SRV resource records map the name of a service to the name of a server offering that service.Which of the following SRV entry helps clients to find a Windows Server 2003 dom PDC FSMO role holder in a mixed-mode environment.

ldap._tcp..domains._msdcs.

_ldap._tcp.

_ldap._tcp.._sites.

_ldap._tcp.pdc._ms-dcs.

Answer

Correct Answer: _ldap._tcp.pdc._ms-dcs.

Note: This Question is unanswered, help us to find answer for this one

56.
Which of the following commands can be used to promote the DC (Domain Controller) from a backup of the system state data of an existing DC (Domain Controller)?

dcpromo /restore

dcpromo /promo

dcpromo /system

dcpromo /adv

Answer

Correct Answer: dcpromo /adv

Note: This Question is unanswered, help us to find answer for this one

57.
You work as a Network Administrator for your company running on Windows 2000 Active Directory based network. One day you discover that the partition having Active Directory database is out of space. How will you move Active Directory database and log files to a new volume on a different disk?

Restart the Active Directory in Safe mode

Run ntdsutil to move database to a new location

Restart the Active Directory in Directory Services Restore Mode

Run csvde utility to restore database to a new location

Answer

Correct Answer: Run ntdsutil to move database to a new location
Restart the Active Directory in Directory Services Restore Mode

Note: This question has more than 1 correct answers

Note: This Question is unanswered, help us to find answer for this one

58.
Which are the other aspects that an administrator must consider for the network to run effectively after running metadata clean-up to delete the remains of a removed domain controller in Windows Server 2003?

Relocate FSMO roles

DHCP clients configuration will dynamically be updated for failed DNS server

All application servers must point to the new live Global Catalog if removed DC is a Global catalog

DNS forwarders configuration need not to be updated for failed DNS server

Answer

Correct Answer: Relocate FSMO roles
All application servers must point to the new live Global Catalog if removed DC is a Global catalog

Note: This question has more than 1 correct answers

Note: This Question is unanswered, help us to find answer for this one

59.
As the network administrator of a Windows 2003 network, when you were monitoring your network securities, you discovered that most of the users have been using the same password ever since their accounts were created. You want to secure your password policies so that users must change their passwords periodically. What will be your course of action?

Enforce password history

Minimum password age

Maximum password age

None of the above

Answer

Correct Answer: Enforce password history
Maximum password age

Note: This question has more than 1 correct answers

Note: This Question is unanswered, help us to find answer for this one

60.
Which of the following are ways of viewing RSoP reports?

gpresult /z >policy.txt from command prompt

html file from Advanced Security Information-Policy wizard

Performance monitor

dcdiag.log file

Answer

Correct Answer: gpresult /z >policy.txt from command prompt
html file from Advanced Security Information-Policy wizard

Note: This question has more than 1 correct answers

Note: This Question is unanswered, help us to find answer for this one

61.
You are the network administrator responsible for handling and troubleshooting the DNS server configured in Windows Server 2003. You figure out later on that the DNS server is consuming high CPU usage. Which of the following checks will you do to restrict DNS usage?

Check if any virus scanning software is enabled

Check if ipconfig/flushdns command is run

Check if sms server is installed

Check if active directory is installed��

Answer

Correct Answer: Check if any virus scanning software is enabled
Check if sms server is installed

Note: This question has more than 1 correct answers

Note: This Question is unanswered, help us to find answer for this one

62.
You are the network administrator, and your network consists of various branch offices located at different locations which are:

        Location 1

        Location 2

        Location 3

        Location 4

You want to allow secure dynamic updates in DNS in Location 1, 2 and 3. But Location 4 should not be able to edit DNS. Which of the following statements will fit in this scenario?

assign Location 1, 2 and 3 'Active Directory Integrated Zone'

assign Location 4 as secondary Zone

assign location 4 as primary zone

assign Location 1,2,3 as primary zone

Answer

Correct Answer: assign Location 1, 2 and 3 'Active Directory Integrated Zone'
assign Location 4 as secondary Zone

Note: This question has more than 1 correct answers

Note: This Question is unanswered, help us to find answer for this one

63.
Which of the following commands are useful for troubleshooting Active Directory replication failure due to incorrect DNS configuration?

ipconfig/registerdns

dcdiag /test:registerdns /dnsdomain

dcdiag /test:connectivity

ntdsutil

Answer

Correct Answer: dcdiag /test:registerdns /dnsdomain
dcdiag /test:connectivity

Note: This question has more than 1 correct answers

Note: This Question is unanswered, help us to find answer for this one

64. Range of Group Policy time interval?

0 mins 15 mins

0 mins to 180 mins

0 mins to 64800 mins

0 mins to 90 mins

Answer

Correct Answer: 0 mins to 64800 mins

Note: This Question is unanswered, help us to find answer for this one

65. How many levels of readiness are allocated for the global catalog?

Answer

Correct Answer: 6

Note: This Question is unanswered, help us to find answer for this one

66. How many roles are available in Windows Server 2008?

Answer

Correct Answer: 17

Note: This Question is unanswered, help us to find answer for this one

67. How many operations masters roles are allocated to each domain?

Answer

Correct Answer: 3

Note: This Question is unanswered, help us to find answer for this one

68. An application you are installing has a service that needs to run on a server where it will interact and modify other network services and components. How do you set it up?

Create a new user in Active Directory Users and Groups. Then on the server add the new domain user you created into the Local Admins group. Use this account to install the application.

You need to do nothing since it is a network application and will be installed on a network server, those functions are already built in.

Create a new user in Active Directory Users and Groups. Add the users to the Network Configuration Operators group. Use this account when installing the service on the server where the application is to run.

Create a new user in Active Directory Users and Groups. Add the users to the Network Services group. Use this account when installing the service on the server where the application is to run.

Answer

Correct Answer: Create a new user in Active Directory Users and Groups. Add the users to the Network Configuration Operators group. Use this account when installing the service on the server where the application is to run.

Note: This Question is unanswered, help us to find answer for this one

69. What are Group Policies?

Group Policies are used to maximize login efficiency by creating a hierarchies based on user profiles.

Group Policies are used to manage and segregate domain resources based on rules in the OU defined by group membership.

Group Policies are ways to normalize the behavior of controllable applications and procedures on the domain.

Group Policies are used to provide security as well as filter and manage content from the internet.

Answer

Correct Answer: Group Policies are ways to normalize the behavior of controllable applications and procedures on the domain.

Note: This Question is unanswered, help us to find answer for this one

70. To install a new Active Directory Domain Services (AD DS) Forest you need to be a:

A member of the Enterprise Admins group.

A member of the Domain Admins group.

A member of the Domain Network Services group.

A local administrator on the server.

Answer

Correct Answer: A local administrator on the server.

Note: This Question is unanswered, help us to find answer for this one

71. You need to remove a large number of user accounts in the Active Directory because of an acquisition. Which utility would you use?

RMDsob

CSVDE

LDIFDE

DSMoD

Answer

Correct Answer: LDIFDE

Note: This Question is unanswered, help us to find answer for this one

72. Default time interval of Group Policy in Domain Controllers

90 Mins

15 Mins

5 Mins

10 mins

Answer

Correct Answer: 5 Mins

Note: This Question is unanswered, help us to find answer for this one

73. Which of the following protocols is used for communications in Active Directory Domains and Trusts?

SMS

SMTP

FTP

UDP

Answer

Correct Answer: SMTP

Note: This Question is unanswered, help us to find answer for this one

74. For which of the following reasons would you NOT deploy a Read Only Domain Controller (RODC)?

The network connection to a remote office is tenuous.

Your remote office is in a high crime neighborhood.

Your remote office is complaining about login times.

Marketing tells you they want their own Domain Controller.

Answer

Correct Answer: Marketing tells you they want their own Domain Controller.

Note: This Question is unanswered, help us to find answer for this one

75. Which virus scanning software is known to cause problems when installed on an Active Directory domain controller?

Norton System Works.

VirusScan2000.

McAfee VirusScan 8.0.

AVG Virus Scan.

Answer

Correct Answer: McAfee VirusScan 8.0.

Note: This Question is unanswered, help us to find answer for this one

76. What policy would you implement to rid the system of LM hashes?

“Do Not Store Hash Value on Next Password Change”

“Do Not Store LAN Manager Hash Value on Next Password Change”

“Do Not Store LAN Hash Value on Next Password Change”

“Do Not Store LAN Manager Hash Value on Next Startup”

Answer

Correct Answer: “Do Not Store LAN Manager Hash Value on Next Password Change”

Note: This Question is unanswered, help us to find answer for this one

77. Why should default users be granted equal rights across the system?

Default users are granted varying degrees of rights. Equality in the varied degrees of granted rights reduces the occurrence of discontinuities that may allow security breaches.

Default users should never be granted rights on the system.

Granting rights equally means that there are no variations in rights granted.

Only administrators should be granted equal rights on the server.

Answer

Correct Answer: Default users are granted varying degrees of rights. Equality in the varied degrees of granted rights reduces the occurrence of discontinuities that may allow security breaches.

Note: This Question is unanswered, help us to find answer for this one

78. When Windows Server receives a file through replication, or prior to being replicated, where must it be stored?

In the staging area.

In the Windows area.

In the sandbox area.

In the replication area.

Answer

Correct Answer: In the staging area.

Note: This Question is unanswered, help us to find answer for this one

79. A Schema Partition in Active Directory is the:

Partition that contains all of the definitions of the objects that can be created in the Active Directory and there rules for creating and managing them.

Partition that contains all of the information in a Domain about users, groups and OUs.

Partition that contains all of the information that is used and collected by applications and utilities in the Active Directory such as DNS

Partition that contains all of the information about the structure of the entire forest including sites and trusts.

Answer

Correct Answer: Partition that contains all of the definitions of the objects that can be created in the Active Directory and there rules for creating and managing them.

Note: This Question is unanswered, help us to find answer for this one

80. You have need to check on a security property in the Systems folder in Active Directory Users and Groups but you are having a hard time finding it.

There is no Systems folder in the Active Directory Users and Groups manager

Right click on the Domain icon and choose Show Hidden Features.

Log out of the server and log back in as a Domain Administrator then reopen Active Directory Users and Groups

On the View menu check Advanced Features

Answer

Correct Answer: On the View menu check Advanced Features

Note: This Question is unanswered, help us to find answer for this one

81. What command line tool can you use to manage Domain Trusts?

dfsutil.exe

dcdiag.exe

replmon.exe

netdom.exe

Answer

Correct Answer: netdom.exe

Note: This Question is unanswered, help us to find answer for this one

82. What database engine is used to house the Active Directory?

T-SQL

MS SQL Server

rebase

JET database

Answer

Correct Answer: JET database

Note: This Question is unanswered, help us to find answer for this one

83. If you want to see a list of users from the command line or in a script you would use the ______ utility.

dsget.exe

adquery.exe

adfind.exe

dsadd.exe

Answer

Correct Answer: dsget.exe

Note: This Question is unanswered, help us to find answer for this one

84. Which of the following protocols are NOT needed for Replication?

RPC

SMB

IRC

SMTP

Answer

Correct Answer: IRC

Note: This Question is unanswered, help us to find answer for this one

85. If you needed to know the default number of days that a domain controller preserves knowledge of a deleted object, how would you find the answer?

Check the value of the systemLifetime attribute in the ForestTreeDomain object.

Check the value of the deletedLifetime attribute in the RecycleBinDomain object.

Check the value of the tombstoneLifetime attribute in the ForestRootDomain object.

Check the value of the treeherderLifetime attribute in the ShepardOfTheForestDomain object.

Answer

Correct Answer: Check the value of the tombstoneLifetime attribute in the ForestRootDomain object.

Note: This Question is unanswered, help us to find answer for this one

86. Should all system state components be backed up together?

Yes, though it is impossible to back them up together, they can be scheduled at similar times.

No.

No. They cannot be backed up.

Yes. It is impossible to back them up otherwise because their relationship is contingent upon each other.

Answer

Correct Answer: Yes. It is impossible to back them up otherwise because their relationship is contingent upon each other.

Note: This Question is unanswered, help us to find answer for this one

87. What is Active Directory's global catalog used for?

System-wide directory searching and facilitating domain client logons when universal groups are available.

Network-wide directory searching and facilitating domain client logons when universal groups are available.

Forest-wide directory searching and facilitating domain client logons when universal groups are available.

Global directory searching and facilitating domain client logons when universal groups are available.

Answer

Correct Answer: Forest-wide directory searching and facilitating domain client logons when universal groups are available.

Note: This Question is unanswered, help us to find answer for this one

88. What is unique about the tasks that operations masters perform?

No other domain controllers are permitted to perform them.

Any domain controllers are permitted to perform them.

They can operate any other system.

They are encrypted.

Answer

Correct Answer: No other domain controllers are permitted to perform them.

Note: This Question is unanswered, help us to find answer for this one

89. What happens if the global catalog is removed?

The domain controller immediately stops advertising in the system as a global hardware server.

The domain controller immediately stops advertising in trusts as a global realm server.

The domain controller immediately stops advertising in DNS as a global catalog server.

The domain controller immediately stops trusting in DNS as a global forest server.

Answer

Correct Answer: The domain controller immediately stops advertising in DNS as a global catalog server.

Note: This Question is unanswered, help us to find answer for this one

90. What is a NetBIOS name?

A legacy naming convention used to differentiate hardware and software resources.

A legacy naming convention used under Lan Manager.

The corresponding name of the first 4 dactyls in a MAC address.

A name used to differentiate performance characteristics of NICs.

Answer

Correct Answer: A legacy naming convention used under Lan Manager.

Note: This Question is unanswered, help us to find answer for this one

91. You are having difficulty with remote domain controllers not syncing. What tool would you use to investigate the problem?

Active Directory Domains and Trusts

Windows Remote Server Manager

DNS Manager

Active Directory Federated Services

Answer

Correct Answer: Active Directory Domains and Trusts

Note: This Question is unanswered, help us to find answer for this one

92. What is used to enable and optimize replication traffic?

The Knowledge Consistency Checker.

The Knowledge Network Checker.

The Knowledge Replication Checker.

The Knowledge Consistency Optimizer.

Answer

Correct Answer: The Knowledge Consistency Checker.

Note: This Question is unanswered, help us to find answer for this one

93. In the following list, which methods can NOT be used to manage Active Directory tasks?

Active Directory Web Interface

Command Line

Microsoft Management Console

Windows PowerShell

Answer

Correct Answer: Active Directory Web Interface

Note: This Question is unanswered, help us to find answer for this one

94. What does Windows Time Service use to manage time settings?

Network Time Protocol.

System Time Protocol.

Windows Time Protocol.

Greenwich Time Protocol.

Answer

Correct Answer: Network Time Protocol.

Note: This Question is unanswered, help us to find answer for this one

95. With the launch of Windows Server 2003, comes a tool to make trust configuration easier. What is it?

The Authentication Wizard.

The Configuration Wizard.

The Trust Tool.

The Trust Wizard.

Answer

Correct Answer: The Trust Wizard.

Note: This Question is unanswered, help us to find answer for this one

96. What is an alternative to disabling administrative and guest accounts on domains for security purposes?

Deleting them.

Encrypting them.

Moving them.

Renaming them.

Answer

Correct Answer: Renaming them.

Note: This Question is unanswered, help us to find answer for this one

97. How much maintenance does the Active Directory database require on a daily basis?

It has to be debugged and backed up hourly.

None besides backups during ordinary operations.

It has to be backed up hourly.

It has to be backed up daily.

Answer

Correct Answer: None besides backups during ordinary operations.

Note: This Question is unanswered, help us to find answer for this one

98. To protect the Active Directory schema, how should users be managed?

There is no schema in Active Directory.

No one has access to Active Directory's schema.

Users should only be added when changes to the schema need to be made.

All users have full access to Active Directory's schema.

Answer

Correct Answer: Users should only be added when changes to the schema need to be made.

Note: This Question is unanswered, help us to find answer for this one

99. What kind of trust is a parent-child trust?

Two-way trust.

Forest trust.

Four-way trust.

One-way trust.

Answer

Correct Answer: Two-way trust.

Note: This Question is unanswered, help us to find answer for this one

100. What group must you be a member of to configure the site link schedule?

The Enterprise Admins group in Active Directory.

The Realm Admins group in Active Directory.

The Network Admins group in Active Directory.

The Forest Admins group in Active Directory.

Answer

Correct Answer: The Enterprise Admins group in Active Directory.

Note: This Question is unanswered, help us to find answer for this one

101. You are deploying a new web based application that only company personnel will use to submit their hours when out of the office. What Active Directory Service would you deploy to enable login security.

Deploy an RDP server accessible via a URL on the internet that will allow users to login to a Window's session to access a secure browser.

Set up a nightly scheduled process that executes the Active Directory Users and Groups Directory Export Services (DE) to create a secure text file that is uploaded into the application's database.

Deploy Active Directory Federated Services (FS) via IIS to extend and integrate Windows Login within the application and make it available on the internet.

Deploy the replication feature in Active Directory Domains and Trusts that will allow the users PC to automatically exchange certificate tokens when opening the applications URL and securing the users login.

Answer

Correct Answer: Deploy Active Directory Federated Services (FS) via IIS to extend and integrate Windows Login within the application and make it available on the internet.

Note: This Question is unanswered, help us to find answer for this one

102. An Active Directory Forest comprised of Windows 2008 R2 domain controllers will need to incorporate a Windows 2003 R2 Domain controller. What version level will the Forest function?

It will function at the Windows 2003 R2 level.

It will function at the 2008 R2 level.

All domain objects created on the 2008 R2 domain controllers will function as 2008 R2 those from the incorporated 2003 R2 servers will continue to operate as 2003 objects.

It depends on the site the 2003 R2 domain controller is located.

Answer

Correct Answer: It will function at the Windows 2003 R2 level.

Note: This Question is unanswered, help us to find answer for this one

103. What security practice does not involve the configuration of software or hardware?

Domain security.

Network security.

Computer security.

Physical security.

Answer

Correct Answer: Physical security.

Note: This Question is unanswered, help us to find answer for this one

104. Your company and its partner want to share files on servers in both of their laboratories. What's the easiest way to make this happen?

Set up a Two Way External Trust via Active Directory Domains and Trusts, then setup security groups to share directories.

Set up a server on the internet and utilize Windows R-Sync to replicate data from the servers from each partners servers. Set up a Radius Server with user accounts then provide the users with VPN access to the data.

Create a group in your company's Active Directory Users and Groups, then create user accounts for the people who will need access to resources in your domain, restrict resources to that group. Have your partner do the same on their domain.

Utilize Active Directory Cloud Authentication Services (CA) to create user groups from both companies to access shared data.

Answer

Correct Answer: Set up a Two Way External Trust via Active Directory Domains and Trusts, then setup security groups to share directories.

Note: This Question is unanswered, help us to find answer for this one

105. What is KCC?

It is the Knowledge Consistency Checker used to generate the replication topology in Active Directory Domains and Trusts.

It is the Kerberos Consignment Client, which checks and passes Kerberos authentication packets between clients.

It is the Knowledge Capture Client, used by the Schema Manager in mapping and maintaining domain morphology.

It is the Key Collection Center, the database used in conjunction with Key Distribution Center for exchange Kerberos keys during authentication.

Answer

Correct Answer: It is the Knowledge Consistency Checker used to generate the replication topology in Active Directory Domains and Trusts.

Note: This Question is unanswered, help us to find answer for this one

106. You are trying to determine the name of a host but only have the IP Address, what command can you run to finds it's name?

ping (IP Address)

ping -a (IP Address)

tracert (IP Address)

ping -h (IP Address)

Answer

Correct Answer: ping -a (IP Address)

Note: This Question is unanswered, help us to find answer for this one

107. Why is documentation one of the most critical aspects of Active Directory security administration?

It is essential for performance audits.

It is essential for network administration.

It is essential for domain audits.

It is essential for security audits.

Answer

Correct Answer: It is essential for security audits.

Note: This Question is unanswered, help us to find answer for this one

108. What benefit is gained from using global or universal groups when specifying permissions on domain directory objects?

Access is allowed to all users.

Permissions are granted to fewer users.

Permissions are totally deleted.

Permissions are transparent across the system, leaving less opportunities for intrusion.

Answer

Correct Answer: Permissions are transparent across the system, leaving less opportunities for intrusion.

Note: This Question is unanswered, help us to find answer for this one

109. What is a DSRM password used for?

It is used to log onto a domain controller that has been rebooted into DSRM mode to delete its copy of Active Directory.

It is used to log into the system.

It is used to log onto a domain controller that has been rebooted into DSRM mode to take its copy of Active Directory off-line.

It is used to log into Active Directory in the case that DSRM needs to be taken off-line.

Answer

Correct Answer: It is used to log onto a domain controller that has been rebooted into DSRM mode to take its copy of Active Directory off-line.

Note: This Question is unanswered, help us to find answer for this one

110. Should you log in to your computer as an administrator to complete administrative tasks?

Yes.

No. Use “Run as” to complete them.

Yes, and stay logged in continually.

Yes. You should always log in as an administrator, but log out after you are finished.

Answer

Correct Answer: No. Use “Run as” to complete them.

Note: This Question is unanswered, help us to find answer for this one

111. If you need to change the default file size of the staging folder, where do you change the staging space limit registry entry?

HKEY_Local_Machine\NtFrs\Parameters

System\CurrentControlSet\Services\NtFrs\Parameters\HKEY_Local_Machine

HKEY_Local_Machine\System\CurrentControlSet\Services\NtFrs\Parameters

HKEY_Local_Machine\User\Share\Etc\NtFrs\Parameters

Answer

Correct Answer: HKEY_Local_Machine\System\CurrentControlSet\Services\NtFrs\Parameters

Note: This Question is unanswered, help us to find answer for this one

112. When you move the database file, where are registry entries that Ntdsutil.exe edits located?

MACHINE\SYSTEM\SET\Services\NTDS\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Utilities\NTDS\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\

\SYSTEM\CurrentControlSet\Services\NTDS\HKEY_LOCAL_MACHINE

Answer

Correct Answer: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\

Note: This Question is unanswered, help us to find answer for this one

113. Are the different types of trusts set automatically, or must they be set manually?

The trusts that need manual configuration are contingent upon how Active Directory is organized, and whether different versions of Windows coexist on the network.

All trusts are set automatically.

All trusts are set automatically, and they cannot be changed.

All trusts must be set manually.

Answer

Correct Answer: The trusts that need manual configuration are contingent upon how Active Directory is organized, and whether different versions of Windows coexist on the network.

Note: This Question is unanswered, help us to find answer for this one

114. Which of the following is NOT an Active Directory role?

Active Directory Network Object Services

Active Directory Federated Services

Active Directory Certificate Services

Active Directory Domain Services

Answer

Correct Answer: Active Directory Network Object Services

Note: This Question is unanswered, help us to find answer for this one

115. Which of the following is NOT a DNS Zone?

Stub Zone

Internal Lookup Zone

Primary Zone

Forward Lookup Zone

Answer

Correct Answer: Internal Lookup Zone

Note: This Question is unanswered, help us to find answer for this one

116. What version of Windows Server was the Read Only Domain Controller (RODC) introduced?

Windows 2012

Windows 2000

Windows 2003 R

Windows 2008

Answer

Correct Answer: Windows 2008

Note: This Question is unanswered, help us to find answer for this one

117. The Active Directory database is stored in the ______ directory.

%windir&\ntds

%windir%\etc

%windir%\sysvol

%windir%\inf

Answer

Correct Answer: %windir&\ntds

Note: This Question is unanswered, help us to find answer for this one

118. What best practice ensures that all trust relationships are preserved within a domain?

Performing annual backups.

Keeping the system running.

Rebuilding the system every year.

Performing regular backups.

Answer

Correct Answer: Performing regular backups.

Note: This Question is unanswered, help us to find answer for this one

119. Which one is NOT FSMO role?

Flexible Master

RID Master

Infrastructure Master

Schema Master

Answer

Correct Answer: Flexible Master

Note: This Question is unanswered, help us to find answer for this one

120. When is it necessary to manage domain and forest trusts?

When your organization needs to collaborate with users or resources in other domains, forest trusts, or realms.

When your organization needs to access other forest trusts only.

Only when your organization needs to access other domains.

Never. They are automatically managed.

Answer

Correct Answer: When your organization needs to collaborate with users or resources in other domains, forest trusts, or realms.

Note: This Question is unanswered, help us to find answer for this one

121. How are multiple sites connected for replication in Active Directory?

They are connected by Connection objects.

They are connected by Network objects.

They are connected by Link Bot objects.

They are connected by Site Link objects.

Answer

Correct Answer: They are connected by Site Link objects.

Note: This Question is unanswered, help us to find answer for this one

122. What is SYSVOL referring to in the context of Active Directory?

The Active Directory SYSVOL shared folder.

The Active Directory shared network.

The Active Directory SYSVOL system.

Answer

Correct Answer: The Active Directory SYSVOL shared folder.

Note: This Question is unanswered, help us to find answer for this one

123. One can change the Active Directory Path while creation of the Active Directory

Yes

Answer

Correct Answer: Yes

Note: This Question is unanswered, help us to find answer for this one

124. When creating a domain for the first time, what must be configured properly to easily join computers to your domain?

Default Domain Policy (GPO)

IIS

DNS Server and services

LDAP

DCHP Server

Answer

Correct Answer: DNS Server and services

Note: This Question is unanswered, help us to find answer for this one

125. Command to create / run Active Directory Services

tracert

dcpromo.exe

traceroute

Fixboot

ADSI

Answer

Correct Answer: dcpromo.exe

Note: This Question is unanswered, help us to find answer for this one

126. To add a new user via Windows PowerShell you would use the following cmdlet:

New-ADUser

New-Item

New-DSObj

Set-ADUser

Answer

Correct Answer: New-ADUser

Note: This Question is unanswered, help us to find answer for this one

127. A domain computer is no longer authenticating on the domain. How do you fix the problem?

From the computer, change the computer's login password in Local Security Manager, then reboot.

From the Active Directory Users and Groups Manager find the computer in the directory and delete it.

Rename the computer and reboot it.

From the computer, remove from the computer from the domain reboot, and rejoin it to the domain

Answer

Correct Answer: From the computer, remove from the computer from the domain reboot, and rejoin it to the domain

Note: This Question is unanswered, help us to find answer for this one

128. Which of the following are NOT a logical component of Active Directory?

Branch

Forest

Domain

Answer

Correct Answer: Branch

Note: This Question is unanswered, help us to find answer for this one

129. What command is used to check whether the policy is applied or not?

GPRESULT

GPMC

GPUPDATE

GPFIXUP

Answer

Correct Answer: GPRESULT

Note: This Question is unanswered, help us to find answer for this one

130. In relation to backup and restore procedures, what provides a default location for files that must be shared for common access throughout a domain?

VOLSYS

SYSVOL

HKEY

SYSKEY

Answer

Correct Answer: SYSVOL

Note: This Question is unanswered, help us to find answer for this one

131. You update a GPO and return to the users computer to see the results but they don't show up. What is the least disruptive way to see the results?

Run the command: gpupdate /force

Run the command: ipconfig /flushdns

Run the command: nbtstat /R

Perform a warm boot of the computer

Answer

Correct Answer: Run the command: gpupdate /force

Note: This Question is unanswered, help us to find answer for this one

132. What do Domain Controllers do?

Receive and relay domain commands

Assign IP addresses to domain computers

Control granular settings in a domain environment

Store the database, maintain the policies and provide the authentication of domain logons

Answer

Correct Answer: Store the database, maintain the policies and provide the authentication of domain logons

Note: This Question is unanswered, help us to find answer for this one

133. What is an OU?

Organizational Utility Services

Organizational Unit

Optional Upgrade

Operational Unit

Answer

Correct Answer: Organizational Unit

Note: This Question is unanswered, help us to find answer for this one

134. A user is complaining that they can't login to the domain because they have tried to login too many times with their password

Tell the user to turn off the computer and restart it, then log in.

In the Active Domain Domains andTrusts, find the users login server right click and choose Replicate Now, then ask the user to login

Ask the user to get someone else to login for them.

In the Active Directory Users and Computers, find and open the user object, choose the Account tab and unlock the account.

Answer

Correct Answer: In the Active Directory Users and Computers, find and open the user object, choose the Account tab and unlock the account.

Note: This Question is unanswered, help us to find answer for this one

135. What is LDAP?

Local Directory Application Programming Interface.

Lightweight Directory Access Protocol.

Logical Directory Access Protocol.

Local Domain Administration Protocol.

Answer

Correct Answer: Lightweight Directory Access Protocol.

Note: This Question is unanswered, help us to find answer for this one

136. How must drives containing database files, or log files, be formatted?

FAT32

ext2

FAT12

NTFS

Answer

Correct Answer: NTFS

Note: This Question is unanswered, help us to find answer for this one

137. What does it mean when a “trust” exists?

Two domains block each other so only users can access the computer.

Authentication is only allowed for administrators.

Authentication is allowed for all users.

The authentication coming from each domain trusts the authentications coming from the other domain.

Answer

Correct Answer: The authentication coming from each domain trusts the authentications coming from the other domain.

Note: This Question is unanswered, help us to find answer for this one

138. What two ways can trust relationships be defined?

Inside, or outside.

Open, or closed.

Four-way, or two-way.

One-way, or two-way.

Answer

Correct Answer: One-way, or two-way.

Note: This Question is unanswered, help us to find answer for this one

139. What two operations masters roles exist in each forest?

The operations master, and the domain controlling master.

The schema master, and the domain naming master.

The system master, and the user master.

The super master, and the user master.

Answer

Correct Answer: The schema master, and the domain naming master.

Note: This Question is unanswered, help us to find answer for this one

140. The ADSIEDIT tool is used to:

Edit DNS records of Active Directory members.

Remove inactive objects in the Active Directory.

Directly add, delete or modify components in the Active Directory.

Filter SID components in the DHCP registry.

Answer

Correct Answer: Directly add, delete or modify components in the Active Directory.

Note: This Question is unanswered, help us to find answer for this one

141. An Active Directory Forest is ___________________

a collection of different domains connected via two way trusts that don't share the same DNS name space, but share authentication and policy management.

a method for visualizing autonomous sites that are connected via high speed networks but independent of domain hierarchies.

the sum total of all the objects both physical and logical including their properties in an Active Directory domain and managed from a PDC.

the different databases and their interactions that comprise the Active Directory for the management of objects, domain security and policy.

Answer

Correct Answer: a collection of different domains connected via two way trusts that don't share the same DNS name space, but share authentication and policy management.

Note: This Question is unanswered, help us to find answer for this one

142. What tool is required to make any changes in Windows Time Service?

TIMEnt.exe

W32tm.exe

ntp.exe

T32v.exe

Answer

Correct Answer: W32tm.exe

Note: This Question is unanswered, help us to find answer for this one

Active Directory MCQs | Topic-wise

MCQ on Basic Active Directory

General Active Directory MCQs

Active Directory Subjects

More Resources

Active Directory MCQ

Active Directory Skill Assessment

Active Directory PDF

Related MCQs

Adobe ColdFusion MCQs

Ajax MCQs

Amazon Web Services (AWS) MCQs

Android MCQs

Android Game Development MCQs

Basic Active Directory MCQ

1. Your company's network has a single Active Directory domain. All servers run Windows Server 2003. You want to make an application available for all the users to install. You want to configure GPO for this. How will you complete this task?

2. Which of the following components are contained in the sysvol folder?

3. Which of the following partition information gets replicated during active directory replication?

7. Which of the following are FSMO roles?

8. Your company is running on Windows Server 2003 DNS server with slaves.You changed DNS file manually on DNS server.But slave still doesn't pick up any changes. What will you do to apply those changes to slave?

10. State whether true or false. A PDC Emulator is required for authentication purposes for Windows NT 4.0 clients.

11. Your company is planning to deploy Windows XP Professional on 200 computers. The network has one Windows Server 2003 domain controller (DC). You want the installation to be automated and centralized, and to be done only on authorized computers. What should you do?

12. How can an administrator predict the physical requirements for installing Windows Server 2003 Domain Controller ?

13. Which of the following roles is responsible for allowing schema changes to Active directory objects?

16. You are the network administrator of an Aerospace Company. Your company's policy clearly states renaming of Guest account on all computers in domain. What would you do if you do not have the time to edit each name manually on each computer but you need to do it immediately?

17. Which of the following commands provide maximum information related to capacity statistics such as megabytes per server and per object class, and information on how to compare two directory trees across replicas in the same domain?

18. After running authoritative restore command on crash Windows Server 2003 domain controller, how will it be checked if authoritative restore was successful by checking the version number increase in the directory?

20. You are the network administrator for a company called ExpertRating. Your network contains one Windows Server 2003 Domain Controller. One day, when you reboot your DC, you receive an error message "Cannot find NTOSKERNL.EXE". Which of the following actions will you employ?

21. State whether true or false. Once the forest functional level is raised to Windows Server 2003, one cannot add a Windows 2000 domain controller to the forest.

22. When running dcpromo command in Windows Server 2003, the administrator changed the NetBIOS name to production. But the real FQDN is sales.microsoft.com. After setup, what would be the FQDN?

23. Some applications are deployed that uses protocols that requires knowledge of the user's password for authentication purposes. Which policy can provide the best result in this scenario ?

24. The administrator is trying to reset the external trust. But clients are unable to access resources in the domain outside of the forest. Which of the following FSMO role must be available for this reset?

25. You are the network administrator of a Windows 2003 network having Windows XP clients.You want to secure your network by implementing a policy that supports encrypted TCP/IP communication. Which of the following is most secured?

26. Which of the following roles is responsible for the uniqueness of Active Directory objects in each domain?

27. Your company's domain consists of one OU named Sales. Sales OU consists of users from Sales Department. You need to assign one of the user of Sales OU named Paul, to create, add and modify user's objects only.They should not be able to change group's object properties.What should you do ?

28. State whether true or false. We can only seize a role if the domain controller that holds that role fails.

29. You are planning to deploy Windows XP professional to client computers using RIS. What should you do to find out the GUIDs of all client computers?

30. Suppose there are network connectivity problems between your HQ at Atlanta and Branch office in Atlanta which are causing packets to drop. How will you check where and what percentage of packets is dropped from the HQ?

32. You are the network administrator responsible for handling DNS server running on Windows server 2003. You receive a report that Windows Server 2003 CPU utilization rate is constantly exceeding 85 % of the CPU.How will you check if this problem arises only because of the DNS server?

34. When an administrator runs dcpromo command in Windows Server 2003 to install Domain, setup fails with the following message "Active Directory installation failed. The network location could not be reached." What may be the problem ?

35. You are the back-up operator in a company and responsible for system-state data backup which is residing at two Windows Server 2003 domain controllers. How should you automate the process for every day at 12:00 mid-night?

36. Which of the following is a recommended tool for populating Active Directory with data from other directory services?

41. Your company has three domains located at different locations: perl.com geneva.perl.com portland.perl.com All three domains are in the Native Mode. Your geneva.perl.com branch is going to shut down and you want to migrate all users in that domain to perl.com. How will you move the users?

48. You want to transfer the FSMO role. When you tried to transfer it, the transfer was unsuccessful. What will you do now?

51. Which of the following things can be done once the DNS Advanced option is enabled from DNS console View tab in Windows Server 2003?

52. Once DNS Advanced option is enabled from DNS console View tab in Windows Server 2003, which of the following things can be done ?

54. You are the network administrator for your company. One user account named Mike often needs to be moved between sales and marketing group. But the changes are not taking effect. Which of the following FSMO role may be responsible for that?

55. DNS SRV resource records map the name of a service to the name of a server offering that service.Which of the following SRV entry helps clients to find a Windows Server 2003 dom PDC FSMO role holder in a mixed-mode environment.

56. Which of the following commands can be used to promote the DC (Domain Controller) from a backup of the system state data of an existing DC (Domain Controller)?

57. You work as a Network Administrator for your company running on Windows 2000 Active Directory based network. One day you discover that the partition having Active Directory database is out of space. How will you move Active Directory database and log files to a new volume on a different disk?

58. Which are the other aspects that an administrator must consider for the network to run effectively after running metadata clean-up to delete the remains of a removed domain controller in Windows Server 2003?

60. Which of the following are ways of viewing RSoP reports?

61. You are the network administrator responsible for handling and troubleshooting the DNS server configured in Windows Server 2003. You figure out later on that the DNS server is consuming high CPU usage. Which of the following checks will you do to restrict DNS usage?

63. Which of the following commands are useful for troubleshooting Active Directory replication failure due to incorrect DNS configuration?

64. Range of Group Policy time interval?

65. How many levels of readiness are allocated for the global catalog?

66. How many roles are available in Windows Server 2008?

67. How many operations masters roles are allocated to each domain?

68. An application you are installing has a service that needs to run on a server where it will interact and modify other network services and components. How do you set it up?

69. What are Group Policies?

70. To install a new Active Directory Domain Services (AD DS) Forest you need to be a:

71. You need to remove a large number of user accounts in the Active Directory because of an acquisition. Which utility would you use?

72. Default time interval of Group Policy in Domain Controllers

73. Which of the following protocols is used for communications in Active Directory Domains and Trusts?

74. For which of the following reasons would you NOT deploy a Read Only Domain Controller (RODC)?

75. Which virus scanning software is known to cause problems when installed on an Active Directory domain controller?

76. What policy would you implement to rid the system of LM hashes?

77. Why should default users be granted equal rights across the system?

78. When Windows Server receives a file through replication, or prior to being replicated, where must it be stored?

79. A Schema Partition in Active Directory is the:

80. You have need to check on a security property in the Systems folder in Active Directory Users and Groups but you are having a hard time finding it.

81. What command line tool can you use to manage Domain Trusts?

82. What database engine is used to house the Active Directory?

83. If you want to see a list of users from the command line or in a script you would use the ______ utility.

84. Which of the following protocols are NOT needed for Replication?

85. If you needed to know the default number of days that a domain controller preserves knowledge of a deleted object, how would you find the answer?

86. Should all system state components be backed up together?

87. What is Active Directory's global catalog used for?

88. What is unique about the tasks that operations masters perform?

89. What happens if the global catalog is removed?

90. What is a NetBIOS name?

91. You are having difficulty with remote domain controllers not syncing. What tool would you use to investigate the problem?

92. What is used to enable and optimize replication traffic?

93. In the following list, which methods can NOT be used to manage Active Directory tasks?

94. What does Windows Time Service use to manage time settings?

95. With the launch of Windows Server 2003, comes a tool to make trust configuration easier. What is it?

96. What is an alternative to disabling administrative and guest accounts on domains for security purposes?

97. How much maintenance does the Active Directory database require on a daily basis?

98. To protect the Active Directory schema, how should users be managed?

99. What kind of trust is a parent-child trust?

100. What group must you be a member of to configure the site link schedule?

101. You are deploying a new web based application that only company personnel will use to submit their hours when out of the office. What Active Directory Service would you deploy to enable login security.

102. An Active Directory Forest comprised of Windows 2008 R2 domain controllers will need to incorporate a Windows 2003 R2 Domain controller. What version level will the Forest function?

103. What security practice does not involve the configuration of software or hardware?

2.
Which of the following components are contained in the sysvol folder?

3.
Which of the following partition information gets replicated during active directory replication?

7.
Which of the following are FSMO roles?

8.
Your company is running on Windows Server 2003 DNS server with slaves.You changed DNS file manually on DNS server.But slave still doesn't pick up any changes. What will you do to apply those changes to slave?

10.
State whether true or false.

A PDC Emulator is required for authentication purposes for Windows NT 4.0 clients.

11.
Your company is planning to deploy Windows XP Professional on 200 computers. The network has one Windows Server 2003 domain controller (DC). You want the installation to be automated and centralized, and to be done only on authorized computers. What should you do?

12.
How can an administrator predict the physical requirements for installing Windows Server 2003 Domain Controller ?

13.
Which of the following roles is responsible for allowing schema changes to Active directory objects?

16.
You are the network administrator of an Aerospace Company. Your company's policy clearly states renaming of Guest account on all computers in domain. What would you do if you do not have the time to edit each name manually on each computer but you need to do it immediately?

17.
Which of the following commands provide maximum information related to capacity statistics such as megabytes per server and per object class, and information on how to compare two directory trees across replicas in the same domain?

18.
After running authoritative restore command on crash Windows Server 2003 domain controller, how will it be checked if authoritative restore was successful by checking the version number increase in the directory?

20.
You are the network administrator for a company called ExpertRating. Your network contains one Windows Server 2003 Domain Controller. One day, when you reboot your DC, you receive an error message "Cannot find NTOSKERNL.EXE". Which of the following actions will you employ?

21.
State whether true or false.

Once the forest functional level is raised to Windows Server 2003, one cannot add a Windows 2000 domain controller to the forest.

22.
When running dcpromo command in Windows Server 2003, the administrator changed the NetBIOS name to production. But the real FQDN is sales.microsoft.com. After setup, what would be the FQDN?

23.
Some applications are deployed that uses protocols that requires knowledge of the user's password for authentication purposes. Which policy can provide the best result in this scenario ?

24.
The administrator is trying to reset the external trust. But clients are unable to access resources in the domain outside of the forest. Which of the following FSMO role must be available for this reset?

25.
You are the network administrator of a Windows 2003 network having Windows XP clients.You want to secure your network by implementing a policy that supports encrypted TCP/IP communication. Which of the following is most secured?

26.
Which of the following roles is responsible for the uniqueness of Active Directory objects in each domain?

27.
Your company's domain consists of one OU named Sales. Sales OU consists of users from Sales Department. You need to assign one of the user of Sales OU named Paul, to create, add and modify user's objects only.They should not be able to change group's object properties.What should you do ?

28.
State whether true or false.

We can only seize a role if the domain controller that holds that role fails.

29.
You are planning to deploy Windows XP professional to client computers using RIS. What should you do to find out the GUIDs of all client computers?

30.
Suppose there are network connectivity problems between your HQ at Atlanta and Branch office in Atlanta which are causing packets to drop. How will you check where and what percentage of packets is dropped from the HQ?

32.
You are the network administrator responsible for handling DNS server running on Windows server 2003. You receive a report that Windows Server 2003 CPU utilization rate is constantly exceeding 85 % of the CPU.How will you check if this problem arises only because of the DNS server?

34.
When an administrator runs dcpromo command in Windows Server 2003 to install Domain, setup fails with the following message "Active Directory installation failed. The network location could not be reached." What may be the problem ?

35.
You are the back-up operator in a company and responsible for system-state data backup which is residing at two Windows Server 2003 domain controllers. How should you automate the process for every day at 12:00 mid-night?

36.
Which of the following is a recommended tool for populating Active Directory with data from other directory services?

41.
Your company has three domains located at different locations:

perl.com

geneva.perl.com

portland.perl.com

All three domains are in the Native Mode. Your geneva.perl.com branch is going to shut down and you want to migrate all users in that domain to perl.com. How will you move the users?

48.
You want to transfer the FSMO role. When you tried to transfer it, the transfer was unsuccessful. What will you do now?

51.
Which of the following things can be done once the DNS Advanced option is enabled from DNS console View tab in Windows Server 2003?

52.
Once DNS Advanced option is enabled from DNS console View tab in Windows Server 2003, which of the following things can be done ?

54.
You are the network administrator for your company. One user account named Mike often needs to be moved between sales and marketing group. But the changes are not taking effect. Which of the following FSMO role may be responsible for that?

55.
DNS SRV resource records map the name of a service to the name of a server offering that service.Which of the following SRV entry helps clients to find a Windows Server 2003 dom PDC FSMO role holder in a mixed-mode environment.

56.
Which of the following commands can be used to promote the DC (Domain Controller) from a backup of the system state data of an existing DC (Domain Controller)?

57.
You work as a Network Administrator for your company running on Windows 2000 Active Directory based network. One day you discover that the partition having Active Directory database is out of space. How will you move Active Directory database and log files to a new volume on a different disk?

58.
Which are the other aspects that an administrator must consider for the network to run effectively after running metadata clean-up to delete the remains of a removed domain controller in Windows Server 2003?

60.
Which of the following are ways of viewing RSoP reports?

61.
You are the network administrator responsible for handling and troubleshooting the DNS server configured in Windows Server 2003. You figure out later on that the DNS server is consuming high CPU usage. Which of the following checks will you do to restrict DNS usage?

63.
Which of the following commands are useful for troubleshooting Active Directory replication failure due to incorrect DNS configuration?