Ch 7

25 July 2022
4.7 (114 reviews)
51 test answers

Unlock all answers in this set

Unlock answers (47)
question
What is the potential security risk of utilizing a naming standard for user accounts? BLANK
answer
If an attacker knows this then they have half of the puzzle to enter your network.
question
What components make up an object's distinguished name (DN)? BLANK
answer
common name; common name; organizational unit; domain component
question
Select the special character below that can't be used within a username:‚Äč
answer
?
question
What are the two different ways that responsibility for an OU can be delegated to a non-administrator user? BLANK
answer
delegation of control wizard or AD users and computers
question
A local account is stored in the __________________ database on the local computer.
answer
Security Accounts Manager (SAM)
question
How can an administrator make a user template account easily recognizable? BLANK
answer
add a special character to the beginning of the template account name
question
Which of the following statements is true regarding the built-in Guest account?
answer
The Guest account should be renamed if it will be used
question
The Administrator account should not be re-named, but should at least used a secure password. T/F
answer
False
question
After a template account has been created, what can be done to ensure that the template account does not pose a security risk?
answer
The account should be disabled
question
Is Zach Trash?
answer
Yes
question
A valid comma separated value file that can be imported using csvde must have what option below on the first line?
answer
The FQDN of the target domain
question
Information within an OU can be hidden using permissions, and administration of an OU can be delegated to a non-administrative account.‚Äč T/F
answer
True
question
Which of the following statements is not true regarding the built-in Administrator account?‚Äč
answer
The Administrator account can't be renamed, but it can be deleted.
question
How does piping work on the command line? BLANK
answer
it's a way to send information to another command so it is easier to read
question
A user's profile is stored in what directory on a local computer by default?‚Äč
answer
C:Users
question
What different types of objects can be members of a distribution group? BLANK
answer
regular user accounts and contacts
question
An authenticated user can add up to how many computer accounts to the domain, by default?
answer
10
question
‚ÄčThe _____________ determines the reach of a group's application in a domain or forest: which security principals in a forest can be group members and to which forest resources a group can be assigned rights or permissions.
answer
group scope
question
Permission inheritance can be configured such that permissions are only inherited by specific types of child object types T/F
answer
True
question
When a user leaves a company, why is it preferable to disable the user rather than delete the user? BLANK
answer
so that all the user's files are still accessible and all group memberships are maintained
question
What is the most typically used group type conversion?
answer
‚ÄčDistribution group -> security group
question
When creating a new user, the "User must change password at next logon" option is enabled by default.‚Äč T/F
answer
True
question
Which special identity group specifically includes any user account (except the Guest) logged into a computer or domain with a valid username and password?
answer
Authenticated Users
question
The ________ command removes, or deletes, objects from Active Directory.
answer
DSRM
question
In a single domain environment, what is the Microsoft recommended best practice for assigning access to resources? BLANK
answer
domain local group
question
By default, the Windows password policy requires a minimum password of what length?‚Äč
answer
7 characters
question
Which statement is true regarding the use of the Logon Hours option under a user's account?
answer
The Logon Hours can't be used to disconnect a user that has already logged in
question
The _____________ cmdlet within PowerShell can be used to rename an object in Active Directory.‚Äč
answer
Rename-ADObject
question
Using ______________, a computer joining the domain doesn't have to be connected to the network when the join occurs.‚Äč
answer
offline domain join
question
Select the true statement regarding the conversion of group scope:‚Äč
answer
‚ÄčDomain local groups can be converted to universal, as long as the domain local group does not contain other domain local groups
question
How can the output of a command be redirected to a file instead of being displayed on screen?‚Äč
answer
Type the > character followed by the file name at the end of the command
question
How are Active Directory objects added to special identity groups? BLANK
answer
membership in these groups is controlled dynamically by Windows, can't be viewed or changed manually, and depends on how an account accesses the OS
question
An explicit "allow" permission will override an inherited "deny" permission. T/F
answer
True
question
What is a downlevel user logon name used for?
answer
‚ÄčLogging into older Windows OSs or using older Windows applications
question
If a user is created without a password and the domain's password policy requires a non-blank password, what is the result? BLANK
answer
the user account is disabled
question
How often is the password for a computer account changed by Active Directory?‚Äč
answer
30 days
question
The default location for computer accounts that are created automatically after joining the domain can be changed using which command?‚Äč
answer
redircmp
question
What special identity group is used when a user accesses an FTP server that doesn't require user account logon?
answer
Anonymous logon
question
How can an administrator enable or disable accounts using the command line?
answer
‚ÄčUse the dsmod user command
question
A group type that's the main Active Directory object administrators use to manage network resource access and grant rights to users.
answer
Security groups
question
An Active Directory object that usually represents a person for informational purposes only, much like an address book entry.
answer
Contact‚Äč
question
Sending the output of one command as input to another command
answer
Piping
question
‚ÄčA group scope that can contain users from any domain in the forest and be assigned permission to resources in any domain in the forest
answer
Universal group‚Äč
question
A group scope that's the main security principal recommended for assigning rights and permissions to domain resources‚Äč
answer
Domain local group
question
A group type used when you want to group users together, mainly for sending e-mails to several people at once with an Active Directory integrated e-mail application, such as Mcirsoft Exchange.‚Äč
answer
Distribution group
question
A group created in the local SAM database on a member server or workstation or a stand-alone computer‚Äč
answer
Local group‚Äč
question
A userr account that's copied to create users with common attributes
answer
User Template
question
‚ÄčA group scope used mainly to group users from the same domain who have similar access and rights requirements.
answer
‚ÄčGlobal group
question
The process of a user with higher security privileges assigning authority to perform certain tasks to a user with lesser security privileges
answer
Delegation of control‚Äč
question
Select below the built-in group that facilitates anonymous access to web resources by Internet Information Services
answer
IIS_IUSRS
question
When creating a new user, the "User cannot change password" option can't be used in conjunction with what other option?‚Äč
answer
User must change password at next logon