TestOut Server 2016 Chapter 7 (7.1.4, 7.2.8, 7.3.5, 7.4.6, 7.5.9, 7.6.5, 7.7.6, 7.8.8, 7.9.5, 7.10.4)

11 September 2022
4.7 (114 reviews)
73 test answers

Unlock all answers in this set

Unlock answers (69)
question
Match each active directory component on the left with the appropriate description on the right. (Each component may be used once, more than once, or not at all.)
answer
A group of related domains that share the same DNS namespace - Tree A collection of related domain trees - Forest A server that holds a copy of the Active Directory database - Domain Controller The process of copying changes to the Active Directory database between domain controllers - Replication A collection of network resources that share a common directory database - Domain Can make changes to the Active Directory database - Domain Controller
question
Match each active directory component on the left with the appropriate description on the right. (Each component may be used once, more than once, or not at all.)
answer
An object that cannot be created, moved, renamed, or deleted - Generic Container A database that contains a partial replica of every object from every domain - Global Catalog Facilitates faster searches - Global Catalog A type of container object that can be created by the administrator to simplify security administration - Organizational Unit Identifies the types of objects that can exist in the tree - Schema Information about an object, such as a user's name - Attributes Used to logically organize network resources within a domain - Organizational Unit
question
Drag each Active Directory term on the left to its corresponding definition on the right.
answer
Logical organization of resources - Organization Unit Collection of network resources - Domain Collection of related domain trees - Forest Resource in the directory - Object Group of related domains - Tree User or group of users - Object
question
You manage a group of 10 Windows workstations that are currently configured as a workgroup. Which are advantages you could gain by installed Active Directory and adding the computers to a domain? (Select two.)
answer
Centralized authentication Centralized configuration control
question
You have added a new color printer to the network. You have only given certain users throughout the network permission to send print jobs to this printer. Some of these users are complaining that it takes a long time to find the new color printer in active Directory to add it to their list of printers. What can you do to make this printer faster to find?
answer
Add a global catalog server
question
Active directory uses two broad categories of objects to represent the various components of a network: - Network resources - Security Principals Drag the category on the left to the object on the right that belongs to that category.
answer
Shared folder - Network Resource User - Security Principal Group - Security Principal Printer - Network Resource Computer Account - Security Principal
question
Which of the following contain objects are Active Directory built-in containers?
answer
ForeignSecurityPrincipals ManagedServiceAccounts Users Computers
question
You are the network administrator for your company. Your network consists of two Active Directory domains, research.westsim.local and sales.westsim.local. Your company has two sites, Dallas and Houston. Each site has two domain controllers, one domain controller for each domain. Users in Houston report slow performance when logging on. Users in Dallas do hot have any problems. You want to fix the Houston problem. What should you do?
answer
Configure one of the domain controllers in Houston to be a global catalog server
question
You are the network administrator for an Active Directory forest with a single domain. The network has three sites with one domain controller at each site. You have created and configured sites in Active Directory Sites and Services, and replication is operating normally between sites. You configure two universal groups for use in securing the network. All users are members of one universal group or the other. After configuring the universal groups, users at sites 2 and 3 report slow login and slow access to the corporate database. Users at site 1 can log in and access the corporate database with acceptable performance. You want to improve login and resource speeds. What should you do?
answer
Designate the domain controllers at sites 2 and 3 as global catalog servers
question
You manage a network with a single domain named eastsim.com. The network currently has three domain controllers. During installation, you did not designate one of the domain controllers as a global catalog server. now you need to make the domain controller a global catalog server. Which tool should you use to accomplish this task?
answer
Active Directory Users and Computers or Active Directory Sites and Services
question
You need to configure the ENSERV16-VM03 server as a global catalog server. Where do you click in the properties dialog to open the page that will allow you to select the global catalog option?
answer
NTDS Settings...
question
You need to add a new Windows server to an Active Directory domain. You intend to make this new server a domain controller. This server was installed with a server core deployment, so you'll need to install the Active Directory Domain Services role from the PowerShell console. From the drop-down list, select the name of the service you would enter to complete the following PowerShell command: Install-WindowsFeature __________
answer
AD-Domain-Services
question
You have not yet installed Active Directory Domain Services (ADDS) on a new windows server system. You are planning to use this computer as a domain controller in Active Directory. Which of the following steps is it recommended that you perform before you install the ADDS role (Select two.)
answer
Set the system time and time zone Configure the computer name
question
You have completed the installation of the Active Directory Domain Services role on a new server. Now you want to promote this server to be a domain controller in an existing domain. The server was installed with a Server Core deployment, so you will need to make this server a domain controller in an existing domain from the Powershell command line. Which of the following powershell cmdlets will you need to enter? (Select two.)
answer
Install-ADDSDomainController Import-Module ADDSDeployment
question
You are the network administrator for a company with a single Active Directory domain. The corporate office is locate din Miami, and there are satellite offices in Boston and Chicago. AD sites configured for all three locations. Default site was renamed Miami. Each location has a single IP subnet, and each office has several DCs. Boston office has expanded, each new floor having a subnet. DCs for Boston as on one floor in the same subnet. You notice that users working on the new floors are authenticating to domain controllers from other locations. What should you do to the Active Directory Sites and Services configuration?
answer
Create subnets for the new floors in the Boston office and link them to the Boston site
question
You are the network administrator of a network that spans two locations, Atlanta and Dallas. Your organization started in Atlanta, and that's where you installed your first Active Directory domain controller. The Dallas location was later added to the domain with its own domain controller. Atlanta and Dallas are connected using a dedicated WAN link. You have not made any changes to default sites. Dallas users complain of long login times. Dallas users have been authenticating to DC in Atlanta. What is the first step in solving this problem?
answer
Create a new site object and move the server object for the Dallas domain controller into the new site
question
Active Directory uses certain objects to represent the logical organization of a computer network and other objects to represent its physical structure. Drag the representation type on the left to the types of objects it uses on the right.
answer
Forest - Logical Site - Physical Subnet - Physical Domain - Logical OU - Logical
question
You are the network administrator of a network that spans three locations, Atlanta, Chicago, and Denver. Your organization started in Atlanta, and that's where you installed your first Active Directory domain controller. The Chicago and Denver locations were later added to the domain with their own domain controllers. these three locations each have their own subnet and are connected using dedicated WAN links. Which of the following steps must you perform to complete this configuration? (Select three.)
answer
Move the Chicago and Denver server objects into their respective site objects Create site objects for Chicago and Denver Create subnet objects for Chicago, Denver and Atlanta, and then link them to their respective sites
question
You have configured Active Directory Sites and Serivces to represent the physical layout of your network. As shown in the table below, each site has its own domain controller and subnet: Atlanta / DC-ATL / 192.168.1.0/24 Chicago / DC-CHI / 192.168.2.0/24 Denver / DC-DEN / 192.168.3.0/24 Phoenix / DC-PHX / 102.168.4.0/24 A user authenticates from a workstation with an IP address of 192.168.2.255 and a subnet mask of 255.255.255.0. Which domain controller is Active Directory going to send this authentication request to?
answer
DC-CHI
question
You are the administrator of the eastsim.com domain, which has two domain controllers. Your Active Directory structure has organizational units (OUs) for each company department. You have assistant administrators who help manage Active Directory objects. for each OU, you grant one of your assistants Full Control over the OU. You come to work one morning to find that while managing some user accounts, the administrator in charge of the Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to configure the OU to prevent accidental deletion. What should you do so you can configure this setting?
answer
In Active directory Users and Computers, select View > Advanced Features
question
Match each default active directory object on the left with the appropriate description on the right.
answer
Holds the default service administrator accounts - Builtin container The default location for new user accounts and groups - User container The default location for domain controller computer accounts - Domain controller OU The root container to the hierarchy - Domain container The default location for workstations when they join the domain - Computers container
question
You are the administrator of the eastsim.com domain. Your Active Directory structure has organization units (OUs) for each company department. You have assistants who help resetting passwords and managing group memberships. You also want your assistants to help create and delete user accounts. Which of the following tools can you use to allow your assistants to perform these additional tasks?
answer
Delegation of Control Wizard
question
You have just started a new job as the administrator of the eastsim.com domain. The manager of the accounting department has overheard his employees joke about how many employees are using "password" as their password. He wants you to configure a more restrictive password policy for employees in the accounting department. Before creating the password policy, you open the Active Directory users and computers structure and see the following containers and OU: - eastsim.com - Builtin - Users - Computers - Domain controllers Which steps must you perform to implement the desired password policy? (Select three.)
answer
Put the accounting employees user objects into the OU created for the accounting employees Configure the password policy and link it to the OU created for the accounting employees. Create an OU in eastsim.com for the accounting employees
question
Drag the organizational model on the left to the appropriate example OU on the right.
answer
Denver OU - Physical Printers OU - Object Sales OU - Corporate Engineering OU - Corporate Brazil OU - Physical Brazil OU containing the Sales OU - Hybrid
question
You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. The support department have very high turnover. Nearly every week you need to add new user accounts. All user accounts have the same department and fax number settings. Each user account must also have permission to the orders shared folder. You want to create a template account to use when creating new accounts in the future, What should you do? (Select three.)
answer
Create a group called support. make the template account a member of the support group. assign permissions for the group to the orders shared folder Disable the user account Create a user account with the department and fax number settings
question
You are the administrator for a small network. you have approximately 50 users who are served by a single windows server. You are providing active directory, dns, and dhcp with this server. Your clients will use windows workstations. An employee quit, and a replacement is on the way. They will need all the previous worker's settings. What should you do?
answer
Rename the existing account, changing the name fields to match the new employee
question
You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. Mary Hurd is a manager in the sales department. Mary is a member of the managers global group. This group also has members from other organization units. The managers group has been given read share permission to the reports shared folder. You need to create several new user accounts that have the same group membership and permission settings as the mhurd user account. How can you complete this configuration with the least amount of effort?
answer
Copy the mhurd user account. Assign the new account the change share permission to the reports shared folder
question
You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. Maria Hurd is going on a seven-week sabbatical and will not be in to work during that time. Which of the following can you perform to secure her user account to prevent it from being used to access network resources while she is away? (Select two.)
answer
Set account expiration time for the last day Maria will be in office Disable the user account
question
You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. At 5:30 pm, you get a call from Mary Hurd, a user in the sales department, stating that she can't log in. You use the Active directory users and computers and see the information shown in the image. (Her account is disabled) How can you make sure Mary can log in?
answer
Enable Mary's Account
question
You manage a network with a single active directory domain called westsim.com. Organizational units have been created for the accounting, sales, and support departments. User and computer accounts for each department are in their respective OUs. You have hired a temporarily worker named John Miller to work in the shipping department during the holidays. John should only be allowed to log on to the Ship01 workstation and no others. What should you do?
answer
In John's user account, add Ship01 to the log on to list
question
You manage user accounts in the southsim.com domain. Each department is represented by an organizational unit (OU). Computer and user accounts for each department have been moved to their respective OUs. When a new employee is hired in the sales department, you create the user account, add the user account to multiple groups, assign the user permissions to the sales contact database, and configure permissions to home and shared folders. Because of high turnover, you find that as users leave the organization, you spend several hours tracking down file ownership and reassigning permissions to other users. How can you simplify this?
answer
Use a programming language to create a deprovisioning solution. Write scripts or routines that run automatically and reassign ownership and permissions when the user account is deleted
question
You are the administrator of a network with a single active directory domain. Your domain contains three domain controllers and five member servers. Your security policy states that all accounts should be locked out after three unsuccessful logon attempts and that accounts must be reset only by an administrator. A GPO enforces these settings. You get a call, seven users are unable to log on. All seven accounts are locked out. Need to unlock with lease amount of effort. What should you do next?
answer
Using Active Directory Users and Computers, select Unlock Account for each account
question
You manage a network with a single active directory domain called westsim.com Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. At 5:30pm, you get a call from Mary Hurd, a user in the sales department, stating that she can't log in. You use active directory users and computers and see the information shown in the image. You need to make sure Mary can log in. What should you do? (Select three.)
answer
Unlock Mary's account Change the log in hours to extend past 5:30 pm Change Mary's account to never expire
question
You are the administrator of a network with a single active directory domain. the domain includes a user account named bob smith. you have been asked by the network security group to provide a listing of all domain groups to which bob smith is a member. You would prefer to use a command line utility so that the output can be saved and printed. Which command should you use?
answer
dsget
question
You are the administrator of a network with a single active directory domain. You would like to create a script to distribute to the help desk support staff for their needs when creating domain user accounts. The help desk staff will input various user account values and these values will be used in the script. Which of the following commands should your script include?
answer
dsadd
question
You are the administrator of a network with a single active directory domain. The domain currently includes 75 user accounts. You have been asked to add 50 additional accounts. Your human resources manager has an existing database of employees that can be imported to active directory. you would like to use an automated method for data import if possible. What should you do? (Select two.)
answer
Use the Ldifde.exe utility Use the Csvde.exe utility
question
You are the administrator of a network with a single active directory domain. You need to create 75 user accounts in the domain users container. You have a list of new user accounts that include an IP telephone number. The user accounts are available via an export from your company's HR application in the form of a comma-delimited file. You want to create the new accounts as quickly and easily as possible. What should you do?
answer
Use Csvde to import user account using the .csv file.
question
Prior to installing active directory on your network, you set up a test network in your lab. You created several user accounts that correspond to actual network users. Want to move accounts from test to new domain. Want to use Ldifde command and set new passwords. How can you perform this task with the least amount of effort?
answer
Run Ldifde to export the user accounts. Run ldifde to import the user accounts. Edit the .ldif file to specify user account passwords. Run LDifde to modify the existing accounts
question
You get a call from a user one day telling you that his password no longer works. As you inquire about the reasons why the password doesn't work, he tells you that yesterday he got a call from an administrator asking for his user account passwords, which he promptly supplied. You want to reset all account passwords and force users to change on next login. What should you do? (Select two.)
answer
Create a script that runs Dsmod. Specify the new password and account properties in the script. Run the script Run Ldifde to export user account information. Edit the .ldif file to modify the user account properties and passwords. Run Ldifde to modify the existing accounts
question
You are the network administrator for westsim.com. The company is opening a new branch office in new york that will have 100 new users. all the information on the new accounts is contained in a file named branch.csv, which specifies a unique name and password for each user. You need to run a script to create the new accounts contained in the branch.csv file. The new accounts must be assigned the appropriate passwords as contained in the branch.csv file. Which commands should you run? (Select two.)
answer
import-csv new-ADUser
question
You are the network administrator for westsim.com. There is one main office and seven branch offices. You have been asked to create a script that can be used in the event of a disaster that destroys the entire network. Thee script must be able to recreated the company's active directory users, computers, and groups, as well as sites and subnet objects. Which command should you use in your script?
answer
New-ADObject
question
You manage a windows server that functions as your company's domain controller. Your organization was recently acquired by a larger organization, and the company name has changed as a result. You need to modify the company property of each user account in active directory. Which tools could you use to make this change? (Select two.)
answer
ldifde dsmod
question
You manage a windows server that functions as your company's domain controller. You want to test a new network application in a lab environment prior to rolling it on to your production network. To make the test as realistic as possible, you want to export all active directory objects from your production domain controller and import them to a domain controller in the test environment. Which tools could you use to do this? (Select two.)
answer
ldifde csvde
question
You manage a windows server that is an active directory domain controller for your organization. You need to use command line tools to generate a list of all users in the domain and then view the value of the office property of each user. Which command should you use?
answer
dsquery user -name * | dsget user -display -office
question
You need to use a powershell to generate a list of all active directory computer accounts located in just the computers container (cn=computers,dc=testoutdemo,dc=com)/ Which cmdlet should you use?
answer
get-adcomputer -filter * -SearchBase "cn=Computers,dc=testoutdemo,dc=com"
question
You are the network administrator for westsim.com. The network consists of a single active directory domain. A user named Mary Merone is working on location in Africa. She called to report that her laptop had failed. The hardware vendor replaced the laptop, and now you need to join the new computer to the domain. However, there is no connectivity from the current location to the domain. What should yo do first?
answer
Prepare the computer to perform an offline domain join by creating an active directory account for the computer using the djoin /provision command
question
You are the administrator for a large single-domain network. You have several windows server domain controllers and member servers. Your 3,500 client computers are windows workstations. Today, one of your users has called for help. Their computer cannot establish trust to DC. Nothing seems wrong with the account. Need to allow user to log in. What should you do?
answer
Reset the computer account and rejoin the domain
question
You are the administrator for a small company that uses a windows server to host a single domain. MAry Hurd, a user in the sales department, calls and reports that she is unable to log in using her computer (Sales1). You use active directory users and computers and see the screen shown in the image. (Sales1 is disabled) What can you do to allow Mary to log in?
answer
Enable the computer account
question
You have just ordered several laptop computers that will be used by members of the programming team. The laptops will arrive with windows. You want the computer account for each new laptop to be added to the developer ou in active directory. you want each programmer to join his or her new laptop to the domain. What should you do?
answer
Prestage the computer accounts in active directory. grant the programmers the rights to join the workstation to the domain
question
You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. What should you do?
answer
Reset the computer account in active directory
question
You have a laptop that you use for remote administration from home and while traveling. The laptop has been joined to the domain using the name of admin remote. The processor in your laptop overheats one day, causing extensive damage. Rather than repair the computer, you purchase a new one. The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. You want the new computer to be joined to the domain using the same name as the old computer. What commands should you run?
answer
netdom reset and then netdom join
question
You are a domain administrator for a large multi-domain network. There are approximately 2,500 computers in your domain. Organization units (OU) have been created for each department. Group policies (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied. What should you do?
answer
Move the computer accounts from their current location to the correct OUs
question
You are the administrator of a network with two active directory domains. Each domain currently includes 35 global groups and 75 domain local groups. You have been reading the windows server help files and have come to the conclusion that universal groups may be the answer to ease administrative management of these groups You decide to incorporate universal groups. How can you make sure to not include changes to any group that will affect group member's assigned permissions?
answer
Add global groups to universal groups and then add those to domain local groups
question
You are the administrator for ABC Corporation. The network has a single active directory domain called xyz.com The Sales team has a shared folder on Srv1 that is used to hold sales contact information. You need to control access to this folder so that only members of the sales team can access the folder. You create a group called Sales and add all members of the sales team as members of the group. However, when you try to assign permissions to the shared folder, the sales group you created does not show in the list of available objects. You check the properties of the group and fine the details down in the image. What do you need to do to assign permissions to the sales team?
answer
Convert the group to a security group
question
You are the administrator for a network with two domains, westsim.com and branch.westsim.com. User accounts for the sales team are in both domains. You have a shared folder called reports on the sales1 server in the westsim.com domain. You also have a shared folder called contacts on the sales6 server in the branch.westsim.com domain., All sales users need access to both shared folders. What do you need to do to implement a group strategy to provide access to the necessary resources?
answer
Create a global group in each domain. Add users within each domain to the group Create a universal group in westsim.com Add the global groups from each domain to the universal group Add the universal group to domain local groups in each domain Assign permissions to the domain local groups
question
You are the domain administrator for north.westsim.com, which is a child domain in westsim.com You have a high-end color laser printer that is shared on a server in north.westsim.com. Because of the high price per page, you have removed the print permission from the everyone group. You need to grant the print permissions to marketing users in the north.westsim.com, east.westsim.com, and west.westsim.com domains. What should you do?
answer
In the north domain, create a domain local group called CLR-PRT In all three domains, create a global group named Marketing Add all three global groups to the north clr-prt group and assign the print permission to the group
question
You are the domain administrator for a single domain forest. You have 10 file servers that are member servers running windows server. Your company has designed its top-level OU structure based on the 15 divisions for your company. Each division has a global security group containing the user accounts for division managers. Division managers have permissions to folders on all file servers. They need different permissions for folders. What should you do?
answer
Create a global group called AllMgrs; make each of the existing managers groups a member
question
You manage a single domain named widgets.com. Organization units (OUs) have been created for all company departments. Computer and user accounts have been moved into their corresponding department OUs. The CEO has requested the ability to send emails to managers and team leaders. He'd like to send a single email and have it automatically forwarded to all users in the list. Because the email list might change frequently, you do not want the email list to be used for assigning permissions. What should you do?
answer
Create a distribution global group. For each user on the email list, make their user account a member of the group
question
You are the administrator for a network with two domains, westsim.com and sales.westsim.com. You have a shared folder called reports on the sales1 server in the sales.westsim.com domain. The following two users need access to this shared folder: - Mark in the westsim.com domain - Mary in the sales.westsim.com domain You create a global group called sales in westsim.com. You grant this group the necessary permissions to the reports shared folder. you add mark as a member of the group; however you are unable to add mary as a group member. What should you do? (Select two.)
answer
Convert the group to a universal group Delete the exisiting group. Create a domain local group in sales.westsim.com. Add mary and mary as members and assign permissions to the share
question
You are the administrator of a multi-domain active directory forest. You have a universal group called salesexecs. This group has successfully been used as an email distribution group. Later, you try to assign the group permissions to a shared folder, but salesexecs does not appear as a choice. What should you do?
answer
Convert the salesexec group from a distribution group to a security group
question
You are the domain administrator for a single domain forest. Your company has based its top-level OU structure on the four divisions for your company, manufacturing, operations, marketing, and transportation. Each division has a global security group containing the user accounts for division managers. You want to have a single group that can be used when you need grant access to resources to all of your organization's mangers. What should you do? (Select two.)
answer
Create a universal security group called AllMgrs and make each of the existing division manager groups a member Create a global security group called AllMgrs and make each of the existing division manager groups a member
question
You manage user accounts in the southsim.com domain. Each department is represented by an Organizational Unit (OUs). Computer and user accounts for each department have been moved to their respective OUs. You want to control access to a new color printer named ColorMagic. To do this, you create the following groups: - A domain local group named ColorMagic-DL - A global group named Sales-GG You want all users in the sales department to have access to the new printer. What should you do? (Select three.)
answer
On the member of tab for the sales-gg group, add the colormagic-dl group on the colormagic printer object, assign permissions to the colormagic-dl group on the members tab for the sales-gg group, add all sales user accounts
question
You are the administrator of the westsim.com domain. Within the domain, you have OUs for the accounting, manufacturing, sales, and administration departments. You also have smaller OUs within each department OU, such as the ITAdmins OU in the Administration OU. You need to follow the principle of least privilege as you use the delegation of control wizard to complete the following: - Give one user in each OU the rights necessary to manage user accounts in their OU - Give your assistants in the ITAdmins group rights to nmanbage passwords for all users in the domain. Which of the following approaches can you use as you delegate control? (Select two.)
answer
-Create a UnderAdmin group in each department OU -Make the user in each OU a member of the USerAdmin group -In each department OU, delegate control the the UserAdmin group to perform user account tasks -Create a PasswordAdmin group in the ITAdmins OU -Make your assistants members of the PasswordAdmin group -In the westsim.com domain, delegate control to the PasswordAdmin group to perform password tasks
question
You are in charge of designing the active directory tree. You have a small company that has only one location. You have determined that you will have approximately 500 objects in your completed tree. Your company is organized with four primary departments, accounting, manufacturing, sales, and administration. Each area is autonomous and reports directly to the CEO. The managers in each department want to make sure that some management control of their users and resources remains in the department. Which of the following design plans will best meet these requirements?
answer
Plan 3 -Create an OU object for each department -Train a member of each department for an admin task -Use Delegation Wizard for principle of least privilege for appropriate OU
question
You are the network administrator for your company. Your company has three standalone servers that run Windows Server. All servers are located in a single location. You have decided to create a single active directory domain for your network. Currently, each department has one employee designated as the department's computer support person. Employees in this role create user accounts and reset passwords for the department. As you design active directory, your goal is to allow these users to maintain their responsibilities while not giving them more permissions than they need. Which of the following design plans will best meet your goals?
answer
Plan 4 -Create department OUs -Use Delegation wizard to grant support user permissions to specific OU
question
You are the administrator for the westsim.com domain, which has five domain controllers running windows server. The active directory structure is shown in the image. All user and computer accounts have been placed in the department OUs. Main offices are located in Orlando, with additional offices in Boston, new york, and Chicago. There are three departments within the company, sales,. marketing, and accounting. Employees from each department are at each location. You want to appoint an employee in each department to help with changing passwords for users within their department. They should not be able to perform any other tasks. What should you do?
answer
Use the Delegation of Control wizard. Grant each user administrator permissions to modify passwords for their department OU
question
You are the manager of eastsim.com domain. Your active directory has organizational units (OUs) for each company department. Assistant administrators help you manage active directory objects. For each OU, you grant one of your assistants full control over the OU. You come to work one morning to find that while managing some user accounts the administrator in charge of the sales ou has deleted the entire ou. You restore the ou and all of its objects from a recent backup. You want to make sure that your assistants can't delete the ous they are in charge of. What should you do? (Select two.)
answer
Remove full control permissions from each ou. run the delegation of control wizard for each ou, granting permissions to perform the necessary management tasks Edit the properties for each ou to prevent accidental deletion
question
Your organization has two sites that are members of the same active directory domain. Three domain controllers are deployed at each site. You have just installed three virtual domain machines in the azure cloud and made them domain controllers in the same domain. The virtual domain machines in the azure cloud will support your organization as it adds branch offices in various locations. You will not have to hire additional server administrators for the branch offices because users in these locations will be able to use these cloud-based domain controllers for authentication. You need to ensure that domain authentication and synchronization traffic remains secure in their deployment. Click the network segments where a vpn connection will need to be used.
answer
Site A to Azure VM Site B to Azure VM
question
You manage a network with a single active directory domain called westsim.com. Most of your users work from the office and access your on-premise domain controllers when they authenticate and use network resources. Your company has just moved to office365 and is using the cloud-hosted versions of Exchange and SharePoint for employees who work from home. You are considering using Azure AD to allow these employees to authenticate to the domain. Which of the following are advantages of deploying Azure AD? (Select two.)
answer
Remote users can have single sign-on access to Exchange and SharePoint Remote users can authenticate to the domain from any location that has internet access
question
You manage a network with a single active directory domain called westsim.com. Most of your users work from the office and access your on-premise domain controllers when they authenticate and use network resources, but you also have a few users who work remotely. Your company has just moved to office365 and is using the cloud-hosted versions of exchange and sharepoint for employees who work from home. You are considering using Azure AD to allow these employees to authenticate to the domain. Which of the following are options for deploying Azure AD? (Select two.)
answer
You can deploy active directory domain controllers using the windows azure active directory saas cloud service You can install active directory domain controllers on windows azure virtual machines in the cloud
question
You manage a network with a single active directory domain called westsim.com. You have just deployed an azure ad domain controller in the azure cloud. You have created a user account for yourself in the new azure AD domain. You are now testing the configuration of the azure ad domain from home by trying to join your home computer to this domain. Click on the option in the system menu in the settings app that allows you to join your computer to the domain in azure AD.
answer
About (bottom)
question
You manage a network with a single active directory domain called westsim.com. You have just deployed an azure ad domain controller in the azure cloud. You have created a user account for yourself in the new azure AD domain. You have successfully joined your home computer to this domain, so you are ready to make sure you can log on to the domain with your azure ad user account. Which of the following steps do you need to perform to log on to the azure ad user account? (Select two.)
answer
Select Other user and sign in using the azure ad user account credentials Sign out as the local user
question
You manage a network with a single active directory domain called westsim.com. You have just deployed an azure ad domain controller in the azure cloud so tat remote users can authenticate to the westsim.coim domain over the internet. By default, replication is set to occur on this domain controller every 180 minutes. Your manager wants you to change this setting so that replication occurs every six hours. Which of the following must you perform to make it possible to configure replication on the azure ad domain controller?
answer
Place the azure ad domain controller in its own site