NOS 2
Active Directory Knowledge Quiz
Challenge your understanding of Active Directory and its intricacies with our engaging quiz! This quiz encompasses key concepts, practices, and management techniques relevant to IT professionals.
- Test your knowledge on user accounts and permissions
- Learn about replication, trust relationships, and directory structures
- Enhance your skills while having fun!
Members of the backup operators group can log on locally to and shut down domain controlers
True
False
Explicit permissions never override inherited permissions
True
False
By default, user account names are case sensitive
True
False
The administrator account can be renamed or disabled but cannot be deleted
True
False
All computers assigned an address in a subnet require a router to communicate with one another
True
False
A schema can be changed by an admin or an application to best suit an organizations needs
True
False
A site link is needed to connect two or more sites for replication purposes
True
False
A dedicated forest root domain contains only the forestwide administrative accounts and domain controllers needed to run the forestwide operations master roles
True
False
The ability to force a user to be disconnected after logon hours expire is a group policy setting
True
False
User account names in AD need only be unique inside their container
True
False
Which of the following is not an advantage of running a dedicated forest root domain?
Security
Manageability
Flexibility
Reliability
Which directory partition contains all objects in a domain, including users, groups, computers, OUs, and other objects?
Global catalog partition
Domain directory partition
Application directory partition
Configuration partition
Match a term below to the following description: The process for replicating AD objects in which changes to the database can occur on any domain controller and are propagated or replicated to all other domain controllers
Multimaster replication
Intersite replication
Intrasite replication
Database replication
Which command line tool displays an objects properties onscreen by default, but can redirect output to a file?
DSADD
DSGET
DSMOD
DSMOVE
Which operations master role is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?
Schema master
Infrastructure master
Domain naming master
RID master
What is the name of the default site link that is created when active directory is first installed
SITELINKIPDEFAULT
DEFAULTIPSITELINK
SITELINKDEFAULTIP
SITELINKDEFAULT
A _____ is a one-way or two-way nontransitive trust between two domains that aren't in the same forest
External
Shortcut
Forest
Trust
18. Which command line tool finds and displays objects in Active Directory that meet specified criteria?
SGET
DSADD
DSQUERY
DSRM
19. Which of the following answers is not a task that can be delegated
Create, delete, and manage user accounts
Reset user passwords and force passwords change at next logon
Read all user info
Create, delete, and manage built-in user accounts
Which of the following is not a benefit of using roaming profiles?
Consistent environment
Easy management
Easy backup of profile settings
Bandwidth usage
21. Each entry in the Discretionary access control list is referred to as an ACE. What does ACE stand for?
Acceptable Control Extension
Access Control Extension
Access Control Entry
Applied Control Entry
You have received a call from an employee about permissions on a shared folder, having found he can no longer access the resource. After checking the folder, you find that the group the employee is in is part of the resource's DACL, but seems to have no effect on the group's permissions. The group's permission entry is the only entry in the DACL. What is wrong?
The shared resource no longer exists
The group has been converted from a security group to a distribution group
The group has been added to "Deny access to shares resources" policy on the distro group
The group has been converted from a distribution group to a security group
What is microsofts best practices recommendation for the structure of a group scope nesting?
AGDLP
ADLGP
AGPDL
ADLPG
The Lightweight Directory Access Protocol is based on which of the following technologies?
X.509
X.500
X.405
X.900
What directory partition contains information needed to define Active Directory objects and object attributes for all domains in the forest
Schema directory partition
Application directory partition
Global Catalog partition
Configuration partition
If the Unlock Account checkbox is selected under a user account's Properties dialog box, what does this mean?
The user was disabled by administrator
The user has locked their screensaver password
The user has too many failed logon attempts and is locked out
The account's properties have been locked to prevent modification
This command line tool modifies existing AD objects
DSGET
DSMOVE
DSRM
DSMOD
To verify who has been delegated control of an OU, you must ____?
Use the dsview /delegated command
Be the owner of the OU
View the OUs permissions
Be on the original domain controller where permission was delegated
Where are local groups stored?
On a domain controller
On the local computer, under C:\Documents and Settings
On stand-alone servers only
In the local SAM database
A process called _ runs on every domain controller to determine the replication topology which defines the domain controller path that Active Directory changes flow through.
Replication
Knowledge consistency checker
AD route
Trust relationship
In order to ensure no one uses public computer terminals after 5 pm, you've set the log on hours for the guest user accounts to deny log on after 5. However, you've noticed that users are still using the terminals after 5 pm, while other users are denied the ability to log in. Why are some users denied to log on, while other users are still using the terminals?
Logon hours can only be set on stand-alone computers
The users were logged on prior to 5pm
You highlighted 8 am to 5 pm, but selected "Logon denied"
The machines the other users are on have pending update installs that are preventing the log off sequence from taking place
Select a character that CAN be used in a user account name
!
@
:
?
Employees in your office have recently been changing desktop wallpapers against company policy. You want to be able to lock down this ability, while preventing other profile changes as well. What is your best option?
You could add the offending users to the "User is unable to modify profile settings" group policy
Disable access to control panel
Set up a virtual environment on each computer so that users can change whatever they want, without affecting the host
Set up a mandatory profile
Which of the following statements about operations master roles is correct
By default, the Infrastructure master is chosen randomly per domain
There can be multiple schema masters per domain
The RID Master is responsible for providing backward compatibility with NT domain controllers
There is only one domain naming master per forest, which must be available whenever domains are added, deleted, or renamed.
A seasoned intern, Sally, has been given a new assignment. She must be able to log on locally to DCs, manage some services, manage shared resources, back up and restore files, shutdown DCs, format hard drives, and change the system time. In order to give her only the rights and permissions necessary to complete these tasks, what domain local group will you add her to?
Backup operators
Admins
Server operators
Network config operators
A discretionary access control list (DACL) ________.
Defines the settings for auditing access to an object
Only applies to users accessing resources from a dialup connection
Is a list of security principals, with each having a set ofpermissions that define access to the object
Can only be edited by the object owner
The group "TestGroup" has been added to an objects DACL and assigned the Allow Full control permission. TestUserA is a member of TestGroup, which has been assigned Deny Write permission for the object. What is TestUserA's effective permissions?
TestUserA has no permissions to the object because he has been denied write access.
TestUserA can do anything that Full Control would allow him to do, except write to the object.
TestUserA is part of TestGroup, therefore TestUserA has Full Control permissions regardless of the Deny Write permission
This can't happen because conflicting permissions are not allowed in an object's DACL.
Which operations master role is responsible for providing backwards compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers?
PDC emulator master
RID master
Domain naming master
Scheming master
Where are user profiles stored by default in windows server 2008?
%SYSTEMDRIVE%\Users
%SYSTEMDRIVE%\Documents and Settings
%SYSTEMDRIVE%\LocalUsers
%SYSTEMPARTITION%\LocalUsers
Which of the below utilities uses comma-separated values to bulk or export AD data?
CVSDE
LDAP
CSVDE
LDFIDE
A ____ is configured manually between domains to bypass the normal referral process
Shortcut trust
Transitive trust
Forest trust
One-way trust
What is a super mandatory profile?
A profile that requires a user's mandatory profile be available, or they will not be able to log on
A profile that has no access to control panel
A profile that has Ntuser.dat renamed to Ntuser.sman
A profile that does not allow changes to be made even on a temporary basis
Which of the following is not a valid directory partition type?
Domain directory partition
Schema directory partition
Extended directory partition
Global catalog partition
How do you change a profile into a mandatory profile?
Delete Ntuser.dat from the profile
Rename Ntuser.dat to Muser.
Rename Ntuser.dat to Ntuser.man
Delete the AppData folder inside the profile
By default a user's profile is created...
When the user is created
When the user first logs on
After the user first logs off
After the user creates their profile folder
Inherited permissions can't be changed or removed without
Using the "Inherited Permissions Modify" tool
Having to recreate the object entirely
Knowing the object's password
Disabling permission inheritance first
Which group matches the following description: This universal group is found only on DCs in the forest root domain. Members have full control over fore twide operations. This group is a member of the Administrators group on all DCs
Enterprise admins
Domain admins
Dns admins
Domain users
Which command line tool removes, or deletes objects from AD?
DSADD
DSGET
DSMOD
DSRM
Which of the following is not a valid operation master role?
Schema master
Infrastructure master
User management master
RID master
At about what interval does a computer change its computer account password?
30 mins
30 hours
30 days
30 weeks
Which statement is false?
Domain local groups can have universal groups from any domain in the forest as members
Universal groups can have universal groups from any domain in the forest as members
Global groups can be members of any global group in the forest
Domain local groups can be members of local groups on domain member computers
The user "TestUserA" has been added to an objects DACL and assigned the Allow Full control permission. However, "TestUserA" has inherited the Deny Full Control permission for the object from its parent container. What is "TestUserA"'s effective permissions?
TestUserA has Full Control permissions
TestUserA has no permissions due to Deny Full Control
TestUserA is given default permissions for the object because Full Control and Deny Full Control cancel each other out
This can't be done because conflicting permissions are not allowed in an object's DACL
{"name":"NOS 2", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Challenge your understanding of Active Directory and its intricacies with our engaging quiz! This quiz encompasses key concepts, practices, and management techniques relevant to IT professionals.Test your knowledge on user accounts and permissionsLearn about replication, trust relationships, and directory structuresEnhance your skills while having fun!","img":"https:/images/course5.png"}