Chapter 4 Review Questions

1. Your company has four departments: Marketing and Sales, Manufacturing, Produc
t Research, and Business. Which of the following Active Directory container desi
gn plans might you use to best manage the user accounts and network access needs
of each department?
a.
b.
c.
d.

Create
Create
Create
Create

four
four
four
four

trees.
parent domains in one site.
OUs in one domain.
trees and map them to four domains.

C
2. Using the example in Question 1, what Active Directory capability can you use
to establish different account lockout policies for each of the four department
s?
a.
b.
c.
d.

fine-grained password policies

lightweight group policies
password distribution groups
shadow password files

A
3. Your colleague is trying to create a universal security group for the three a
dministrators of the single stand-alone server in his company. The problem is th
at he cant find an option to create a universal security group. What is the probl
em?
a. He must first create the administrators personal accounts before it is possibl
e to create a universal group.
b. He needs to put the account creation tool into the Advanced Features mode.
c. He must create a universal distribution group first and then create the unive
rsal security group.
d. He cannot create a universal security group on a stand-alone server and must
instead create a local security group.
D
4. One of the DCs in your company reports that it has an Active Directory error.
You need to fix it as quickly as possible to reduce downtime. Which of the foll
owing tools can you use to stop and restart AD DS on that server? (Choose all th
at apply.)
a.
b.
c.
d.

Active
Server
Device
Active

Directory Domains and Trusts

Manager
Manager
Directory Users and Computers

B
5. Which of the following server operating systems can be used when the domains
in Windows Server 2008 Active Directory are set at the Windows Server 2003 domai
n functional level? (Choose all that apply.)
a.
b.
c.
d.

Windows
Windows
Windows
Windows

NT 4.0 Server with 2008 Domain Services installed

2000 Server with Service Pack 4
Server 2003
Server 2008

C, D
6. Domains in a tree are in a _______________ relationship.
Kerberos transitive trust
7. Youve installed the AD DS server role, but find that Active Directory is not f
ully implemented. What should you do next?
a.
b.
c.
d.

Use Server Manager to create an AD DS partition.

Use Server Manager to create an AD DS security database.
Run dcpromo.
Designate a global AD DS server.

C
8. A _______________ is a unique number associated with each object in AD DS.
GUID globally unique identifier
9. Your school has a parent object named straton.edu and the child object names
stratonalum.org and studentarts.org. What kind of namespace is this?
a.
b.
c.
d.

disjointed
distributed
contiguous
coordinated

A
10. Your companys management has decided that the accounts in all OUs should be s
et up and managed by the Information Technology Departments security specialist.
As the AD DS administrator, how can you best give this capability to the securit
y specialist?
a. Give her Full Control rights to AD DS.
b. Make her user account a member of the AD DS Admins local security group.
c. Use the delegate control feature to give her control of all OUs that contain
user accounts.
d. Give her Accounts Management permissions in AD DS.
C
11. Name three optional attributes associated with a user account.
Account Description
Account Holders Address
Account Holders Telephone number
Any three of: account description, account holder s office number or address, a
ccount holder s
telephone number, account holder s e-mail address, account holder s Web page (or
students can list others from observing the optional properties associated with
an account)
12. Which of the following are actions performed by the global catalog?
(Choose all that apply.)
a. provides lookup and access to all resources in all domains

b. caches IP addresses for all computers in a forest for faster logon

c. stores shared DFS folders and files for centralized shared file access
d. authenticates users when they log on
A, D
13. The business manager in your organization is leaving, but she has been train
ing the new business manager who will take over the day after she leaves. What A
D DS capability can you use to transfer the old business managers account to the
new business manager? Note that in this organization, accounts reflect the actua
l names of users.
a. Use the delete and re-create user account feature in AD DS on the day the new
business manager takes over.
b. The only option is to create a new account and then transfer the old business
managers files to the new account on the day the new business manager takes over
.
c. Use the transfer account option in AD DS on the day the new business manager
takes over.
d. Disable the old business managers account when she leaves work. As soon as the
new business manager takes over, rename the account for the new business manage
r and then enable the account.
D
14. Your company builds roads and bridges. The home office is located in Ohio. F
or each construction project, the company establishes a temporary office at the
construction site. The project manager for each project takes along a server set
up for the AD DS role to connect remotely to the home office. For the sake of s
ecurity, what should the remote server be?
a.
b.
c.
d.

a DC
an RODC
an AD LDS
an ACL

B
15. Which of the following is true about all trees in a forest? (Choose all that
apply.)
a. They all use the same schema.
b. They all use the same OUs.
c. They all use the same global catalog.
d. They all use the same groups.
A, C
16. You have set up auditing for modifications to Active Directory. Now you want
to monitor the results of the auditing. How do you do this?
a. Set up an audit filter in Device Manager.
b. Use the Windows Messaging Service to create a constant audit display on your
monitor.
c. Periodically view the security log.
d. View the audit results in the Active Directory Domains and Trusts MMC snap-in
.
C
17. A site reflects interconnected _______________ and is used for DC __________
_____.

Subnets and replication

18. When you create user accounts, you want to set them up so that users do not
have access to use their accounts after 7:00 p.m. on workdays and on weekends as
a security measure. From where can you set up these logon restrictions?
a. You set these restrictions up when you create trust relationships.
b. These are the default restrictions already set up in AD DS.
c. You set up these restrictions from the Account tab in the user account proper
ties.
d. These are properties you can set up when you create a global security group.
c
19. To reset a password, you use the _______________ tool.
Active directory users and computers
20. What is the scope of a domain local security group?
a.
b.
c.
d.
.
A

the domain in which the group is created

the OU in which the group is created
the share that the group controls access to
A domain local group does not have a scope, instead it has a range of control