Active Directory Test Answer


A network consists of one Windows Server 2003 running as Domain Controller and 100 Windows XPClients. The network administrator has created many OUs in domain and delegated control of OU to relevant administrators. His domain is configured with one OU, named sales, having one child, OU marketing. Two different administrators are appointed to be responsible for their respective OUs. But the marketing OU administrator complains that their OU is inheriting the Group Policies of its parent domain, even when they have blocked the inheritence. What may be the reason for that?
a. 'No Override' is enabled on sales OU
b. 'Block Policy Inheritance' is enabled on domain
c. Group policies are not refreshed
d. ntdsutil is run to overcome the situation
Your company's network has a single active directory domain. The domain has an OU named Delta, which further has two child OUs named Bravo and Charlie respectively. You want to disable Windows Update Service on all the computers in the domain with the exception of computers in Charlie OU. Which of the following steps will you follow to complete this task with minimum efforts?
a. Create a new GPO linked to the Domain and disable Windows Update in User Configuration section of the GPO. Enable Block Policy inheritance setting on Charlie and Bravo OU
b. Create a new GPO linked to the Domain and disable Windows Update in User Configuration section of the GPO. Enable Block Policy inheritance setting on Bravo OU
c. Create a new GPO linked to the Domain and disable Windows Update in User Configuration section of the GPO. Enable Block Policy inheritance setting on Charlie OU
d. Create a new GPO linked to the OUs Bravo and Charlie and disable Windows Update in User Configuration section of the GPO
You are the administrator of a Windows 2003 domain. According to company policy, you created an OU and applied a GPO restricting Control Panel access to users. Later on, your company policy changed and you allow Control Panel access to some of the users in that OU. The policy also states that their membership be kept as it is without moving them to other groups or OUs.How will you allow Control Panel access to some users thereby restricting access to others in the same OU?
a. Deny Apply Group Policy permission to users from the properties of Control Panel GPO.
b. Create a new security group, move all users to that group, and deny GPO permissions
c. Add users to Domain Administrator group
d. Select Block Policy Inheritance from the properties tab of OU.
You are the network administrator of a Windows 2003 network having Windows XP clients.You want to secure your network by implementing a policy that supports encrypted TCP/IP communication. Which of the following is most secured?
a. Enable Internet Connection Firewall(ICF)
b. Enable Network Address Translator(NAT)
c. Enable secure Server IPSec POlicy
d. Enable Server IPSec Policy
You are the network administrator of a company. Your company's network has a single Active Directory domain named expertrating.com. This domain has two sites and each site contains two domain controllers. You purchase two servers and use each new server as a domain controller in each site, making a total of three domain controllers at each site. You want to configure the inter site replication to flow through these new domain controllers. What will you do?
a. Configure each new domain controller as preferred IP bridgehead server
b. Configure each new domain controller as preferred SMTP bridgehead server
c. Configure both new domain controllers as Global Catalog servers
d. All of the above

Your company's network has a single Active Directory domain. All servers run Windows Server 2003. You want to make an application available for all the users to install. You want to configure GPO for this. How will you complete this task?
a. Copy the application package on all the user computers one by one
b. Publish the application with file extension activation
c. Provide application CDs to users for manual installation
d. All of the above
You are the back-up operator in a company and responsible for system-state data backup which is residing at two Windows Server 2003 domain controllers. How should you automate the process for every day at 12:00 mid-night?
a. Schedule a system state data backup for specified time
b. Schedule a full back-up of each domain controller once a day
c. Schedule a task to back-up ntds.dit file at late night
d. Schedule a task to back-up the entire drive having active-directory database and log files at late night
When running dcpromo command in Windows Server 2003, the administrator changed the NetBIOS name to production. But the real FQDN is sales.microsoft.com. After setup, what would be the FQDN?
Suppose there are network connectivity problems between your HQ at Atlanta and Branch office in Atlanta which are causing packets to drop. How will you check where and what percentage of packets is dropped from the HQ?
a. By running tracert from HQ to Branch
b. By running tracert from Branch office to HQ
c. By running pathping from HQ to Branch
d. By running pathping from Branch to HQ
e. By running Network Monitor
Which of the following components are contained in the sysvol folder?
a. Active directory log files
b. NETLOGON
c. Windows NT 4.0 system policies
d. System state data back-up
Which of the following roles is responsible for allowing schema changes to Active directory objects?
a. PDC Emulator role
b. RID Master role
c. Infrastructure Master role
d. None of the above
State whether true or false.
We can only seize a role if the domain controller that holds that role fails.
a. True
b. False
Your company is running on Windows Server 2003 DNS server with slaves.You changed DNS file manually on DNS server.But slave still doesn't pick up any changes. What will you do to apply those changes to slave?
a. Run ipconfig/flushdns command to clear DNS cache on slave
b. Start IXFR from Primary zone to Slave
c. Restart DNS services on slave
d. The SOA record serial number should be edited manually on the primary copy of the zone
You are planning to deploy Windows XP professional to client computers using RIS. What should you do to find out the GUIDs of all client computers?
a. Use Network Monitor to view DHCPOFFER packets
b. Use Network Monitor to view DHCPDISCOVER packets
c. Use performance Monitor to view DHCPREQUEST packets
d. Use Event Viewer to view RIS logging
State whether true or false.
Once the forest functional level is raised to Windows Server 2003, one cannot add a Windows 2000 domain controller to the forest.
a. True
b. False

Which of the following roles is responsible for the uniqueness of Active Directory objects in each domain?
a. PDC Emulator role
b. RID Master role
c. Schema Master role
d. Infrastructure Master role
You are the network administrator for a company called ExpertRating. Your network contains one Windows Server 2003 Domain Controller. One day, when you reboot your DC, you receive an error message "Cannot find NTOSKERNL.EXE". Which of the following actions will you employ?
a. Automated System Recovery
b. Last Known Good Configuration
c. Safe Mode
d. Directory Services Restore Mode
You are the network administrator of a company. Your company's network has a single Active Directory domain. It has an OU named sales. You want to give permissions to a company's junior network administrator to create child OUs for sales OU. He should also be able to verify the existence of the OUs created by him. Which of the following permission set will be enough to accomplish this if you want to give him minimum permissions?
a. Write All Properties, Create All Child Objects
b. Read All Properties, All Extended Rights, Write All Properties
c. List Contents, All Extended Rights
d. Read All Properties, Create Organizational Unit Objects, List Contents
After running authoritative restore command on crash Windows Server 2003 domain controller, how will it be checked if authoritative restore was successful by checking the version number increase in the directory?
a. ntdsutil
b. replmon
c. repadmin
d. netdiag
The administrator for company ABC Toys configured RIS server in Windows Server 2003 for installing operating system Image to newly branded computers. But when he started the computers for obtaining addresses from RIS, they all are unable to connect to DHCP server. Later on, he discovered all branded computers were using network adapters that were not PXE compliant. How will he connect these computers to RIS server?
a. By creating RIS Bootable floppies from rbfg.exe
b. By creating RIS bootable floppies from ASR
c. By using riprep for installing image to client computers
d. By instaling DHCP relay Agent
You are the network administrator for your company running Domain Controller on Windows Server 2003. The domain has a Windows 2000 server named production. The production server is not a domain controller. You are allowed to logon locally for making the configuration. You want to run a script that will change the current environment variables setting when users log in.What would be the appropriate course of action?
a. Create a logon script and apply it on default domain group policies
b. Create a logon script and apply it on local group policies
c. Create a start-up script and apply it on the Default Domain Controller Group Policies
d. Copy the script to NetLogon share of the production server
Which of the following are ways of viewing RSoP reports?
a. gpresult /z >policy.txt from command prompt
b. .html file from Advanced Security Information-Policy wizard
c. Performance monitor
d. dcdiag.log file
Your Company has different OUs named sales, production and finance. All are child objects under Departments OU. You created a new GPO used to assign software required for all departments. Sales and production users can see the shortcut in start menu and can successfully install the software but finance users report that this shortcut is not appearing in their start menu. What will you do?
a. Publish the software instead of assign
b. Remove Block-Policy Inheritance from finance OU
c. Grant all finance users to Domain Admins group
d. Package is corrupt so rebuild it
You are the network administrator of a company. Your company's network has Windows 2003 Server and Windows 2000 Professional computers. You use a security policy to configure a server named Delta1. Now you have to deploy the security configuration on server Delta1 to the computers on your company's network. How will you accomplish this task by using minimum efforts?
a. Create a new GPO linked to the domain. Include all the settings used in the server (Delta1) in this GPO
b. Use the Security Configuration and Analysis snap-in to export all the security settings from server Delta1 to a template file. Then, import the template file into the GPO for applying to multiple computers
c. Use the Security Configuration and Analysis snap-in to export all the security settings from server Delta1 to a template file. Then, apply the template to each computer by using the Security Configuration and Analysis snap-in
d. All of the above
You are the administrator of an OU named WebServers, created in Windows Server 2003 domain. The IPSec policies are defined at Domain level and No Override is not selected. All websites are configured to allow only anonymous users. A new GPO is applied at WebServers OU restricting local Administrators group to login locally. Users report that they are unable to access any of the Web Sites on the servers. What will you do for allowing users access to the websites from the servers in WebServers OU without affecting overall security?
a. Add all users to the Domain Admins group
b. Create a GPO that allows local Administrators and Guests to login locally and link GPO to WebServers OU
c. Create a GPO that allows local Administrators and Guest to login locally and link GPO to Domain level
d. Set Basic Authentication in each Web Server
Which of the following commands provide maximum information related to capacity statistics such as megabytes per server and per object class, and information on how to compare two directory trees across replicas in the same domain?
a. repadmin
b. replmon
c. netdiag
d. dsastat
Which are the other aspects that an administrator must consider for the network to run effectively after running metadata clean-up to delete the remains of a removed domain controller in Windows Server 2003?
a. Relocate FSMO roles
b. DHCP clients configuration will dynamically be updated for failed DNS server
c. All application servers must point to the new live Global Catalog if removed DC is a Global catalog
d. DNS forwarders configuration need not to be updated for failed DNS server
You use Software deployment in Windows Server 2003 to distribute company's softwares on your Windows XP clients. The software image is clean and successfully published to clients. Clients have installed softwares in their desktops. But, when they run the setup from desktop shortcut, it gives an error message. Which of the following may be the reason for this error?
a. Software image is corrupted
b. Users have read only permission in the folder containing software image
c. The server gets restarted
d. Users with roaming profile are logging in two computers simultaneously
You are the network administrator of an Aerospace Company. Your company's policy clearly states renaming of Guest account on all computers in domain. What would you do if you do not have the time to edit each name manually on each computer but you need to do it immediately?
a. Create a login script and apply it on Default Domain Group Policy
b. Instruct user to enable remote desktop and change their name from server using remote desktop
c. Use GPO to rename Guest account on the Default Domain Group Policy
d. Send network message to all users to rename guest account
How can an administrator predict the physical requirements for installing Windows Server 2003 Domain Controller ?
a. By using performance monitor
b. By using Active Directory Sizer tool
c. By using Exmerge utility
d. By using ADMT tool
You work as a Network Administrator for your company running on Windows 2000 Active Directory based network. One day you discover that the partition having Active Directory database is out of space. How will you move Active Directory database and log files to a new volume on a different disk?
a. Restart the Active Directory in Safe mode
b. Run ntdsutil to move database to a new location
c. Restart the Active Directory in Directory Services Restore Mode
d. Run csvde utility to restore database to a new location
Once DNS Advanced option is enabled from DNS console View tab in Windows Server 2003, which of the following things can be done ?
a. Cached data can be deleted record by record
b. Zone transfer can be done forcibly
c. SOA serial number can be incremented
d. nslookup command can be run directly
Your company has three domains located at different locations:
perl.com
geneva.perl.com
portland.perl.com
All three domains are in the Native Mode. Your geneva.perl.com branch is going to shut down and you want to migrate all users in that domain to perl.com. How will you move the users?
a. movetree /start /s dc1.geneva.perl.com /d dc2.perl.com /sdn
cn=users,dc=geneva,dc=perl,dc=com /ddn cn=users,dc=perl,dc=com
b. Move the users from Active Directory Users and Computers
c. Move computer object from Active Directory Users and Computers to perl.com
d. movetree /continue /s dc1.geneva.perl.com /d dc2.perl.com /sdn
cn=users,dc=geneva,dc=perl,dc=com /ddn cn=users,d=perl,dc=com
Your network consists of one parent domain running on Windows Server 2003 and 1000 Windows XP clients.Your company's growth demands a child domain to be installed in one of the Branch Location.But when you run dcpromo command to join the child domain in parent,you get an error message that the existing domain cannot be contacted.What will you do to correct this problem?
a. Configure a domain controller of the child domain with the address of the DNS server of existing domain.
b. Create an Active Directory Integrated zone of child domain in the existing domain controller
c. Transfer PDC emulator role to a new child domain
d. Use ntdsutil to transfer domain naming master role to child domain
As the network administrator of a Windows 2003 network, when you were monitoring your network securities, you discovered that most of the users have been using the same password ever since their accounts were created. You want to secure your password policies so that users must change their passwords periodically. What will be your course of action?
a. Enforce password history
b. Minimum password age
c. Maximum password age
d. None of the above
You are the network administrator, and your network consists of various branch offices located at different locations which are:

        Location 1
        Location 2
        Location 3
        Location 4

You want to allow secure dynamic updates in DNS in Location 1, 2 and 3. But Location 4 should not be able to edit DNS. Which of the following statements will fit in this scenario?  
a. assign Location 1, 2 and 3 'Active Directory Integrated Zone'
b. assign Location 4 as secondary Zone
c. assign location 4 as primary zone
d. assign Location 1,2,3 as primary zone
Which of the following is a recommended tool for populating Active Directory with data from other directory services?
a. csvde
b. ldifde
c. ntdsutil
d. ADSI Edit MMC snap-in
Your company's domain consists of one OU named Sales. Sales OU consists of users from Sales Department. You need to assign one of the user of Sales OU named Paul, to create, add and modify user's objects only.They should not be able to change group's object properties.What should you do ?

a. Assign the Full Control permission on Sales OU to Paul
b. Run Delegation of Control wizard on sales OU and grant him permission to create and manage user's objects
c. Grant Paul the Domain Admins rights
d. Run Delegation of Control wizard on the Domain and select OU objects from custom tasks to delegate option
You are the network administrator of a company running on Windows Server 2003 environment.The network consists of a single forest that contains two domains named Domain-A and Domain-B.You are responsible for handling Domain-A having one Active-Directory Integrated zone server .Your company policies state that name resolution traffic from Domain-B should be locally resolved by Domain-A. What should you do ?
a. Create a primary zone for Domain-B
b. Configure Domain-B as a forwarder
c. Create a secondary zone for Domain-B on Domain-A
d. Configure Domain-B as the DNS client of Domain-A
DNS SRV resource records map the name of a service to the name of a server offering that service.Which of the following SRV entry helps clients to find a Windows Server 2003 dom PDC FSMO role holder in a mixed-mode environment.

a. _ldap._tcp..domains._msdcs.
b. _ldap._tcp.
c. _ldap._tcp.._sites.
d. _ldap._tcp.pdc._ms-dcs.
The administrator is trying to reset the external trust. But clients are unable to access resources in the domain outside of the forest. Which of the following FSMO role must be available for this reset?
a. Domain naming master
b. Infrastructure role
c. RID role
d. PDC Emulator master
A network consists of one Windows Server 2003 running as Domain Controller and 100 Windows XP Clients. The network administrator has created many OUs in domain and delegated control of OU to relevant administrators. His domain is configured with one OU, named sales, having one child, OU marketing. Two different administrators are appointed to be responsible for their respective OUs. But the marketing OU administrator complains that their OU is inheriting the Group Policies of its parent domain, even when they have blocked the inheritence. What may be the reason for that?
a. 'No Override' is enabled on sales OU
b. 'Block Policy Inheritance' is enabled on domain
c. Group policies are not refreshed
d. ntdsutil is run to overcome the situation  
Your company has three domains located at different locations:
perl.com
geneva.perl.com
portland.perl.com

All three domains are in the Native Mode. Your geneva.perl.com branch is going to shut down and you want to migrate all users in that domain to perl.com. How will you move the users?
a. movetree /start /s dc1.geneva.perl.com /d dc2.perl.com /sdn cn=users,dc=geneva,dc=perl,dc=com /ddn cn=users,dc=perl,dc=com
b. Move the users from Active Directory Users and Computers
c. Move computer object from Active Directory Users and Computers to perl.com
d. movetree /continue /s dc1.geneva.perl.com /d dc2.perl.com /sdn cn=users,dc=geneva,dc=perl,dc=com /ddn cn=users,d=perl,dc=com
Which of the following things can be done once the DNS Advanced option is enabled from DNS console View tab in Windows Server 2003?
a. Open network monitor
b. Enable Advanced in View tab of DNS console
c. Use performance monitor to view DNS cache
d. Use Event Viewer from DNS console
You are the network administrator of Windows 2003 domain. The domain has one OU named Sales.You are using Windows Installer to publish sales relevant software to user's workstations. Currently, only members of Sales OU can run the software.But you want all users in the domain to be able to use the software from Start menu. What should you do ?
a. Assign the Windows Installer GPO from OU instead of publishing
b. Remove current GPO from Sales OU, create a new GPO that will upgrade the installed package and apply newly created GPO to sales OU
c. Remove the GPO from Sales OU,assign the GPO to domain and set the permissions to assign the package to all users
d. Create a new GPO and assign the package to all users in the domain. Grant the membership of Domain Admins to all the users
Which of the following are ways of viewing RSoP reports?
a. gpresult /z >policy.txt from command prompt
b. .html file from Advanced Security Information-Policy wizard
c. Performance monitor
d. dcdiag.log file
Which of the following partition information gets replicated during active directory replication?
a. Schema partition
b. Domain partition
c. System state partition
d. Sysvol partition
e. Configuration partition
You are the network administrator responsible for handling DNS server running on Windows server 2003. You receive a report that Windows Server 2003 CPU utilization rate is constantly exceeding 85 % of the CPU.How will you check if this problem arises only because of the DNS server?
a. Check DNS counters performance from System Monitor
b. Run ipconfig/displaydns command
c. Use Network Monitor to check the number of queries resolved by DNS
d. Use Event Viewer to check DNS performance
Some applications are deployed that uses protocols that requires knowledge of the user's password for authentication purposes. Which policy can provide the best result in this scenario ?
a. Enable 'Store password using reversible encryption' policy
b. Decrease maximum service ticket lifetime for Kerberos
c. Increase minimum password length
d. Enable 'Enforce password policy'
Your network consists of three Windows 2003 Domain Controllers named DC-1, DC-2 and DC-3. DC-3 doesnot hold any FSMO roles. After backing-up the System State Data Back-up of all DCs, DC-3 disk failed. You replaced the failed disk with a new disk and installed Server 2003 on the new disk. What should you do next on DC-3?
a. Restore the System State Data back-up from Directory Services restore Mode
b. Run Windows Back-up on DC-1 and restore the same on DC-3
c. Run Active Directory installation wizard to make the new computer a replica in the domain
d. Force replication from Active Directory Sites and Services to DC-3
You are the network administrator of a company called Expertrating. Your company's network has a single Active Directory forest with a single domain named expertrating.com. Windows Server 2003 is running on all the servers and all the clients are Windows XP Professional computers. Your company has a test lab that contains a separate forest. You created a GPO (Group Policy Object) for testing and tested it successfully in that lab. Now, you want to implement this GPO on the network for all the computers and users in the domain. How will you accomplish this task by using minimum efforts?
a. Take a backup of the GPO created in the test lab by using the Group Policy Management Console and import it into the Domain
b. Create a new GPO linked to the domain. Include all the settings used in the old GPO (which was used for testing) in this GPO
c. Copy all the files in the SYSVOL folder from the test lab to the domain
d. None of the above
Which of the following FSMO roles mostly affects the network users functionality immediately?
a. PDC Emulator role
b. Infrastructure role
c. Domain name master
d. RID master role
You are the administrator for ExpertRating's Branch office. Your company domain is running on Windows Server 2003. Your company's HQ is located at Atlanta and contains one Active-Directory Integrated DNS Server. An administrator at HQ instructs you to install and configure the DNS server as Active Directory Integrated zone. But when DNS is installed at the Branch office and a zone is tried to be created, the option to create Active-Directory Integrated zone is unavailable. What should be done in this scenario?
a. A new secondary Zone at the branch office configured with the address of DNS server located at HQ should be created
b. The HQ DNS server should be configured to approve the branch DNS server as Name Server
c. It should be ensured that HQ DNS server is configured as Standard Primary Zone
d. It should be ensured that Branch office server is promoted as Domain Controller, and then an Active Directory Integrated Zone should be created
You are the network administrator for your company. One user account named Mike often needs to be moved between sales and marketing group. But the changes are not taking effect. Which of the following FSMO role may be responsible for that?  
a. RID Role
b. Infrastructure role
c. PDC emulator role
d. Domain naming role
You are the administrator of a Windows 2003 domain. The domain has 100 users working on Windows XP. You want to allow all users to change their desktop setting if they try to work on any Windows XP computer. But their altered desktops should not be saved once they log off. What should you do in this scenario?
a. Edit GPO to set the customized desktop
b. Change the ntuser.dat file to ntuser.man in profiles directory
c. Schedule a batch to run at some interval to delete the user's home directory on each client computer
d. Configure a roaming profile for each user in the network
You are a network administrator and responsible for handling your company's domain, sales.microsoft.com running in Windows Server 2003. Your domain crashes accidentally and when you re-run the dcpromo command to promote it again, as domain controller with the same name, it fails. What can be the problem?
a. DNS zone conflicts with the same name
b. Some old objects with the same name conflict with the new server
c. Latest service pack is missing
d. Run ipconfig/flusdhns command
Which of the following commands can be used to promote the DC (Domain Controller) from a backup of the system state data of an existing DC (Domain Controller)?
a. dcpromo /restore
b. dcpromo /promo
c. dcpromo /system
d. dcpromo /adv
You want to transfer the FSMO role. When you tried to transfer it, the transfer was unsuccessful. What will you do now?
a. Seize the role
b. Delete the role
c. Copy the role
d. None of the above
When an administrator runs dcpromo command in Windows Server 2003 to
install Domain, setup fails with the following message
"Active Directory installation failed. The network location could not be
reached." What may be the problem ?
a. DNS
b. Default gateway
c. Network adapter
d. Administrative privileges
Your company is planning to deploy Windows XP Professional on 200 computers. The network has one Windows Server 2003 domain controller (DC). You want the installation to be automated and centralized, and to be done only on authorized computers. What should you do?
a. Create a shared folder on DC, copy Windows XP installation files to that folder, and run unattended installation on licensed computers
b. Install RIS server on DC. Create user accounts for licensed users. Configure the RIS server to accept connections request only from authorized computers. Allow users to run unattended setup from the shared folder
c. Install RIS server on DC. Create computer accounts for licensed computers. Configure the RIS server to accept requests only from authorized computers. Allow users to run unattended setup from the shared folder
d. Copy installation files and answer file to a CD and run the setup from CD-ROM manually on each client computer
Which of the following are FSMO roles?
a. Schema role
b. PDC Emulator role
c. RID Master role
d. Infrastructure Master role
e. Domain Naming Master role
f.All of the above
The network of ABC TOYS company consists of Windows Server 2003 and 5000 Windows XP Clients. Sometimes, users report missing data from the server. The network administrator wants to find the user deleting the files. He created a GPO and assigned it on the ABC Toys domain. Which actions should he audit?
a. Process tracking
b. Account login events
c. Object access
d. Privileged access
State whether true or false.

A PDC Emulator is required for authentication purposes for Windows NT 4.0 clients.
a. True
b. False
You are the network administrator for the Big North Fishing Company. The network consists of one Windows Server 2003 domain named bignorthfishingco.com. You are installing a new domain bignorthfishingco1.com but during promotion you get an error message: The domain name specified is already in use on the network. What is the cause of the problem?
a. Duplicate IP address is detected
b. The default generated DNS domain name is already in use
c. Administrative privileges are missing
d. The default generated NetBios name is already in use