Active Directory and DNS Concepts

Questions and Answers

What are the two basic classes of Active Directory objects?

Container and leaf objects (correct)

Domain and user objects

Security and distribution

Active and passive

What defines what objects exist as well as what attributes are associated with any object in the Active Directory?

Active Directory global directory

Active Directory schema (correct)

Active Directory administrator

Active Directory root user

What is the next level of Active Directory container object within a domain?

Subdomain

Forest

Group

Organizational unit (correct)

Active Directory keeps a naming convention for the domain that mirrors ______.

DNS

What allows administrators to grant users in one domain access to resources of another domain within the same domain tree?

Bidirectional trust relationship between domains

If an administrator creates a domain tree in an Active Directory forest, and then creates a separate and different domain tree, what is the relationship between the two domain trees?

Same security entity as one Active Directory forest, bidirectional trust between domain trees

What determines the functional level of an Active Directory forest?

The lowest version of Windows Server on a domain controller

What is the global catalog?

An index of all AD DS objects in a forest

What is an important difference between groups and OUs?

Group memberships are independent of the domain's tree structure.

What is the method for removing a domain controller in Windows Server 2019?

Using the Remove Roles and Features Wizard

How far into the lease period does a DHCP client begin requesting renewal of the IP address?

50 percent, or at 4 days into the lease

What are the advantages of using a distributed DHCP infrastructure?

Clients have ready access to DHCP servers

Before a DHCP server can hand out addresses, which of the following steps must be completed? (Choose two answers.)

A DHCP scope must be created and activated.

Which of the following steps must be completed in order to ensure a network printer is assigned the same address through the DHCP server?

Create a reservation in the DHCP scope.

What are the servers at the top of the DNS hierarchy called?

Root servers

The typical query one DNS server sends to a root name server is called a(n) ______.

recursive query

The domain name part of a DNS name is ______ and consists of two or more words, separated by ______.

hierarchical; periods

What do you call the source responsible for maintaining a domain's resource records?

Authoritative source

When using DNS for name resolution only, why should a company consider using DNS servers outside the network perimeter?

Less traffic crossing the network perimeter

At what level of the DNS hierarchy are actual hosts, apart from the root servers?

At the second-level domain level

Concerning DNS, what is negative caching?

When a DNS server receives information about a non-existent host

A DNS server receives updated information. Other DNS servers have outdated information cached. What determines the amount of time that the old DNS data remains cached on a server and an update might occur?

Time To Live (TTL) specified by each DNS server's administrator

What is the default TTL for a Windows Server 2019 DNS server?

1 hour

Why is the DNS service included in Windows Server 2019 integrated with DHCP service?

To allow a DHCP server to request a DNS server to update or create a record.

You registered the domain name contoso.com. The FQDNs seattle.contoso.com and halifax.contoso.com are examples of different ______.

subdomains of contoso.com

When a DNS server communicates a name resolution query to another DNS server, what type of datagram is used, and over what port?

UDP; 53

Concerning DNS domain hierarchy, what are examples of global top-level domains?

.com, .net, .org

Resource access for individuals takes place through their ______.

user accounts

What are the two built-in user accounts created on a computer running Windows Server 2019?

administrator and guest

What are the two types of user accounts in Windows Server 2019?

local and domain

What do you call the process of confirming a user's identity by using a known value such as a password, a smart card, or a fingerprint?

authentication

Can a domain user, who does not possess explicit object creation permissions, create computer objects?

Yes, authenticated users can create workstation, but not server objects

What do you call the process of confirming that a user has the correct permissions to access one or more network resources?

authorization

Which of the following guidelines are NOT best practice for securing the Administrator account?

Using the Administrator account for daily, non-administrative tasks

When would administrators choose to use a User Template?

When an administrator wants to save time while creating single users with many attributes

What would be the distinguished name (DN) for a user named Ella Parker, whose user account resides in the Marketing OU of the adatum.com domain?

cn=Ella Parker,ou=Marketing,dc=adatum,dc=com

Which of the following is NOT a group scope?

Security groups

Of the key reasons for creating organizational units, which of the following is NOT one of them?

Assigning permissions to network resources

What is the only OU created by default after installing Active Directory?

Domain Controllers OU

Within a domain, the primary hierarchical building block is the ______.

organizational unit

Members of a universal group can come ______.

from trusted forests

Of the default groups created when Active Directory is installed, what are the types of those groups?

Security groups

What is the group scope for Domain Admins, Domain Controllers, and Domain Users default groups?

Global

Which of the following default groups is a universal group?

Enterprise Admins

Which of the following is NOT an example of a special identity?

Dialup Service

What is the proper term for associating a Group Policy to a set of AD DS objects?

Linking

When multiple GPOs are linked to a container, which GPO in the list has the highest priority?

the first

What is the Microsoft Management Console (MMC) snap-in that you use to create GPOs and manage their deployment to AD DS objects?

Group Policy Management console

Can an administrator launch the Group Policy Management console from a workstation?

Yes, if the workstation is running the Remote Server Administration Tools package

Group Policy settings are divided into two subcategories: User Configuration and Computer Configuration. Each of those two are further organized into three subnodes. What are the three?

Software settings, Windows settings, and Administrative Templates

What do you call the process that after you link a GPO to a site with multiple domains, the Group Policy settings are applied to all the domains and the child objects beneath them?

inheritance

What application or interface allows you to configure security filtering?

Group Policy Management console

Local GPOs contain fewer options than domain GPOs. Local GPOs do not support ______.

folder redirection or Group Policy software installation

Which of the following is the maximum disk size supported when using GPT partitioning?

18 exabytes (EB) for each partition

How many primary partitions are supported on a GPT partitioned disk?

128

Which of the following is an enhanced NTFS file system that offers larger volume sizes and files?

ReFS

How many active partitions can a hard disk hold?

1

Which of the following statements identifies the difference between striped and spanned volumes?

With striped volumes, the system writes data one strip at a time to each successive disk in the volume.

Regarding both striped and spanned volumes, which of the following is the maximum number of physical disks permitted to create a volume?

32

After you create a new VHD, it appears as a(n) ______ in the Disk Management snap-in and ______ in Server Manager.

uninitialized disk

Which of the following is the net effect of the following combination of share and NTFS permissions when the share is accessed over the network?

• Share permission (Share tab)—Sales group: Full Control
• NTFS permission (Security tab)—Sales group: Read & Execute, Modify, Write

Members of the Sales group will be able to edit content and delete files.

Which of the following permissions are assigned directly to a file or folder?

explicit

Which of the following is the minimum permission level needed to change the attributes of a file?

Write

Which of the following is the minimum permission level needed to take ownership of a file or folder?

Full Control

Which of the following permission levels always overrides the other permission levels?

Explicit Deny Full Control

Windows Server 2019 supports which of the following two types of folder shares?

Network File System and Server Message Blocks

Study Notes

Active Directory Objects

• Two basic classes of Active Directory objects are containers and leaf objects
• Active Directory schema defines what objects exist and what attributes are associated with them
• The next level of Active Directory container object within a domain is an organizational unit
• The naming convention for a domain in Active Directory mirrors the DNS system

Active Directory Concepts

• Bidirectional trust relationships allow administrators to grant users in one domain access to resources of another domain within the same domain tree
• Active Directory forests are composed of multiple domain trees. A trust relationship exists between the two domain trees, and these are part of the same security entity.
• The lowest version of Windows Server running on a domain controller determines the functional level of an Active Directory forest.

DNS Concepts

• Root servers are at the top of the DNS hierarchy
• The typical query sent to a root name server is a recursive query
• The domain name part of a DNS name is separated by periods and consists of two or more words

DHCP Concepts

• A DHCP client requests renewal of an IP address 50 percent, or about 2 days, into the lease period.
• Distribution of DHCP servers across a network can reduce network traffic and administrative overhead.

Active Directory Security

• A user's access to resources in other domains is determined by trust relationships within the same domain tree.
• Administrator accounts should be protected by strong passwords and not used for daily, nonadministrative tasks.
• Proper naming conventions make administration easier.

Other Concepts

• The default TTL for a Windows Server 2019 DNS server is 1 hour.
• The DNS service is integrated with the DHCP service to allow a DNS server to provide information to DHCP clients

Group Policy

• Linking a Group Policy to a set of AD DS objects is called linking.
• The most restrictive GPO in a container has the highest priority.
• The Group Policy Management console is used in managing Group Policy Objects.

Virtualization

• The Hypervisor is a module in Windows Server 2019 that provides the underlying virtualization technologies.
• The Hyper-V Manager is the graphical tool for managing virtual machines in a virtualization environment.
• A virtual machine's ability to access physical hardware is enabled through appropriate settings.
• Disk types that can support a maximum image size up to 2 TB are VHDX files.

Storage

• RAID 5 is a striped set with distributed parity.
• Storage pools are a combination of storage devices concatenated to make larger storage volumes.
• Three-way mirroring provides protection against two simultaneous drive failures in storage spaces.
• Storage area networks can be accessed over the network via protocols.

Other Important Points

• The number of primary partitions supported on a GPT partition disk is 128
• A Universal Group is a type of group available in Active Directory that allows members from multiple domains to be part of the Group, while a Global Group only contains users within a single domain
• The minimum number of nodes required for a production-ready failover cluster is 3
• The default TTL for a Windows server DNS is 1 hour.
• The default port for WSUS synchronization is 8530

Description

Test your understanding of Active Directory objects and their structure, including containers and leaf objects. This quiz also covers trust relationships and the DNS hierarchy, essential for managing network resources effectively. Ideal for those studying network administration.