- You are the system administrator of a large organization that has recently implemented Windows Server 2022. You have a few remote sites that do not have very tight security. You have decided to implement reado nly domain controllers (RODCs). What forest and function levels does the network need for you to do the install? (Choose all that apply.)
A. Windows Server 2022
B. Windows Server 2008 R2
C. Windows Server 2012 R2
D. Windows Server 2008 - What is the maximum number of domains that a Windows Server 2022 computer configured as a domain controller may participate in at one time?
A. Zero
B. One
C. Two
D. Any number of domains - A system administrator is trying to determine which filesystem to use for a server that will become a Windows Server 2022 file server and domain controller. The company has the following requirements:
■ The filesystem must allow for filel evel security from within Windows 2016 Server.
■ The filesystem must make efficient use of space on large partitions.
■ The domain controller Sysvol must be stored on the partition.
Which of the following filesystems meets these requirements?
A. FAT
B. FAT32
C. HPFS
D. NTFS - For security reasons, you have decided that you must convert the system partition on your removable drive from the FAT32 filesystem to NTFS. Which of the following steps must you take in order to convert the filesystem? (Choose two.)
A. Run the command CONVERT /FS:NTFS from the command prompt.
B. Rerun Windows Server 2022 Setup and choose to convert the partition to NTFS during the reinstallation.
C. Boot Windows Server 2022 Setup from the installation CDR OM and choose Rebuild Filesystem.
D. Reboot the computer. - Windows Server 2022 requires the use of which of the following protocols or services in order to support Active Directory? (Choose two.)
A. DHCP
B. TCP/IP
C. NetBEUI
D. IPX/SPX
E. DNS - You are promoting a Windows Server 2022 computer to an Active Directory domain controller for test purposes. The new domain controller will be added to an existing domain. While you are using the Active Directory Installation Wizard, you receive an error message that prevents the server from being promoted. Which of the following might be the cause of the problem? (Choose all that apply.)
A. The system does not contain an NTFS partition on which the Sysvol directory can be created.
B. You do not have a Windows Server 2022 DNS server on the network.
C. The TCP/IP configuration on the new server is incorrect.
D. The domain has reached its maximum number of domain controllers. - Your network contains a single Active Directory domain. The domain contains five Windows Server 2008 R2 domain controllers. You plan to install a new Windows Server 2022 domain controller. Which two actions would you need to perform? (Each correct answer presents part of the solution. Choose two.)
A. Run adprep.exe /rodcprep at the command line.
B. Run adprep.exe /forestprep at the command line.
C. Run adprep.exe /domainprep at the command line.
D. From Active Directory Domains and Trusts, raise the functional level of the domain.
E. From Active Directory Users and Computers, prestage the RODC computer account. - You are the network administrator for a large company that creates widgets. Management asks you to implement a new Windows Server 2022 system. You need to implement federated identity management. Which of the following will help you do this?
A. Active Directory Federation Services
B. Active Directory DNS Services
C. Active Directory IIS Services
D. Active Directory IAS Services - You are the system administrator responsible for your company’s infrastructure. You think you have an issue with name resolution, and you need to verify that you are using the correct hostname. You want to test DNS on the local system and need to see whether the hostname server 1 resolves to the IP address 10.1.1.1. Which of the following actions provides a solution to the problem?
A. Add a DNS server to your local subnet.
B. Add the mapping for the hostname server 1 to the IP address 10.1.1.1 in the local system’s HOSTS file.
C. Add an A record to your local WINS server.
D. Add an MX record to your local DNS server. - You have one Active Directory forest in your organization that contains one domain named WillPanek.com. You have two domain controllers configured with the DNS role installed. There are two Active Directory Integrated zones named WillPanek.com and WillPanekAD.com. One of your IT members (who is not an administrator) needs to be able to modify the WillPanek.com DNS server, but you need to prevent this user from modifying the WillPanekAD.com SOA record. How do you accomplish this?
A. Modify the permissions of the WillPanek.com zone from the DNS Manager snap in.
B. Modify the permissions of the WillPanekAd.com zone from the DNS Manager snapi n.
C. Run the Delegation Of Control Wizard in Active Directory.
D. Run the Delegation Of Control Wizard in the DNS snap in. - You are the administrator of an organization with a single Active Directory domain. A user who left the company returns after 16 weeks. The user tries to log onto their old computer and receives an error stating that authentication has failed. The user’s account has been enabled. You need to ensure that the user is able to log onto the domain using that computer. What do you do?
A. Reset the computer account in Active Directory. Disjoin the computer from the domain and then rejoin the computer to the domain.
B. Run the ADadd command to rejoin the computer account.
C. Run the MMC utility on the user’s computer, and add the Domain Computers snap in.
D. Rec reate the user account and reconnect the user account to the computer account. - You are the administrator of an organization with a single Active Directory domain. One of your senior executives tries to log onto a machine and receives the error “This user account has expired. Ask your administrator to reactivate your account.” You need to make sure that this doesn’t happen again to this user. What do you do?
A. Configure the domain policy to disable account lockouts.
B. Configure the password policy to extend the maximum password age to 0.
C. Modify the user’s properties to set the Account Never Expires setting.
D. Modify the user’s properties to extend the maximum password age to 0. - You need to create a new user account using the command prompt. Which command would you use?
A. dsmodify
B. dscreate
C. dsnew
D. dsadd - Maria is a user who belongs to the Sales distribution global group. She is not able to access the laser printer that is shared on the network. The Sales global group has full access to the laser printer. How do you fix the problem?
A. Change the group type to a security group.
B. Add the Sales global group to the Administrators group.
C. Add the Sales global group to the Printer Operators group.
D. Change the Sales group to a local group. - You are a domain administrator for a large domain. Recently, you have been asked to make changes to some of the permissions related to OUs within the domain. To restrict security for the Texas OU further, you remove some permissions at that level. Later, a junior system administrator mentions that she is no longer able to make changes to objects within the Austin OU (which is located within the Texas OU). Assuming that no other changes have been made to Active Directory permissions, which of the following characteristics of OUs might have caused the change in permissions?
A. Inheritance
B. Group Policy
C. Delegation
D. Object properties - Isabel, a system administrator, created a new Active Directory domain in an environment that already contains two trees. During the promotion of the domain controller, she chose to create a new Active Directory forest. Isabel is a member of the Enterprise Administrators group and has full permissions over all domains. During the organization’s migration to Active Directory, many updates were made to the information stored within the domains. Recently, users and other system administrators have complained about not being able to find specific Active Directory objects in one or more domains (although the objects exist in others). To investigate the problem, Isabel wants to check for any objects that have not been properly replicated among domain controllers. If possible, she would like to restore these objects to their proper place within the relevant Active Directory domains.
Which two of the following actions should she perform to be able to view the relevant information? (Choose two.)
A. Change Active Directory permissions to allow object information to be viewed in all domains.
B. Select the Advanced Features item in the View menu.
C. Promote a member server in each domain to a domain controller.
D. Rebuild all domain controllers from the latest backups.
E. Examine the contents of the LostAndFound folder using the Active Directory Users and Computers tool. - You are a consultant hired to evaluate an organization’s Active Directory domain. The domain contains more than 200,000 objects and hundreds of OUs. You begin examining the objects within the domain, but you find that the loading of the contents of specific OUs takes a long time. Furthermore, the list of objects can be large. You want to do the following:
■ Use the builti n Active Directory administrative tools and avoid the use of third party tools or utilities.
■ Limit the list of objects within an OU to only the type of objects that you’re examining (for example, only Computer objects).
■ Prevent any changes to the Active Directory domain or any of the objects within it.
Which one of the following actions meets these requirements?
A. Use the Filter option in the Active Directory Users and Computers tool to restrict the display of objects.
B. Use the Delegation of Control Wizard to give yourself permissions over only a certain type of object.
C. Implement a new naming convention for objects within an OU and then sort the results using this new naming convention.
D. Use the Active Directory Domains and Trusts tool to view information from only selected domain controllers.
E. Edit the domain Group Policy settings to allow yourself to view only the objects of interest. - You are the administrator for a small organization with four servers. You have one file server named StormSrvA that runs Windows Server 2022. You have a junior administrator who needs to do backups on this server. You need to ensure that the junior admin can use Windows Server Backup to create a complete backup of StormSrvA. What should you configure to allow the junior admin to do the backups?
A. The local groups by using Computer Management
B. A task by using Authorization Manager
C. The User Rights Assignment by using the Local Group Policy Editor
D. The Role Assignment by using Authorization Manager - Miguel is a juniorl evel system administrator, and he has basic knowledge about working with Active Directory. As his supervisor, you have asked Miguel to make several security related changes to OUs within the company’s Active Directory domain. You instruct Miguel to use the basic functionality provided in the Delegation Of Control Wizard. Which of the following operations are represented as common tasks within the Delegation Of Control Wizard? (Choose all that apply.)
A. Reset passwords on user accounts.
B. Manage Group Policy links.
C. Modify the membership of a group.
D. Create, delete, and manage groups. - You are the primary system administrator for a large Active Directory domain. Recently, you have hired another system administrator and you intend to offload some of your responsibilities to them. This system administrator will be responsible for handling help desk calls and for basic user account management. You want to allow the new employee to have permissions to reset passwords for all users within a specific OU. However, for security reasons, it’s important that the user not be able to make permissions changes for objects within other OUs in the domain. Which of the following is the best way to do this?
A. Create a special administration account within the OU and grant it full permissions for all objects within Active Directory.
B. Move the user’s login account into the OU that the new employee is to administer.
C. Move the user’s login account to an OU that contains the OU (that is, the parent OU of the one that the new employee is to administer).
D. Use the Delegation Of Control Wizard to assign the necessary permissions on the OU that the new employee is to administer.

January 8, 2024January 8, 2024
0 Comments