Basic Questions Quiz On Windows Server 2008 Active Directory! Trivia

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Huf_34
H
Huf_34
Community Contributor
Quizzes Created: 4 | Total Attempts: 860
Questions: 10 | Attempts: 82

SettingsSettingsSettings
Basic Questions Quiz On Windows Server 2008 Active Directory! Trivia - Quiz

Welcome to this Accounts Payable Trivia Questions Quiz! The accounts payable department is tasked with ensuring that creditors are paid on time. It is specifically designed to help refresh your memory when it comes to the knowledge that one needs to have in the accounts payable department. How about you give it a try and keep a look out for others like it.


Questions and Answers
  • 1. 

    Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table: You need to ensure that all device certificate requests use the MD5 hash algorithm. What should you do?

    • A.

      On Server2, run the Certutil tool.

    • B.

      On Server1, update the CEP Encryption certificate template.

    • C.

      On Server1, update the Exchange Enrollment Agent (Offline Request) template.

    • D.

      On Server3, set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\HashAlgorithm \HashAlgorithm registry key.

    Correct Answer
    D. On Server3, set the value of the HKLM\Software\Microsoft\CryptograpHy\MSCEP\HashAlgorithm \HashAlgorithm registry key.
    Explanation
    To ensure that all device certificate requests use the MD5 hash algorithm, you need to set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\HashAlgorithm\HashAlgorithm registry key on Server3. This registry key controls the hash algorithm used for certificate enrollment. By setting it to MD5, you ensure that all device certificate requests will use the MD5 hash algorithm. The other options mentioned do not address the requirement of using the MD5 hash algorithm for device certificate requests.

    Rate this question:

  • 2. 

    Your network contains an Active Directory domain. You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA). You have a client computer named Computer1 that runs Windows 7. You enable automatic certificate enrollment for all client computers that run Windows 7. You need to verify that the Windows 7 client computers can automatically enroll for certificates. Which command should you run on Computer1?

    • A.

      Certreq.exe -retrieve

    • B.

      Certreq.exe -submit

    • C.

      Certutil.exe -getkey

    • D.

      Certutil.exe -pulse

    Correct Answer
    D. Certutil.exe -pulse
    Explanation
    The correct command to run on Computer1 to verify automatic certificate enrollment is "certutil.exe -pulse". The "certutil.exe -pulse" command is used to trigger an immediate certificate enrollment or renewal on the client computer. By running this command, Computer1 will check for any pending certificate requests and initiate the enrollment process if necessary.

    Rate this question:

  • 3. 

    Your network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow users from both forests to automatically enroll user certificates. You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com a certification authority (CA). What should you configure in the adatum.com domain?

    • A.

      From the Default Domain Controllers Policy, modify the Enterprise Trust settings.

    • B.

      From the Default Domain Controllers Policy, modify the Trusted Publishers settings.

    • C.

      From the Default Domain Policy, modify the Certificate Enrollment policy.

    • D.

      From the Default Domain Policy, modify the Trusted Root Certification Authority settings.

    Correct Answer
    C. From the Default Domain Policy, modify the Certificate Enrollment policy.
    Explanation
    In order to ensure that all users in the adatum.com forest have a user certificate from the contoso.com CA, the Certificate Enrollment policy needs to be modified in the Default Domain Policy. This policy will allow users in the adatum.com domain to automatically enroll for user certificates from the contoso.com CA. Modifying the Enterprise Trust settings or Trusted Publishers settings in the Default Domain Controllers Policy, or modifying the Trusted Root Certification Authority settings in the Default Domain Policy, will not achieve the desired result.

    Rate this question:

  • 4. 

    You have a server named Server1 that has the following Active Directory Certificate Services (AD CS) role services installed:
    • -Enterprise root certification authority (CA)
    • -Certificate Enrollment Web Service
    • -Certificate Enrollment Policy Web Service
    You create a new certificate template. External users report that the new template is unavailable when they request a new certificate. You verify that all other templates are available to the external users. You need to ensure that the external users can request certificates by using the new template. What should you do on Server1?

    • A.

      Run iisreset.exe /restart.

    • B.

      Run gpupdate.exe /force.

    • C.

      Run certutil.exe -dspublish.

    • D.

      Restart the Active Directory Certificate Services service.

    Correct Answer
    A. Run iisreset.exe /restart.
  • 5. 

    Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid. What should you do?

    • A.

      Run syskey.exe and use the Update option.

    • B.

      Run sigverif.exe and use the Advanced option.

    • C.

      Run certutil.exe and specify the -verify parameter.

    • D.

      Run certreq.exe and specify the -retrieve parameter.

    Correct Answer
    C. Run certutil.exe and specify the -verify parameter.
    Explanation
    Running certutil.exe with the -verify parameter allows you to verify the validity of a certificate issued by the enterprise root certification authority (CA). This command checks the certificate's signature and validates its chain of trust. By using this command, you can ensure that the certificate is valid and has not been tampered with.

    Rate this question:

  • 6. 

    You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates. Users are required to log on to the domain by using a smart card. Your company's corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked. An employee resigns. You need to immediately prevent the employee from logging on to the domain. What should you do?

    • A.

      Revoke the employee's smart card certificate.

    • B.

      Disable the employee's Active Directory account.

    • C.

      Publish a new delta certificate revocation list (CRL).

    • D.

      Reset the password for the employee's Active Directory account.

    Correct Answer
    B. Disable the employee's Active Directory account.
    Explanation
    To immediately prevent the resigned employee from logging on to the domain, the best course of action is to disable their Active Directory account. Disabling the account will prevent the employee from using any method, including smart card logon, to access the network. Revoking the smart card certificate would also be effective, but disabling the account ensures that no other authentication methods can be used. Publishing a new delta CRL and resetting the password would not directly prevent the employee from logging on using a smart card.

    Rate this question:

  • 7. 

    You add an Online Responder to an Online Responder Array. You need to ensure that the new Online Responder resolves synchronization conflicts for all members of the Array. What should you do?

    • A.

      From Network Load Balancing Manager, set the priority ID of the new Online Responder to 1.

    • B.

      From Network Load Balancing Manager, set the priority ID of the new Online Responder to 32.

    • C.

      From the Online Responder Management Console, select the new Online Responder, and then select Set as Array Controller.

    • D.

      From the Online Responder Management Console, select the new Online Responder, and then select Synchronize Members with Array Controller.

    Correct Answer
    C. From the Online Responder Management Console, select the new Online Responder, and then select Set as Array Controller.
    Explanation
    To ensure that the new Online Responder resolves synchronization conflicts for all members of the Array, you need to select the new Online Responder in the Online Responder Management Console and then choose "Set as Array Controller". This action designates the new Online Responder as the controller for the Array, allowing it to handle synchronization conflicts for all members.

    Rate this question:

  • 8. 

    Your network contains a server that runs Windows Server 2008 R2. The server is configured as an enterprise root certification authority (CA). You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a many-to-one mapping. You revoke a certificate issued to an external partner. You need to prevent the external partner from accessing the Web site. What should you do?

    • A.

      Run certutil.exe -crl.

    • B.

      Run certutil.exe -delkey.

    • C.

      From Active Directory Users and Computers, modify the membership of the IIS_IUSRS group.

    • D.

      From Active Directory Users and Computers, modify the Contact object for the external partner.

    Correct Answer
    A. Run certutil.exe -crl.
    Explanation
    Running certutil.exe -crl generates a Certificate Revocation List (CRL) which contains a list of certificates that have been revoked by the CA. By running this command, the revoked certificate issued to the external partner will be included in the CRL. When the Web site receives a request from the external partner with the revoked certificate, it will check the CRL and deny access, effectively preventing the external partner from accessing the Web site.

    Rate this question:

  • 9. 

    Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com. The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone. You install a new domain controller named DC2 in the branch office. You install DNS on DC2. You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails. What should you do?

    • A.

      Create a new stub zone named ad.contoso.com on DC2.

    • B.

      Configure the DNS server on DC2 to forward requests to DC1.

    • C.

      Create a new secondary zone named ad.contoso.com on DC2.

    • D.

      Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.

    Correct Answer
    D. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.
    Explanation
    By converting the ad.contoso.com zone on DC1 to an Active Directory-integrated zone, the DNS service will be able to update records and resolve DNS queries in the event of a WAN link failure. This is because Active Directory-integrated zones replicate the DNS data to all domain controllers in the domain, including DC2 in the branch office. This ensures that DC2 has a copy of the DNS data and can continue to provide DNS services locally even if the WAN link is down.

    Rate this question:

  • 10. 

    Your company has two domain controllers that are configured as internal DNS servers. All zones on the DNS servers are Active Directory-integrated zones. The zones allow all dynamic updates. You discover that the contoso.com zone has multiple entries for the host names of computers that do not exist. You need to configure the contoso.com zone to automatically remove expired records. What should you do?

    • A.

      Enable only secure updates on the contoso.com zone.

    • B.

      Enable scavenging and configure the refresh interval on the contoso.com zone.

    • C.

      From the Start of Authority tab, decrease the default refresh interval on the contoso.com zone.

    • D.

      From the Start of Authority tab, increase the default expiration interval on the contoso.com zone.

    Correct Answer
    B. Enable scavenging and configure the refresh interval on the contoso.com zone.
    Explanation
    Enabling scavenging and configuring the refresh interval on the contoso.com zone will automatically remove expired records. Scavenging is a feature in DNS that allows the server to automatically delete stale resource records, including those that have expired. By configuring the refresh interval, the server will regularly check for and remove expired records from the zone. This will help to keep the contoso.com zone clean and free of entries for non-existent computers.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • May 28, 2012
    Quiz Created by
    Huf_34
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.