Active Directory and DNS Concepts

Questions and Answers

What are the two basic classes of Active Directory objects?

• Container and leaf objects (correct)
• Domain and user objects
• Security and distribution
• Active and passive

What defines what objects exist as well as what attributes are associated with any object in the Active Directory?

• Active Directory global directory
• Active Directory schema (correct)
• Active Directory administrator
• Active Directory root user

What is the next level of Active Directory container object within a domain?

• Subdomain
• Forest
• Group
• Organizational unit (correct)

Active Directory keeps a naming convention for the domain that mirrors ______.

DNS (B)

What allows administrators to grant users in one domain access to resources of another domain within the same domain tree?

Bidirectional trust relationship between domains (D)

If an administrator creates a domain tree in an Active Directory forest, and then creates a separate and different domain tree, what is the relationship between the two domain trees?

Same security entity as one Active Directory forest, bidirectional trust between domain trees (A)

What determines the functional level of an Active Directory forest?

The lowest version of Windows Server on a domain controller (B)

What is the global catalog?

An index of all AD DS objects in a forest (A)

What is an important difference between groups and OUs?

Group memberships are independent of the domain's tree structure. (B)

What is the method for removing a domain controller in Windows Server 2019?

Using the Remove Roles and Features Wizard (D)

How far into the lease period does a DHCP client begin requesting renewal of the IP address?

50 percent, or at 4 days into the lease (B)

What are the advantages of using a distributed DHCP infrastructure?

Clients have ready access to DHCP servers (A), All the client/server network traffic is local, so minimal DHCP traffic on routers (C)

Before a DHCP server can hand out addresses, which of the following steps must be completed? (Choose two answers.)

A DHCP scope must be created and activated. (B), The DHCP server must be created and authorized. (D)

Which of the following steps must be completed in order to ensure a network printer is assigned the same address through the DHCP server?

Create a reservation in the DHCP scope. (A)

What are the servers at the top of the DNS hierarchy called?

Root servers (C)

The typical query one DNS server sends to a root name server is called a(n) ______.

recursive query (D)

The domain name part of a DNS name is ______ and consists of two or more words, separated by ______.

hierarchical; periods (B)

What do you call the source responsible for maintaining a domain's resource records?

Authoritative source (D)

When using DNS for name resolution only, why should a company consider using DNS servers outside the network perimeter?

Less traffic crossing the network perimeter (D)

At what level of the DNS hierarchy are actual hosts, apart from the root servers?

At the second-level domain level (D)

Concerning DNS, what is negative caching?

When a DNS server receives information about a non-existent host (C)

A DNS server receives updated information. Other DNS servers have outdated information cached. What determines the amount of time that the old DNS data remains cached on a server and an update might occur?

Time To Live (TTL) specified by each DNS server's administrator (B)

What is the default TTL for a Windows Server 2019 DNS server?

1 hour (A)

Why is the DNS service included in Windows Server 2019 integrated with DHCP service?

To allow a DHCP server to request a DNS server to update or create a record. (B)

You registered the domain name contoso.com. The FQDNs seattle.contoso.com and halifax.contoso.com are examples of different ______.

subdomains of contoso.com (D)

When a DNS server communicates a name resolution query to another DNS server, what type of datagram is used, and over what port?

UDP; 53 (A)

Concerning DNS domain hierarchy, what are examples of global top-level domains?

.com, .net, .org (A)

Resource access for individuals takes place through their ______.

user accounts (B)

What are the two built-in user accounts created on a computer running Windows Server 2019?

administrator and guest (C)

What are the two types of user accounts in Windows Server 2019?

local and domain (C)

What do you call the process of confirming a user's identity by using a known value such as a password, a smart card, or a fingerprint?

authentication (D)

Can a domain user, who does not possess explicit object creation permissions, create computer objects?

Yes, authenticated users can create workstation, but not server objects (B)

What do you call the process of confirming that a user has the correct permissions to access one or more network resources?

authorization (C)

Which of the following guidelines are NOT best practice for securing the Administrator account?

Using the Administrator account for daily, non-administrative tasks (A)

When would administrators choose to use a User Template?

When an administrator wants to save time while creating single users with many attributes (B)

What would be the distinguished name (DN) for a user named Ella Parker, whose user account resides in the Marketing OU of the adatum.com domain?

cn=Ella Parker,ou=Marketing,dc=adatum,dc=com (A)

Which of the following is NOT a group scope?

Security groups (D)

Of the key reasons for creating organizational units, which of the following is NOT one of them?

Assigning permissions to network resources (A)

What is the only OU created by default after installing Active Directory?

Domain Controllers OU (C)

Within a domain, the primary hierarchical building block is the ______.

organizational unit

Members of a universal group can come ______.

from trusted forests (C)

Of the default groups created when Active Directory is installed, what are the types of those groups?

Security groups (B)

What is the group scope for Domain Admins, Domain Controllers, and Domain Users default groups?

Global (A)

Which of the following default groups is a universal group?

Enterprise Admins (C)

Which of the following is NOT an example of a special identity?

Dialup Service (D)

What is the proper term for associating a Group Policy to a set of AD DS objects?

Linking (B)

When multiple GPOs are linked to a container, which GPO in the list has the highest priority?

the first (A)

What is the Microsoft Management Console (MMC) snap-in that you use to create GPOs and manage their deployment to AD DS objects?

Group Policy Management console (B)

Can an administrator launch the Group Policy Management console from a workstation?

Yes, if the workstation is running the Remote Server Administration Tools package (C)

Group Policy settings are divided into two subcategories: User Configuration and Computer Configuration. Each of those two are further organized into three subnodes. What are the three?

Software settings, Windows settings, and Administrative Templates (C)

What do you call the process that after you link a GPO to a site with multiple domains, the Group Policy settings are applied to all the domains and the child objects beneath them?

inheritance (A)

What application or interface allows you to configure security filtering?

Group Policy Management console (D)

Local GPOs contain fewer options than domain GPOs. Local GPOs do not support ______.

folder redirection or Group Policy software installation

Which of the following is the maximum disk size supported when using GPT partitioning?

18 exabytes (EB) for each partition (B)

How many primary partitions are supported on a GPT partitioned disk?

128 (D)

Which of the following is an enhanced NTFS file system that offers larger volume sizes and files?

ReFS (C)

How many active partitions can a hard disk hold?

1 (A)

Which of the following statements identifies the difference between striped and spanned volumes?

With striped volumes, the system writes data one strip at a time to each successive disk in the volume. (D)

Regarding both striped and spanned volumes, which of the following is the maximum number of physical disks permitted to create a volume?

32 (C)

After you create a new VHD, it appears as a(n) ______ in the Disk Management snap-in and ______ in Server Manager.

uninitialized disk (C)

Which of the following is the net effect of the following combination of share and NTFS permissions when the share is accessed over the network?

• Share permission (Share tab)—Sales group: Full Control
• NTFS permission (Security tab)—Sales group: Read & Execute, Modify, Write

Members of the Sales group will be able to edit content and delete files. (C)

Which of the following permissions are assigned directly to a file or folder?

explicit (D)

Which of the following is the minimum permission level needed to change the attributes of a file?

Write (C)

Which of the following is the minimum permission level needed to take ownership of a file or folder?

Full Control (B)

Which of the following permission levels always overrides the other permission levels?

Explicit Deny Full Control (D)

Windows Server 2019 supports which of the following two types of folder shares?

Network File System and Server Message Blocks (D)

Flashcards

Active Directory Objects

The basic building blocks of Active Directory, responsible for organizing and managing resources within a domain. They represent users, computers, groups, and other entities.

Active Directory Schema

A blueprint defining the structure of Active Directory, outlining the types of objects and their associated attributes that can exist within the directory.

Organizational Unit (OU)

A container object within a domain, allowing for hierarchical organization of users, computers, and other objects, facilitating easier management and control.

Domain Tree

A collection of domains hierarchically connected in a tree structure, allowing for delegation of administration and management tasks within an organization.

Bidirectional Trust Relationship

A secure connection between two domains within the same domain tree, allowing users in one domain to access resources in the other domain.

Active Directory Forest

A collection of domain trees that share a common schema and global catalog, forming a larger organizational unit with centralized management.

Functional Level of an Active Directory Forest

The version of Windows Server operating system on the domain controller with the lowest version determines the functional level for the entire Active Directory forest.

Global Catalog

An index of all objects within an Active Directory forest, allowing for quick searches and retrieval of information across multiple domains.

Groups vs. OUs

Groups are security entities for managing user permissions and access to resources, while OUs are structural units used for organizing objects in the Active Directory.

Removing a Domain Controller (Windows Server 2019)

Use the Remove Roles and Features Wizard to gracefully remove a domain controller from an Active Directory domain.

DHCP Lease Period

The time duration for which a DHCP client is assigned an IP address, typically lasting several days.

DHCP Client Renewal

When a DHCP client starts requesting a renewal of its IP address halfway through the lease period.

Distributed DHCP Infrastructure

A network configuration where multiple DHCP servers are distributed across the network, reducing network traffic congestion and providing better performance.

DHCP Scope

A range of IP addresses managed by a DHCP server, available for allocation to clients on the network.

DHCP Reservation

A way to ensure a specific IP address is always assigned to a particular device, such as a printer.

Root Servers

The top-level servers in the DNS hierarchy that store the authoritative names and addresses for all top-level domains.

Recursive Query

A DNS query where the requesting server relies on other servers to provide the final answer, following a chain of references until the requested information is found.

DNS Hierarchy

A structured organization of domains and subdomains used for name resolution, starting at the root level and branching down to specific host names.

Authoritative Source

A DNS server that holds the most current and accurate information about the resource records for a specific domain.

Negative Caching

When a DNS server caches information about a non-existent host, preventing repeated queries and reducing unnecessary traffic.

Time To Live (TTL)

A setting that determines how long DNS information remains cached on a DNS server before it needs to be refreshed.

User Account

An identifier for a user on a computer or network, providing access to resources and services.

Local User Account

A user account created and managed on a specific computer, providing access only to resources on that computer.

Domain User Account

A user account created and managed within an Active Directory domain, providing access to resources across the entire domain.

Authentication

The process of verifying a user's identity by validating their credentials, such as a username and password.

Authorization

The process of determining the level of access a user has to specific resources based on their permissions.

Administrator Account

A highly privileged account with full control over the system, used for administrative tasks.

User Template

A preconfigured template for creating new user accounts, allowing for efficient and consistent creation of user accounts with specific attributes and settings.

Distinguished Name (DN)

A unique hierarchical identifier for an object within Active Directory, identifying its location within the directory structure.

Group Scope

The range of membership for a group, defining whether it can include users and computers from within the same domain, other domains, or even other forests.

Organizational Unit (OU) Purposes

OUs are used for delegating administration, managing user accounts, applying Group Policy settings, and controlling access to resources.

Universal Group

A global group that can include members from trusted forests, allowing for cross-forest management of resources and permissions.

Group Policy

A collection of settings that define configurations, permissions, and security policies for users and computers in an Active Directory domain.

Group Policy Object (GPO)

A container for Group Policy settings, which can be linked to specific Active Directory objects, such as users, computers, or organizational units.

GPO Linking

The act of associating a Group Policy Object (GPO) to a specific Active Directory object, ensuring that its settings apply to the linked object.

GPO Inheritance

The process where Group Policy settings are automatically applied to child objects below the linked object, cascading the policy down the hierarchy.

Group Policy Management Console

A central management tool for creating, deploying, and managing Group Policy Objects (GPOs) in an Active Directory environment.

Study Notes

Active Directory Objects

• Two basic classes of Active Directory objects are containers and leaf objects
• Active Directory schema defines what objects exist and what attributes are associated with them
• The next level of Active Directory container object within a domain is an organizational unit
• The naming convention for a domain in Active Directory mirrors the DNS system

Active Directory Concepts

• Bidirectional trust relationships allow administrators to grant users in one domain access to resources of another domain within the same domain tree
• Active Directory forests are composed of multiple domain trees. A trust relationship exists between the two domain trees, and these are part of the same security entity.
• The lowest version of Windows Server running on a domain controller determines the functional level of an Active Directory forest.

DNS Concepts

• Root servers are at the top of the DNS hierarchy
• The typical query sent to a root name server is a recursive query
• The domain name part of a DNS name is separated by periods and consists of two or more words

DHCP Concepts

• A DHCP client requests renewal of an IP address 50 percent, or about 2 days, into the lease period.
• Distribution of DHCP servers across a network can reduce network traffic and administrative overhead.

Active Directory Security

• A user's access to resources in other domains is determined by trust relationships within the same domain tree.
• Administrator accounts should be protected by strong passwords and not used for daily, nonadministrative tasks.
• Proper naming conventions make administration easier.

Other Concepts

• The default TTL for a Windows Server 2019 DNS server is 1 hour.
• The DNS service is integrated with the DHCP service to allow a DNS server to provide information to DHCP clients

Group Policy

• Linking a Group Policy to a set of AD DS objects is called linking.
• The most restrictive GPO in a container has the highest priority.
• The Group Policy Management console is used in managing Group Policy Objects.

Virtualization

• The Hypervisor is a module in Windows Server 2019 that provides the underlying virtualization technologies.
• The Hyper-V Manager is the graphical tool for managing virtual machines in a virtualization environment.
• A virtual machine's ability to access physical hardware is enabled through appropriate settings.
• Disk types that can support a maximum image size up to 2 TB are VHDX files.

Storage

• RAID 5 is a striped set with distributed parity.
• Storage pools are a combination of storage devices concatenated to make larger storage volumes.
• Three-way mirroring provides protection against two simultaneous drive failures in storage spaces.
• Storage area networks can be accessed over the network via protocols.

Other Important Points

• The number of primary partitions supported on a GPT partition disk is 128
• A Universal Group is a type of group available in Active Directory that allows members from multiple domains to be part of the Group, while a Global Group only contains users within a single domain
• The minimum number of nodes required for a production-ready failover cluster is 3
• The default TTL for a Windows server DNS is 1 hour.
• The default port for WSUS synchronization is 8530

Description

Test your understanding of Active Directory objects and their structure, including containers and leaf objects. This quiz also covers trust relationships and the DNS hierarchy, essential for managing network resources effectively. Ideal for those studying network administration.