2008ad Module 3

10 Questions | Total Attempts: 49

Settings
Please wait...
Module Quizzes & Trivia

Server 2008 AD Mini-Test at end of module 3


Questions and Answers
  • 1. 
    You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates.   Users are required to log on to the domain by using a smart card. Your company's corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked.   An employee resigns. You need to immediately prevent the employee from logging on to the domain.   What should you do?
    • A. 

      Revoke the employee's smart card certificate.

    • B. 

      Disable the employee's Active Directory account.

    • C. 

      Publish a new delta certificate revocation list (CRL).

    • D. 

      Reset the password for the employee's Active Directory account.

  • 2. 
    You have a domain controller named DC1 that runs Windows Server 2008 R2. DC1 is configured as a DNS server for Domain.com.   You install the DNS Server server role on a member server named Server1 and then you create a standard secondary zone for Domain.com. You configure DC1 as the master server for the zone.   You need to ensure that Server1 receives zone updates from DC1.   What should you do?
    • A. 

      On Server1, add a conditional forwarder.

    • B. 

      On DC1, modify the permissions of Domain.com zone.

    • C. 

      On DC1, modify the zone transfer settings for the Domain.com zone.

    • D. 

      Add the Server1 computer account to the DNSUpdateProxy group.

  • 3. 
    Your company's security policy requires complex passwords.   You have a comma delimited file named import.csv that contains user account information. You need to create user accounts in the domain by using the import.csv file.   You also need to ensure that the new user accounts are set to use default passwords and are disabled.   What should you do?
    • A. 

      Modify the userAccountControl attribute to disabled. Run the csvde ­i ­k ­f import.csv command. Run the DSMOD utility to set default passwords for the user accounts.

    • B. 

      Modify the userAccountControl attribute to accounts disabled. Run the csvde ­f import.csv command. Run the DSMOD utility to set default passwords for the user accounts.

    • C. 

      Modify the userAccountControl attribute to disabled. Run the wscript import.csv command. Run the DSADD utility to set default passwords for the imported user accounts.

    • D. 

      Modify the userAccountControl attribute to disabled. Run the ldifde ­i ­f import.csv command. Run the DSADD utility to set passwords for the imported user accounts.

  • 4. 
    Your company has an Active Directory forest. The company has branch offices in three locations. Each location has an organizational unit.   You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units.   Which two actions should you perform?   (Each correct answer presents part of the solution. Choose two.)
    • A. 

      Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.

    • B. 

      Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective organizational units.

    • C. 

      Run the Delegation of Control Wizard and delegate the right to link GPOs for the domain to the branch office administrators.

    • D. 

      Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators.

  • 5. 
    Your company has a main office and 10 branch offices. Each branch office has an Active Directory site that contains one domain controller. Only domain controllers in the main office are configured as Global Catalog servers.   You need to deactivate the Universal Group Membership Caching option on the domain controllers in the branch offices.   At which level should you deactivate the Universal Group Membership Caching option?
    • A. 

      Site

    • B. 

      Server

    • C. 

      Domain

    • D. 

      Connection object

  • 6. 
    A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.   You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task.   What should you do?
    • A. 

      Prestage the computer account in the Active Directory domain.

    • B. 

      Add the user to the Domain Administrators group for one day.

    • C. 

      Add the user to the Server Operators group in the Active Directory domain.

    • D. 

      Grant the user the right to log on locally by using a Group Policy Object (GPO).

  • 7. 
    Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering.   You need to create a password policy for the engineering department that is different from your domain password policy.   What should you do?
    • A. 

      Create a new GPO. Link the GPO to the Engineering OU.

    • B. 

      Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the Engineering OU.

    • C. 

      Create a global security group and add all the user accounts for the engineering department to the group. Create a new Password Policy Object (PSO) and apply it to the group.

    • D. 

      Create a domain local security group and add all the user accounts for the engineering department to the group. From the Active Directory Users and Computer console, select the group and run the Delegation of Control Wizard.

  • 8. 
    You network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.   You need to reset the Directory Services Restore Mode (DSRM) password on a domain controller.   What tool should you use?
    • A. 

      Dsmod

    • B. 

      Ntdsutil

    • C. 

      Local Users and Groups snap-in

    • D. 

      Active Directory Users and Computers snap-in

  • 9. 
    Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site1 contains four domain controllers. Site2 contains a read-only domain controller (RODC). You add a user named User1 to the Allowed RODC Password Replication Group. The WAN link between Site1 and Site2 fails.   User1 restarts his computer and reports that he is unable to log on to the domain. The WAN link is restored and User1 reports that he is able to log on to the domain. You need to prevent the problem from reoccurring if the WAN link fails.   What should you do?
    • A. 

      Create a Password Settings object (PSO) and link the PSO to User1's user account.

    • B. 

      Create a Password Settings object (PSO) and link the PSO to the Domain Users group.

    • C. 

      Add the computer account of the RODC to the Allowed RODC Password Replication Group.

    • D. 

      Add the computer account of User1's computer to the Allowed RODC Password Replication Group.

  • 10. 
    Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password lenght for the domain is set to six characters. you need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long.   What should you do first?
    • A. 

      Run the New-ADFineGrainedPasswordPolicy cmdlet.

    • B. 

      Run the Add-ADFineGrainedPasswordPolicySubject cmdlet.

    • C. 

      From the Default Domain Policy, modify the password policy.

    • D. 

      From the Default Domain Controller Policy, modify the password policy.