Formative_Evaluaution_1_Answers (3).docx

Full Transcript

**[Formative Evaluaution]**

- Introduction to Active Directory Directory Services

- Installing Domain Controllers

***Multiple Choice***

1\. What is the process of granting the user access only to the resources
he or she is permitted to use?

a\. Authentication

b\. Authorization

c\. Importing a user object to Active Directory

d\. Registering the SRV record

2\. What are the two basic classes of Active Directory objects?

a\. Container and leaf objects

b\. Domain and user objects

c\. Security and distribution

d\. Active and passive

3\. What defines what objects exist as well as what attributes are
associated with any object in the Active Directory?

a\. Active Directory administrator

b\. Active Directory global directory

c\. Active Directory root user

d\. Active Directory schema

4\. What is the next level of Active Directory container object within a
domain?

a\. Organizational unit

b\. Group

c\. Subdomain

d\. Forest

5\. Active Directory keeps a naming convention for the domain that
mirrors \_\_\_\_\_\_.

a\. DHCP

b\. WINS

c\. DNS

d\. files and folders

6\. What allows administrators to grant users in one domain access to
resources of another domain within the same domain tree?

a\. Bidirectional trust relationship between domains

b\. Permission inheritance between domains

c\. Permission inheritance between OUs

d\. User objects in each domain

7\. If an administrator creates a domain tree in an Active Directory
forest, and then creates a separate and different domain tree, what is
the relationship between the two domain trees?

a\. Completely different security entities, creating two Active Directory
forests

b\. Different security entities, within one Active Directory forest

c\. Same security entity as one Active Directory forest, bidirectional
trust between domain trees

d\. No trust between domain trees in an Active Directory forest

8\. What determines the functional level of an Active Directory forest?

a\. How many domains are in the forest

b\. How many domain controllers are in each domain

c\. The functional level as specified in the Active Directory Users and
Computers console

d\. The lowest version of Windows Server on a domain controller

9\. What is the global catalog?

a\. The schema that lists what objects and attributes exist in the AD DS
forest

b\. An index of all AD DS objects in a forest

c\. A list of all domain controllers currently available

d\. A matrix of all domains, sites, and domain controllers

10\. What is the PowerShell cmdlet for installing a domain controller to
the domain \"adatum.com\"?

a\. Install-AddsForest --DomainName "adatum.com"

b\. Install-AddsDomainController --DomainName "adatum.com"

c\. Install-AddsDomain --DomainName "adatum.com"

d\. Install-WindowsFeature --DomainName "adatum.com"

11\. What is an important difference between groups and OUs?

a\. An OU can represent the various divisions of your organization.

b\. Group membership can be a subset of an OU.

c\. OUs are a security entity.

d\. Group memberships are independent of the domain's tree structure.

12\. What special DNS resource record enables clients to locate domain
controllers and other vital AD DS services?

a\. AAAA

b\. MX

c\. SRV

d\. NS

13\. For Server Core installations, how does Windows Server 2012 R2
differ from Windows Server 2008 when installing the AD DS role and
promoting the system to a domain controller?

a\. Windows Server 2012 R2 now allows administrators to use Dcpromo.exe.

b\. Windows Server 2012 R2 now allows administrators to use PowerShell.

c\. Windows Server 2012 R2 permits administrators to use answer files for
unattended DC installations.

d\. Windows Server 2012 R2 recommends administrators use Install from
Media.

14\. What is the method for removing a domain controller in Windows
Server 2012 R2?

a\. Using the Dcpromo.exe command

b\. Using the Add Roles and Features Wizard

c\. Using the Adprep.exe command

d\. Using the Remove Roles and Features Wizard

16\. Which of the following features allows you to install AD DS on a
virtual machine that is located in the cloud?

a\. Windows Intune

b\. Windows Azure

c\. Office 365

d\. PCI DSS

***Short Answer***

1\. What does LDAP stand for?

Lightweight Directory Access Protocol (LDAP)

LDAP defines the format of the queries that Active Directory clients
send to domain controllers, as well as provides a compound naming
structure for uniquely identifying objects in the directory

2\. What is the process by which domain controllers communicate by
sending database information to each other to stay synchronized?

Replication

When a domain has two or more domain controllers, each controller must
have a database that is identical to those of the others. To stay
synchronized, the domain controllers communicate by sending database
information to each other, which is a process called replication

3\. What type of Active Directory replication minimizes problems in
database management over slow WAN links?

Multiple-master replication

Explanation: Single-master replication can make managing the database
difficult, especially if administrators are located in remote offices
and must work over a slow wide-area network (WAN) link. To avoid this
problem, Active Directory uses multiple-master replication, in which you
can make changes to domain objects on any domain controller, which
replicates those changes to all the other domain controllers.

4\. What is the command-line tool and syntax for determining whether a
domain controller has been registered in DNS?

dcdiag /test:registerindns /dnsdomain:\ /v

Explanation: If the DNS registration process fails, computers on the
network cannot locate that domain controller, the consequences of which
can be serious. To confirm that a domain controller has been registered
in the DNS, open a command-prompt window with administrative privileges
and enter the dcdiag /test:registerindns /dnsdomain:\ /v
command.

5\. What is the PowerShell cmdlet and syntax for demoting a domain
controller?

Uninstall-ADDSDomainController --ForceRemoval

--LocalAdministratorPassword \ --Force

To demote a domain controller with Windows PowerShell, use the
Uninstall-ADDSDomainController cmdlet.

***Best Answer***

1\. What administrative division in Active Directory is defined as a
collection of subnets that have good connectivity between them to
facilitate the replication process?

a\. Forests

b\. Locations

c\. Domains

d\. Sites

2\. What is the primary reason for creating different sites on an Active
Directory network?

a\. To create geographical divisions within the Active Directory

b\. To control the traffic passing over relatively slow and expensive WAN
links between locations

c\. To provide an access control layer between sites

d\. To provide a boundary when applying Group Policy settings

3\. When is an Active Directory site topology created?

a\. Site topology is started upon initial installation of the Active
Directory.

b\. Site topology starts when you finalize the links and subnets
configuration.

c\. Creation of sites and its topology is dependent on link costs.

d\. Site topology is manually configured dependent on WAN bandwidth and
transmission speed.

4\. What is the simplest way for administrators to upgrade their AD DS
infrastructure to Windows Server 2012 R2?

a\. Upgrade all existing down-level domain controllers (DCs) to Windows
Server 2012 R2.

b\. In Server Manager, use the Active Directory Domain Services
Configuration Wizard to update a DC.

c\. Add a new Windows Server 2012 R2 DC to your existing Directory
Services installation.

d\. Use Adprep.exe, included in the operating system.

***Build List***

1\. Order the steps to add a domain controller to an existing domain.

a\. On the Installation progress page that appears at the end of the
Active Directory Domain Services role installation procedure, click the
*Promote this server to a domain controller* hyperlink. The Active
Directory Domain Services Configuration Wizard appears.

b\. Select an existing domain controller to function as a Replication
source.

c\. After authenticating if necessary, specify the domain from the forest
to which the new server will be added. Select any options as needed:
Install DNS, Leave a Global Catalog, and Select Read only domain
controller.

d\. Select the *Add a domain controller to an existing domain* option,
and then click *Select*.

e\. Select a site where the domain controller will be located.

f\. Specify the password for Directory Services Restore Mode (DSRM).

a, d, c, e, f, b

2\. Order the steps to create a new forest.

a\. Select the *Add a new forest* option and in the *Root domain name*
text box, type the name of the domain you want to create.

b\. Consider the earliest Windows versions you plan to install as domain
controllers to specify the Forest and Domain functional levels.

c\. On the *Installation progress* page that appears at the end of the AD
DS role installation procedure, click the *Promote this server to a
domain controller* hyperlink. The Active Directory Domain Services
Configuration Wizard appears.

d\. Specify the password for Directory Services Restore Mode (DSRM).

e\. Confirm the NetBIOS equivalent of the domain and paths for AD DS file
where applicable.

c, a, b, d, e

3\. Order the steps to install the AD DS role.

a\. Confirm installation if not selecting from optional functions.

b\. Select the server that you want to promote to a domain controller and
click *Next*. Select the *Active Directory Domain Services* role.

c\. Leave the Role-based or feature-based installation radio button
selected and click *Next*.

d\. Click *Add Features to accept the dependencies*, and then click
*Next*.

e\. From the Server Manager's Manage menu, select *Add Roles and
Features*.

e, c, b, d, a

4\. Order the steps to remove a replica domain controller.

a\. Click the *Demote this domain controller* hyperlink. Select the
*Force the removal of this domain controller* check box and click
*Next*.

b\. From the Server Manager's Manage menu, select *Remove Roles and
Features*.

c\. Clear the *Active Directory Domain Services* check box.

d\. Select the server that you want to demote from a domain controller.

e\. Clear the AD DS check box. Click *Remove Features*, and then click
*Next*. Click *Remove*. Close the wizard and restart.

f\. In the Password and Confirm Password text boxes, type the password
you want the server to use for the local Administrator account after the
demotion.

b, d, c, a, f, e

***Repeated Answer***

1\. An Active Directory \_\_\_\_\_ consists of one or more separate
domain trees.

a\. organizational unit

b\. group

c\. domain

d\. forest

2\. What is the fundamental component of the Active Directory
architecture, functioning as the boundary for virtually all directory
functions, including administration, access control, database
management, and replication?

a\. Organizational unit

b\. Group

c\. Domain

d\. Forest

3\. What is a container object that functions in a subordinate capacity
to a domain, and still inherits policies and permissions from its parent
objects?

a\. Organizational unit

b\. Group

c\. Domain

d\. Forest

4\. What is not a container, nor full-fledged security division and
cannot have Group Policy settings applied directly to them?

a\. Organizational unit

b\. Group

c\. Domain

d\. Forest