Active Directory Exam Questions and Answers, Exams of Advanced Education

A comprehensive set of questions and answers related to active directory, covering various aspects such as organizational units, domain controllers, group managed service accounts, and troubleshooting. it's valuable for students studying network administration and security, offering practical examples and scenarios to enhance understanding. The questions test knowledge of key concepts and problem-solving skills.

Typology: Exams

2024/2025

Available from 05/06/2025

Examproff
Examproff 🇺🇸

3

(2)

8.3K documents

1 / 15

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Active Directory Exam with Complete
Solutions (Verified)
A virtual domain controller has been powered on and begins to boot. When it does, the
hypervisor host detects that the value of the Vm-Generation-ID in the virtual machine's
configuration and the value of the VM-Generation-ID in the virtual domain controller's
computer object in Active Directory don't match.
What happens next? - ANSWER-The hypervisor pushes the latest RID pool and USN to
the virtual domain controller.
Click on all of the organizational units in the domain represented in the image below -
ANSWER-domain controllers
sales
Click on the container in Active Directory where group managed service accounts are
created by default. - ANSWER-Managed Service Accounts.
Click on the item in the imagine below that defines a security and replication boundary -
ANSWER-testoutdemo.com
Consider the Domain shown in the example below - ANSWER-Mary Bones
Mary Hurd
Drag the Active Directory terms on the left to their corresponding definition on the right. -
ANSWER-Logical organization of resources - Organizational Unit
Collection of network resources - Domain
Collection of related domain trees - Forest
Resource in the directory - Object
Group of related domains - Tree
Listed on the left are various operation master roles. For each tool, identify the roles that
you can transfer using that tool by dragging the role from the left to the boxes below the
tool. - ANSWER-Active Directory Users and Computers:
RID master, PDC emulator, Infrastructure master
Active Directory Domains and Trusts:
Domain naming master
Match the Active Directory term on the right with its corresponding definition on the left.
- ANSWER-Domain Controller:
A server that holds a copy of the Active Directory database that can be written to.
Site:
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download Active Directory Exam Questions and Answers and more Exams Advanced Education in PDF only on Docsity!

Active Directory Exam with Complete

Solutions (Verified)

A virtual domain controller has been powered on and begins to boot. When it does, the hypervisor host detects that the value of the Vm-Generation-ID in the virtual machine's configuration and the value of the VM-Generation-ID in the virtual domain controller's computer object in Active Directory don't match. What happens next? - ANSWER-The hypervisor pushes the latest RID pool and USN to the virtual domain controller. Click on all of the organizational units in the domain represented in the image below - ANSWER-domain controllers sales Click on the container in Active Directory where group managed service accounts are created by default. - ANSWER-Managed Service Accounts. Click on the item in the imagine below that defines a security and replication boundary - ANSWER-testoutdemo.com Consider the Domain shown in the example below - ANSWER-Mary Bones Mary Hurd Drag the Active Directory terms on the left to their corresponding definition on the right. - ANSWER-Logical organization of resources - Organizational Unit Collection of network resources - Domain Collection of related domain trees - Forest Resource in the directory - Object Group of related domains - Tree Listed on the left are various operation master roles. For each tool, identify the roles that you can transfer using that tool by dragging the role from the left to the boxes below the tool. - ANSWER-Active Directory Users and Computers: RID master, PDC emulator, Infrastructure master Active Directory Domains and Trusts: Domain naming master Match the Active Directory term on the right with its corresponding definition on the left.

  • ANSWER-Domain Controller: A server that holds a copy of the Active Directory database that can be written to. Site:

Represents a group of networks that are connected with high-speed links. Subnet: Represents a physical network segment. Forest Root Domain: The first domain created in an Active Directory forest. Tree Root Domain: The highest level domain in a tree. Match the Active Directory term on the right with its corresponding definition on the left. not all of the definitions on the left have an associated term on the right. - ANSWER- Data Table: Contains all the information in the Active Directory data store. Link table: Contains data that represents linked attributes. SD Table: Contains data that represents inherited security descriptors for each object. Schema: Identifies the object classes that exist in the tree and the attributes of each class. To prevent Update Sequence Number (USN) rollback issues with virtual domain controllers, each domain controller (virtual or physical) is assigned a unique identifier called the VM-Generation-ID. For virtual domain controllers, where is this identifier stored? (Choose two.) - ANSWER- In a file within the virtual machine configuration. As an attribute of each domain controller computer object in Active Director What is the key difference between a managed service account and a group managed service account. - ANSWER-A managed service account can be used on only one computer in a domain. Which built-in local user account is a member of the local Administrators group? - ANSWER-Local System You and Sammy are creating an organizational unit structure and user accounts for the education.westsim.com domain. You created ACTG, PROD, and SALES organizational units on Server 1. Fifteen minutes later, you change the name of the ACTG organizational unit to ACCT. Before replication finishes, Sammy uses Server 2 to add several user accounts to the ACTG organizational unit. You check the ACCT OU to find the user accounts are not there.

do? - ANSWER-Create a managed service account. Then you should configure the backup software to use the managed service account. You are the network administrator for a company with a single Active Directory domain. The domain functional level is Windows Server 2003. Each departmental administrative team has delegated control over an organization unit (OU) for their department. In the last few weeks there have been several new administrators join the team that have never managed Active Directory before. Yesterday, one of the new administrators inadvertently deleted an entire OU from within his department's OU structure. You have located a backup from two days ago to use for the restoration. What should you do? - ANSWER-Reboot a domain controller into directory services restore mode and restore Active Directory from the backup Run Ntdsutil and mark the deleted OU for authoritative restore You are the network administrator for a network with a single Active Directory forest. All domains in the forest are at Windows Server 2003 functional level and the forest is also at Windows Server 2003 functional level. Offices exist in Denver, Chicago, and Miami. Each geographic location has an Active Directory site configured. The links that connect the Denver and Miami sites to the corporate headquarters in Chicago are highly utilized, and you want to minimize replication traffic over them. Company headquarters is located in Chicago and that locaiton has multiple global catalog servers to service global queries efficiently. Several users in Denver and Miami are members of universal groups throughout the forest. You need to make sure that in the event of a WAN link failure that group membership will be protected and logons will be available. What should you do? - ANSWER-Enable Universal Group Membership Caching for the Denver and Miami sites You are the network administrator for a network with a single Active Directory parent domain and two child domains. All domain controllers are running Windows Server 2012 R2. You are responsible for disaster recovery across the entire network. You decided to use Windows Server Backup. You schedule full server backups to be taken every night, along with a system state backup an hour later. On Friday morning, you are creating new users in the Accounting OU when you receive an error stating that the user cannot be created because the context could not be found. After some investigation you find that a co-worker has deleted the OU and the change has replicated to all domain controllers. You want to restore the latest version of the OU without affecting the rest of Active Directory.

What should you do? - ANSWER-Boot a domain controller into Directory services restore mode. Perform a nonauthoritative restore. Run Ntdsutil and mark the Accounting OU as authoritative You are the network administrator for eastsim.com. eastsim.com has one main office in Dallas, TX and two branch offices in New York, NY and Los Angeles, Ca. The branch offices are both connected to the main office by dedicated WAN links. There is no direct conection between the branch offices. The network consists of one Active Directory domain that contains 2,000 users. There are two domain controllers at each site listed in the table below. DC1 was the first domain controller installed in the domain and it currently hosts all five Flexible single Master Operations (FSMO) roles. You need to identify which server should be used as a backup operations master in the even that DC1 should fail. Which server should be used. - ANSWER-DC You are the network administrator for eastsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 7 and Windows 8. There is one main office and seven branch offices. There are two writable domain controllers in the main office. There is one read-only domain controller (RODC) in each branch office. The domain functional level is set to Windows Server 2003. While visiting one of the branch offices, you accidentally delete a folder from the SYSVOl share on the local RODC. You need to restore the contents of the SYSVOL on the RODC. Waht should you do? - ANSWER-You should set the Burflags registry setting on one of the writable domain controllers to D2. You are the network administrator for northsim.com, a company that specializes in extreme sports vacations. The company has one main office and 30 branch offices. All of the branch offices have 3 to 10 users on location, and all of them are located in remote areas of the country. Due to the need to be located near natural resources, many of the branch offices lack basic security and almost all of them are connected to the main office via dial-up. Users at the branch offices complain that it takes a long time to log on to the domain. Management has authorized the purchase and deployment of one Windows Server 2012 R2 server for each branch office. You have been asked to develop a standard installation for the new servers being deployed. Your solution must meet the following requirements:

  • Each branch office server should perform authentication for users located at that branch office.

level is set to Windows Server 2008 R2. The forest functional level is set to Windows Sever 2008. You need to enable the Active Directory Recycle Bin feature. What should you do? - ANSWER-Raise the forest functional level to Windows Server 2008 R2. Use Idp.exe to enable the Active Directory Recycle Bin You are the network administrator for westsim.com The network consists of a single Active Directory domain. All the servers fun Windows Server 2012 R2. All the clients run Windows 7 or Windows 8. The forest functional level is set to Windows Sever 2008 R2. The active Directory recycle bin has been enabled. While working in Active Directory Users and Computers, you accidentally delete a group. You need to restore the group using the least amount of administrative effort. What should you do? - ANSWER-Use the Restore-ADObject PowerShell command to restore the group You are the network administrator for westsim.com. The network consists of a single Active Directory domain. - ANSWER-Get- ADDomainControllerPasswordReplicationPolicyUsage You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2012 and all the clients run Windows 8. Company policy requires all users in the domain to change their passwords every 30 days. An application named App1 uses a service account named App1Svc. Every 30 days, App1 fails. When the App1Svc account password is reset, the application works fine. You need to prevent App1 from failing in the future without compromising corporate security standards. What should you do? - ANSWER-Run the New-ADServiceAccount cmdlet. You are the network administrator for westsim.com. The network consists of a single active directory domain. all the servers run Windows Server 2012 R2 and all the clients run Windows 7 or Windows 8. The network had a child domain named east.westsim.com. The domain was decommissioned but several snapshots were taken prior to the decommissioning. Management requests that you identify the members of a group that existed in the east.westsim.com. You mounted the last snapshot to examine the group on a domain controller named DC1, but you now need to see the data in the snapshot. What command should you run? - ANSWER-dsamain

You are the network administrator for westsim.com. The network consists of one Active Directory domain that contains 1,500 users. westsim.com has one main office and 15 branch offices. There are three domain controllers at the main office and one domain controller at each branch office. You have been asked to identify which domain controller hosts the Schema Master role. Which utilities should you use? - ANSWER-Active Directory Schema snap-in Dsquery You are the network administrator for westsim.com. The network will consist of one Active Directory domain that contains 100 users. You install Windows Server 2012 on a server named DC1. You then install Active Directory Domain Services (AD DS) and promote DC1 to a domain controller. After creating the new domain, you create a replica domain controller named DC2. Several months after installation, DC1 fails. Parts to restore the sedrdver will not be available for several weeks. You need to transfer the Flexible Single Master Operations (FSMO) roles to DC2. What should you do? - ANSWER-Use the NTDSUtil in an elevated command prompt on DC2 to seize the roles You are the network administrator for westsim.com. westsim.com has one main office and 10 branch offices. The network consists of three Active Directory domains: westsim.com, eastsim.com, and websales.eastsim.com. All the domain controllers run Windows Server 2012 R2. Users on the westsim.com network often search for other employees based on the postal code attribute but they complain that Active Directory searches take a long time to complete. You believe that you can speed up searches by adding the postal code attribute to the Global Catalog. What should you do? - ANSWER-In the Active Directory Schema snap-in, in the Properties of the Postal Code attribute, select the Replicate this attribute to the Global Catalog check box. You are the network administrator for westsim.com. westsim.com has one main office and 50 branch offices. The network consists of one Active Directory domain that contains 5,000 users. You plan to deploy a Windows 2012 R2 domain controller in each branch office. Ten of the branch offices do not employ on-site IT staff. You need to recommend a solution for these 10 branch offices. Your solution must meet the following requirements:

You want the FTP Server service to log on and run on the system as a virtual service account named FTPSVC. What should you do? - ANSWER-Click LOG ON tab in the properties of the Microsoft FTP Service Specifiy a logon account of NT SERVICE/FTPSVC You have just installed a new domain controller running Windows Server 2012 R2. You would like to use Windows Server Backup to back up Active Directory. You would like to perform the backup so that you can restore the domain controller if the domain controller is able to boot but when Acitve Directory is corrupt. You want the backup to run once a day. You want to take the backup medium and put it in a safe in an offsite location. What should you do? - ANSWER-Save the backup to a local disk. Create a scheduled task to run wbadmin start systemsstatebackup. You have just installed a new domain on a new domain controller running Windows Server 2012 R2. You would like to use Windows Server BAckup to back up Active Directory. You would like to perform the backup so that you can restore the domain controller if the domain controller is able to boot but when Active Directory is corrupt. Which type of backup should you create? - ANSWER-System state backup You manage a group of 10 Windows 8 workstations that are currently configured as a Workgroup. Which advantages you could gain by installing Active Directory and adding the computers to a domain? (Select two.) - ANSWER-Centralized configuration control, Centralized authentication You manage a network with a single domain named eastsim.com. The network currently has three domain controllers. During installation, you did not designate one of the domain controllers as a global catalog server. Now you need to make the domain controller a global catalog server. Which tool would you use? - ANSWER-Active Directory Users and Computers or Active Directory Sites and Services. You manage a single-domain network named northsim.com. Currently, all users are located at a single site in Miami. You are opening a branch office in Orlando. The Orlando. office is connected to the Miami location using a dial-up connection and demand-dial routing. The link between offices is only used during the nighttime to synchronize sales information. About 50 full- time sales people work in the Orlando office.

The branch office will have its own domain controller, ORD-DC1. You create a new site object for the Orlando office and move the server into that site. You create a site link object that connects the Orlando site to the Miami site. Users are reporting that logon is slow. You find that during logon, the WAN link must be established before logon is allowed. You want to improve logon for the Orlando location. What should you do? - ANSWER-Enable Universal Group Membership Caching on the Orlando site. You manage a Windows Server 2012 R2 server that stores user data files. The system volume is drive C:, while all user data is on drive E:. You want to use Windows Server Backup to configure a backup schedule. You want to back up only the E: volume twice a day. You want to be able to restore individual files and folders. If possible, you want to save backups on optical media so you can place the backup disc in a media catalog server for easy retrieval. What should you do? - ANSWER-Create a Scheduled Task that runs wbadmin start backup. Save the backup to an external hard disk. You manage a Windows Server 2012 R2 server that stores user data files. You want to use Windows Server Backup to configure a backup schedule. You want to perform a complete system backup every Monday, Wednesday, and Friday. You want to be able to restore the entire system or individual files from the backup. What should you do? - ANSWER-Save backups to a shared folder. Create a Scheduled Task that runs wbadmin start backup. You manage a Windows Server 2012 R2 system and need to perform an immediate system state backup. The backup should be save on the E:\ volume. Which command should you use to do this? - ANSWER-wbadmin start systemstatebackup -backupTarget:E: You manage a Windows Server 2012 R2 system and need to perform an immediate system state backup. The backup will be saved on the C:\ volume. To accomplish this, you determine the wbadmin start systemstatebackup - backupTarget:C: is the appropriate command to use.

only happens from Dallas to San Antonio. Changes should not be made at San Antonio and replicated back to domain controllers in Dallas. What should you do? - ANSWER-Install a Read-only Domain Controller (RODC) in the branch office. You work for a consulting company. your best customer, a university on summer break, has a serious problem. one of the student interns carried a large cup of coffee into the computer room and promptly tripped over a section of the raised flooring. The coffee spilled and found its way into one of the domain controllers. Sparks flew and the domain controller was dead on arrival to the tech bench. The system board was no longer functional and two SCSI hard drives have failed. You replace the system board and SCSI hard drives. Fortunately, a system state backup was done two nights ago, but several changes in Active Directory have occurred since then and have been fully replicated to other domain controllers in this single domain network. You need to decide how to restore Active Directory on the failed server. You must complete the restoration as quickly as possible. What should you do? - ANSWER-Perform a non-authoritative restore of the entire Active Directory database Your network currently has the following Active Directory domains: westsim.com, emea.westsim.com, uk.emea.westsim.com, and us.westsim.com. Your company is closing its offices in the United States. Previously, most of the network administration took place in that office. Now all IT administration will take place in your London offices. You have removed all domain controllers from the us.westsim.com domain except for the DC1 server. This server hosts the following roles:• RID master• PDC emulator• Domain naming master• Infrastructure masterPrior to removing Active Directory from the domain controller, you need to transfer the necessary operation master roles to servers in the westsim.com domain. The westsim.com domain has the following domain controllers: WS1, WS2, WS3, and WS4. All servers are also global catalog servers except for WS3. What should you do to prepare for Active Directory removal on DC1? - ANSWER-Transfer the domain naming master to WS1, WS2, or WS Your network currently has two domains: eastsim.com and sales.eastsim.com You need to remove the sales.eastsim.com domain. You have removed all domain controllers in the domain except for the DC1.sales.eastsim.com server. This server holds the following infrastructure master roles:

  • RID master
  • PDC emulator
  • Infrastructure master
  • Domain naming master

You are getting ready to remove Active Directory from DC1. What should you do first? - ANSWER-Transfer the domain naming master to a domain controller in eastsim.com. Your network has two sites as shown in the graphic. You want to configure Computer as a Global Catalog server. Which object's properties would you edit to accomplish this?

  • ANSWER-NTDS Settings Your network has two sites as shown in the graphic. You want to configure Universal Group Membership Caching. Which object's properties would you edit to accomplish this? - ANSWER-NTDS Site Settings Your organization runs a Hyper-V hypervisor on a Windows Server 2008 R2 system that hosts a mix of Windows Server 2008 R2 and Windows Server 2012 R2 virtual domain controllers. You want to use snapshots to protect your virtual domain controllers on this hypervisor host. However, you have heard that doing this can cause Update Sequence Number (USN) rollback issues. What must you do to prevent this from happening? (Choose two.) - ANSWER-Install the latest Integration Services from a Windows Server 2012 R2 hypervisor on the virtual domain controllers. Upgrade the hypervisor host to Windows Server 2012 or Windows Server 2012 R2. Your organization runs a Hyper-V hypervisor on Windows Server 2012 R2 that hosts several Windows Server 2012 R2 virtual domain controllers. You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2012 R virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing virtual domain controller's virtual machine files. Prior to cloning the source virtual machine, you need to check it for installed applications and services that aren't compatible with the cloning process. Which PowerShell cmdlet can you use to do this? - ANSWER-New- ADDCCloningConfigFile Your organization runs a Hyper-V hypervisor on Windows Server 2012 R2 that hosts several Windows Server 2012 R2 virtual domain controllers. You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2012 R virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing virtual domain controller's virtual machine files. What must you do to perform this procedure correctly? (Select two.) - ANSWER-Create the DCCloneConfig.XML for the cloned domain controller.