Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/13

Click to flip

13 Cards in this Set

  • Front
  • Back
Which of the following are required to create a domain controller successfully? (2 answers)
A. A valid DNS domain name
B. A valid NetBIOS name
C. A DHCP server to assign an IP address to the domain controller
D. A DNS server
A and B
A. A domain controller will create or join an AD domain, which must have a valid DNS
B. D domain must have a NetBIOS name to support earlier applications that use NetBIOS names
Incorrect
C. A DHCP server is not necessary. DC needs to have a static IP
D. Although a DNS server is required for the functionality of a domain, if a DNS server does not exist, the AD installation wizard will install and configure DNS service on the domain controller
A forest currently contains only Win Server 2008 R2 DC a new domain will be created by promoting Win Server 2008 R2 domain controller, but you might need to incorporate an existing Win Server 2003. Which functional levels will be appropriate to configure?

A. Win Server 2008 R2 forest functional level and Windows Server 2008 R2 domain functional level
B. Win Server 2008 R2 forest functional level and Windows Server 2003 domain functional level
C. Win server 2003 forest functional level and Win Server 2008 R2 domain functional level
D. Win Server 2003 forest functional level and Win Server 2003 domain functional level
D
if domain include Win Server 2003 DC it must operate on Win Server 2003 forest functional level
SERVER02 is running Server Core. It is already config with the AD DS role. You need to add AD CS to the server. What must you do?

A. Install the AD CS role
B. Install the AD FS role
C. Install the AD RMS role
D. Reinstall the server as Win Server 2008 R2
Correct D - AD CS is not supported on Server Core
Incorrect A,B,C
AD CS, AD FS, and AD RMS are not supported on Server Core
You are a support professional for Contoso, Ltd. The domain’s administrators have distributed a custom console with the Active Directory Users And Computers snap-in. When you open the console and attempt to reset a user’s password, you receive Access Denied errors. You are certain that you have been delegated permission to reset passwords for users. What is the best solution?
A. Close the custom console and open Server Manager. Use the Active Directory Users And Computers snap-in in Server Manager.
B. Close the custom console and open Command Prompt. Type dsa.msc.
C. Close the custom console, and right-click the console, and then click Run As Administrator. Type the credentials for your secondary administrative account.
D. Close the custom console, and then open Command Prompt. Use the DSMOD USER command with the -p switch to change the user’s password.
C
You want to allow your help desk to reset user passwords and unlock user accounts.
Which of the following tools can be used? (Choose all that apply.)
A. The Delegation Of Control Wizard
B. DSACLs
C. DSUTIL
D. The Advanced Security Settings
Correct Answers: A, B, and D
A. Correct: The Delegation Of Control Wizard masks the complexities of object ACEs by
guiding you through the assignment of permissions to groups.
B. Correct: DSACLs can be used to manage Active Directory permissions from Command
Prompt.
C. Incorrect: DSUTIL is used to manage the domain and directory service properties but
not object permissions.
D. Correct: Assigning an administrative task requires modifying the DACL of an object
such as an OU. The Advanced Security Settings dialog box provides the most direct user
interface access to the permissions in the DACL.
You are an administrator at a large university, and you have just been sent an Excel file containing information about 2,000 students who will enter the school in two weeks. You want to create user accounts for the new students with as little effort as possible. Which of the following tasks should you perform?
A. Create a user account template and copy it for each student.
B. Run LDIFDE -i.
C. Use CSVDE -i.
D. Run the DSADD USER command.
Correct Answer: C

A. Incorrect: Although a user account template will enable you to copy several dozen of its
attributes to a new user account, you would have to copy the template 2,000 times to
complete this task.
B. Incorrect: The LDIFDE command imports objects from LDIF files, which are not
the format natively managed by Microsoft Office Excel.
C. Correct: The CSVDE command imports objects from comma-delimited text files.
Excel can open, edit, and save these files.
D. Incorrect: The DSAdd command enables you to create a user from the command.
You are an administrator at a large university. Which command can be used to delete user accounts for students who graduated?
A. LDIFDE
B. DSMod
C. DEL
D. CSVDE
Correct Answer: A
A. Correct: LDIFDE supports adding, modifying, or deleting Active Directory objects.
B. Incorrect: DSMod modifies properties of an existing object.
C. Incorrect: DEL is a command that erases a file.
D. Incorrect: CSVDE can import users but cannot delete them.
You have just opened the Active Directory Module For Windows PowerShell. You want
to create a user account for Mary North. Which of the following should you do?
A Use the New-Item cmdlet.
B. Use the New-SPUser cmdlet.
C. Use the New-ADUser cmdlet.
D. Use the Set-ADUser cmdlet.
Correct Answer: C

A. Incorrect: The New-Item cmdlet creates a new object in the current location. Because you have just opened the Windows PowerShell console, you are in the default location, and you have not navigated to Active Directory using the Active Directory PSDrive. Therefore, New-Item will not be able to create a new Active Directory object.
B. Incorrect: The New-SPUser cmdlet creates a new user in a SharePoint site collection.
D. Incorrect: The Set-ADUser cmdlet configures properties of an existing user object.
You want to import users from a file maintained by Human Resources in Microsoft
Office
Excel. What can you do? (Choose all that apply.)
A Use LDIFDE.
B. Use the Import-CSV cmdlet.
C. Use the DSAdd command.
D. Use CSVDE.
Correct Answers: B or D
B Correct: The Import-CSV cmdlet can import a comma-separated values file produced by Excel and pipe the data source to the New-ADUser cmdlet.
D Correct: The CSVDE command can import from a comma-separated values file produced by Excel.
A Incorrect: LDIFDE imports users from LDIF files. Excel cannot save a workbook as
an LDIF file.
C Incorrect: The DSAdd command cannot import from a file
You want to specify a password for a new user account. What do you do? (Choose all
that apply. Each correct answer is a part of the solution.)
A Use the New-ADUser cmdlet.
B. Use the ConvertTo-SecureString cmdlet.
C. Use the Reset-ADPassword cmdlet.
D. Pipe the user to the Remove-ADUser cmdlet.
Correct Answers: A and B
A. Correct: The -AccountPassword parameter of the New-ADUser cmdlet specifies the password of the new account.
B. Correct: You must convert a plain text password to a secure string before it can be passed to the -AccountPassword parameter.

C. Incorrect: There is no cmdlet named Reset-ADPassword.
D. Incorrect: The Remove-ADUser cmdlet deletes a user account.
1. You want to set the Description property of 10 users in two different OUs. The users
currently have the Description property configured as Salesperson in Miammi. You
recently discovered the typographic error and want to change it to Salesperson in
Miami. What can you do to make the change? (Choose all that apply.)
A. Select all 10 users by holding the Ctrl key and opening the Properties dialog box.
B. Use DSGet and DSMod.
C. Use DSQuery and DSMod.
D. Use Get-ADUser and Set-ADUser.
C, D

A. Incorrect: You can use the Ctrl key to multiselect users, but they must be in a single OU. The 10 users in this scenario are in different OUs.
B. Incorrect: DSMod will let you change the Description property, but DSGet will not locate
the objects. DSGet is used to display attributes, not locate objects.
You want to move a user from the Paris OU to the Moscow OU. Which tools can you
use? (Choose all that apply.)
A. Move-Item
B. Move-ADObject
C. DSMove
D. Redirusr.exe
E. Active Directory Migration Tool
Correct Answers: A, B, and C

A. Correct: The Move-Item cmdlet moves objects in a namespace.
B. Correct: The Move-ADObject cmdlet can move a user.
C. Correct: You can use the DSMove command to move an object in Active Directory.

D. Incorrect: Redirusr.exe is used to configure Active Directory so that new user objects
created without specifying an OU will go to a container other than the default Users
container.
E. Incorrect: The Active Directory Migration Tool is used to migrate accounts between
domains.
A user reports that she is receiving a logon message that states, “Your account is
configured to prevent you from using the computer. Please try another computer.”
What should you do to enable her to log on to the computer?
A. Click the Log On To button on the Account tab of her user account.
B. Click the Allowed To Join Domain button in the New Computer dialog box.
C. Use the DSMove command.
D. Give her the right to log on locally, using the local security policy of the computer.
Correct: Computer restrictions limit the computers that a user can log on to.
On the Account tab of her user account, you can click the Log On To button and add
the computer by name to the list of allowed workstations.