MOC 3.0
Master Your Active Directory Knowledge
Test your understanding of Active Directory and its components with our comprehensive quiz. Designed for IT professionals and students alike, this quiz covers a wide range of topics related to Active Directory Domain Services (ADDS), Group Policies, and Certificate Authorities.
Features of this quiz include:
- 101 carefully crafted questions
- Multiple choice, checkboxes, and text input formats
- Immediate feedback on your answers
1. To implement an ADRMS cluster, which components are necessary? Select 2 from the list
Office
A service account
A database
AD FS
A Secure Sockets Layer (SSL) certificate
2. What are the two types of files used to store in Administrative templates? Select 2 from the list.
.XML files
.ADM files
.ACL files
.ADMX files
3. SELECT one registry based policy from the list.
A. Starter Group Policy
B. Local group policy
C. Administrative template
4. What are the ADDS partitions? Select 2 from the list
A) Views
B) synonyms
C) Schema
D) Forest
E) Configuration
F) Domain
5. What is the primary container object for organizing and managing resources in a domain? Select one answer from the list.
Groups
Computer accounts
OUs
Security Principals
6. What is the minimum domain functional level in which you should deploy a windows server 2016 ADDS domain controller. Select one answer from the list
A. Windows server 2003
B. Windows server 2008
C. Windows server 2008 R2
D. Windows server 2012 R2
E. Windows server 2016
7. Replication important to the global catalog, it contains (select one answer)
A. It contains all configuration data
B. It contains all schema data
C. It contains copies of all AD objects
8. ADDS partition that stores non domain information is (select one answer)
A. Domain partition
B. Schema partition
C. Application partition
D. Configuration partition
9. SYSVOL contains (select one answer)
A. Group policy templates
B. User object templates
C. Organisation unit templates
10. In what order GPO’s are processed in the client. Select one answer
A. Site, local, domain, Child OU, OU
B. Local ,Site, Domain, OU, child OU
C. Domain , local, Site, Child OU, OU
D. OU, local, domain, Child OU, Site
11. Server that stores a copy of the AD DS directory database (Ntds.dit) and a copy of the SYSVOL folder is
A. Domain
B. Domain Controller
C. Child domain
D. Root Domain
12. What are the 2 major divisions of policy settings? select 2 answer
A. Registry configuration
B. Profile configuration
C. Computer Configuration
D. Control panel configuration
E. User Configuration
13. Administrative templates modify registry keys. Select the 2 hives in the registry.
O HKEY_CURRENT_CONFIG
O HKEY_LOCAL_MACHINE
O HKEY_USERS\.DEFAULT
O HKEY_CURRENT_USER
14. What are scripting language used in group policy scripts? Select 2 from the list
A. Pearl script
B. VB script
C. PHP
D. Jscript
15. From the list select the Multifactor biometric method authentication. select 2 answer
A. Finger print
B. Digital signature
C. Voice recognition
D. User id and password
16. Account lockdown durations are calculated in (select one answer)
Days
Seconds
Hours
Minutes
17. Select 2 correct answer about a CA
A. CA is computer in ADCS server role installed
B. CA is a user or administrator in ADCS
C. CA can sign and revoke certificates
D. CA is a router in ADCS
18. Root CA certificates are issued by another CA.
True
False
19. Users sign in once with one account to access domain-joined devices is called as (select one answer)
A. Active directory domain services
B. Azure sign on
C. Single sign-on to application
20. Fine-Grained policies to specify multiple password policies within a single domain.
True
False
21. Certificate is a ___________________
File
Schema
Database
22. UPN name is one of the following. Select one answer
A. User policy name
B. User profile name
C. User principal name
23. What is the information that is not contained in physical certificate when you compare with a digital certificate
24. ADRMS configuration information are stored either in SQL server or __________________
Oracle
DB2
MYSQL
WID Windows internal database
- Using ADRMS, You can control file actions such as, fill in the missing 2 actions.
- ____________
- ____________
- Forward
26. Every user object has a unique SID.
True
False
28. Which domain is the base of an ADDS infrastructure. Select one answer
A. Child domain
B. Forest root domain
C. Tree domain
29. Select the replication technique for newer domain which uses windows server 2008 and later. Select one answer
FRS
FAT32
DFS
NTFS
30. Subnet object is one of the following. Select one answer
A. Maps IP address to names to resolve
B. Maps names to IP addresses to resolve
C. Maps network addresses that map computers to ADDS sites
31. Folder redirection is one of the following. Select one answer
A. Redirect the network location to a local path
B. Redirect the users to other users folder
C. Redirect the path of local folders to a network location
32. Group policies are refreshed and applied immediately to users and computers.
True
False
33. When you revoke a certificate, where is the thumbprint of the certificate published?
Option 1: CRL distribution point (CDP)
Option 2: Authority information access (AIA)
Option 3: Certificate revocation list (CRL)
Option 4: AD DS
Option 5: The Online Responder service
34. .admx files are language neutral.
True
False
35. Creating a folder SYSVOL to store .admx files is called as (select one answer)
A. External Drive
B. Central store
C. Shared folder
36. What is the Default maximum password age? Select one answer
32
44
42
46
37. Select one correct answer about Subordinate CA from the list of options. Select one answer
A. Is the most trusted type of CA hierarchy
B. Has a self- signed certificate
C. There could be 1 or many in a certificate hierarchy
D. Mandatory in a CA hierarchy
38. Select the tool to Manage certificates. Select all the correct answers
A. PKI view
B. CertUtil
C. Online responder
D. All the above
39. What is VSC in security and identification? Select one answer from the list
A. Volume shadow copy
B. Virtual shared Computer
C. Virtual smart card
D. Visual studio computer
40. What is Managed service account. Select one answer from the list
A. User must change his password to gain access to a service
B. Can provide a program with its own unique account
C. MSA defines a contract between IT vendor and a client
41. Match the following | |||
---|---|---|---|
1.Transitive trust | 2.Leaf object | 3. SCOM | |
A. Standalone object | |||
B. Tool for Managing & monitoring replication | |||
C. A trust that can extend beyond 2 domains |
42. What are the 2 group policies automatically created when you create a domain
A. Forest Based group policy
B. Domain based group policy
C. Domain tree based group policy
D. Child domain based group policy
E. Domain controller group policy
43. When you install ADDS, a default site named Default First-site-Name is created.
True
False
44. Configuration management is
A. Are used by system objects as the default location for new objects
B. Is the user account that is authenticated to the domain controller
C. A centralised approach to applying one or more changes to more than one computer or user
D. Is a role performed only on specific computer in a domain controller
45. Your company has purchased another company that also uses Windows Server 2012 R2 and Active Directory. Both companies need to be able to access each other's forest resources. How can you achieve this goal with the least administrative effort?
A) Share the global catalog for both companies
B) Create a two-way forest trust
C) Configure an external trust
D) Configure selective authentication
46. Which of the following is true about the domain functional level?
A. All DCs and member servers must be running the Windows version that supports the functional level
B. You must raise the functional level on all DCs
C. You can have different domain functional levels within the forest
D. The domain and forest functional level must be the same
47. Match the following to the appropriate descriptions: | ||||
---|---|---|---|---|
What is an AD DS forest? | What is an AD DS domain? | What is an AD DS domain tree? | What are trust relationships? | |
A. It is a logical grouping of user, computer, and group objects for the purpose of management and security. | ||||
B. It is a authentication Realm Trusts. | ||||
C. It is a collection of one or more AD DS trees. | ||||
D. Are authentication pipelines between different domains. | ||||
E. Is a collection of one or more AD DS domains that form a contiguous namespace. |
48. What is the purpose of a bridgehead server?
A) The bridgehead server is responsible for only some replication into and out of the site.
B) you can use bridgehead servers to manage internal replication
C) The bridgehead server is responsible for all replication into and out of the site. Instead of replicating all domain controllers from one site with all domain controllers in another site
D) You can use bridgehead servers to manage intersite replication as long as all the servers are set to be a bridgehead server.
49. What is an advantage of reducing the intersite replication interval?
A) Reducing the intersite replication interval decreases convergence
B) Reducing the intersite replication interval allows Group policy to converge quicker.
C) Reducing the intersite replication interval improves convergence
D) Reducing the intersite replication interval allows new users to log on faster.
50. Certificate auto enrolment is an option only on enterprise CAs.
True
False
51. What are not reasons that an organization would utilize PKI for? (Choose 2)
a) Improve security
b) Identity control
c) Account control
d) Digital signing of code
e) Group control
52. Your company is currently acquiring another company. Both companies run their own PKI. What Hierarchy could you create to minimize disruption and continue to provide PKI services seamlessly?
53. Which of the following is a type of AD RMS exclusion policy? (Choose 2)
A) User Exclusion
B) Machine Exclusion
C) Lockbox Version Exclusion
D) Address Exclusion
54. The benefits of having an SSL certificate installed on the AD RMS server when you are performing AD RMS configuration that you can protect the connection between clients and the AD RMS server with SSL.
True
False
55. You want to block users from protecting content by using specific version of Microsoft PowerPoint . What steps should you take to accomplish this goal?
A) You should configure an application exclusion for the PowerPoint application
B) Unaffiliated PowerPoint files
C) Lockdown the Windows Azure™ Rights Management
D) Link the PowerPoint database to AD RMS
56. To recover private keys, you must configure CA to archive private keys for specific templates, and you must issue a Key Recovery Agent (KRA) certificate.
True
False
57. Your company deals with highly confidential information, some of which is transmitted via email among employees. Some documents have been forwarded via email, making the documents more difficult to track. You want to be able to prevent employees from forwarding certain emails. What should you deploy?
EFS
Web SSO
AD RMS
AD CS
58. AD FS is designed to work over the public Internet with a Web browser interface.
True
False
59. You can access https://hostname/federationmetadata/2007-06/federationmetadata.xml on the AD FS server to test whether AD FS is functioning properly
True
False
60. Before you deploy AD RMS it is best practice to:
A) Analyise your organization’s business requirements
B) create the necessary templates
C) Strictly control membership of the Super Users
D) All of the above
61. Creating a connection object manually between Domain Controllers with in a site is not typically required or recommended because the KCC does not verify or use the manual connection object for failover.
True
False
63. _______________ is a command line tool which can used to performance AD database maintenance, such as creating snapshots, perform offline defragmentation.
Adprep
Certutil
Ntdstutil
Adutil
64. In Azure AD, there are no OUs or GPOs.
True
False
65. If you want to have SSO for both cloud-based and on-premises services, what do you need to deploy? Choose all that apply. (choose 2)
A) Azure AD Connect Health
B) AD FS
C) Azure AD Connect
D) Office 365
E) Azure AD
66. If you implement AD FS and federation between locally deployed AD DS and Azure AD, then you do not need to use Azure AD Connect.
True
False
67. You use ____________________ for directory synchronization between on-premises Active Directory and Azure AD
A) Active Directory sync tool
B) Azure AD connect
C) Federation Service
D) Dynamic Control Access
68. Azure RMS is deployed locally on a server.
True
False
71. Which of the following icon represents a System Container in Active Directory?
Metal Folder/ box
3 Tin Cans
Folder
Folder with logo on it
72. What type of Active Directory accounts should we restrict password changes on?
A) Managed Service accounts
B) User accounts
C) Computer accounts
D) Bank accounts
73. Which of the following is a valid Group Type?
A) Global
B) Domain local
C) Local
D) Distribution
74. What are the two main purposes of OUs? (choose 2)
A) to provide a framework for delegations of administration
B) to provide a place to store files
C) to provide a structure to enable the targeted GPO deployment
D) to provide a structure to enable PowerShell commands
75. What is the primary container object for organizing and managing resources in a domain?
A) Groups
B) Computer accounts
C) OUs
D) Security principals
76. In what order are Group Policy Objects applied?
A) Local policies, site-linked GPOs, domain-linked GPOs, OU-linked GPOs.
B) Site-linked GPOs, domain-linked GPOs, OU-linked GPOs, local policies.
C) Domain-linked GPOs, OU-linked GPOs, local policies, site-linked GPOs
D) Site-linked GPOs, local policies, domain-linked GPOs, OU-linked GPOs.
77. There is no difference between ADMX and ADML files.
True
False
78. What Windows command can you use to force the immediate refresh of all GPOs on a client computer?
A) Gpupdate /*
B) Gpupdate /force
C) Refresh /GPO
D) GPO /now
79. When deploying AD FS SSO, where do you need deploy the application Proxy Server?
A) Internal network
B) External network
C) Perimeter network
D) anywhere
80. Which of the following actions must you take to configure key archival on an AD CS CA? (Choose 4)
A) Configure the KRA certificate template.
B) Enroll a designated user for a KRA certificate.
C) Publish the KRA public key by using Group Policy.
D) Configure a recovery agent on the CA.
E) Configure desired certificate templates for key archival.
81. Both User account names and passwords are case sensitive.
True
False
82. Which of the following are true statements regarding the use of certificates in a business environment? (Choose 3 )
A) Certificates can be used to encrypt HTTP traffic between a web server and browser.
B) Certificates can be used to digitally sign documents.
C) Digitally signed documents are invalidated if the contents are modified.
D) To send encrypted e-mail to an external recipient who is not part of your internal PKI, you must use an encryption certificate issued by a public CA.
E) Files encrypted using Encrypting File System (EFS) can only be read by the individual who first encrypted the file.
83. Managed service accounts provide managed password changes that do not require administrator intervention.
True
False
84. You are the AD CS administrator for A. Datum. You want to enable your AD DS users to perform digital signature and encryption using certificates from your internal PKI. Which of the following steps are required?
A) Enable a key recovery agent.
B) Enable a data recovery agent.
C) Publish the User certificate template and configure the desired groups of users for autoenrollment.
D) Enable EFS on AD DS domain computers by using Group Policy.
E) Upgrade all AD DS domain computers to Windows Server 2016 or Windows 10.
85. An account lockout threshold setting ensures that users are allowed only that many invalid sign-in attempts .
True
False
86. Which of the following statements are true regarding smart cards? (choose 3)
A) Smart cards provide an option for multifactor authentication.
B) Smart cards cannot be used for interactive sign in.
C) Smart cards contain a certificate and private key that can only be accessed by using a PIN.
D) Smart cards provide enhanced security beyond a password.
E) Smart cards can only be used for digital signature and encryption.
87. __________________enable administrators con figure users, service accounts and computers within the same security scope to apply the same authentication policy
A) Authentication policy container
B) Authentication policy silo
C) Authentication policy scope
D) Authentication access control policy
88. Which technology allows you to use biometric functionality to sign in to Windows devices?
A) Windows Hello
B) Microsoft Passport
C) TMP integration
D) Bio-Tech
{"name":"MOC 3.0", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your understanding of Active Directory and its components with our comprehensive quiz. Designed for IT professionals and students alike, this quiz covers a wide range of topics related to Active Directory Domain Services (ADDS), Group Policies, and Certificate Authorities.Features of this quiz include:101 carefully crafted questionsMultiple choice, checkboxes, and text input formatsImmediate feedback on your answers","img":"https:/images/course8.png"}