Chat with AI
Deck 4: Active Directory Design and Security Concepts
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 4: Active Directory Design and Security Concepts
1
Which of the following answers is not a task that can be delegated
A)Create,delete,and manage user accounts
B)Reset user passwords and force password change at next logon
C)Read all user information
D)Create,delete,and manage built-in user accounts
A)Create,delete,and manage user accounts
B)Reset user passwords and force password change at next logon
C)Read all user information
D)Create,delete,and manage built-in user accounts
D
2
Match a term below to the following description
The process for replicating Active Directory objects in which changes to the database can occur on any domain controller and are propagated,or replicated,to all other domain controllers.
A)Multimaster replication
B)Intersite replication
C)Intrasite replication
D)Database replication
The process for replicating Active Directory objects in which changes to the database can occur on any domain controller and are propagated,or replicated,to all other domain controllers.
A)Multimaster replication
B)Intersite replication
C)Intrasite replication
D)Database replication
A
3
Which of the following is not a valid directory partition type?
A)Domain directory partition
B)Schema directory partition
C)Extended directory partition
D)Global catalog partition
A)Domain directory partition
B)Schema directory partition
C)Extended directory partition
D)Global catalog partition
C
4
All computers assigned an address in a subnet require a router to communicate with one another.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
A Discretionary access control list (DACL)____.
A)defines the settings for auditing access to an object
B)only applies to users accessing resources from a dialup connection
C)is a list of security principals,with each having a set of permissions that define access to the object
D)can only be edited by the object owner
A)defines the settings for auditing access to an object
B)only applies to users accessing resources from a dialup connection
C)is a list of security principals,with each having a set of permissions that define access to the object
D)can only be edited by the object owner
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
The Lightweight Directory Access Protocol is based on which of the following technologies?
A)X.509
B)X.500
C)X.405
D)X.900
A)X.509
B)X.500
C)X.405
D)X.900
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
To verify who has been delegated control of an OU,you must ____.
A)use the dsview /delegated command
B)be the owner of the OU
C)view the OU's permissions
D)be on the original domain controller where permission was delegated
A)use the dsview /delegated command
B)be the owner of the OU
C)view the OU's permissions
D)be on the original domain controller where permission was delegated
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Which directory partition contains all objects in a domain,including users,groups,computers,OUs,and other objects?
A)Global Catalog partition
B)Domain directory partition
C)Application directory partition
D)Configuration partition
A)Global Catalog partition
B)Domain directory partition
C)Application directory partition
D)Configuration partition
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
Explicit permissions never override inherited permissions.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
Which operations master role is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?
A)Schema master
B)Infrastructure master
C)Domain naming master
D)RID master
A)Schema master
B)Infrastructure master
C)Domain naming master
D)RID master
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following statements about operations master roles is correct?
A)By default,the Infrastructure master is chosen randomly per domain
B)There can be multiple schema masters per domain
C)The RID Master is responsible for providing backward compatibility with NT domain controllers
D)There is only one domain naming master per forest,which must be available whenever domains are added,deleted,or renamed.
A)By default,the Infrastructure master is chosen randomly per domain
B)There can be multiple schema masters per domain
C)The RID Master is responsible for providing backward compatibility with NT domain controllers
D)There is only one domain naming master per forest,which must be available whenever domains are added,deleted,or renamed.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
What directory partition contains information needed to define Active Directory objects and object attributes for all domains in the forest?
A)Schema directory partition
B)Global Catalog partition
C)Application directory partition
D)Configuration partition
A)Schema directory partition
B)Global Catalog partition
C)Application directory partition
D)Configuration partition
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
A schema can be changed by an administrator or an application to best suit an organization's needs.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
A dedicated forest root domain contains only the forestwide administrative accounts and domain controllers needed to run the forestwide operations master roles.No additional OUs or server roles are installed.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
The user "TestUserA" has been added to an objects DACL and assigned the Allow Full control permission.However,"TestUserA" has inherited the Deny Full Control permission for the object from its parent container.What is "TestUserA"'s effective permissions?
A)TestUserA has Full Control permissions
B)TestUserA has no permissions due to Deny Full Control
C)TestUserA is given default permissions for the object because Full Control and Deny Full Control cancel each other out
D)This can't be done because conflicting permissions are not allowed in an object's DACL
A)TestUserA has Full Control permissions
B)TestUserA has no permissions due to Deny Full Control
C)TestUserA is given default permissions for the object because Full Control and Deny Full Control cancel each other out
D)This can't be done because conflicting permissions are not allowed in an object's DACL
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
Inherited permissions can't be changed or removed without ____.
A)using the "Inherited Permissions Modify" tool
B)having to recreate the object entirely
C)knowing the object's password
D)disabling permission inheritance first
A)using the "Inherited Permissions Modify" tool
B)having to recreate the object entirely
C)knowing the object's password
D)disabling permission inheritance first
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
The group "TestGroup" has been added to an objects DACL and assigned the Allow Full control permission."TestUserA" is a member of "TestGroup",which has been assigned Deny Write permission for the object.What is "TestUserA"'s effective permissions?
A)TestUserA has no permissions to the object because he has been denied write access.
B)TestUserA can do anything that Full Control would allow him to do,except write to the object.
C)TestUserA is part of TestGroup,therefore TestUserA has Full Control permissions regardless of the Deny Write permission.
D)This can't happen because conflicting permissions are not allowed in an object's DACL.
A)TestUserA has no permissions to the object because he has been denied write access.
B)TestUserA can do anything that Full Control would allow him to do,except write to the object.
C)TestUserA is part of TestGroup,therefore TestUserA has Full Control permissions regardless of the Deny Write permission.
D)This can't happen because conflicting permissions are not allowed in an object's DACL.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Which operations master role is responsible for providing backwards compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers?
A)PDC emulator master
B)RID master
C)Domain naming master
D)Schema master
A)PDC emulator master
B)RID master
C)Domain naming master
D)Schema master
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
A site link is needed to connect two or more sites for replication purposes.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following is not a valid operations master role?
A)Schema master
B)Infrastructure master
C)User management master
D)RID master
A)Schema master
B)Infrastructure master
C)User management master
D)RID master
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
MATCHING
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
An Active Directory object that can be assigned permissions or rights to Active Directory objects and network resources
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
An Active Directory object that can be assigned permissions or rights to Active Directory objects and network resources
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
A user principal name (UPN)follows the format ____________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
MATCHING
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
A domain controller with sole responsibility for certain domain or forestwide functions
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
A domain controller with sole responsibility for certain domain or forestwide functions
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
MATCHING
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
The part of the SID that's unique for each Active Directory object
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
The part of the SID that's unique for each Active Directory object
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
MATCHING
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
A trust relationship in which one domain trusts another,but the reverse is not true
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
A trust relationship in which one domain trusts another,but the reverse is not true
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
MATCHING
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
The first domain created in a new forest
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
The first domain created in a new forest
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
MATCHING
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
Active Directory replication between domain controllers in the same site
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
Active Directory replication between domain controllers in the same site
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
MATCHING
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
A protocol that runs over TCP/IP and is designed to facilitate access to directory services and directory objects
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
A protocol that runs over TCP/IP and is designed to facilitate access to directory services and directory objects
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
MATCHING
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
A section of an Active Directory database stored on a domain controller's hard drive
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
A section of an Active Directory database stored on a domain controller's hard drive
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
The _________________________ is a directory partition and contains the most commonly accessed object attributes to facilitate object searches and user logons across domains.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
MATCHING
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
A user logon name that follows the format username@domain
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
A user logon name that follows the format username@domain
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Which of the following is not an advantage of running a dedicated forest root domain?
A)security
B)manageability
C)flexibility
D)reliability
A)security
B)manageability
C)flexibility
D)reliability
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Lightweight Directory Access Protocol (LDAP)was created by the ______________________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
A process called ____ runs on every domain controller to determine the replication topology which defines the domain controller path that Active Directory changes flow through.
A)Replication
B)AD Route
C)Knowledge Consistency Checker (KCC)
D)trust relationship
A)Replication
B)AD Route
C)Knowledge Consistency Checker (KCC)
D)trust relationship
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
What is the name of the default site link that is created when Active Directory is first installed?
A)SITELINKIPDEFAULT
B)DEFAULTIPSITELINK
C)SITELINKDEFAULTIP
D)SITELINKDEFAULT
A)SITELINKIPDEFAULT
B)DEFAULTIPSITELINK
C)SITELINKDEFAULTIP
D)SITELINKDEFAULT
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
A(n)____ is a one-way or two-way nontransitive trust between two domains that aren't in the same forest
A)External trust
B)Shortcut trust
C)Forest Trust
D)Outsite trust
A)External trust
B)Shortcut trust
C)Forest Trust
D)Outsite trust
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Each entry in the Discretionary access control list is referred to as an ACE.What does ACE stand for?
A)Acceptable Control Extension
B)Access Control Extension
C)Access Control Entry
D)Applied Control Entry
A)Acceptable Control Extension
B)Access Control Extension
C)Access Control Entry
D)Applied Control Entry
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
A ____ is configured manually between domains to bypass the normal referral process.
A)Shortcut trust
B)transitive trust
C)Forest trust
D)one-way trust
A)Shortcut trust
B)transitive trust
C)Forest trust
D)one-way trust
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
______________________________ defines the settings for auditing access to an object.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
_________________________ defines how permissions are transmitted from a parent object to a child object.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
What is the name of the default site link created when Active Directory is installed?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
What term best fits this description:
A trust in which both domains in the relationship trust each other,so users from both domains can access resources in the other domain.
A trust in which both domains in the relationship trust each other,so users from both domains can access resources in the other domain.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
What service most commonly makes use of an application directory partition for it's database?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
What term best fits this description:
Specialized domain controller tasks that handle operations that can affect the entire domain or forest.
Specialized domain controller tasks that handle operations that can affect the entire domain or forest.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
What MMC do you use to create OUs?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
MATCHING
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
What can you do to integrate user authentication between Linux and Active Directory?
a.Forest root domain
f.Operations master
b.directory partition
g.relative identifier
c.intrasite replication
h.security principals
d.One-way trust
i.user principal name (UPN)
e.LDAP
What can you do to integrate user authentication between Linux and Active Directory?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
What can you do to reduce the delay caused by authentication referral?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What MMC is used to create sites?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
What term best fits this description:
An open-standard security protocol used to secure authentication and identification between parties in a network
An open-standard security protocol used to secure authentication and identification between parties in a network
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
What does ISTG stand for?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
