Question 1

Which of the following answers is not a task that can be delegated&#10;A)Create,delete,and manage user accounts&#10;B)Reset user passwords and force password change at next logon&#10;C)Read all user information&#10;D)Create,delete,and manage built-in user accounts

Accepted Answer

Creating, deleting, and managing built-in user accounts typically require elevated privileges and are not tasks that should be delegated due to security risks. Built-in accounts have predefined roles and permissions that are critical to the security and proper functioning of the system.

Question 2

Match a term below to the following description
The process for replicating Active Directory objects in which changes to the database can occur on any domain controller and are propagated,or replicated,to all other domain controllers.

A)Multimaster replication
B)Intersite replication
C)Intrasite replication
D)Database replication

A

Accepted Answer

Multimaster replication is the process where changes to the Active Directory database can occur on any domain controller and are replicated to all other domain controllers. This is different from master/slave replication where only one server has the authority to make changes. Intrasite and intersite replication refer to different methods of replicating AD objects but do not specify whether it is multimaster or not. Database replication is a general term that could refer to any type of replication, not necessarily specific to Active Directory.

Question 3

Which of the following is not a valid directory partition type?&#10;A)Domain directory partition&#10;B)Schema directory partition&#10;C)Extended directory partition&#10;D)Global catalog partition

Accepted Answer

Domain directory partition, Schema directory partition, and Global catalog partition are all valid types of directory partitions in active directory. However, extended directory partition is not a valid type of directory partition.

Question 4

All computers assigned an address in a subnet require a router to communicate with one another.

Accepted Answer

Computers within the same subnet can communicate directly with each other using switches or direct connections without requiring a router, as routers are primarily used for connecting different subnets.

Question 5

A Discretionary access control list (DACL)____.&#10;A)defines the settings for auditing access to an object&#10;B)only applies to users accessing resources from a dialup connection&#10;C)is a list of security principals,with each having a set of permissions that define access to the object&#10;D)can only be edited by the object owner

Accepted Answer

A DACL is a list of security principals, with each having a set of permissions that define access to the object. It is not related to auditing, dialup connections, or being editable only by the object owner.

Question 6

The Lightweight Directory Access Protocol is based on which of the following technologies?&#10;A)X.509&#10;B)X.500&#10;C)X.405&#10;D)X.900

Accepted Answer

The Lightweight Directory Access Protocol, or LDAP, is based on X.500, a standard protocol for directory services. While X.500 is a robust protocol, it is designed for use in large organizations and can be cumbersome for smaller networks. LDAP was developed as a lightweight version of X.500, suitable for use in smaller, more distributed networks.

Question 7

To verify who has been delegated control of an OU,you must ____.&#10;A)use the dsview /delegated command&#10;B)be the owner of the OU&#10;C)view the OU's permissions&#10;D)be on the original domain controller where permission was delegated

Accepted Answer

To verify who has been delegated control of an OU, you need to view the OU's permissions. This will show you which users or groups have been granted access to the OU and what level of control they have been given. The other options are not relevant to verifying delegation of control for an OU.

Question 8

Which directory partition contains all objects in a domain,including users,groups,computers,OUs,and other objects?&#10;A)Global Catalog partition&#10;B)Domain directory partition&#10;C)Application directory partition&#10;D)Configuration partition

Accepted Answer

The domain directory partition is the one that contains all objects in a domain, including users, groups, computers, OUs, and other objects. The global catalog partition contains a subset of attributes for all objects in the forest, while the application directory partition holds application-specific data. The configuration partition holds settings for the entire forest.

Question 9

Explicit permissions never override inherited permissions.

Accepted Answer

Explicit permissions take precedence over inherited permissions. When you directly assign permissions to a file or folder, these permissions override any permissions the file or folder might inherit from its parent folder.

Question 10

Which operations master role is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?&#10;A)Schema master&#10;B)Infrastructure master&#10;C)Domain naming master&#10;D)RID master

Accepted Answer

The Infrastructure Master role is responsible for updating references from objects in its domain to objects in other domains. This includes ensuring that changes to object names and other attributes are properly reflected across domains.

Question 11

Which of the following statements about operations master roles is correct?&#10;A)By default,the Infrastructure master is chosen randomly per domain&#10;B)There can be multiple schema masters per domain&#10;C)The RID Master is responsible for providing backward compatibility with NT domain controllers&#10;D)There is only one domain naming master per forest,which must be available whenever domains are added,deleted,or renamed.

Accepted Answer

The answer of Which of the following statements about operations...

Question 12

What directory partition contains information needed to define Active Directory objects and object attributes for all domains in the forest?&#10;A)Schema directory partition&#10;B)Global Catalog partition&#10;C)Application directory partition&#10;D)Configuration partition

Accepted Answer

The answer of What directory partition contains information needed to...

Question 13

A schema can be changed by an administrator or an application to best suit an organization's needs.

Accepted Answer

The answer of A schema can be changed by an...

Question 14

A dedicated forest root domain contains only the forestwide administrative accounts and domain controllers needed to run the forestwide operations master roles.No additional OUs or server roles are installed.

Accepted Answer

The answer of A dedicated forest root domain contains only...

Question 15

The user &#34;TestUserA&#34; has been added to an objects DACL and assigned the Allow Full control permission.However,&#34;TestUserA&#34; has inherited the Deny Full Control permission for the object from its parent container.What is &#34;TestUserA&#34;'s effective permissions?&#10;A)TestUserA has Full Control permissions&#10;B)TestUserA has no permissions due to Deny Full Control&#10;C)TestUserA is given default permissions for the object because Full Control and Deny Full Control cancel each other out&#10;D)This can't be done because conflicting permissions are not allowed in an object's DACL

Accepted Answer

The answer of The user &#34;TestUserA&#34; has been added to...

Question 16

Inherited permissions can't be changed or removed without ____.&#10;A)using the &#34;Inherited Permissions Modify&#34; tool&#10;B)having to recreate the object entirely&#10;C)knowing the object's password&#10;D)disabling permission inheritance first

Accepted Answer

The answer of Inherited permissions can't be changed or removed...

Question 17

The group &#34;TestGroup&#34; has been added to an objects DACL and assigned the Allow Full control permission.&#34;TestUserA&#34; is a member of &#34;TestGroup&#34;,which has been assigned Deny Write permission for the object.What is &#34;TestUserA&#34;'s effective permissions?&#10;A)TestUserA has no permissions to the object because he has been denied write access.&#10;B)TestUserA can do anything that Full Control would allow him to do,except write to the object.&#10;C)TestUserA is part of TestGroup,therefore TestUserA has Full Control permissions regardless of the Deny Write permission.&#10;D)This can't happen because conflicting permissions are not allowed in an object's DACL.

Accepted Answer

The answer of The group &#34;TestGroup&#34; has been added to...

Question 18

Which operations master role is responsible for providing backwards compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers?&#10;A)PDC emulator master&#10;B)RID master&#10;C)Domain naming master&#10;D)Schema master

Accepted Answer

The answer of Which operations master role is responsible for...

Question 19

A site link is needed to connect two or more sites for replication purposes.

Accepted Answer

The answer of A site link is needed to connect...

Question 20

Which of the following is not a valid operations master role?&#10;A)Schema master&#10;B)Infrastructure master&#10;C)User management master&#10;D)RID master

Accepted Answer

The answer of Which of the following is not a...

Question 21

MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security principals&#10;d.One-way trust&#10;i.user principal name (UPN)&#10;e.LDAP&#10;An Active Directory object that can be assigned permissions or rights to Active Directory objects and network resources

Accepted Answer

The answer of MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security...

Question 22

A user principal name (UPN)follows the format ____________________.

Accepted Answer

The answer of A user principal name (UPN)follows the format...

Question 23

MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security principals&#10;d.One-way trust&#10;i.user principal name (UPN)&#10;e.LDAP&#10;A domain controller with sole responsibility for certain domain or forestwide functions

Accepted Answer

The answer of MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security...

Question 24

MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security principals&#10;d.One-way trust&#10;i.user principal name (UPN)&#10;e.LDAP&#10;The part of the SID that's unique for each Active Directory object

Accepted Answer

The answer of MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security...

Question 25

MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security principals&#10;d.One-way trust&#10;i.user principal name (UPN)&#10;e.LDAP&#10;A trust relationship in which one domain trusts another,but the reverse is not true

Accepted Answer

The answer of MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security...

Question 26

MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security principals&#10;d.One-way trust&#10;i.user principal name (UPN)&#10;e.LDAP&#10;The first domain created in a new forest

Accepted Answer

The answer of MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security...

Question 27

MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security principals&#10;d.One-way trust&#10;i.user principal name (UPN)&#10;e.LDAP&#10;Active Directory replication between domain controllers in the same site

Accepted Answer

The answer of MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security...

Question 28

MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security principals&#10;d.One-way trust&#10;i.user principal name (UPN)&#10;e.LDAP&#10;A protocol that runs over TCP/IP and is designed to facilitate access to directory services and directory objects

Accepted Answer

The answer of MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security...

Question 29

MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security principals&#10;d.One-way trust&#10;i.user principal name (UPN)&#10;e.LDAP&#10;A section of an Active Directory database stored on a domain controller's hard drive

Accepted Answer

The answer of MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security...

Question 30

The _________________________ is a directory partition and contains the most commonly accessed object attributes to facilitate object searches and user logons across domains.

Accepted Answer

The answer of The _________________________ is a directory partition and...

Question 31

MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security principals&#10;d.One-way trust&#10;i.user principal name (UPN)&#10;e.LDAP&#10;A user logon name that follows the format username@domain

Accepted Answer

The answer of MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security...

Question 32

Which of the following is not an advantage of running a dedicated forest root domain?&#10;A)security&#10;B)manageability&#10;C)flexibility&#10;D)reliability

Accepted Answer

The answer of Which of the following is not an...

Question 33

Lightweight Directory Access Protocol (LDAP)was created by the ______________________________.

Accepted Answer

The answer of Lightweight Directory Access Protocol (LDAP)was created by...

Question 34

A process called ____ runs on every domain controller to determine the replication topology which defines the domain controller path that Active Directory changes flow through.&#10;A)Replication&#10;B)AD Route&#10;C)Knowledge Consistency Checker (KCC)&#10;D)trust relationship

Accepted Answer

The answer of A process called ____ runs on every...

Question 35

What is the name of the default site link that is created when Active Directory is first installed?&#10;A)SITELINKIPDEFAULT&#10;B)DEFAULTIPSITELINK&#10;C)SITELINKDEFAULTIP&#10;D)SITELINKDEFAULT

Accepted Answer

The answer of What is the name of the default...

Question 36

A(n)____ is a one-way or two-way nontransitive trust between two domains that aren't in the same forest&#10;A)External trust&#10;B)Shortcut trust&#10;C)Forest Trust&#10;D)Outsite trust

Accepted Answer

The answer of A(n)____ is a one-way or two-way nontransitive...

Question 37

Each entry in the Discretionary access control list is referred to as an ACE.What does ACE stand for?&#10;A)Acceptable Control Extension&#10;B)Access Control Extension&#10;C)Access Control Entry&#10;D)Applied Control Entry

Accepted Answer

The answer of Each entry in the Discretionary access control...

Question 38

A ____ is configured manually between domains to bypass the normal referral process.&#10;A)Shortcut trust&#10;B)transitive trust&#10;C)Forest trust&#10;D)one-way trust

Accepted Answer

The answer of A ____ is configured manually between domains...

Question 39

______________________________ defines the settings for auditing access to an object.

Accepted Answer

The answer of ______________________________ defines the settings for auditing access...

Question 40

_________________________ defines how permissions are transmitted from a parent object to a child object.

Accepted Answer

The answer of _________________________ defines how permissions are transmitted from...

Question 41

What is the name of the default site link created when Active Directory is installed?

Accepted Answer

The answer of What is the name of the default...

Question 42

What term best fits this description:&#10;A trust in which both domains in the relationship trust each other,so users from both domains can access resources in the other domain.

Accepted Answer

The answer of What term best fits this description:&#10;A trust...

Question 43

What service most commonly makes use of an application directory partition for it's database?

Accepted Answer

The answer of What service most commonly makes use of...

Question 44

What term best fits this description:&#10;Specialized domain controller tasks that handle operations that can affect the entire domain or forest.

Accepted Answer

The answer of What term best fits this description:&#10;Specialized domain...

Question 45

What MMC do you use to create OUs?

Accepted Answer

The answer of What MMC do you use to create...

Question 46

MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security principals&#10;d.One-way trust&#10;i.user principal name (UPN)&#10;e.LDAP&#10;What can you do to integrate user authentication between Linux and Active Directory?

Accepted Answer

The answer of MATCHING&#10;a.Forest root domain&#10;f.Operations master&#10;b.directory partition&#10;g.relative identifier&#10;c.intrasite replication&#10;h.security...

Question 47

What can you do to reduce the delay caused by authentication referral?

Accepted Answer

The answer of What can you do to reduce the...

Question 48

What MMC is used to create sites?

Accepted Answer

The answer of What MMC is used to create sites?...

Question 49

What term best fits this description:&#10;An open-standard security protocol used to secure authentication and identification between parties in a network

Accepted Answer

The answer of What term best fits this description:&#10;An open-standard...

Question 50

What does ISTG stand for?

Accepted Answer

The answer of What does ISTG stand for?...

Deck 4: Active Directory Design and Security Concepts