The functional level of the forest is Windows Server R2. You need to create multiple password policies for users in your domain. Contoso, Ltd.
Fabrikam, Inc. Fabrikam's security policy prohibits the transfer of internal DNS zone data outside the Fabrikam network. You need to ensure that the Contoso users are able to resolve names from the intranet. Your company has a single Active Directory domain. All domain controllers run Windows Server You install Windows Server R2 on a server.
You need to add the new server as a domain controller in your domain. What should you do first? Your company has two domain controllers that are configured as internal DNS servers. The zones allow all dynamic updates. You discover that the contoso. You need to configure the contoso.
Your company has an organizational unit named Production. You need to deploy an application to users in the Production organizational unit. The SQLSrv account has domain user rights. The SQL Server computer fails after running successfully for several weeks. The SQLSrv user account is not locked out. You need to resolve the server failure and prevent recurrence of the failure.
Which two actions should you perform? You have an existing Active Directory site named Site1. You create a new Active Directory site and name it Site2. You need to configure Active Directory replication between Site1 and Site2.
You install a new domain controller. You create the site link between Site1 and Site2. What should you do next? Your company has an Active Directory forest that contains only Windows Server domain controllers. You need to prepare the Active Directory domain to install Windows Server R2 domain controllers. Which two tasks should you perform? Your company purchases a new application to deploy on computers. The application requires that you modify the registry on each target computer before you install the application.
The registry modifications are in a file that has an. You need to prepare the target computers for the application. The domain contains 10 domain controllers. You plan to create a new Active Directory-integrated zone. You need to ensure that the new zone is only replicated to four of your domain controllers. You are decommissioning domain controllers that hold all forest-wide operations master roles. You need to transfer all forest-wide operations master roles to another domain controller.
Which two roles should you transfer? Your company uses a Windows Enterprise certificate authority CA to issue certificates. You need to implement key archival. You have two servers named Server1 and Server2. Both servers run Windows Server R2. Server1 is configured as an Enterprise Root certification authority CA. You install the Online Responder role service on Server2.
All consultants belong to a global group named TempWorkers. You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders. You need to record any failed attempts made by the consultants to access the confidential data. An Active Directory database is installed on the C volume of a domain controller.
You need to move the Active Directory database to a new volume. You need to provide copies of the zone files of the DNS server to the security department. All domain controllers run Windows Server R2. You need to capture all replication errors from all domain controllers to a central location.
All servers run Windows Server R2. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. Your company has an Active Directory domain and an organizational unit.
The organizational unit is named Web. You need to deploy the new security settings only on the IIS servers that are members of the Web organizational unit. Your company runs an Enterprise Root certification authority CA. You need to ensure that only administrators can sign code.
Your network consists of an Active Directory forest that contains one domain. All domain controllers run. You have an Active Directory- integrated zone. You have two Active Directory sites.
Each site contains five domain controllers. You add a new NS record to the zone. You need to ensure that all domain controllers immediately receive the new NS record. Your network consists of an Active Directory forest named contoso. All domain controllers are configured as DNS servers. The contoso. You have a member server that contains a standard primary DNS zone for dev. You need to ensure that all domain controllers can resolve names for dev.
You log on to the domain controller. You need to access the Active Directory Schema snap-in. You need to identify all failed logon attempts on the domain controllers. Your company has a domain controller server that runs the Windows Server R2 operating system. The server is a backup server. The server has a single GB hard disk that has three partitions for the operating system, applications, and data.
You perform daily backups of the server. The hard disk fails. You replace the hard disk with a new hard disk of the same capacity. You restart the computer on the installation media. You select the Repair your computer option. You need to restore the operating system and all files. Your company has a main office and three branch offices. Each office is configured as a separate Active Directory site that has its own domain controller.
You disable an account that has administrative rights. You need to immediately replicate the disabled account information to all sites. Your company has a server that runs Windows Server R2. You need to audit changes to the CA configuration settings and the CA security settings. Your company has file servers located in an organizational unit named Payroll. The file servers contain payroll files located in a folder named Payroll.
You create a GPO. You need to track which employees access the Payroll files on the file servers. You network consists of a single Active Directory domain. What tool should you use? Your company uses an Enterprise Root certificate authority CA.
You need to ensure that revoked certificate information is highly available. A user attempts to log on to the domain from a client computer and receives the following message: "This user account has expired.
Ask your administrator to reactivate the account. A domain controller named DC1 has a standard primary zone for contoso. A domain controller named DC2 has a standard secondary zone for contoso.
You need to ensure that the replication of the contoso. You must not lose any zone data. Your company has an Active Directory forest. Not all domain controllers in the forest are configured as Global Catalog Servers. Your domain structure contains one root domain and one child domain. You modify the folder permissions on a file server that is in the child domain. You discover that some Access Control entries start with S and that no account name is listed.
You need to list the account names. All servers run Windows Server. You deploy a Certification Authority CA server. You create a new global security group named CertIssuers. You need to ensure that members of the CertIssuers group can issue, approve, and revoke certificates.
Your company has an Active Directory forest that contains two domains, The forest has universal groups that contain members from each domain. A branch office has a domain controller named DC1, Users at the branch office report that the logon process takes too long.
You need to decrease the amount of time it takes for the branch office users to logon. Which three tasks should you perform next? You are installing an application on a computer that runs Windows Server R2.
During installation, the application will need to install new attributes and classes to the Active Directory database. You need to ensure that you can install the application. Your company has an Active Directory forest that contains a single domain.
You have a two-tier PKI infrastructure that. Your company has an Active Directory forest that runs at the functional level of Windows Server The company has purchased new computers. You want to deploy the computers as members of the domain.
You need to create the computer accounts in an OU. Your company has a main office and a branch office that are configured as a single Active Directory forest. The functional level of the Active Directory forest is Windows Server There are four Windows Server domain controllers in the main office.
You need to ensure that you are able to deploy a read-only domain controller RODC at the branch office. You need to record all inbound DNS queries to the server.
What should you configure in the DNS Manager console? You need to ensure that users are able to install approved application updates on their computers. You need to implement a certification authority CA server that meets the following requirements: Allows the certification authority to automatically issue certificates Integrates with Active Directory Domain Services What should you do?
Your company has recently acquired a new subsidiary company in Quebec. The Active Directory administrators of the subsidiary company must use the French-language version of the administrative templates.
You need to ensure that the French-language version of the templates is available. The company has three locations. Each location has an organizational unit and a child organizational unit named Sales. The Sales organizational unit contains all users and computers of the sales department. The company plans to deploy a Microsoft Office application on all computers within the three Sales organizational units.
You need to ensure that the Office application is installed only on the computers in the Sales organizational units. You have a domain controller and a member server that run Windows Server R2. Both servers are configured as DNS servers. You have a standard primary zone on the domain controller. The member server hosts a secondary copy of the zone.
You need to ensure that only authenticated users are allowed to update host A records in the DNS zone. Your company has a single-domain Active Directory forest.
The functional level of the domain is Windows Server You perform the following activities: Create a global distribution group. Add users to the global distribution group. Create a shared folder on a Windows Server member server. Place the global distribution group in a domain local group that has access to the shared folder. You need to ensure that the users have access to the shared folder.
Your company network has an Active Directory forest that has one parent domain and one child domain. The child domain has two domain controllers that run Windows Server All user accounts from the child domain are migrated to the parent domain. The child domain is scheduled to be decommissioned. You need to remove the child domain from the Active Directory forest. You upgrade all domain controllers to Windows Server You need to configure the Active Directory environment to support the application of multiple password policies.
The DNS servers are configured as shown in the following table. All computers that belong to the fabrikam. Users from the fabrikam. You need to ensure users in the fabrikam. Your company has a single Active Directory domain named intranet. All computers, including non-domain members, dynamically register their DNS records.
You need to configure the intranet. Your company has a main office and a branch office. The company has a single-domain Active Directory forest. The DNS zones only allow secure updates. A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails. You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task. Server1 is configured as an enterprise root certification authority CA.
You need to configure Server1 to support the Online Responder. The company has branch offices in three locations. Each location has an organizational unit.
You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units. Your company has an Active Directory domain named contoso. You need to enable Internet name resolution for all client computers.
The domain functional level is Windows native and the forest functional level is Windows You need to ensure the UPN suffix for contoso. You plan to install an Enterprise certification authority CA on a dedicated stand-alone server. Your network consists of an Active Directory forest that contains two domains. All domain controllers are configured as DNS Servers. You have a standard primary zone for dev. You need to ensure that all domain controllers can resolve names from the dev.
The two offices are connected with an unreliable WAN link. You add a new server to the main office. Five minutes after adding the server, a user from the branch office reports that he is unable to connect to the new server. You need to ensure that the user is able to connect to the new server. You need to validate whether Active Directory successfully replicated between two domain controllers. The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain.
You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes. Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives.
You need to apply desktop restrictions to the sales executives group. You must not apply these desktop restrictions to the sales managers group. You perform nightly backups. An administrator deletes the Groups OU. The Sales organizational unit contains all the users and computers from the sales department. You need to install an application on all the computers in the sales department. A user attempts to log on to a computer that was turned off for twelve weeks.
The administrator receives an error message that authentication has failed. You need to ensure that the user is able to log on to the computer. One of these GPOs publishes applications to user objects.
A user reports that the application is not available for installation. You need to identify whether the GPO has been applied. Your company, Contoso Ltd has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.
The ad. DC1 is configured as a DNS server for the ad. This zone is configured as a standard primary zone. You install a new domain controller named DC2 in the branch office. The company has an Active Directory forest that has a single domain. Each office has one domain controller. Each office is configured as an Active Directory site. You need to decrease the replication latency between the domain controllers. Your company has an Active Directory domain named ad.
The domain has two domain controllers named DC1 and DC2. Both domain controllers have the DNS server role installed. Contoso has an Active Directory forest that has three domains. You need to reduce the time required to authenticate users from the labs.
Your network contains an Active Directory forest. You have an Active Directory-integrated zone for contoso. You have a Unix-based DNS server. You need to configure your Windows Server R2 environment to allow zone transfers of the contoso. What should you do in the DNS Manager console?
Your company has two Active Directory forests named Forest1 and Forest2, The forest functional level and the domain functional level of Forest1 are set to Windows Server The forest functional level of Forest2 is set to Windows , and the domain functional levels in Forest2 are set to Windows Server You need to set up a transitive forest trust between Forest1 and Forest2.
Security policy prevents port and port 80 from being opened on domain controllers and on the issuing CA. You need to allow users to request certificates from a Web interface.
You have a single Active Directory domain. Your company security policy requires complex passwords. You have a comma delimited file named import.
You need to create user account in the domain by using the import. You also need to ensure that the new user accounts are set to use default passwords and are disabled. The company has two domain controllers named DC1 and DC2. DC1 holds the Schema Master role. DC1 fails. You log on to Active Directory by using the administrator account. You are not able to transfer the Schema Master operations role. You need to ensure that DC2 holds the Schema Master role.
You need to ensure that members of the Account Operators group are able to issue smartcard credentials. They should not be able to revoke certificates. Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees they Allow Read and Allow Execute permissions to shared resources in the main office. The new employees are unable to access shared resources in the main office.
You need to ensure that users are able to establish a VPN connection to the main office. Each branch office has an organizational unit and a child organizational unit named Sales. You need to install an Office application only on the computers in the Sales organizational unit.
You upgrade all domain controllers to Windows Server R2. Your company has a domain controller that runs Windows Server The domain controller has the backup features installed. You need to perform a non-authoritative restore of the doman controller using an existing backup file. The company has servers that run Windows Server R2 and client computers that run Windows 7. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements.
Your partner company has an Active Directory forest that contains a single domain. You need to configure your partner company's domain to use the approved set of administrative templates. You need to ensure that users at the branch office are able to log on to the domain by using the RODC. You create new user accounts. The users are located in six different sites. New users report that they receive the following error message when they try to log on: "The username or password is incorrect.
You also confirm that the user name and password information supplied are correct. You need to identify the cause of the failure. You also need to ensure that the new users are able to log on. Which utility should you run?
After studying all these free questions you can be confident on Microsoft practice test questions and answers from Exam-Labs. Apart from these online questions you can also study Microsoft exam practice test questions and answers in VCE file format which can be opened with Avanset VCE exam simulator.
You will get access to your products immediately after we receive your payment. Please check your mailbox for a message from support exam-labs. Microsoft Exam Practice Test Questions. Billed every 3 months.
Billed every 6 months. Billed every 12 months. Subscription options Please select your preferred subscription below: Pay Quarterly. Run the netsh interface reset command. Run the sc stop netlogon command followed by the sc start netlogon command. The Netlogon service on domain controllers registers this resource record whenever a domain controller is restarted. You can also re-register a domain controllers SRV resource records by restarting this service from the Services branch of Server Manager or by typing net start netlogon.
An exam Question might ask you how to troubleshoot the nonregistration of SRV resource records. Show correct answer. Question 2 - Topic 1 Your network consists of an Active Directory forest that contains one domain named contoso. From the DNS Manager console, modify the permissions of the contoso.
From the DNS Manager console, modify the permissions of the nwtraders. To modify security for a directory-integrated zone: 1. Open DNS Manager. In the console tree, click the applicable zone. On the Action menu, click Properties. On the General tab, verify that the zone type is Active Directory-integrated. On the Security tab, modify the list of member users or groups that are allowed to securely update the applicable zone and reset their permissions as needed.
The SOA resource record contains the following information: Source host - The host where the file was created. Contact e-mail - The e-mail address of the person responsible for administering the domain's zone file.
Note that a ". Serial number - The revision number of this zone file. Increment this number each time the zone file is changed. It is important to increment this value each time a change is made, so that the changes will be distributed to any secondary DNS servers. Refresh Time - The time, in seconds,. Question 3 - Topic 1 Your company has a branch office that is configured as a separate Active Directory site and has an Active Directory domain controller.
The Server Manager console. Open Active Directory Sites and Services. The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services AD DS forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
In addition to configuration and schema directory partition replicas, every domain controller in a forest stores a full, writable replica of a single domain directory partition. Therefore, a domain controller can locate only the objects in its domain. Locating an object in a different domain would require the user or application to provide the domain of the requested object. The global catalog provides the ability to locate objects from any domain without having to know the domain name.
A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest.
The additional domain directory partitions are partial because only a limited set of attributes is included for each object. By including only the attributes that are most used for searching, every object in every domain in even the largest forest can be represented in the database of a single global catalog server.
Note: A global catalog server can also store a full, writable r. Question 4 - Topic 1 Your company has two Active Directory forests named contoso. Raise the forest functional level of fabrikam. Raise the domain functional level of fabrikam. Explanation: Answer: Raise the domain functional level of fabrikam. They also determine which Windows Server operating systems you can run on domain controllers in the domain or forest. However, functional levels do not affect which operating systems you can run on workstations and member servers that are joined to the domain or forest.
In order for TGTs to be issued using AES, the domain functional level must be Windows Server or higher and the domain password needs to be changed. This discussion focuses on how AES can be used to protect these Kerberos authentication protocol messages and data structures that are exchanged among the three parties.
Question 5 - Topic 1 You need to ensure that users who enter three successive invalid passwords within 5 minutes are locked out for 5 minutes. Set the Minimum password age setting to one day. Set the Reset account lockout counter after setting to 5 minutes. Microsoft Expand child menu Expand. Microsoft Office Expand child menu Expand. Programming Expand child menu Expand. Testing Expand child menu Expand.
Java Expand child menu Expand. Mobile Expand child menu Expand. API Expand child menu Expand. Business Expand child menu Expand. Data Analytics Expand child menu Expand. Business Intelligence Expand child menu Expand. Interview Guide Expand child menu Expand. Job Hunt Guide Expand child menu Expand. Career Guide Expand child menu Expand.
Interview Tips Expand child menu Expand. Must Read Expand child menu Expand. Tricky Expand child menu Expand. Popular Expand child menu Expand. Helps crack your upcoming job interview. Helps Deep connection with our video content. Get access to all the latest tutorials and learn free. Learn from the best in the industry. Watch Now! We can help you get a job. Signup Now! All our downloadable eBooks in one neat little pile. Active Directory Interview Questions and Answers. Mention what is Active Directory?
What is Native Mode? What is Organizational Units? Do we use clustering in Active Directory? Because Active Directory provides total redundancy with two or more servers Q5. What is sites? What are they used for? What is Domains in Active Directory? Tell me about Infrastructure master?
What is Active Directory Recycle Bin? It helps to restore accidentally deleted Active Directory objects without using a backedup AD database, rebooting domain controller or restarting any services Q Trying to look at the Schema, how can I do that?
Mention which is the default protocol used in directory services? What is LDAP? Recent Topics Archive. Net Interview Question and Answer 1. Top Categories. Enterprise Services. Drop us a line.
0コメント