Chat with AI
Deck 10: Configuring and Maintaining the Active Directory Infrastructure
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 10: Configuring and Maintaining the Active Directory Infrastructure
1
The PDC emulator processes password changes for newer Windows clients (Windows XP / Vista).
False
2
Which MMC is used to transfer the RID master,PDC emulator master,and infrastructure master operations master roles?
A)Active Directory Users and Computers
B)Active Directory Schema
C)Active Directory Domains and Trusts
D)Active Directory FSMO Transfer
A)Active Directory Users and Computers
B)Active Directory Schema
C)Active Directory Domains and Trusts
D)Active Directory FSMO Transfer
A
3
If you're creating a shortcut trust between domains in different forests,this must exist first:
A)Realm trust
B)External trust
C)Another shortcut trust
D)Forest trust
A)Realm trust
B)External trust
C)Another shortcut trust
D)Forest trust
D
4
What is the Microsoft recommendation for placement of global catalog servers?
A)Install a global catalog server in a site once it is larger than 50 accounts and the number of DCs is greater than 2
B)Install a global catalog server in a site once it is larger than 500 accounts and the number of DCs is greater than 2
C)Install a global catalog server in a site once it is larger than 1,000 accounts and the number of DCs is greater than 4
D)Install a global catalog server in a site once it is larger than 5,000 accounts and the number of DCs is greater than 8
A)Install a global catalog server in a site once it is larger than 50 accounts and the number of DCs is greater than 2
B)Install a global catalog server in a site once it is larger than 500 accounts and the number of DCs is greater than 2
C)Install a global catalog server in a site once it is larger than 1,000 accounts and the number of DCs is greater than 4
D)Install a global catalog server in a site once it is larger than 5,000 accounts and the number of DCs is greater than 8
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
The SMTP protocol is used primarily for e-mail,but can also be used for...
A)Intersite replication
B)Intrasite replication
C)Synchronous communication
D)Securing replication data as it moves between sites
A)Intersite replication
B)Intrasite replication
C)Synchronous communication
D)Securing replication data as it moves between sites
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Which of the following answers is not a benefit that RPC over IP provides in contrast to SMTP when replicating between sites?
A)Easier to set up
B)Easier to manage
C)synchronous communication
D)asynchronous communication
A)Easier to set up
B)Easier to manage
C)synchronous communication
D)asynchronous communication
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
If you're raising both the forest and the domain functional levels,you must raise the domain functional level first to at least the level you're raising the forest functional level.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
You work at Example.com,and are in charge of a fairly large forest and multidomain structure consisting of Windows Server 2003 domain controllers running at the Windows Server 2003 functional level.One of your interns finished installing the forest's first Windows Server 2008 server,and has placed it in a branch office to act as a read only domain controller.The intern has already run the adprep /forestprep command.
Unfortunately,for some reason,the RODC Server can't be installed.What is most likely the issue,based on the information provided?
A)The forest functional level must be Windows Server 2008 or higher.
B)There must be at least one writeable DC running Windows Server 2008
C)adprep /domainprep must be run in each of the domains in the forest
D)RODCs can't be installed in multidomain structures.
Unfortunately,for some reason,the RODC Server can't be installed.What is most likely the issue,based on the information provided?
A)The forest functional level must be Windows Server 2008 or higher.
B)There must be at least one writeable DC running Windows Server 2008
C)adprep /domainprep must be run in each of the domains in the forest
D)RODCs can't be installed in multidomain structures.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
Which of the following is not one of Active Directory Migration Tool's three main types of migration?
A)Innerforest migration
B)Interforest migration
C)Intraforest migration
D)Migration of an NT 4.0 domain to an Active Directory domain
A)Innerforest migration
B)Interforest migration
C)Intraforest migration
D)Migration of an NT 4.0 domain to an Active Directory domain
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
What is the only real downside to using stub zones?
A)Like conditional forwarders,if a DNS server's address changes,it must be updated manually
B)It can only hold CNAME records
C)You have to configure zone transfers
D)Additional traffic created by replicating zone information
A)Like conditional forwarders,if a DNS server's address changes,it must be updated manually
B)It can only hold CNAME records
C)You have to configure zone transfers
D)Additional traffic created by replicating zone information
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
In the Windows Server 2008 domain functional level,FRS is used to replicate the contents of the Sysvol share.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
What option under the General tab in the Properties dialog box of a forest trust is only available for use between two Windows Server 2008 domains?
A)Direction of trust
B)Transitivity of trust
C)The other domain supports Kerberos AES Encryption
D)Validate
A)Direction of trust
B)Transitivity of trust
C)The other domain supports Kerberos AES Encryption
D)Validate
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
The only criteria for a site is that it's associated with one or more IP subnets and no two sites share the same subnet.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following statements is true regarding RODC replication?
A)The connection between an RODC and a writeable DC is a two-way connection because changes can originate on an RODC
B)Two RODCs cannot replicate with one another under any circumstance
C)The domain directory partition can be replicated only to an RODC from a Windows Server 2008 Dc.
D)When upgrading a domain from Windows Server 2003,the first Windows Server 2008 DC can be an RODC
A)The connection between an RODC and a writeable DC is a two-way connection because changes can originate on an RODC
B)Two RODCs cannot replicate with one another under any circumstance
C)The domain directory partition can be replicated only to an RODC from a Windows Server 2008 Dc.
D)When upgrading a domain from Windows Server 2003,the first Windows Server 2008 DC can be an RODC
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
You can deploy Windows Server 2008 Read Only Domain Controllers (RODC)in a Windows Server 2003 forest.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
Which of the following is not considered an urgent replication event (one that triggers change notifications immediately,without waiting the normal 15 seconds)
A)Account lockouts
B)Full name change under user properties
C)Changes to the account lockout policy
D)Changes to the domain password policy
A)Account lockouts
B)Full name change under user properties
C)Changes to the account lockout policy
D)Changes to the domain password policy
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
You are the new administrator for Example.com domain.Last week,the original Windows Server 2003 domain controller that was used to create the Example.com forest went offline permanently.This was the last Windows Server 2003 server in the entire forest,and because all servers now run Windows Server 2008,you have decided that it would be a good time to raise the forest functional level to Windows Server 2008.However,your attempt to do so fails.
What could be the issue?
A)The domain naming master for the domain is offline,preventing domain related administration
B)The PDC emulator master is down,preventing your credentials from being accepted
C)The Schema master is down,preventing any schema changes.
D)Because the functional level was set at Windows Server 2003,only a Windows Server 2003 server can raise the functional level.
What could be the issue?
A)The domain naming master for the domain is offline,preventing domain related administration
B)The PDC emulator master is down,preventing your credentials from being accepted
C)The Schema master is down,preventing any schema changes.
D)Because the functional level was set at Windows Server 2003,only a Windows Server 2003 server can raise the functional level.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Which MMC is used to transfer the domain naming master operations role?
A)Active Directory Schema
B)Active Directory Domains and Trusts
C)Active Directory Users and Computers
D)Active Directory FSMO Transfer
A)Active Directory Schema
B)Active Directory Domains and Trusts
C)Active Directory Users and Computers
D)Active Directory FSMO Transfer
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following features is not present in Windows Server 2003 domain functional level?
A)Domain controller renaming
B)Selective authentication
C)Logon timestamp replication
D)Fine-grained password policies
A)Domain controller renaming
B)Selective authentication
C)Logon timestamp replication
D)Fine-grained password policies
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
At what interval does the Knowledge Consistency Checker recalculate the replication topology by default?
A)Every 15 seconds
B)Every 15 minutes
C)Once in a period of 15 hours
D)Once in a period of 15 days
A)Every 15 seconds
B)Every 15 minutes
C)Once in a period of 15 hours
D)Once in a period of 15 days
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
The ____________________ processes password changes for older Windows clients (Windows 9x and NT)and is used during logon authentication.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Under what MMC would you create new connection objects?
A)Active Directory Sites and Services
B)Active Directory Users and Computers
C)Active Directory Network and Connection Objects
D)Active Directory Domains and Trusts
A)Active Directory Sites and Services
B)Active Directory Users and Computers
C)Active Directory Network and Connection Objects
D)Active Directory Domains and Trusts
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
What operations master role is needed when a domain or domain controller is added or removed from the forest?
A)Domain naming master
B)RID master
C)Infrastructure master
D)PDC emulator
A)Domain naming master
B)RID master
C)Infrastructure master
D)PDC emulator
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
An administrator can make use of ____________________ to not only enhance logon security by disassociating the domain name from the user logon name,but also to simplify logons themselves.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Which of the following is not a common way to configure DNS for a forest trust?
A)Conditional forwarders
B)Stub zones
C)Secondary zones
D)Caching DNS
A)Conditional forwarders
B)Stub zones
C)Secondary zones
D)Caching DNS
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
MATCHING
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
Moving objects between domains in the same forest.
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
Moving objects between domains in the same forest.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
There are two ways to remove a domain,depending on how you removed DCs: dcpromo and ____________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
An ____________________ is created between domains in different forests or between domains in a Windows Server 2003/2008 forest and a Windows 2000 Server forest or Windows NT domain.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
You can't simply delete an account in one domain and re-create it in another without losing the original account's ____________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
The Intersite Topology Generator (ISTG)is responsible for assigning one of these for each directory partition in the site:
A)A KCC leader
B)Subnet
C)Bridgehead server
D)Domain controller
A)A KCC leader
B)Subnet
C)Bridgehead server
D)Domain controller
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
MATCHING
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
Moving objects between domains in different forests
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
Moving objects between domains in different forests
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
MATCHING
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
When enabled,this option causes the trusting domain to ignore any SIDs that aren't from the trusted domain
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
When enabled,this option causes the trusting domain to ignore any SIDs that aren't from the trusted domain
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Users of a new network subnet have been complaining that logons and other services are taking much longer than they did before being moved to the new subnet.You discover that many logons and requests for DFS resources from workstations in the new subnet are being handled by domain controllers in a remote site instead of local domain controllers.
What can be done to fix this?
A)Associate the new subnet with a site,then move a local domain controller into the site manually
B)Change the network subnet of the users to the subnet of the remote domain controllers site
C)Reconfigure connection objects to change the replication topology
D)Add a global catalog server on the local network
What can be done to fix this?
A)Associate the new subnet with a site,then move a local domain controller into the site manually
B)Change the network subnet of the users to the subnet of the remote domain controllers site
C)Reconfigure connection objects to change the replication topology
D)Add a global catalog server on the local network
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
MATCHING
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
This method enables users to log on with another name in place of the "domain" in the typical UPN suffix format username@domain
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
This method enables users to log on with another name in place of the "domain" in the typical UPN suffix format username@domain
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
MATCHING
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
A default property of a site link that makes it transitive
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
A default property of a site link that makes it transitive
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
MATCHING
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
When enabled for a site,this Windows Server 2008 feature stores universal group membership information retrieved from a global catalog server
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
When enabled for a site,this Windows Server 2008 feature stores universal group membership information retrieved from a global catalog server
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
MATCHING
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
A property of a forest trust in which all users in a trusted forest can be authenticated to the trusting forest
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
A property of a forest trust in which all users in a trusted forest can be authenticated to the trusting forest
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
MATCHING
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
A property of a forest trust that enables administrators to specify users who can authenticate to selected resources in the trusting forest
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
A property of a forest trust that enables administrators to specify users who can authenticate to selected resources in the trusting forest
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
You're taking an older server performing the PDC emulator master role out of service and will be replacing it with a new server configured as a domain controller.What should you do to ensure the smoothest transition?
A)Transfer the PDC master role to the new domain controller,and then shut down the old server
B)Shutdown the current PDC master and seize the PDC master role from the new domain controller
C)Back up the domain controller that's currently the PDC master,restore it to the new domain controller,then shut down the old PDC master
D)Shutdown the current PDC master,and then transfer the PDC master role to the new domain controller.
A)Transfer the PDC master role to the new domain controller,and then shut down the old server
B)Shutdown the current PDC master and seize the PDC master role from the new domain controller
C)Back up the domain controller that's currently the PDC master,restore it to the new domain controller,then shut down the old PDC master
D)Shutdown the current PDC master,and then transfer the PDC master role to the new domain controller.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
MATCHING
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
An Active Directory object created in Active Directory Sites and Services that defines the connection parameters between two replication partners
a.Alternate UPN name suffixes
f.selective authentication
b.connection object
g.SID filtering
c.forest-wide authentication
h.site link bridging
d.interforest migration
i.universal group membership caching
e.intraforest migration
An Active Directory object created in Active Directory Sites and Services that defines the connection parameters between two replication partners
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
This operations master role is most needed when many objects have been moved or renamed.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
What command do you run to prepare a domain for the addition of a Windows Server 2008 domain controller?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
This is enabled by default,making site links transitive.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
What does the SMTP acronym stand for?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
Universal groups,group nesting,and group conversion were all features added in what domain functional level?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
Operations master roles are seized using what command?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Intersite replication occurs every how many minutes?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What command do you run to prepare the forest for the addition of a Windows Server 2008 domain controller?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
In the Windows Server 2008 domain functional level,this feature enables administrators to assign different password and account lockout policies for users and groups.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
You can view replication status by using what command?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
