Where are you most likely to see a Read-Only Domain Controller (RODC)?
in a small network instead of in an enterprise
in an enterprise network
in a remote site
in the place of a standard domain controller
Which of the following is the format for a virtual account used with Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?
domainname\servicename
computername\servicename
NT Service\servicename
NT Service\servicename$
NTLM uses a challenge-response mechanism for authentication without doing what?
revealing the client's operating system to the server
revealing the protocol to the server
sending a password to the server
sending an encrypt/decrypt message to the server
Which three components make up a service principal name (SPN)
service name, IP address, and port number
service name, URL and host name
service name, host name, and IP address
service class, host name, and port number
Before you can create an MSA object type, you must create what?
a key services MSA group
a key services MSA distributed domain account
a key distribution services root key
a key distribution services Master MSA
What are the two restrictions for adding SPNs to an account?
Domain Administrator privileges
full control permissions for the folder
local administrator privileges
the editor runs from the domain controller
Although the changes are easy to make, why is changing the AD schema such a big deal
The changes replicate to all domain controllers.
The changes could corrupt the database.
Doing so affects all objects for that object type.
Doing so requires controlled changes.
Where in the forest is a global catalog automatically created?
the PDC Emullator
the most powerful system
the first domain controller
the schema master
You do not place the infrastructure master on a global catalog server unless what situation exists?
You have a single domain
You have Windows NT 4.0 systems to support
You have multiple schemas
Your AD DS is Windows 2008 or higher
Beginning with which server version can you safely deploy domain controllers in a virtual machine?
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Which of the following commands issued at the fsmo maintenance prompt would successfully seize the role of an Operations Master Holder? Select all that apply
seize schema master
seize global master
seize PDC
seize domain control
Identify another utility that you can use to add SPNs to an account
dnscmd
spnedit
setspn
netsh
What happens if a client submits a service ticket request for an SPN that does not exist in the identity store?
An event is written to the Kerberos server's event log.
The client receives an access denied error
The Kerberos server receives an access denied error
The Kerberos ticket for that service is destroyed.
Kerberos security and authentication are based on what type of technology?
secure transmission
secret key
challenge-response
legacy code
What is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly?
1 minute
5 minutes
15 minutes
45 minutes
When creating accounts for separating systems, processes, and services, you should always configure them with what two things in mind?
using strong passwords
using cryptic user names
granting the least rights possible
using built-in accounts
What is the name by which a client uniquely identifies an instance of a service?
service instance name
service account name
service provider name
service principal name
What is the default authentication protocol for contemporary domain controllers
NTLM
PAP
CHAP
Kerberos
Which version of Windows Server introduced incremental universal group membership replication?
Windows Server 2000
What are the three types of groups in a domain?
domain trust groups, domain schema groups, and universal groups
domain local groups, global groups, and universal groups
global groups, domain trust groups and schema groups
universal groups, global catalog groups and schema groups.
When you add attributes to an Active Directory object, what part of the domain database are you actually changing?
FSMO
schema
directory structure
organizational units
The domain controllers are the computers that store and run the:
user database
services database
Managed Service Accounts database
Active Directory database
Which Active Directory object is defined as a specialized domain controller that performs certain tasks so that multi-master domain controllers can operate and synchronize properly?
Schema Master
Forest
RODC
Operations Master
What service right does an MSA account automatically receive upon creation?
log on interactively
log on as a service
domain administrator
domain power user
Name two benefits to using Managed Service Accounts (MSAs).
Microsoft technology
automatic password management
simplified SPN management
simplified account troubleshooting
What does the acronym NTLM stand for?
NT LInk Messenger
NT Link Manager
NT LAN Manager
NT LAN Messenger
Which command-line command do you use to allow Windows Server 2003 domain controllers to replicate to RODCs?
netdom /RODCPrep
netsh /RODCPrep
ntdsutil /RODCPrep
ADPrep /RODCPrep
Which tool can you use to add SPNs to an account?
Notepad
LDAP
Microsoft Word
ADSI Edit
How many global catalogs are recommended for every organization?
at least one
at least two
at least three
no fewer than four
How many PDC Emulators are required, if needed, in a domain?
one
two
three
four
By default, which service accounts will the Windows PowerShell cmdlets manage?
standalone MSAs
standard local services accounts
group MSAs
domain user accounts designated as service accounts
What type of account is an account under which an operating system, process, or service runs?
user
system
service
network
The global catalog stores a partial copy of all objects in the forest. What are the reasons for keeping that partial copy? Select all that apply.
logon
object searches
universal group membership
schema integrity
Which type of system must you connect to and use to make changes to Active Directory?
forest master
writable domain controller
domain tree
What utility must you run on a cloned system to ensure that the clone receives its own SID?
adprep/renew
sysprep
dcpromo
ntconfig
