wiki Wikis Flashcards Gradebook Signup Login Help Engrade Wikis Network Directory Services Study Guide Chapter

ter 7 Mark Komula 0 Likes Options Print Network Directory Services Study Guide Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12 Chapter 7 Network Directory Services Chapter 7

Multiple Choice Identify the choice that best completes the statement or answers the question.

____ 1. You are the network administrator for Contoso Pharmaceuticals. The organizational unit structure is as shown in the following figure. All member servers and domain controllers run Microsoft Windows Server 2003, Standard Edition. All client computers run Microsoft Windows XP Professional.

GPO1 is a Group Policy Object configured with the Prohibit Access To The Control Panel setting enabled. GPO1 is linked to the Public OU. The Public OU has Block Policy Inheritance enabled.

When Jeff logs on to Public1, he is able to access Control Panel. You want to ensure that any user logging on to the Public1 and Public2 computers does not have the ability to access Control Panel. What should you do?

a. Link GPO1 to the contoso.com domain. b. Remove Block Policy Inheritance from the Public OU. c. Enable User Group Policy loopback processing mode in Merge mode on GPO1. d. Enable No Override on GPO1.

____ 2. You are the network administrator for Lucerne Publishing. The organizational unit structure is as shown in the following figure. There are three domain controllers running Microsoft Windows Server 2003, Enterprise Edition. There are three member server computers running Microsoft Windows Server 2003, Standard Edition. There are 500 client computers on the network running Microsoft Windows XP Professional.

Bene1 is a Group Policy Object (GPO). Bene1 is configured with the Remove And Prevent Access To The Shut Down Command setting enabled. Bene1 is linked to the Benefits OU. The Benefits OU has Block Policy Inheritance enabled.

When Ben logs on to Benefits1, he is able to access Control Panel. You want to ensure that when Ben logs on to any computer in the domain, he is not able to access Control Panel. What should you do? a. Link Bene1 to the Accounting OU. b. Remove Block Policy Inheritance from the Benefits OU. c. Enable User Group Policy loopback processing mode in Merge mode on Bene1. d. Enable No Override on Bene1.

____ 3. You are the network administrator for Woodgrove Bank. The

organizational unit structure is as shown in the following figure. All member servers and domain controllers run Windows Server 2003, Enterprise Edition. All client computers run Windows XP Professional.

Out1 is a Group Policy Object (GPO). Out1 is configured with the Run These Programs At User Logon setting enabled. The setting is configured to run Outlook.exe. Out1 is linked to the Marketing OU. The Marketing OU, TeleSales OU, and Sales OU have Block Policy Inheritance enabled.

When Richard logs on to Tele1, Outlook.exe does not run. However, when Tony logs on to Ad1, Outlook.exe does run. You want to ensure that Outlook.exe runs during logon for all users in the Marketing OU and subordinate OUs, regardless of what computers they use. What should you do? a. Link Out1 to the domain. b. Remove Block Policy Inheritance from the TeleSales OU. c. Link Out1 to the Sales OU. d. Enable No Override on Out1.

____ 4. You are the network administrator for Consolidated Messenger. The organizational unit structure is as shown in the following figure. All member servers and domain controllers run Microsoft Windows Server 2003, Enterprise Edition. All client computers run Microsoft Windows XP Professional.

AV1 is a Group Policy Object (GPO). AV1 is configured with a software package that installs virus-scanning software on computers. AV1 is configured with the No Override setting. DLock1 is a GPO configured as shown in the following figure.

When Amy logs on to Desk1, she sees that the virus-scanning software is installed. However, she is frustrated that she is unable to adjust the display. You want to ensure that computers in the ITS OU receive the virus-scanning software, but you do not want to prevent users in the ITS OU from adjusting display properties. What should you do? a. Enable Block Policy Inheritance on the ITS OU. b. Enable the User Group Policy loopback processing mode in DLock1. c. Configure the Local Computer policy of all computers contained in the Marketing OU or any subordinate OU to disable all of the enabled display settings in DLock1. d. Move all of the user accounts in the ITS OU hierarchy to the Users container.

____ 5. You are the network administrator for Adventure Works. The Active Directory structure is as shown in the following figure. All member servers and domain controllers run Microsoft Windows Server 2003, Standard Edition. All client computers run Microsoft Windows XP Professional.

You create an unlinked Group Policy Object (GPO) named GPO1 that installs virus-scanning software on computer objects. You need to ensure that this policy is applied to all computers in the entire forest. What should you do? a. Link GPO1 to the adventureworks.com domain. b. Link GPO1 to Site1. c. Enable No Override on GPO1. d. Create two new GPOs that deploy virus-scanning software and link them to west.adventureworks.com and east.adventureworks.com.

____ 6. You are the network administrator for the Baldwin Museum of Science. The organizational unit structure is as shown in the following figure. All member servers and domain controllers run Microsoft Windows Server 2003, Standard Edition. All client computers run Microsoft Windows XP Professional.

The domain has three sites: North_Site, East_Site, and West_Site. Each site has 100 to 200 client computers, five to ten member servers, and two or more domain controllers. You need to deploy virus-scanning software to all the computers in the museum.

You create an unlinked Group Policy Object named Antivirus1. Antivirus1 is configured with a software distribution policy that deploys the virus-scanning software to computers. What should you do next to complete deployment? a. Link Antivirus1 to North_Site. b. Link Antivirus1 to the domain. c. Enable No Override on the Antivirus1 GPO. d. Create two new GPOs that deploy virus-scanning software and link them to East_Site and West_Site.

____ 7. You are the network administrator for City Power & Light. The Active Directory structure is as shown in the following figure. All member servers and domain controllers run Microsoft Windows Server 2003, Enterprise Edition. All client computers run Microsoft Windows XP Professional.

While managing the cpandl.com domain through Active Directory Users And Computers, you right-click the cpandl.com object, click Properties and then click Group Policy. You then create a new Group Policy Object (GPO) named DesktopLock1. DesktopLock1 is configured with the Hide And Disable All Items On The Desktop setting enabled. You log on to a client computer in Site1 and notice that all the items on the desktop are gone. You force replication through the Active Directory Replication Monitor. You then log on

to a client computer in Site2 and notice that the items on the desktop are still there. You want to ensure that all items on the desktop are hidden and disabled throughout the network. What should you do? a. Configure Block Policy Inheritance on south.cpandl.com. b. Configure No Override on DesktopLock1. c. Link DesktopLock1 to south.cpandl.com. d. Link DesktopLock1 to Site1.

____ 8. You are the network administrator for Coho Vineyard & Winery. The Active Directory structure is as shown in the following figure. All domains are in the same forest and cohovineyardandwinery.com is the forest root domain. All member servers and domain controllers run Microsoft Windows Server 2003, Enterprise Edition. All client computers run Microsoft Windows XP Professional.

Each domain has a Group Policy Object (GPO) linked to it. The following table illustrates the GPOs and their respective links.

All three GPOs are used to configure user settings. However, none of the GPOs remove the Run command from the Start menu. You want to remove the Run command from the Start menu for all users in the entire forest. What should you do? a. Enable the Remove Run Menu From Start Menu option on GPO2 and GPO3. b. Enable the Remove Run Menu From Start Menu option on GPO1 and configure that policy for No Override. c. Create a new GPO that removes the Run command from the Start menu and link that policy to cohovineyardandwinery.com. d. Create a new GPO that removes the Run command from the Start menu and link that policy to Site1 and Site2.

____ 9. You are the network administrator for the Graphic Design Institute. The organizational unit structure is as shown in the following figure. All member servers and domain controllers run Microsoft Windows Server 2003, Standard Edition. All client computers run Microsoft Windows XP Professional.

There are 500 client computers and 50 member servers. Client computers and member servers are distributed evenly among the Public, Marketing, ITS, Accounting, and Human Resources OUs.

You have created a Group Policy Object (GPO) named StartMenu1 that removes the Run, Search, and Help commands from the Start menu. You want to ensure that all computers in the domain receive this policy, except for the computer in the Domain Controllers OU and the ITS OU. How should you deploy this GPO? a. Link the policy to the domain and then to configure Block Policy Inheritance on the ITS and Domain Controllers OUs. b. Link the policy to the forest and then to configure Block Policy Inheritance on the ITS and Domain Controllers OUs. c. Link the policy to the tree and then to configure Block Policy Inheritance on the ITS and Domain Controllers OUs. d. Link the policy to the site and then to configure Block Policy Inheritance on the ITS and Domain Controllers OUs.

____ 10. Which .adm template can you use to configure Automatic Updates? a. System b. Inetres c. Conf d. Wmplayer

e. Wuau

____ 11. Group Policy is read and applied in which order by default? a. Sites, Domain, Organizational Units, Local b. Local, Organizational Units, Domain, Sites c. Local, Sites, Domain, Organizational Units d. Organizational Units, Domain, Sites, Local

____ 12. By default, which objects are affected by the Default Domain Policy GPO settings? a. All users and computers in the domain c. Domain controllers in the domain only b. All domains in a site d. All sites in the forest

____ 13. Which tool is used to modify Group Policy settings? a. Ntdsutil c. Active Directory Domains And Trusts b. Gpresult d. Active Directory Users And Computers

____ 14. You are the network administrator for Coho Vineyard. There are three organizational units for the Accounting department named Accts, AcctPay, and AcctRec. You have a Group Policy Object named Excel1 linked to the Accts OU. The Group Policy Object (GPO) is configured to install Microsoft Excel to computers. Your manager wants this software installed on all computers in the Accounting department. How can you arrange these organizational units to achieve this goal and efficiently apply the Excel1 GPO?

a. Create a new OU named Excel and move the existing top-level OU into the Excel OU as subordinates. b. Make the AcctPay OU and AcctRec OU subordinate to the Accts OU. c. Make the AcctPay OU subordinate to the Accts OU, and the Accts OU subordinate to the AcctRec OU. d. Configure the ACL of the Accts OU so that Authenticated Users have Read and List Objects permissions.

____ 15. You are the system administrator for Contoso, Ltd. The contoso.com domain is structured as shown in the following figure.

A new Group Policy Object (GPO) named Antivirus1 is linked to the contoso.com domain. Antivirus1 installs antivirus software on all computers. You do not want the antivirus software to install on computers that are members of the Help Desk organizational unit (OU). How can you stop the GPO from installing the antivirus software on the Help Desk OU? a. Enable Block Policy Inheritance on the Help Desk OU. b. Enable Block Policy Inheritance on the Desktop Support OU. c. Enable No Override on the Antivirus1 policy link to the contoso.com domain. d. Enable No Override on the Default Domain Policy link to the contoso.com domain.

____ 16. You are the system administrator for Coho Winery. The cohowinery.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) is linked to the I.T. Services organizational unit

(OU). This GPO is configured with the Prevent CD And DVD Media Information Retrieval setting enabled. Which objects receive the group policy by default? a. Human Resources, Accounts, and Marketing b. Desktop Support, Accounts, and Human Resources c. I.T. Support, Desktop Support, and Help Desk d. Users, Computers, and Domain Controllers

____ 17. You are the system administrator for Coho Vineyard. The cohovineyard.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) is linked to the Human Resources organizational unit (OU). This GPO is configured with the Configure Automatic Updates setting disabled. Which objects receive the group policy by default? a. The Management OU and all subordinate OUs b. The Human Resources OU only c. The Human Resource OU and all subordinate OUs d. The Domain Controllers OU

____ 18. You are the system administrator for City Power & Light. The cpandl.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) is linked to the Management organizational unit (OU). This GPO is configured with the Do Not Allow Windows Messenger To Be Run setting enabled. Block Policy Inheritance is enabled on the Domain Controllers OU and the Marketing OU. You should expect users in which of the following OUs to be able to run Windows Messenger?

a. HR and all subordinate OUs c. Accts and all subordinate OUs b. I.T. Dept. and all subordinate OUs d. Sales OU and TeleSales OU

____ 19. You are the system administrator for Fabrikam, Inc. The fabrikam.com domain is structured as shown in the following figure.

All client computers are running Windows XP Professional. A Group Policy Object (GPO) is linked to the fabrikam.com domain. This GPO is configured with the Do Not Automatically Start Windows Messenger Initially setting enabled. Block Policy Inheritance is enabled on the Domain Controllers organizational unit (OU) and the Management OU. You should expect users in which (OUs) to load Windows Messenger when they log on? a. Marketing OU and all subordinate OUs c. I.T. OU and all subordinate OUs b. Accounts OU and all subordinate OUs d. Human Resources OU only

____ 20. You are the system administrator for Proseware, Inc. The proseware.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) is linked to the proseware.com domain. This GPO is configured with the Prohibit Access To The Control Panel setting enabled. Block Policy Inheritance is enabled on the I.T. Services OU. You should expect users in which OU to not be able to access Control Panel? a. Desktop Support c. Marketing b. Help Desk d. I.T. Services

____ 21. You are the system administrator for Coho Winery. The cohowinery.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) is linked to the I.T. Services organizational unit (OU). This GPO is configured with the Remove My Pictures Icon From Start Menu setting enabled. Which users in the I.T. Services OU hierarchy do not see the My Pictures icon in the Start menu? a. All users b. Desktop Support users only c. I.T. Services users only d. The Desktop Support users and Help Desk users only

____ 22. You are the system administrator for Coho Vineyard. The cohovineyard.com domain is structured as shown in the following figure.

The Default Domain Policy is configured with the Remove Run Menu From Start Menu setting disabled. A Group Policy Object (GPO) is linked to the Human Resources organizational unit (OU). This GPO is configured with the Remove Run Menu From Start Menu setting enabled. You should expect users in which OUs to not be able to see the Run command in the Start menu? a. The Management OU and all subordinate OUs b. All OUs in the domain c. The Marketing OU and all subordinate OUs d. The Domain Controllers OU

____ 23. You are the system administrator for City Power & Light. The

cpandl.com domain is structured as shown in the following figure.

The Default Domain Policy is configured with the Prohibit Adjusting Desktop Toolbars setting enabled. A Group Policy Object (GPO) is linked to the I.T. Dept. organizational unit (OU). This GPO is configured with the Prohibit Adjusting Desktop Toolbars setting disabled. You should expect users in which OUs to be able to adjust the desktop toolbars? a. Help Desk OU c. Marketing OU b. Domain Controllers OU d. All organizational units

____ 24. You are the system administrator for Fabrikam, Inc. The fabrikam.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) is linked to the fabrikam.com domain. No Override has been enabled on the GPO link. This GPO is configured with the Remove Search Menu From Start Menu setting enabled. Block Policy Inheritance is enabled on the Domain Controllers organizational unit (OU) and the I.T. OU. You should expect users in which OUs to not be able to see the Search menu option in the Start menu? a. Marketing OU and all subordinate OUs c. All users in the domain b. Accounts OU and all subordinate OUs d. Human Resources OU only

____ 25. You are the system administrator for City Power & Light. The Default Domain Policy is configured with the following settings:

Another GPO named Messenger1 linked to the Domain Controllers organizational unit (OU) configured with the Do Not Allow Windows

Messenger To Be Run setting for computers is disabled. Based on the configuration, for what can computers in the Domain Controllers OU be used? a. Configure Automatic Updates b. Run Windows Messenger c. Configure Automatic Updates and retrieve CD/DVD information d. Run Windows Messenger and configure Automatic Updates

____ 26. You are the system administrator for Proseware, Inc. The Default Domain Policy is configured with the following settings:

The No Override setting is enabled on the Default Domain Policy Link. There is another GPO named DiskQuota1, linked to the Marketing organizational unit (OU), and configured with the Enforce Disk Quota Limit setting disabled. How do these settings affect the computers in the Marketing OU? a. Disk quota management is enabled, disk quota limits are enforced, and quota limit and warning levels are configured. b. Disk quota management is disabled, disk quota limits are enforced, and quota limit and warning levels are configured. c. Disk quota management is enabled, disk quota limits are not enforced, and quota limit and warning levels are configured. d. Disk quota management is enabled, disk quota limits are enforced, and quota limit and warning levels are not configured.

____ 27. You are the system administrator for Contoso, Ltd. The Default Domain Policy is configured with the following settings:

The No Override setting is enabled on the Default Domain Policy Link. There is another GPO named CD/DVD1 linked to the Sales organizational unit (OU) configured with the Prevent CD And DVD Media Information Retrieval setting

enabled. Which of the following tasks can users in the Sales OU perform? a. Retrieve CD/DVD information. b. Run Windows Messenger. c. Configure Automatic Updates. d. Run Windows Messenger and configure Automatic Updates.

____ 28. You are the system administrator for Proseware, Inc. The proseware.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) is linked to the I.T. Services organizational unit (OU). This GPO is configured with the Remove Help Menu From Start Menu setting enabled. You should expect users in which OU to not be able to see the Help Menu option in the Start menu updates? a. Management c. Marketing b. Help Desk d. Personnel

____ 29. You are the system administrator for Proseware, Inc. The proseware.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) is linked to the proseware.com domain. This GPO is configured with the Remove The Desktop Cleanup Wizard setting enabled. You should expect users in which OUs not to be able to access the Desktop Cleanup Wizard? a. Management only c. All users in the domain b. Help Desk and Management only d. Acct Payable only

True/False Indicate whether the statement is true or false.

____ 30. The Default Domain Controllers Policy GPO affects all users and computers by default. True or False?

____ 31. The Block Policy Inheritance setting can be applied to individual Group Policy Objects (GPOs). True or False?

____ 32. The Local Computer Policy supports folder redirection in Windows Server 2003. True or False?

Network Directory Services Chapter 7 Answer Section

MULTIPLE CHOICE

1. Level of Learning: Synthesis Feedback: When you look at the organizational unit structure, you see that Jeff's user account is in the Marketing OU. User settings Jeff receives come from GPOs that affect the Marketing OU and the contoso.com domain. Since no other GPOs are mentioned, you can expect that Jeff's user settings are only influenced by the Default Domain Policy (in its default state). By default, Jeff has access to Control Panel as a user in whichever system he logs on in the domain. One way to change this is to change the user settings of a policy that affects Jeff's account. However, that is not an option in the answer set and the question specifies that you want to ensure that any user on Public1 and Public2 should not have access to Control Panel. The best approach is to enable User Group Policy loopback processing mode on GPO1 because GPO1 is already configured to prohibit access to Control Panel. Furthermore, GPO1

is linked to the Public OU directly above the Public1 and Public2 computer accounts you want to affect. Linking GPO1 to the domain does not help because the Public OU has Block Policy Inheritance configured. Furthermore, the question is not asking you to remove Control Panel for every user on the domain, just for users on Public1 and Public2. Removing Block Policy Inheritance does not solve the problem because there is no policy linked to the domain that prohibits access to Control Panel. GPO1 is not being overridden by any other policy, so enabling No Override does not affect this situation at all. (Discussion starts on page 159.)

PTS: 1

2. Level of Learning: Synthesis Feedback: Since you want to control Ben's permissions and access rights specifically, you need to modify his user settings. The way to do this is to link a policy to the container that holds Ben's user account. In the figure, you can see that Ben's user account is in the Accounting department. If you link Bene1 to the Accounting OU, Ben is not able to access Control Panel on any computer he uses in the domain. Removing the Block Policy Inheritance on the Benefits OU does not affect Ben's user account. Enabling User Group Policy loopback processing mode in Merge mode only affects Ben's user account when he is logged on to computers in the Benefits OU. This does not prevent him from using Control Panel on other computers in the domain. Enabling No Override on Bene1 does not affect Ben's user account. (Discussion starts on page 159.)

PTS: 1

3. Level of Learning: Synthesis Feedback: You want the Out1 GPO to affect all users in the Marketing OU and subordinate OUs. However, two of the subordinate OUs have Block Policy Inheritance enabled. The only way to bypass the setting is to configure No Override on a policy that is linked to either a higher OU, or to the domain. Since you only want to affect the Marketing OU, that is the natural location to configure the policy for No Override. Since Out1 is already linked to the Marketing OU, you need to only set it for No Override at that location. Although removing Block Policy Inheritance allows the Out1 policy to flow

down to TeleSales, that answer does not address the Sales OU. Linking Out1 to the Sales OU ensures that all Sales OU users receive the policy Out1, but does not fix the problem on the TeleSales OU. (Discussion starts on page 159.)

PTS: 1

4. Level of Learning: Synthesis Feedback: Blocking inheritance is the simple solution to this issue. By enabling Block Policy Inheritance on the ITS OU, the DLock1 policy does not flow down. However, because the AV1 policy is configured for No Override, that policy can traverse the block, and all computers in the ITS OU install the anti-virus scanning software. Enabling User Group Policy loopback processing mode on DLock1 does not help to prevent it from applying to the ITS OU and subordinate OUs. Local Computer policies are always overridden by other GPOs in the hierarchy. Changing the Local Computer Policy does not help to solve the problem. Moving the user accounts from the ITS hierarchy to the Users container does not protect them from the settings that propagate downstream from the domain. (Discussion starts on page 159.)

5. Level of Learning: Synthesis Feedback: When you want to apply a GPO to multiple domains at the same time, you can link the GPO to the site that includes all of the domains you need to configure. In this case, all of the domains in the forest are part of Site1. Linking the GPO to adventureworks.com affects that single domain. Enabling No Override on GPO1 deploys the unlinked GPO. Creating and linking two additional GPOs and then linking them to west.adventureworks.com and east.adventureworks.com only affects those two domains. (Discussion starts on page 159.)

PTS: 1

6. Level of Learning: Synthesis

Feedback: Since there is only one domain, you can affect all computers by linking your new policy to the domain. There are three sites, so in order to use site deployment, the policy must be linked to all three sites. The answer "Link Antivirus1 to North_Site" leaves two sites out and the answer "Create two new GPOs that deploy virus-scanning software and link them to East_Site and West_Site" leaves one site out. Enabling No Override does not deploy the unlinked Antivirus1 GPO. (Discussion starts on page 159.)

PTS: 1

7. Level of Learning: Synthesis Feedback: The DesktopLock1 GPO is linked to the cpandl.com domain as described by the process in the question taken to create that policy. This means the policy applies to the cpandl.com domain. However, it does not affect the south.cpandl.com child domain until you link the policy to that domain. Notice that each domain has a different site, so linking to the site does not apply the GPO. Using No Override does not help because the policy does not transfer between domains without an explicit link. (Discussion starts on page 159.)

PTS: 1

8. Level of Learning: Synthesis Feedback: Site1 and Site2 include the entire forest. In order to apply a GPO to all computers, you can either link it to all domains or all sites. In this case, the option to link the GPO to all sites was the only option presented. Configuring No Override on a policy in the forest root does not apply the policy to other domains. Configuring only GPO2 and GPO3 means that cohovineyardandwinery.com still includes the Run command in the Start menu. (Discussion starts on page 159.)

PTS: 1

9. Level of Learning: Synthesis

PTS: 1

10. Level of Learning: Demonstration Feedback: There are five .adm files included with Windows Server 2003. The System.adm template is used to configure user and computer system options. The Inetres.adm template is used to configure the Internet Explorer settings that are used to set security and usability options. The Conf.adm template contains settings for the functionality of NetMeeting. The Wmplayer.adm template contains settings for the functionality of Windows Media Player. The Wuau.adm template is the one you can use to configure Automatic Updates. (Discussion starts on page 178.)

PTS: 1

11. Level of Learning: Demonstration Feedback: Group Policy is read and applied in the following order: Local, Sites, Domain, and then Organizational Units. (Discussion starts on page 172.)

PTS: 1

12. Level of Learning: Demonstration Feedback: The Default Domain Policy GPO settings affect all users and computers in the domain. (Discussion starts on page 159.)

PTS: 1

13. Level of Learning: Demonstration Feedback: Active Directory Users And Computers can be used to edit Group Policy. To use Active Directory Users And Computers, the Advanced Features

option must be enabled. (Discussion starts on page 166.)

PTS: 1

14. Level of Learning: Synthesis Feedback: Group Policy Object settings propagate downstream. If you nest the AcctPay OU and the AcctRec OU into the Accts OU, they become subordinate OUs, and the GPO linked to the Accts OU transfers down to the other OUs. (Discussion starts on page 172.)

PTS: 1

15. Level of Learning: Synthesis Feedback: Enabling Block Policy Inheritance stops the GPO from transferring down to an OU. This should be enabled on the OU that contains the objects to which you do not want the policy applied. You can also enable Block Policy Inheritance on an OU that is higher in the hierarchy in order to stop inheritance on a subordinate OU. Enabling No Override does not stop GPO inheritance, but instead prevents blocking. (Discussion starts on page 173.)

PTS: 1

16. Level of Learning: Application Feedback: Group Policy transfers down. The local policy is applied first, site policy is applied next, domain policy is applied thereafter, and the OU policy is applied last. The GPO is linked to the I.T. Services OU. The I.T. Services OU and all subordinate OUs receive the GPO. Group Policy does not transfer up, so neither the Management OU nor the Domain Controllers OU receives the group policy. (Discussion starts on page 172.)

PTS: 1

17. Level of Learning: Application Feedback: Group Policy transfers down. The local policy is applied first, site policy is applied next, domain policy is applied thereafter, and the OU policy is applied last. The GPO is linked to the Human Resources OU. Human Resources and all OUs that are subordinate to the Human Resources OU receive the GPO. Group Policy does not transfer up, so neither the Management OU nor the Domain Controllers OU receives the group policy. (Discussion starts on page 172.)

PTS: 1

18. Level of Learning: Application Feedback: When the Do Not Allow Windows Messenger To Be Run setting is enabled in a GPO, and the GPO is linked to an OU, the users in the OU are not be allowed to run Windows Messenger. There is a GPO linked to the Management OU where the setting for Do Not Allow Windows Messenger To Be Run is enabled. Two OUs have Block Policy Inheritance enabled. They are the Domain Controllers OU and the Marketing OU. When the Block Policy Inheritance setting is enabled on an OU, the Group Policy does not transfer down (unless it is configured with the No Override setting, which is not the case here). The Domain Controllers OU, Marketing OU, and all subordinate OUs are able to run Windows Messenger. The correct answer based on the answer set available is Sales OU and TeleSales OU. (Discussion starts on page 172.)

PTS: 1

19. Level of Learning: Application Feedback: Windows Messenger is automatically loaded and running when a user logs on to a Windows XP client. A GPO is linked to the domain to stop Windows Messenger from loading when a user logs on to a client computer. It flows down to all OUs in the domain, except when an OU has Block Policy Inheritance enabled. Block Policy Inheritance is enabled on the Domain Controllers OU and the Management OU. The Domain Controllers OU, the Management OU, and all subordinate OUs do not receive the GPO. Therefore,

Windows Messenger continues to load on these OUs when users log on. The I.T. OU and all subordinate OUs is the correct answer, based on your choices. (Discussion starts on page 172.)

PTS: 1

20. Level of Learning: Application Feedback: All OUs except the Marketing OU are subordinate to the I.T Services OU. The I.T. Services OU is the only OU where Block Policy Inheritance is enabled. Therefore, the users in the I.T. Services OU and all its subordinate OUs can access Control Panel. Users in all OUs not subordinate to the I.T. Services OU cannot access Control Panel. Marketing is not a subordinate OU to the I.T. Services OU. Therefore, any users who are members of the Marketing OU cannot access Control Panel. (Discussion starts on page 172.)

PTS: 1

21. Level of Learning: Application Feedback: The GPO is configured with the Remove My Pictures Icon From Start Menu setting enabled. Users in any OU receiving this GPO cannot see the My Pictures icon on the Start menu. The GPO is linked to the I.T. Services OU. The I.T. Services OU and all subordinate OUs receive the GPO. All users in the I.T. Services OU and subordinate OUs cannot see the My Pictures icon. (Discussion starts on page 172.)

PTS: 1

22. Level of Learning: Application Feedback: The GPO linked to the Human Resources OU is applied after the Default Domain Policy. Human Resources and all OUs that are subordinate to the Human Resources OU receive the GPO. Therefore, users in the Human Resources OU and all subordinate OUs cannot see the Run command on the Start menu. (Discussion starts on page 172.)

PTS: 1

23. Level of Learning: Application Feedback: If the Prevent Adjusting Desktop Toolbars setting is enabled in the Default Domain Policy, everyone who receives this GPO cannot adjust the desktop toolbars, unless a GPO that disables this setting is linked to an OU. The users in OUs that receive the GPO linked to the I.T. Dept. can adjust the desktop toolbars. The Help Desk OU received the GPO that is linked to the I.T. Dept. and can adjust the desktop toolbars. (Discussion starts on page 172.)

PTS: 1

24. Level of Learning: Application Feedback: This GPO is linked to the domain and transfers to all OUs in the domain. Block Policy Inheritance is enabled, but No Override is enabled on the GPO link. When No Override is enabled on a link, Block Policy Inheritance has no effect. Therefore, all users in the domain do not see the Search menu option in the Start menu. (Discussion starts on page 172.)

PTS: 1

25. Level of Learning: Application Feedback: The Default Domain Policy is configured to prevent CD/DVD information retrieval, disable automatic updates, and prevent Windows Messenger from running. The Messenger1 GPO is configured to allow Windows Messenger to run and is applied to the computers in the Domain Controllers OU. A GPO linked to the Domain Controllers OU is processed after the Domain group policy is processed. Therefore, the computers in the Domain Controllers OU cannot run Windows Messenger. (Discussion starts on page 172.)

PTS: 1

26. Level of Learning: Application Feedback: When No Override is enabled on the link of the Default Domain Policy, the group policy transfers down to all users and computers in a domain. Based on the configuration for these settings, disk quota management is enabled, disk quota limits are enforced, and quota limit and warning levels are configured. (Discussion starts on page 172.)

PTS: 1

27. Level of Learning: Application Feedback: The Default Domain Policy is configured to allow CD/DVD information retrieval, disable Automatic Updates, and allow Windows Messenger to run. The CD/DVD1 GPO is configured to prevent CD/DVD information retrieval. No Override is enabled on the Default Domain Policy link. No Override setting is enabled on a GPO link. It forces a parent setting not to be overridden by a child setting that is in conflict. Windows Messenger cannot be run on the computers in the Sales OU and CD/DVD information can be retrieved. (Discussion starts on page 172.)

PTS: 1

28. Level of Learning: Application Feedback: The GPO is configured to enable the Remove Help Menu From Start Menu setting. The GPO is linked to the I.T. Services OU. The IT Services OU and all subordinate OUs cannot see the Help Menu option in the Start menu. (Discussion starts on page 172.)

PTS: 1

29. Level of Learning: Application Feedback: The Remove The Desktop Cleanup Wizard setting is enabled in the

GPO. The GPO is linked to the domain. Everyone in the domain should not be able to access the Desktop Cleanup Wizard. (Discussion starts on page 172.)

PTS: 1

TRUE/FALSE

30. Level of Learning: Demonstration Feedback: The Default Domain Controllers Policy GPO is linked to the Domain Controllers container. The settings affect all domain controllers in the container. (Discussion starts on page 165.)

PTS: 1

31. Level of Learning: Demonstration Feedback: The Block Policy Inheritance setting cannot be applied to individual GPOs. You can only enable Block Policy Inheritance on an object such as a domain or organizational unit (OU). (Discussion starts on page 173.)

PTS: 1

32. Level of Learning: Demonstration Feedback: The Local Computer Policy does not support folder redirection in Windows 2000 or Windows Server 2003. (Discussion starts on page 162.)

PTS: 1

Prev Page Next Page

Close

wiki Wikis Flashcards Gradebook Signup Login Help Engrade Wikis Network Directory Services Study Guide Chapter 8 Mark Komula 0 Likes Options Print Network Directory Services Study Guide Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12 Chapter 8 Multiple Choice Identify the choice that best completes the statement or answers the question.

1. You are the network administrator for Contoso, Ltd. You manage a single Windows Server 2003 Active Directory domain. Your domain has 12 top-level organizational units (OUs). One of the top-level OUs is named Public. There are 15 computer accounts and no user accounts inside the public OU.

You create a new Group Policy Object (GPO) named GPO1. The Properties of GPO1 are as shown in the following figure.

GPO1 configures only the settings shown in the following figure. You want these settings to apply only to the computers in the Public OU.

You would like to reduce the amount of time it takes for GPO1 to be

processed. What should you do? a. Disable the Computer Configuration settings b. Disable the User Configuration settings c. Add System to the Restricted Groups Members d. Link GPO1 to the domain container e. Configure GPO1 for No Override 2. You are the network administrator for Adventure Works. You manage a single Windows Server 2003 Active Directory domain. Your domain has five top-level organizational units (OUs). One of the top-level OUs is named Rafting_Staff. There are 25 user accounts and no computer accounts inside the Rafting_Staff OU.

The manager of the Rafting department, Terry, has Full Control permissions to the Rafting_Staff OU. Terry also has permissions to create and link Group Policy. Terry has linked a GPO named Lockout1 to the Rafting_Staff OU that has an Account Lockout Policy configured as shown in the following table:

Terry's user account is in the Users container. When Terry asks users with accounts in the Rafting_Staff OU to enter their passwords incorrectly multiple times, they are locked out after three attempts to log on. Furthermore, when accounts are locked out, they are reset after 30 minutes. What can Terry do to get the Account Lockout settings he wants? a. Configure Block Policy Inheritance on the Rafting_Staff OU. b. Configure No Override on Lockout1. c. Move all of the user accounts to the Users container. d. Ask the Domain Administrator to change the Default Domain Policy. e. Ask the Domain Administrator to change the Default Domain Controllers Policy. 3. You are the network administrator for the Alpine Ski House. You manage a single Windows Server 2003 Active Directory domain. Your domain has a single Active Directory site named Alpine_Site. There are seven top-level organizational units (OUs). One of the top-level OUs is named SkiStaff. There are 50 user accounts and 50 computer accounts inside the SkiStaff OU.

Andy, a fellow network administrator, ran a password-cracking tool with your permission last week. After running the tool for three days, Andy was able to compromise all 50 user accounts in the SkiStaff OU. Andy reported that the password-cracking tool was able to compromise most accounts in the first 75,000 permutations.

You want to configure your domain so that accounts are locked out until an administrator resets the account after a password is entered 10 times incorrectly. You configure the settings shown in following table and save them in a GPO named AcctPol.

What should you do next? a. Set the account lockout duration for 99999 minutes. b. Clear the Define This Policy Setting check box on the Account Lockout Duration setting. c. Link the policy to the Domain Controllers OU with a higher priority than the Default Domain Controllers Policy. d. Link the policy to the Default Domain Controllers OU with a lower priority than the Default Domain Controllers Policy. e. Link the policy to the domain with a higher priority than the Default Domain Policy. 4. You are the network administrator for Blue Yonder Airlines. You manage a single Windows Server 2003 Active Directory domain. Your domain has three top-level organizational units (OUs). One of the top-level OUs is named Pilots. There are 150 user accounts and 50 computer accounts inside the Pilots OU.

You create a GPO named PilotRedir and link it to the Pilots OU. Folder Redirection is the only thing you configure in the PilotRedir policy, as shown in the following figures.

The server that holds the users' home directories must be replaced. You want all of the users to be able to access their My Documents folders on local computers. How can you accomplish this? a. Delete the Pilots OU. b. Enable Block Policy Inheritance on the Pilots OU. c. Link PilotRedir to the domain with a higher priority than the Default Domain Policy. d. Link PilotRedir to the Domain Controllers OU with a lower priority than the Default Domain Controllers Policy. e. Delete the PilotRedir GPO. 5. When does an Administrator need to reset the CrashOnAuditFail value in the registry? a. When the event log is full and the Audit: Shut Down System Immediately If Unable To Log Security Audits policy setting is enabled b. When the event log is full and Audit: Shut Down System Immediately If Unable To Log Security Audits policy setting is disabled c. When an automatic update is installed and the computer fails to reboot d. When a new driver is installed and the driver causes a computer lockup

6. Which of the following would make the client computer start faster? a. Configure the Netlogon service to start manually. b. Configure system services that are not being used to start manually. c. Configure individual GPO links for every setting. d. Configure the IP Configuration settings to use DHCP.

7. Which administrative tool can be used to link a Group Policy Object (GPO) to a site? a. Active Directory Users And Computers (MMC snap-in) b. Active Directory Sites And Services (MMC snap-in)

c. Gpupdate.exe d. Ntdsutil.exe e. Movetree

8. Which administrative tool can be used to link a Group Policy Object (GPO) to an OU? a. Active Directory Users And Computers (MMC snap-in) b. Active Directory Sites And Services (MMC snap-in) c. Gpupdate.exe d. Ntdsutil.exe e. Movetree

9. You are the system administrator for Contoso, Ltd. The contoso.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) named Smart1 is linked to the contoso.com domain. Smart1 is configured to distribute certificates to smart cards using the autoenrollment feature. Block Policy Inheritance is enabled on the Marketing organizational unit (OU). Which users cannot use autoenrollment to receive a certificate for their smart cards? a. Terry and Patricia c. Elle and Luis b. Susana and Patricia d. John and Sean 10. You are the system administrator for Coho Winery. The cohowinery.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) named SCard1 is linked to the cohowinery.com domain. SCard1 is configured to distribute certificates to smart cards using the autoenrollment feature. The Block Policy Inheritance setting is enabled on the Accounts organizational unit (OU) and the Financial Mgmt OU. Which of the following user(s) can use autoenrollment to receive a certificate for their smart cards?

a. John c. Chris b. Sean d. Terry 11. You are the system administrator for Coho Vineyard. The cohovineyard.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) named DQ1 is linked to the cohovineyard.com domain. DQ1 is configured to enforce disk quota limits. Block Policy Inheritance is enabled on the Finance organizational unit (OU). Which computer or computers enforce disk quota limits? a. UK c. Italy b. Asia d. NorthAmerica 12. You are the system administrator for City Power & Light. The cpandl.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) named DiskQ1 is linked to the Finance organizational unit (OU). DiskQ1 is configured to enforce disk quota limits. No Override is enabled on the Finance OU. Block Policy Inheritance is enabled on all subordinate OUs of the Finance OU. Which computer is not configured to enforce disk quota limits? a. NorthAmerica c. Italy b. UK d. France 13. You are the system administrator for Coho Vineyard & Winery. The cohovineyardandwinery.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) named ReDir1 is linked to the Sales organizational unit (OU). ReDir1 is configured to redirect the users' My Documents folder to a data server named Data1. Which of the following user's My Documents folder files are redirected to Data1? a. Kim c. Nancy b. Sean d. Gary 14. You are the system administrator for Fabrikam, Inc. The fabrikam.com

domain is structured as shown in the following figure.

A Group Policy Object (GPO) named ADReDir1 is linked to the Marketing organizational unit (OU) and the Finance OU. ADReDir1 is configured to redirect the users' Application Data folder files onto a data server named Data2. Which user's Application Data folder files are not redirected to Data2? a. Amy c. Gary b. Julie d. Sean 15. You are the system administrator for Fourth Coffee. The fourthcoffee.com domain is structured as shown in the following figure.

The Default Domain Policy is configured to redirect the users' Application Data folder files onto a data server named Data3. A Group Policy Object (GPO) named ADReDir1 is linked to the fourthcoffee.com domain. ADReDir1 is configured to redirect the users' Application Data folder files to a data server named Data1. The GPO named ADReDir1 is given a higher priority than the Default Domain Policy. A Group Policy Object (GPO) named ADReDir2 is linked to the Finance organizational unit (OU). ADReDir2 is configured to redirect the users' Application Data folder files onto a data server named Data2. Which of the following user's Application Data folder files are redirected to Data1? a. None b. Elle c. John d. Luis e. Gary 16. You work for Contoso, Ltd., as a system administrator. There is a domain controller on the network named ServerA. There is a member server on the network named ServerB. There are three client computers named Client1, Client2, and Client3. A GPO named RemoveRun1 is linked to the domain. The RemoveRun1 GPO is configured with the Remove Run Menu From Start Menu setting. Client2 is showing the Run menu when you click on the Start menu. You must ensure that the Run menu is removed from the Start menu immediately. Where do you execute the gpupdate.exe utility to apply the RemoveRun GPO?

a. ServerA b. ServerB c. Client1 d. Client2 e. Client3

17. You work for Coho Vineyard as a system administrator. There are two domain controllers on the network named ServerA and ServerB. There is a member server on the network named ServerC. There is a DHCP server named ServerD and a DNS server named ServerE. A GPO named RemoveRun1 is linked to the domain controllers organizational unit (OU). The RemoveRun1 GPO is configured with the Remove Run Menu From Start Menu setting as Enabled. ServerB is showing the Run menu when you click on the Start menu. You must ensure that the Run menu is removed from ServerB immediately. Where do you execute the Gpupdate.exe tool to apply the RemoveRun GPO? a. ServerA b. ServerB c. ServerC d. ServerD e. ServerE

18. You are the system administrator for Litware, Inc. The litwareinc.com domain is structured as shown in the following figure.

A Group Policy Object (GPO) named SmartCard1 is linked to the Marketing, Sales, and Shipping organizational units (OUs). SmartCard1 is configured to distribute certificates to smart cards using the autoenrollment feature. Which of the following users cannot use autoenrollment to receive a certificate for their smart cards? a. Brian c. Patricia b. Corinna d. Angela

19. You are the system administrator for Contoso, Ltd. The contoso.com domain is structured as shown in the following figure.

There are two Group Policy Objects (GPOs) named PWD1 and PWD2. The GPOs are configured as shown in the table below:

Kelly's user account is locked out. She has typed her password incorrectly three times in a row. Company Password Policy requires that user accounts are not locked out unless a password is entered incorrectly five times in a row. You must enforce company Password Policy. Which GPO link would you modify to comply with the company Password Policy? a. Default Domain Policy c. PWD1 b. Default Domain Controllers Policy d. PWD2 20. You are the system administrator for Litware, Inc. The Litwareinc.com domain is structured as shown in the following figure. The domain has only one Active Directory site. The site is named Default-First-Site-Name.

There is a GPO named GPO1 configured to meet the company requirements for password security. The Password Policy settings in GPO1 are configured as shown in the following table:

GPO1 is linked to Default-First-Site-Name. You attempt to create a user account named Bob in the Financial Mgmt OU. You set the password for Bob as mspress. The password is rejected. What must you do so that the company Password Policy defined in GPO1 is enforced? a. Link GPO1 to the domain with a higher priority than the Default Domain Policy. b. Link GPO1 to the domain with a lower priority than the Default Domain Policy. c. Link GPO1 to the domain controllers OU with a higher priority than the Default Domain Controllers Policy. d. Link GPO1 to the domain controllers OU with a lower priority than the

Default Domain Controllers Policy. e. Link GPO1 to the Financial Mgmt OU and enable Block Policy Inheritance on the Financial Mgmt OU. 21. You are a system administrator for Contoso, Ltd. The contoso.com domain is structured as shown in the following figure.

Another administrator changed the Default Domain Policy multiple times. You are tasked to ensure that the company Password Policy is enforced. You create an unlinked Group Policy Object (GPO) named PWD1 with a Password Policy as shown in the following table:

When creating a user account named John in the Marketing OU, you type Tuesday as the password. The password is accepted. What must you do so that the company requirements for password security are satisfied? a. Link PWD1 to the Marketing OU and enable Block Policy Inheritance on the financial Marketing OU. b. Link PWD1 to the domain with a higher priority than the Default Domain Policy. c. Link PWD1 to the domain with a lower priority than the Default Domain Policy. d. Link PWD1 to the Sales OU and configure the Loopback Processing setting in PWD1 to Enabled. 22. You are the administrator for Coho Winery. There is one domain controller named DC1 for the cohowinery.com domain. There are two file servers named ServerA and ServerB. There is a Group Policy Object (GPO) named Redirect1 linked to the Sales OU and configured as shown in the following figures.

You remove the Redirect1 GPO link from the Sales OU. However, Julie's My Documents folder is still being redirected. What should you do? a. Use the Default Domain Controllers Policy to redirect the My Documents folder to the b. Delete the Redirect1 GPO.

c. Link the Redirect1 GPO to the domain and set the Target Folder Location setting to redirect to the local user profile. d. Use the Default Domain Policy to configure a folder for each user under the root path. True/False Indicate whether the statement is true or false.

An Audit policy is a policy that determines the security events to be configured. True or False?

Users can reset the CrashOnAuditFail value in the registry. True or False?

Autoenrollment is a new feature of Windows Server 2003 that can be used to automate the deployment of certificates to smart cards. True or False?

Prev Page Next Page Close

wiki Wikis Flashcards Gradebook Signup Login Help Engrade Wikis Network Directory Services Study Guide Chapter 9 Mark Komula 0 Likes Options Print Network Directory Services Study Guide Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12

Chapter 9 Directory Services Chapter 9

Multiple Choice Identify the choice that best completes the statement or answers the question.

1. Which of the following file types is used for an executable installation database file that can be used to deploy applications through Group Policy Objects (GPOs)? a. .exe b. .msi c. .msp d. .mst e. .com

2. Which of the four phases of the System Development Life Cycle (SDLC) cannot be handled through Group Policy software deployment packages? a. Planning c. Maintenance b. Implementation d. Removal

3. When you want to deploy applications to computers using Group Policy, which of the following options do you have?

a. Publish b. Assign c. Install This Application At Logon d. Auto-install This Application By File Extension Activation e. Do Not Display This Package In The Add/Remove Programs Control Panel

4. Applications deployed to users using Group Policy are only advertised unless you select this option. a. Publish b. Assign c. Install This Application At Logon d. Auto-install This Application By File Extension Activation e. Do Not Display This Package In The Add/Remove Programs Control Panel

5. When you __________ an application to a user, a shortcut is typically placed in the Start menu when the user logs on. a. Publish b. Assign c. Install This Application At Logon d. Auto-install This Application By File Extension Activation e. Do Not Display This Package In The Add/Remove Programs Control Panel

6. What is the default security of Software Restriction Policies when they are first enabled?

a. Unrestricted c. No Override b. Disallowed d. Not Configured

7. Which of the following has path rules configured by default when you enable Software Restriction Policies in that Group Policy Object (GPO)? a. Only the Computer Configuration portion of the Default Domain Policy b. Only the User Configuration portion of the Default Domain Policy c. The Computer Configuration portion of every GPO d. The User Configuration portion of every GPO

8. You are the network administrator for Coho Vineyard. You manage a single Windows Server 2003 Active Directory domain. Your domain has two Active Directory sites. One is named Main_Site and the other is named Branch_Site. There are 5 Windows Server 2003 domain controllers, 2 Windows Server 2003 member servers, and 450 Windows XP Professional client computers on your network. One member server and 50 client computers are located in Branch_Site. The OU structure of your network is as shown in the following figure.

You create a Group Policy Object (GPO) named SP_Dist to distribute service pack software to your client computers. In this policy, you configure update.msi for deployment to computers. You link SP_Dist to the Finance OU. A user named John restarts the computer named Asia and then confirms that the service pack is installed. A user named Patricia then restarts the UK computer. She reports that the computer does not receive the service pack. You need to ensure that the service pack is deployed to all client computers on the network. What should you do? a. Enable No Override on the SP_Dist link to the Finance OU. b. Ensure that SP_Dist is configured with the Install This Application At Logon setting.

c. Link SP_Dist to the domain and enable No Override. d. Link SP_Dist to Main_Site and enable No Override. e. Configure SP_Dist to be published to users and leave the default settings. 9. You are the network administrator for Coho Vineyard & Winery. You manage a single Windows Server 2003 Active Directory domain. Your domain has a single Active Directory site named HQ_Site. There are three Windows Server 2003 domain controllers, two Windows Server 2003 member servers, and 300 Windows XP Professional client computers on your network. Each department in your company has an OU named after the department. All user and computer accounts for the department are configured in that OU. The OU structure of your network is as shown in the following figure.

You want the users in the Sales department to be able to use Microsoft Office XP. However, you have enough software licenses to allow only users in the Sales department to use Microsoft Office XP. You create a Group Policy Object (GPO) named Office_XP that deploys the Microsoft Office XP application to computers. You link this policy to the Marketing OU.

When Amy logs on to a computer in the Marketing OU, she has no access to Microsoft Office XP applications. She is also unable to open a Microsoft PowerPoint file. There are 50 computers and 50 users in the Marketing OU. You want all Sales department users to have access to Microsoft Office XP applications regardless of which computers they use. What should you do? a. Link Office_XP to the domain. b. Change Office_XP to assign software to users instead of computers. c. Configure the Office_XP link to the Marketing OU for No Override. d. Configure the Marketing OU with the Block Policy Inheritance setting. 10. You are the network administrator for Fourth Coffee. You manage a single Windows Server 2003 Active Directory domain. Your domain has a single Active Directory site named Buzz_Site. There are 4 Windows Server 2003 domain controllers, 4 Windows Server 2003 member servers, and 500 Windows XP Professional client computers on your network. Each department in your company has an OU named after the department. All user accounts for the department are configured in that OU. All client and member server

computer accounts are in the default Computers container. The OU structure of your network is as shown in the following figure.

You need to deploy a service pack to all client computers on your network. You create a network share named SP and share that on the network to the Everyone group. You create a Group Policy Object (GPO) named SP_Fix and link it to the Finance OU. You configure SP_Fix to publish the update.msi file to users. A week later, you check five different computers that are used by Patricia, Luis, Nancy, and Elle. None of these computers have the service pack installed. You need to ensure that all client computers are updated with the service pack. What should you do? a. Link the SP_Fix to the Default Domain Controllers OU. b. Move the computer accounts for the Finance department to the Finance OU. c. Change the deployment option to assign SP_Fix to users and link it to the Buzz_Site. d. Change the deployment option to assign SP_Fix to computers and link it to the domain. 11. You are the network administrator for Wide World Importers. You manage a single Windows Server 2003 Active Directory domain. Your domain has a single Active Directory site named Globe_Site. You have an application created by software developers in your company that must be installed on all computers in the domain regardless of whether a user ever logs on to the computer. You want to use Group Policy to deploy this application to all Windows XP Professional and Windows 2000 Professional computers on your network. The application consists of only an executable (.exe) and several dynamic link library (.dll) files. What should you do in order to prepare this application for distribution to all computers through Group Policy? a. Create a file with a .zap file extension. b. Create a file with an .msp file extension. c. Use repackaging software to create a file with an .msi file extension. d. Use the Custom Installation Wizard from the Microsoft Office XP Resource Kit Tools to create a file with an .mst file extension.

12. You are the network administrator for The Phone Company. The Phone Company has a single Active Directory domain named thephonecompany.com. No additional Active Directory sites are created within this structure. You want to distribute the Windows Support Tools to several computers. You configure a Group Policy Object (GPO) with a software package as shown in the following figure.

You want to enable the Install This Application At Logon option. What should you do? a. Change the Deployment type to Assigned. b. Select the Uninstall This Application When It Falls Out Of The Scope Of Management check box. c. Select the Do Not Display This Package In The Add/Remove Programs Control Panel check box. d. Change the Installation User Interface Options to Basic. e. Change the domain functional level to Windows Server 2003. 13. You are the network administrator for Trey Research. You have a Group Policy Object (GPO) named OffXP linked to the domain that deploys Microsoft Office XP Professional to all computers in your domain. You discover that OffXP is deploying Microsoft Word XP to all the computers in your domain. Your company policy indicates that the only approved version of Word is Microsoft Word 2000. You need to stop the deployment of Word XP, but you want the rest of the Microsoft Office XP Professional applications to be deployed. You disable the OffXP GPO. What should you do next? a. Use an .msp file to modify the Office XP Professional .msi file and then redeploy. b. Create an .mst file with the appropriate options and deploy that with the Office XP Professional .msi file in a new software package. c. Create a .zap file for the other applications in the Microsoft Office XP application suite. d. Remove the ORK folder from the Microsoft Office XP application files.

14. You are the network administrator for the School of Fine Art. The School

of Fine Art has a single Active Directory domain model. All domain controllers run Windows Server 2003 and all client computers run Windows XP Professional.

You create a path rule in a Group Policy Object (GPO) linked to the domain that prevents users from running applications from the C:\CustomApps folder. The path rule is configured under the Computer Configuration portion of the GPO.

You notice that several students are running an application named Litware.exe that is typically installed to the C:\CustomApps folder. You want to prevent students from running Litware.exe on client computers, even if they move it to another folder, or e-mail it to each other. What can you do? a. Configure the path rule in the User Configuration portion of the GPO. b. Configure an Internet zone rule that specifies Litware.com as a Restricted Site. c. Create a hash rule to disallow use of Litware.exe. d. Configure the GPO you created and linked to the domain with No Override.

15. You are the network administrator for Contoso Pharmaceuticals. The organizational unit structure is as shown in the following figure.

All member servers and domain controllers run Microsoft Windows Server 2003 Standard Edition. All client computers run Microsoft Windows XP Professional.

GPO1 is configured to assign Windows Server 2003 Administration Tools Pack to all computers. GPO1 is linked to the contoso.com domain. The Public OU has Block Policy Inheritance enabled.

When Jeff logs on to Public1, he is unable to access the Windows Server 2003

Administration Tools Pack. You want to be sure that when Jeff logs on to the Public1 and Public2 computers, he can access the Windows Server 2003 Administration Tools Pack. What should you do? a. Link GPO1 to the Marketing OU. b. Link GPO1 to the Domain Controllers OU. c. Link GPO1 to the Public OU. d. Create a software category named Admin Pack and list the Windows Server 2003 Administration Tools Pack under the category in the Add Or Remove Programs in GPO1. e. Publish the Windows Server 2003 Administration Tools Pack to users in GPO1. 16. You are the network administrator for Woodgrove Bank. The organizational unit (OU) structure is as shown in the following figure.

All member servers and domain controllers run Microsoft Windows Server 2003 Enterprise Edition. All client computers run Microsoft Windows XP Professional.

GPO2 is a Group Policy Object (GPO). GPO2 is configured to publish Microsoft Encarta Encyclopedia Deluxe 2004. GPO2 is linked to the Marketing OU. The Marketing OU, TeleSales OU, and Sales OU have Block Policy Inheritance enabled.

When Richard logs on to Tele1, Microsoft Encarta Encyclopedia Deluxe 2004 is not advertised. However, when Tony logs on to Ad1, Microsoft Encarta Encyclopedia Deluxe 2004 is published. You want to ensure that Microsoft Encarta Encyclopedia Deluxe 2004 is published to all users in the Marketing OU and subordinate OUs regardless of which computers they use. What should you do? a. Link GPO2 to the domain. b. Remove Block Policy Inheritance from the TeleSales OU. c. Link GPO2 to the Sales OU.

d. Enable No Override on GPO2. 17. You are the network administrator for Adventure Works. The Active Directory structure is as shown in the following figure. All member servers and domain controllers run Microsoft Windows Server 2003 Standard Edition. All client computers run Microsoft Windows XP Professional.

You have created an unlinked Group Policy Object (GPO) that is configured to assign Microsoft Excel to computers. The GPO is named GPO1. You need to ensure that this policy is applied to all computers in the entire forest. What should you do? a. Link GPO1 to the adventureworks.com domain. b. Link GPO1 to Site1. c. Enable No Override on GPO1. d. Create two new GPOs that deploy Microsoft Excel and link them to west.adventureworks.com and east.adventureworks.com. 18. You are the network administrator for the Baldwin Museum of Science. The organizational unit (OU) structure is as shown in the following figure. All member servers and domain controllers run Microsoft Windows Server 2003 Standard Edition. All client computers run Microsoft Windows XP Professional.

The domain has three sites: North_Site, East_Site, and West_Site. Each site has 100 to 200 client computers, five to ten member servers, and two or more domain controllers. You need to deploy Microsoft Works Suite 2004 to all the computers in the company.

You create an unlinked Group Policy Object (GPO) named MSWorks1. MSWorks1 is configured with a software distribution policy that deploys Microsoft Works Suite 2004 to computers. What should you do next? a. Link MSWorks1 to the North_Site. b. Link MSWorks1 to the domain.

c. Enable No Override on the MSWorks1 GPO. d. Create two new GPOs that deploy virus-scanning software and link them to East_Site and West_Site. 19. You are the network administrator for Coho Vineyard & Winery. The Active Directory structure is as shown in the following figure. All domains are in the same forest and cohovineyardandwinery.com is the forest root domain. All member servers and domain controllers run Microsoft Windows Server 2003 Enterprise Edition. All client computers run Microsoft Windows XP Professional.

Each domain has a Group Policy Object (GPO) linked to it. The following table illustrates the GPOs and their respective links and software installation settings.

None of these GPOs install antivirus software. You want to install antivirus software for all computers in the entire forest. You repackage your antivirus software as av.msi. What should you do? a. In GPO2 and GPO3, assign the av.msi package to computers. b. In GPO1, assign the av.msi to computers and configure that policy for No Override. c. Create a new GPO that assigns av.msi to users and link that policy to cohovineyardandwinery.com. d. Create a new GPO that assigns av.msi to computers and link that policy to Site1 and Site2. 20. You are the network administrator for Coho Vineyard. There are three organizational units (OUs) for the Marketing department named MKT, Sales, and TeleSales. You have a Group Policy Object (GPO) named FP1 linked to the MKT OU. The Group Policy Object (GPO) is configured to assign Microsoft FrontPage 2002 to computers. Your manager wants this software to be installed on all computers in the Marketing department. How can you arrange these organizational units to achieve this goal and efficiently apply FP1? a. Create a new OU named FP2 and move the existing top-level OU into the

FP2 OU as subordinates. b. Make the Sales OU and TeleSales OU subordinate to the MKT OU. c. Make the Sales OU subordinate to the MKT OU and the MKT OU subordinate to the Telesales OU. d. Move the Sales and TeleSales OUs into the Default Domain Controllers OU.

21. You are the system administrator for Contoso, Ltd. The contoso.com domain is structured as shown in the following figure.

A new Group Policy Object (GPO) named MSA1 is linked to the contoso.com domain. MSA1 installs Microsoft Access 2002 on all computers. You do not want the Microsoft Access 2002 software to install on the computers that are members of the Help Desk organizational unit (OU). How can you stop the GPO from installing the Microsoft Access 2002 software on the Help Desk OU? a. Enable Block Policy Inheritance on the Help Desk OU. b. Enable Block Policy Inheritance on the Desktop Support OU. c. Enable No Override on the MSA1 policy link to the contoso.com domain. d. Enable No Override on the Default Domain Policy link to the contoso.com domain. 22. You are the network administrator for City Power & Light. You want to use group policy to distribute Windows Support Tools throughout the enterprise so that it is available to any user on any computer. Which of the following options will make the software available to any user on any computer? a. Publish b. Assign c. Install This Application At Logon d. Auto-install This Application By File Extension Activation e. Do Not Display This Package In The Add/Remove Programs Control Panel

23. You are the system administrator of the contoso.com domain. All member servers and domain controllers run Microsoft Windows Server 2003 Standard Edition. All client computers run Microsoft Windows XP Professional.

Company policy requires that you prevent the use of unapproved software on client computers. When performing an audit on the client computers, you discover unapproved software installed.

You must prevent unapproved software from being run on client computers with a Group Policy Object (GPO). The GPO is linked to the domain and the use of Software Restriction Policies settings. Which option stops unapproved software from being used on client computers? a. Unrestricted c. Block Policy Inheritance enabled b. Disallowed d. Block Policy Inheritance disabled

24. You are the system administrator of the fabrikam.com domain. All member servers and domain controllers run Microsoft Windows Server 2003 Standard Edition. All client computers run Microsoft Windows 2000 Professional.

A new Group Policy Object (GPO) named MSN1 is linked to the fabrikam.com domain. MSN1 is configured to assign MSN Messenger to users. The software is configured by default to be advertised only in the user's Start menu. You must reconfigure the policy so that the software is ready to use when run. Which option makes the software ready to use when run? a. Publish b. Install This Application At Logon c. Auto-install This Application By File Extension Activation d. Do Not Display This Package In The Add/Remove Programs Control Panel

25. You are the network administrator for Coho Winery. There is a Group Policy Object (GPO) named ST1 and configured as shown in the following figure.

There are three organizational units (OUs) for the Marketing department named Mkt, Sales, and R&D. ST1 is linked to the R&D OU. The Default Domain Policy has not been modified. You move Andy's user account from the R&D OU to the Mkt OU. When Andy logs on to the network, Windows Support Tools continue to be available to Andy. You must configure Group Policy to remove software from users that are removed from the R&D OU. What can you do? a. Enable No Override on the cohowinery.com domain. b. Enable Block Policy Inheritance on the Mkt OU. c. In Windows Support Tools Properties for ST1, select the settings for deployment options in ST1 to uninstall the application when it falls out of the scope of management. d. In Windows Support Tools Properties settings for ST1, change the deployment type to Published. 26. You are the network administrator for Alpine Ski House. There is one domain in the forest named alpineskihouse.com. The domain has three sites: North_Site, East_Site, and West_Site. You need to deploy Microsoft Office XP Professional to all the computers in the company. You create an unlinked Group Policy Object (GPO) named MSPM1. MSPM1 is configured with a software distribution policy that deploys Microsoft Business Solutions for Project Management to computers. Where should you link MSPM1? a. North_Site only c. East_Site and West_Site b. Domain Controllers OU d. Alpineskihouse.com

27. You are the network administrator for Fourth Coffee. The company has three sites within their domain: North_Site, South_Site, and MidWest_Site. All member servers and domain controllers run Microsoft Windows Server 2003 Standard Edition. All client computers run Microsoft Windows 2000 Professional.

All domain controllers are located in Midwest_Site. There are client computers

in each Active Directory site. You need to deploy Windows Support Tools to all domain controllers in the company without deploying the Support Tools to the client computers. You create an unlinked Group Policy Object (GPO) named STP1. STP1 is configured with a software distribution policy that deploys Windows Support Tools to computers. Where should you link STP1? a. MidWest_Site c. South_Site and North_Site b. Domain Controllers OU d. Company domain

28. You are the network administrator of the fabrikam.com domain. All member servers and domain controllers run Microsoft Windows Server 2003 Standard Edition. All client computers run Microsoft Windows XP Professional. Company policy prohibits the use of the cmd.exe program on all computers. A Group Policy Object (GPO) named SR1 is linked to the domain. You need to configure SR1 with a software restriction rule that prevents users from running the cmd.exe program regardless of the location. What type of rule can do this? a. Path c. Internet zone b. Hash d. Least privilege

29. You are the network administrator of the contoso.com domain. All member servers and domain controllers run Microsoft Windows Server 2003 Enterprise Edition. All client computers run Microsoft Windows XP Professional. All domain controllers are located in the default container. There are two organizational units (OUs) named Sales and Finance. Each OU contains computer and user accounts. Company policy prohibits the use of the mspaint.exe program on all domain controllers. A Group Policy Object (GPO) named SR1 is configured with a hash rule to prevent mspaint.exe from running. To which Active Directory container should you link SR1? a. Contoso.com domain c. Sales OU b. Domain Controllers OU d. Finance OU

Prev Page

Next Page Close

wiki Wikis Flashcards Gradebook Signup Login Help Engrade Wikis Network Directory Services Study Guide Chapter 10 Mark Komula 0 Likes Options Print Network Directory Services Study Guide Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12 Chapter 10 Network Directory Services Chapter 10

Multiple Choice Identify the choice that best completes the statement or answers the question.

____ 1. How many Windows Management Instrumentation (WMI) filters can you link to a Group Policy Object (GPO)? a. 0 c. 32 b. 1 d. Theoretically unlimited

____ 2. You are the network administrator for Contoso, Ltd. You manage the North OU. The domain is configured as shown in the following figure.

Which Group Policy Objects (GPOs) should apply to the North OU? a. CompDist and SoftPack c. SoftPack and RemoveRun1 b. Default Domain Policy and CompDist d. DeployApp and Default Domain Policy You are the network administrator for Northwind Traders. You manage the East OU. The domain is configured as shown in the following figure.

You want the Group Policy Object (GPO) named DeployApp to apply to all the accounts in the East OU. What do you do? a. Remove the DeployApp link from the East OU. b. Remove the DeployApp link from the nwtraders.com. c. Configure the DeployApp link to be enforced. d. Raise the Link Priority of DeployApp in the nwtraders.com container. e. Configure the DeployApp GPO to be enabled. 4. You are the network administrator for Wide World Importers. You manage the Central OU. The domain is configured as shown in the following figure.

Which Group Policy Object (GPO) do you expect to apply to the Central OU? a. CompDist b. Default Domain Policy c. DeployApp d. RemoveRun1 e. SoftPack 5. You are a computer consultant. The president of Woodgrove Bank asks you to analyze the company domain. She says that after they started implementing Group Policy, the computers start up more slowly and the users take longer to log on. She does not want to stop using Group Policy, but she

wants you to analyze the way in which it has been implemented and to suggest any improvements that you see. Based only on what you can see in the following figure, give your analysis and recommendations.

The domain is configured as shown in the following figure.

Which would not be a valid observation? a. There is no need to link the RemoveRun1 and SoftPack GPOs to each OU because those GPOs are configured as Enforced (No Override). b. Unless the goal is to filter the Default Domain Policy or another GPO linked to the site, Block Policy Inheritance is unnecessary on the OUs. c. Enforcing the SoftPack GPO link on the South OU serves no purpose since South has no subordinate OUs. d. The SoftPack GPO link to South is necessary. 6. You are the network administrator for Wingtip Toys. The domain is configured as shown in the following figure.

You want to ensure that all OUs receive the AntiVirus Group Policy Object (GPO). However, you do not want the SpecialApps GPO applied to computers or users in the West OU or in the East OU. What must you do? a. Configure the SpecialApps GPO to be enforced. b. Configure Block Policy Inheritance on the wingtiptoys.com container. c. Configure Block Policy Inheritance on the North and South OUs. d. Link the AntiVirus GPO to both the East OU and West OU. e. Disable the SpecialApps GPO at the domain and then link that GPO to the North and South OUs. 7. You are the network administrator for The Phone Company. All of the domain controllers and member servers on the network run Windows Server 2003, Standard Edition. Client computers on the network run Windows XP

Professional and Windows 2000 Professional. The domain is configured as shown in the following figure.

You want the AntiVirus Group Policy Object (GPO) to apply to all computers in your domain. What must you do? a. Configure the AntiVirus GPO to be enforced. b. Remove the Client filter link from the AntiVirus GPO. c. Enable Block Policy Inheritance on the thephone-company.com container. d. Configure the Default Domain Policy so that it is not enforced. 8. You are the network administrator for Tailspin Toys. All of the domain controllers and member servers on the network run Windows Server 2003, Standard Edition. Client computers on the network run Windows XP Professional and Windows 2000 Professional. The domain is configured as shown in the following figure.

You want the Desktops Group Policy Object (GPO) to apply only to your client computers. What must you do? a. Link X filter to the Desktops GPO. b. Enable Block Policy Inheritance on the Servers OU. c. Configure the Desktops GPO to be enforced. d. Configure the Servers GPO to be enforced. 9. You are the network administrator for Proseware, Inc. All of the domain controllers and member servers on the network run Microsoft Windows Server 2003, Standard Edition. All client computers on the network run Microsoft Windows XP Professional. There are member server accounts in the Servers OU and the Executives OU. There are client computer accounts in the Clients OU and the Executives OU. The domain is configured as shown in the following figure.

You want to ensure that the Secure Group Policy Object (GPO) is applied to every account in the Executives OU. What must you do?

a. Remove the X filter link to the Secure OU and replace it with a link to Y filter. b. Modify X filter to include computers with a caption of Windows Server 2003, Standard Edition. c. Link the Secure GPO to the proseware.com container and configure the Secure GPO to be enforced. d. Remove the X filter link to the Secure GPO and link the Secure GPO to the Executives OU. 10. You are the network administrator for Fourth Coffee. All of the domain controllers and member servers on the network run Windows Server 2003, Standard Edition. All of the client computers on the network run Windows XP Professional. The domain is configured as shown in the following figure.

You want to ensure that the Desktops Group Policy Object (GPO) applies to all 50 user accounts in the Clients OU. What must you do? a. Configure the Desktops GPO as Enforced. b. Remove the Block Policy Inheritance setting on the Executives OU. c. Increase the Link Priority of the Desktops GPO on the fourthcoffee.com container. d. Link the Desktops GPO to the Clients OU. e. Add the Domain Users group to the Security Filtering section of the Desktops GPO Properties dialog box. 11. You are the network administrator for Fabrikam, Inc. All of the domain controllers and member servers on the network run Windows Server 2003, Standard Edition. All client computers on the network run Windows XP Professional. The domain is configured as shown in the following figure.

The Desktops Group Policy Object (GPO) settings are not configured on any of the 50 client computer accounts in the Clients OU. Why? a. The Desktops GPO is blocked by the Executives OU.

b. The Desktops GPO is disabled. c. The Desktops OU is not linked to the domain. d. Computer objects in the Clients OU don't have the right to Read or Apply Group Policy on the Desktops GPO. 12. You are the network administrator for A. Datum Corporation. All of the domain controllers and member servers on the network run Windows Server 2003, Standard Edition. All client computers on the network run Windows XP Professional. The domain is configured as shown in the following figure.

The manager of the Central OU wants to know why the Desktops Group Policy Object (GPO) is not applying to the resources in the Central OU. What is the reason? a. The Central OU has Block Policy Inheritance configured. b. The Desktops GPO is not linked to the Central OU. c. The Desktops GPO link to the domain is disabled. d. The Default Domain Policy is overriding the Desktops GPO. 13. You are the network administrator for Alpine Ski House. All of the domain controllers and member servers on the network run Microsoft Windows Server 2003, Standard Edition. All client computers on the network run Microsoft Windows XP Professional. The domain is configured as shown in the following figure.

All of the computers with computer accounts in the SkiTeam OU are Windows XP Professional computers. However, none of the computers receive the applications that are deployed using the SkiTeamApps Group Policy Object (GPO). Why? a. XP filter is designed to prevent the GPO from applying to computers running Windows XP Professional. b. The SkiTeam OU has Block Policy Inheritance configured. c. The SkiTeamApps GPO is disabled.

d. The Default Domain Policy is overriding the SkiTeamApps GPO. e. Block Policy Inheritance in configured on the domain. 14. You are the network administrator for Coho Winery. You manage a singledomain Active Directory structure. There is a Group Policy Object (GPO) named SoftPack. This GPO has several software applications configured to be assigned to users. SoftPack has the Security Settings shown in the following figure.

Although this GPO is linked to the domain, it is not applying to any of your users. You ask all users to log off and then log on, but no user has access to the new applications. How do you solve this problem? a. Allow the Full Control permission for Creator Owner on SoftPack. b. Enable No Override on SoftPack. c. Allow the Apply Group Policy permission for Authenticated Users on SoftPack. d. Enable Block Policy Inheritance on the domain. 15. You are the network administrator for Coho Vineyard. You manage a single-domain Active Directory structure. There is a Group Policy Object (GPO) named CompDist. This GPO has custom software applications configured to be assigned to computers. ComptDist has the Security Settings shown in the following figure.

The CompDist GPO is linked to the domain. You restart all of the computers in your domain, but do not see the application installed on any of these systems. You do not want this GPO deployed on a user basis; you specifically want it deployed on a computer basis. What must you do? a. Configure Authenticated Users to be allowed to read and apply Group Policy on CompDist Security Settings. b. Configure Allow Full Control permissions for Enterprise Domain Controllers on CompDist Security Settings. c. Configure the System account for Allow Full Control permissions on

CompDist Security Settings. d. Enable No Override on the CompDist GPO. e. Configure Block Policy Inheritance on the domain. 16. You manage the Blue Yonder Airlines network. Blue Yonder Airlines has a single-domain model and only one Active Directory site. One of the other administrators on the network has created a Group Policy Object (GPO) named RemoveRun1. This administrator tells you that the policy only seems to apply to the Microsoft Windows 2000 Professional and Microsoft Windows XP Professional computers on the network. All other computers on the network run Microsoft Windows Server 2003, Standard Edition. Based on the information shown in the following figure, which of the following is a possible explanation for this situation? a. Security filtering is being used to filter Authenticated Users. b. Security filtering is not being used to filter Authenticated Users. c. Client filter contains the statement Select * from Win32 OperatingSystem where Caption = "Microsoft Windows XP Professional". d. Client filter contains the statement Select * from Win32 OperatingSystem where Caption = "Microsoft Windows Server 2003 Standard Edition". e. The GPO is linked to a site instead of a domain.

____ 17. You are the network administrator for Trey Research. The Trey Research OU structure is as shown in the following figure. The company has a single Active Directory domain model. You configure a Group Policy Object (GPO) named UserConf that removes several items from a user's desktop as well as preventing the user from accessing the Control Panel.

You want this policy to apply to a group of computers in the Public_Systems OU no matter which users actually log on to these computers. What must you do? a. Grant the System account Full Control on the access control list (ACL) of UserConf. b. Configure Block Policy Inheritance on the Public_Systems OU.

c. Place all the computers in a single group. Configure the access control list (ACL) UserConf so that users in the Public_Systems OU have Read and Apply Group Policy permissions. d. Link the Policy to the Public_Systems OU and enable User Group Policy Loopback Processing Mode in Replace Mode. e. Configure a Windows Management Instrumentation (WMI) filter that includes all computer objects except for those in the Public_Systems OU and link that filter to the UserConf GPO. 18. How can you prevent restrictive Group Policy Objects (GPOs) from applying to administrators? a. Add the Administrators group to the GPO access control entry (ACE) and configure the Administrators group in the GPO ACE to Deny on Apply Group Policy. b. Configure the Enterprise Admins group in the GPO access control list (ACL) so that Enterprise Admins do not have Read permissions. c. Configure the Domain Admins group in the GPOs access control list (ACL) so that Domain Admins have Full Control. d. Configure the Authenticated Users group in the GPOs access control list (ACL) so that Authenticated Users have Full Control.

____ 19. Which of the following statements is false? a. Using the Group Policy Management Console (GPMC) you can copy and import Group Policy Objects. b. In the GPMC, the import feature allows settings to be imported from a file system GPO into an existing GPO. c. GPMC can be used to create a new organizational unit (OU). d. GPMC can be used to add a new user account.

____ 20. Which of the following tools allow you determine what group policies are applied to a computer account?

a. Rsop.msc c. Dcdiag b. Netdiag d. Adsiedit.msc

____ 21. Which of the following tools allow you determine what group policies are applied to a user account? a. Netdiag b. Dcdiag c. Ntdsutil d. Adsiedit.msc e. Gpresult

____ 22. Which tool can be used to delegate administrative control of Group Policy management tasks when planning a decentralized administrative approach? a. Adsiedit.msc c. Ntdsutil b. Gpmc.msc d. Netdiag

____ 23. You are the network administrator for Contoso Pharmaceuticals. The organizational unit (OU) structure is as shown in the following figure.

There is a Group Policy Object (GPO) named GPO1. GPO1 is configured to publish Microsoft Encarta Encyclopedia Deluxe 2004. GPO1 is linked to the US and Mexico organizational units (OUs). You want GPO1 to apply to all users in the US and Mexico OU except those users who are part of the Production OU that is subordinate to the Mexico OU. Which of the following options can be used to filter out the Production OU that is subordinate to the Mexico OU with

the least administrative effort? a. Create a Windows Management Instrumentation (WMI) filter on GPO1. b. Use security filtering on GPO1. c. Enable Block Policy Inheritance on the Production OU, which is subordinate to the Mexico OU. d. Enable No Override on GPO1. 24. You are the network administrator for Contoso, Ltd. The organizational unit structure is as shown in the following figure.

There is a Group Policy Object (GPO) named MPO1. MPO1 is configured to publish Microsoft Project 2002. MPO1 is linked to the Finance organizational unit (OU). You want MPO1 to be applied only to Terry and Corinna. How can you configure the domain controller so that MPO1 is applied only to Terry and Corinna? a. Create a Windows Management Instrumentation (WMI) filter and link it to MPO1. b. Enable Block Policy Inheritance on the Finance OU. c. Add Terry and Corinna to the Security Settings of MPO1. Give these accounts Read and Apply Group Policy permissions. d. In GPMC on MPO1's Scope tab, under Security Filtering, remove Authenticated Users and add MGMT. 25. You are the network administrator for Coho Winery. The organizational unit (OU) structure is as shown in the following figure.

There is a Group Policy Object (GPO) named GPO1. GPO1 is configured to publish Microsoft FrontPage version 2002. GPO1 is linked to the Finance organizational unit (OU). Patricia and Chris are the only members of the DnsAdmins group. You want GPO1 to be applied only to Patricia and Chris. How can you configure the domain controller so that GPO1 is applied only to Patricia and Chris?

a. Create a Windows Management Instrumentation (WMI) filter and link it to GPO1. b. Enable No Override on the GPO1. c. In GPMC on GPO1's Scope tab, under Security Filtering, remove Authenticated Users and add MGMT and COSTING. d. In GPMC on MPO1's Scope tab, under Security Filtering, remove Authenticated Users and add DnsAdmins. e. Configure Block Policy Inheritance on the Finance OU. 26. You are the network administrator for Coho Vineyard. The organizational unit (OU) structure is as shown in the following figure.

There is a Group Policy Object (GPO) named EX1. EX1 is configured to assign Microsoft Excel version 2002 to computers. EX1 is linked to the Accounts organizational unit (OU). You want EX1 to be applied to all computers in the Accounts OU except computers with less than 315 MB of available disk space. How can you prevent Microsoft Excel version 2002 from being installed on client computers that do not have 315 MB of available disk space? a. Create a Windows Management Instrumentation (WMI) filter and link it to EX1. b. Enable No Override on EX1. c. Create a group named Sec1 in Active Directory Users And Computers. In GPMC on EX1's Scope tab, under Security Filtering, remove Authenticated Users and add Sec1. d. Enable Block Policy Inheritance for the Marketing OU. 27. You are the network administrator for Fabrikam, Inc. The organizational unit (OU) structure is as shown in the following figure.

There is a Group Policy Object (GPO) named FP1. FP1 is configured to assign Microsoft FrontPage version 2002 to computers. FP1 is linked to the fabrikam.com domain. You want FP1 to be applied to all computers in the

domain except computers with fewer than 128 MB of RAM. How can you prevent Microsoft FrontPage version 2002 from being installed on client computers that do not have 128 MB of RAM? a. In the Group Policy Management Console (GPMC) on FP1's Scope tab, under Security Filtering, remove Authenticated Users and add Sales. b. In the Group Policy Management Console (GPMC) on FP1's Scope tab, under Security Filtering, remove Authenticated Users and add MGMT. c. Enable No Override on FP1. d. Create a Windows Management Instrumentation (WMI) filter and link it to FP1. 28. You are the network administrator for Coho Vineyard & Winery. The following table shows users and groups for the domain.

There is a Group Policy Object (GPO) named OFFICE1. OFFICE1 is configured to assign Microsoft Office 2003 Standard Edition to computers as an upgrade to Microsoft Office XP Standard. OFFICE1 is linked to the domain. You must stop OFFICE1 from deploying Microsoft Office 2003 Standard Edition to Kathie, Kelly, Andy, John and Scott. How can you stop the software package from being deployed to these users? a. In the Group Policy Management Console (GPMC), on OFFICE1's Scope tab, under Security Filtering, remove Authenticated Users and add Marketing and Sales. b. In the Group Policy Management Console (GPMC), on OFFICE1's Scope tab, under Security Filtering, remove Authenticated Users and add HR, Accounts, and Mgmt. c. Enable No Override on OFFICE1. d. Create a Windows Management Instrumentation (WMI) filter and link it to OFFICE1.

Prev Page Next Page Close

wiki Wikis Flashcards Gradebook Signup Login Help Engrade Wikis Network Directory Services Study Guide Chapter 11 Mark Komula 0 Likes Options Print Network Directory Services Study Guide Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12 Chapter 11 Network Directory Services Chapter 11

Multiple Choice Identify the choice that best completes the statement or answers the question.

____ 1. What key must you press during the Windows Server 2003 startup process in order to access the Windows Advanced Option menu? a. Ctrl b. F5 c. F8 d. F10 e. Delete

____ 2. If you want to perform a manual defragmentation of the Active Directory database, which startup option should you select from the Windows

Advanced Option menu? a. Safe Mode b. Safe Mode with Networking c. Safe Mode with Command Prompt d. Last Known Good Configuration e. Directory Services Restore Mode

____ 3. Which of the following tools allows you to back up System State data? a. Ntdsutil b. Ntbackup c. sc create systemstate d. net config workstation e. net config server

____ 4. In a domain with multiple computers, which of the following restore types allows the restored domain controller to receive full updates from other domain controllers? a. Normal restore c. Authoritative restore b. Primary restore d. Restore subtree

____ 5. Which tool allows you to enable Diagnostic Event Logging for Active Directory? a. Repadmin b. System Monitor

c. Regedit d. Event Viewer e. Replmon

____ 6. Which of the following utilities would you use for an authoritative restore that you do not require for a normal restore? a. Ntbackup b. Gpupdate c. Ntdsutil d. Netdiag e. Replmon

____ 7. You are the network administrator for Consolidated Messenger, which has the Active Directory domain named consolidatedmessenger.com. All three domain controllers on your domain have failed. You are about to restore the entire domain from a backup. You determine that a domain controller named ServerA has the most recent good backup of the Active Directory database. You want ServerA's copy of the Active Directory data to replicate to all other restored domain controllers. What type of restore should you use on ServerA? a. Normal restore c. Restore subtree b. Primary restore d. Sc dc1 sdset

____ 8. You are the network administrator for A. Datum Corporation, which has a single Active Directory domain named adatum.com. You need to restore a top-level OU named Marketing. You want to restore objects subordinate to the Marketing OU. Which of the following Ntdsutil commands would accomplish your goal?

a. restore database ou=Marketing,ou=Corp,dc=adatum,dc=com b. restore tree marketing.adatum.com c. restore subtree ou=Marketing,dc=adatum,dc=com d. restore ntds.dit marketing.adatum.com

____ 9. You need to perform an authoritative restore using your domain controller. You complete a restore using the Backup tool in Windows Server 2003. You see the Backup tool warning message box shown in the following figure. What should you do next?

a. Click Yes. b. Click No. c. Run the Netdiag command and then restart the computer. d. Disconnect the computer from the network before clicking Yes. 10. You are a network administrator of contoso.com. A colleague of yours is trying to restore an account named Admin that is located in the Users container of your domain. He enters the commands as shown in the following figure.

Which of the following commands should your colleague be using instead? a. restore database b. restore subtree admin.users.contoso.com c. restore database admin.users.contoso.com d. restore subtree ou=admin,dc=contoso,dc=com e. restore subtree cn=admin,cn=users,dc=contoso,dc=com 11. You are a network administrator for Fourth Coffee, which uses the Active Directory domain named fourthcoffee.com. There are three domain

controllers on the domain. All domain controllers run Windows Server 2003 Standard Edition. DNS is Active Directoryintegrated and the DNS service is running on all domain controllers. You notice that one of the domain controllers does not have SRV resource records registered in DNS. You need to ensure that the SRV records for all domain controllers are registered. What should you do on the domain controller that does not have its SRV records registered? a. Restart the DNS service. b. Restart the Kerberos Key Distribution Center service. c. Run the command Netdiag /fix. d. Run the command Net stop NetLogon.

____ 12. You are a network administrator for Trey Research. There are three domain controllers on the network. All domain controllers run Windows Server 2003. The domain has two Active Directory sites. One site is named Main_Site and the other is named Branch_Site. Server1 and Server2 are domain controllers in Main_Site. Server3 is a domain controller in Branch_Site. While monitoring the network, you discover that the Active Directory data on Server3 does not match the Active Directory data on the other two servers. You review the services that are running on Server3 as shown in the following figure.

You need to allow Server3 to receive updates from the other servers. What should you do on Server3? a. Restart Server3. b. Stop the Netlogon service. c. Start the Messenger service. d. Start the HTTP SSL service. e. Stop the Distributed File System. 13. You are the network administrator for Graphic Design Institute, which has the Active Directory domain named graphicdesigninstitute.com. You have seven domain controllers and all run Windows Server 2003 Standard Edition. You ask your colleague to defragment and compact the Active Directory

database on Computer07, which is one of your domain controllers. Your colleague tells you that the System State data backup is not working. You check the Event Viewer of Computer07 and see the error message, as shown in the following figure.

You need to complete the System State data backup before your colleague defragments the Active Directory database. What should you do? a. Use Ntdsutil to perform an authoritative restore on Computer07. b. Use Ntbackup to perform a System State data restore on Computer07. c. Restart Computer07 and press F8 during the startup sequence. d. Restart Computer07 and do not press F8 during the startup sequence. e. Use Ntbackup and disable the Volume Shadow Copy option. 14. You are a network administrator for A. Datum Corporation, which uses the Active Directory domain named adatum.com. There are five domain controllers on the network. Three are configured as global catalog servers. All domain controllers run Windows Server 2003 Standard Edition. You learn about a new malicious worm that queries global catalog servers repeatedly requesting universal group membership information. You are concerned that your global catalog servers are performing slowly. You want to receive an alert if any global catalog server is servicing more than 20 universal group membership queries per second. What should you do on all global catalog servers? a. Configure a Performance console alert. b. Enable audit object access. c. Configure the CrashOnAuditFail setting in the registry. d. Configure a capture trigger in Network Monitor.

____ 15. You are a network administrator for Adventure Works, which uses the Active Directory domain named adventure-works.com. There are three domain controllers on your domain. The domain controllers are named DC1, DC2, and DC3. All domain controllers are in the same Active Directory site. Each week, approximately 100 new user accounts are created and about the same number of accounts are deleted. You notice that users mention that

their accounts are unavailable, even though you create the accounts. This typically happens when you perform the user creation on DC2 and the users log in using a network segment to which DC3 is attached. You want to monitor replication backlog on each domain controller to see if there is a problem. Which object and counters should you monitor on each domain controller? a. Telephony: Client Apps b. Thread: Context Switches/sec c. NBT Connection: Bytes Total/sec d. NTDS: DRA Pending Replication Synchronizations e. ICMP: Messages/sec

____ 16. You are a network administrator for Wide World Importers, which uses the Active Directory domain named wideworldimporters.com. There are four domain controllers on your network. The domain controllers are named DCA1, DCA2, DCB1, and DCB2. There are two Active Directory sites on the network: SiteA and SiteB. DCA1 and DCA2 are in SiteA and the other two domain controllers are in SiteB.

You created several user accounts yesterday using DCA1. Today, several of those users cannot be authenticated to the domain. You notice that all of the users who are unable to authenticate are using computers that are in SiteB. You want to see if the domain controllers in SiteA and SiteB have consistent databases. Which of the following tools could help you make this comparison? a. Repadmin c. Netdom b. Ping d. Dcgpofix

____ 17. You are a network administrator for Woodgrove Bank, which uses the Active Directory domain named woodgrovebank.com. There are three domain controllers on your network. The domain controllers are named DC1, DC2, and DC3. There are two Active Directory sites on the network. One site is named HQ and the other is named Branch. DC3 is in the Branch site and the

other two domain controllers are in the HQ site.

A technician at the Branch site calls to tell you that several objects you created yesterday on DC2 are not displayed in Active Directory Users And Computers on DC3. You want to review the differences between the database on DC2 and DC3. Which of the following tools might help you make this determination? a. Netdom c. Dsastat b. Gpupdate d. Sysdiff

____ 18. You are a network administrator for The Phone Company, which uses the Active Directory domain named thephone-company.com. There are three domain controllers on your network. The domain controllers are named CentralA, CentralB, and Junction1. There are two Active Directory sites on the network. One site is named Central and the other site is named Junction1. DC3 is in the Junction1 site and the other two domain controllers are in the Central site.

Users in the Junction1 site report that they are unable to log on to the domain. You think there may be unacceptable replication latency between the domain controllers in the Central site and the domain controllers in Junction1. You want to check the replication latency on Junction1. Which of the following objects and counters would help you verify latency? a. Redirector: Connects Core c. FileReplicaSet: USN Records Accepted b. .NET CLR Jit: IL Bytes Jitted/sec d. Job Object Details: Handle Count

____ 19. You are a network administrator for Tailspin Toys, which uses the Active Directory domain named tailspintoys.com. There are two domain controllers in the domain. One of the domain controllers, ServerA, seems to be slowing down. Your manager is concerned that too many client computers are connecting to ServerA for Active Directoryrelated requests. You want to determine how many client computers are logged on to ServerA for Active

Directoryrelated information. a. Server: Context Blocks Queued/sec b. Telephony: Active Lines c. WMI Objects: HiPerf Classes d. Server Work Queues: Queue Length e. NTDS: LDAP Client Sessions

____ 20. You are a network administrator for Southridge Video, which uses the Active Directory domain named southridgevideo.com. All domain controllers on the network run Windows Server 2003 Standard Edition. Client computers on the network run Windows XP Professional, Windows 2000 Professional, and Windows 98 SE.

A security-consulting group recently reviewed your network configuration and determined that there are a significant number of NTLM authentication requests on the network. You want to determine the number of client authentications that use Kerberos versus the number of client authentications that use NTLM. Which of the following could you use to make this comparison? a. Performance console counters b. Netdom query c. Object access auditing d. Gpotool e. Repadmin

____ 21. You are a network administrator for Humongous Insurance, which uses the Active Directory domain named humongousinsurance.com. There are four domain controllers on the network. There are two Active Directory sites. This week, you are working from a remote location. You connect to the

domain controller at your company's network through a secure telnet session. You need to create a user account remotely. Which of the following tools allows you to accomplish your goal? a. Netdom b. Active Directory Users And Computers c. Replmon d. Repadmin e. Netstat

____ 22. You are the network administrator for Adventure Works, which uses the Active Directory domain named adventure-works.com. There are three Windows Server 2003 Standard Edition computers configured as domain controllers on the network. One of these domain controllers fails. After three weeks, you are able to locate all of the parts necessary to repair the domain controller. However, you are forced to reinstall the operating system and Active Directory. You have a System State Data backup from just before the server failure. You want to reduce the amount of time that it takes to synchronize this domain controller once it is restored. What should you do? a. Perform a non-authoritative restore. b. Perform an authoritative restore on the entire database. c. Perform an authoritative restore on the adventure-works.com tree. d. Restore the System State data from one of the other domain controllers.

____ 23. You are the network administrator of cohovineyard.com. You need to restore a top-level OU named Accounting that was deleted by mistake. You run the command shown in the following figure.

What must you do in order to resolve this error? a. You must type authoritative restore at the Ntdsutil prompt.

b. Restart the domain controller in Directory Services Restore Mode. c. Type files and then press Enter. d. Restore your System State data backup first. 24. You are the network administrator for Fabrikam, Inc., which uses the Active Directory domain named fabrikam.com. There are three domain controllers in your domain. The domain controllers are named ServerA, ServerB, and ServerC. All domain controllers run Windows Server 2003 Enterprise Edition. Each domain controller is in a different Active Directory site, but all are in the same time zone. These sites are configured to replicate twice per day, once at 6:00 a.m. and once again at 6:00 p.m. You want to back up each domain controller's copy of the Active Directory database every day at 5:00 p.m. What should you do every day at 5:00 p.m.? a. Configure a script to run sc create systemstate on each domain controller. b. Configure a script to run sc create systemstate on only the forest root domain controller. c. Configure a script to run the command ntdsutil files copy DB c: d. Backup the System State data on each computer. e. Backup the System State data of only the forest root domain controller.

____ 25. You are a network administrator for Contoso Pharmaceuticals. The network has 3 domain controllers, 5 member servers, and 500 client computers. All server computers run Windows Server 2003 Standard Edition and all client computers run Windows XP Professional. One of your colleagues is tasked to disable all unnecessary services from all computers. After completing this task on the domain controller computers, the systems are restarted. They take an unusually long time to start up. Once they start, you are unable to access Active Directory Users And Computers without receiving an error. The error says that you are unable to connect to the domain. You review the services that are running on the domain controller, as shown in the following figure.

You need to be able to use the Active Directory Users And Computers console on this domain controller. What should you do?

a. Start the HTTP SSL service and set its startup type to Automatic. b. Start the Net Logon service and set its startup type to Automatic. c. Stop the Distributed File System service and set its startup type to Disabled. d. Stop the File Replication Service and set its startup type to Disabled. 26. You are a network administrator for Wingtip Toys. One of your colleagues is tasked to disable unnecessary services on ServerA. ServerA is a domain controller for the Wingtip Toys Active Directory domain. Your colleague restarts ServerA. Several network users report problems connecting to resources. You review the services that are running on ServerA, as shown in the following figure.

You want to ensure that all services that allow your domain controller to operate efficiently and securely are running. What should you do? a. Start the HTTP SSL service and set its startup type to Automatic. b. Stop the Netlogon service and set its startup type to Automatic. c. Stop the Distributed File System service and set its startup type to Disabled. d. Stop the File Replication Service and set its startup type to Disabled. e. Start the Kerberos Key Distribution Center (KDC) service and set its startup type to Disabled. 27. You are a network administrator for Margie's Travel. The company network has three domain controllers. The domain controllers are named DC1, DC2, and DC3. Your colleague was recently troubleshooting some Active Directory issues on DC3. Although your colleague resolved the issue, the Event Viewer logs are filling up twice per day. Although you cannot contact your colleague, you follow her work notes and determine that she was working in two locations in the registry. These locations are shown in the following figures. The first figure shows the Diagnostics key and the second shows the CrashOnAuditFail key.

You need to reduce the amount of messages sent to the Event Viewer. What should you do? a. Change all values in the Data column of the Diagnostics key to 0.

b. Change all values in the Data column of the Diagnostics key to 5. c. Change the value of the CrashOnAuditFail key to 0. d. Change the value of the CrashOnAuditFail key to 1. e. Change the value of the CrashOnAuditFail key to 2. 28. You are the network administrator for the Alpine Ski House, which uses an Active Directory forest root named alpineskihouse.com. The network also has two child domains named west.alpineskihouse.com and east.alpineskihouse.com. There are 7 domain controllers and 25 member server computers on the network. All computers run Windows Server 2003 Standard Edition. Alpineskihouse.com has 1,500 Windows XP Client computers and the two child domains have 500 Windows XP client computers.

The east.alpineskihouse.com domain has two domain controllers: ServerA and ServerB. All domain controllers' System State data is backed up daily to a network drive. The hard disk in ServerB crashes. You replace the hard disk and rebuild the server as ServerC. You want ServerA to propagate the latest Active Directory database changes to ServerC. What should you do? a. Restore the System State data backup from ServerA to ServerC. b. Promote ServerC to replica domain controller for the alpineskihouse.com domain. c. Promote ServerC to replica domain controller for the east.alpineskihouse.com domain. d. Rename ServerC to ServerB and then run dcpromo.

____ 29. You are the network administrator for City Power & Light. The company uses the Active Directory domain named cpandl.com. The network contains three domain controllers. ServerC is one of those domain controllers. On ServerC, the hard disk space that holds the Active Directory database has fewer than 2 GB of space available. You install and configure a new hard disk in ServerC. To free up space on the C drive, you run the following command: move %systemroot%\ntds\ntds.dit d:\ntds When you restart ServerC, you see the error that is shown in the following

figure.

You restart in Directory Services Restore Mode. You need to ensure that the domain controller can start normally. Which of the following would allow the domain controller to start normally? a. Run the command repadmin /syncall cpandl.com. b. Copy D:\ntds\ntds.dit to %systemroot% c. Copy ntds.old to D: d. Restore the System State data backup from ServerA or ServerB to ServerC. 30. You are the network administrator for Blue Yonder Airlines. The company has a single Active Directory domain named blueyonderairlines.com. There are five domain controllers on the network. All domain controllers run Windows Server 2003 Enterprise Edition. You review the Event Viewer application and notice several warnings concerning ServerB in the File Replication Service log. On ServerB, you run the commands shown in the following figure.

You must correct the file replication issue. What should you do? a. Change the CrashOnAuditFail setting to 1 in the following Registry path: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Lsa. b. Run lsass.exe from a command prompt. c. Restart the Netlogon service. d. Start the Ntfrs service. 31. You are the network administrator for the School of Fine Art, which uses the Active Directory domain named fineartschool.net. There are five domain controllers on the network. These domain controllers are named DC1, DC2, DC3, DC4, and DC5. All domain controllers run Windows Server 2003 Standard Edition. Active Directoryintegrated DNS is used on the network. Only the domain controllers in the Main site run the DNS server service. There are three Active Directory sites on the network. These sites are named Main, Branch1, and Branch2. DC1, DC2, and DC3 are located in the Main site. DC4 is in Branch1, and DC5 is in Branch2.

Network users in the Branch2 site tell you that it takes them an unusually long time to log on to the network. You discover that these users are not using the Branch2 domain controller in order to log on. However, once the users are logged on to the network, they have no problem browsing the Internet or connecting to servers in the Main site.

You run the Netdiag command on the domain controller in the Branch2 site. You notice the following results. DNS test ..: Failed [WARNING] Cannot find a primary authoritative DNS server for the name DC5.fineartschool.net. [ERROR_TIMEOUT] The name 'DC5.fineartschool.net.' may not be registered in DNS [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 10.1.1.7, ERROR_TIMEOUT. [FATAL] No DNS servers have the DNS records for this DC registered.

You are able to ping DC5 by name from one of the client computers. Why are client computers and users not authenticating with DC5? a. Client computers are using incorrect DNS servers. b. The domain controllers in the Main site do not have SRV records for DC5. c. The client computers are unable to resolve the computer name for DC5. d. Domain controllers in the Main site do not have a host record for DC5.

____ 32. You are a network administrator for Lucerne Publishing, which uses the Active Directory domain named lucernepublishing.com. There are three domain controllers on the network. The domain controllers are named ServerA, ServerB, and ServerC. ServerA was the first domain controller on the network and has a larger hard disk and faster processor than the other two domain controllers. ServerA runs Windows Server 2003 Enterprise Edition. The hardware and software configurations of ServerB and ServerC are

identical. Both of these servers run Windows Server 2003 Standard Edition.

ServerC fails and you are unable to recover the Active Directory database. ServerC is offline for two weeks before it can be repaired. Your colleague determines that the System State data backups from ServerA and ServerB are more recent than the backups from ServerC. Your colleague uses the System State data backup from ServerA to perform a normal restore on ServerC. When ServerC restarts, the computer displays an IP conflict error and duplicate name error. What should you do? a. Change the IP address of ServerA. b. Change the IP address of ServerB. c. Change the IP address of ServerC. d. Restore the System State data for ServerB to ServerC. e. Restore the System State data for ServerC to ServerC.

Prev Page Next Page Close

wiki Wikis Flashcards Gradebook Signup Login Help Engrade Wikis Network Directory Services Study Guide Chapter 12 Mark Komula 0 Likes Options Print Network Directory Services Study Guide Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12 Chapter 12

Network Directory Services Chapter 12

Multiple Choice Identify the choice that best completes the statement or answers the question.

____ 1. Which of the following tools allows you to disable SID Filtering on trust relationships? a. Movetree b. Netdom c. Adprep d. ClonePrincipal e. Active Directory Migration Tool (ADMT)

____ 2. Which of the following tools can you use to prepare a Microsoft Windows 2000 forest for the addition of a Microsoft Windows Server 2003 domain controller? a. Movetree b. Netdom c. Adprep d. ClonePrincipal e. Active Directory Migration Tool (ADMT)

____ 3. Which of the following tools can you use to prepare a Microsoft Windows 2000 domain for the addition of a Microsoft Windows Server 2003 domain controller? a. Movetree

b. Netdom c. Adprep d. ClonePrincipal e. Active Directory Migration Tool (ADMT)

____ 4. Which of the following tools is used exclusively for interforest migration? a. Movetree b. Netdom c. Adprep d. ClonePrincipal e. Active Directory Migration Tool (ADMT)

____ 5. Which of the following tools can be used to relocate an organizational unit between two domains in the same forest? a. Movetree c. Adprep b. Netdom d. ClonePrincipal

____ 6. If you plan to migrate SID History, which of the following tools automatically create the domain$$$ account in the source domain during a migration? a. Movetree b. Netdom c. Adprep d. Active Directory Migration Tool (ADMT)

____ 7. You are the network administrator for A. Datum Corporation, which has an Active Directory domain named adatum.com. All domain controllers in adatum.com run Microsoft Windows Server 2003. You are planning to migrate 300 users from a Microsoft Windows NT version 4.0 domain named DATUM to adatum.com. After you migrate the users, you want them to have access to shared files and printers in the DATUM domain. Most of these resources are shared to DATUM user accounts. Which of the following must you do to accomplish your goal? a. Upgrade all domain controllers in DATUM to Windows 2000 Server. b. Clear all passwords on migrated user accounts. c. Clear all share level passwords. d. Migrate SID History.

____ 8. You are a network administrator for Adventure Works, which has a Microsoft Windows Server 2003 Active Directory domain named adventureworks.com. The company also has a Microsoft Windows 2000 Active Directory domain named adventure-works.local. You must migrate all the user accounts from the Windows 2000 domain to the new Windows Server 2003 domain. Which of the following must you establish before you perform this migration? a. Interforest trust relationship b. Common NETBIOS names for the two forests c. Common DNS names for the two domains d. Domain$$$ account in the target domain

____ 9. You are a network administrator for the Alpine Ski House, which has an Active Directory domain named alpineskihouse.com. All domain controllers on the domain run Microsoft Windows 2000 Server. You want to add a Microsoft Windows Server 2003 domain controller to the

alpineskihouse.com domain. However, when you run Dcpromo on the Windows Server 2003 domain controller, you see an error message that says: The Version Of The Active Directory Schema Of The Source Forest Is Not Compatible With The Version Of The Active Directory On This Computer. What must you do in order to resolve this issue? a. Create a computer account on the alpineskihouse.com domain for the Windows Server 2003 computer. b. Run adprep /forestprep on one of the Windows 2000 domain controllers. c. Run netdiag /fix on the Windows Server 2003 computer that is to become a domain controller. d. Run regsvr32 schmmgmt.dll on the Windows 2000 domain controller. e. Run regsvr32 schmmgmt.dll on the Windows Server 2003 computer.

____ 10. You are a network administrator for Baldwin Museum of Science, which has an Active Directory domain named baldwinmuseumofscience.com. You recently upgrade the Windows NT version 4.0 domain of BALDWINMUSEUMOFSCIENCE to Windows Server 2003. However, your manager informs you that one of the domain controllers that existed on the domain is no longer a member of the domain. You determine that this computer is a Windows 2000 domain controller. During the upgrade, you chose Windows Server 2003 interim domain functional level. What first step must you take in order to join this Windows 2000 domain controller to the existing domain? a. Create a computer account for the computer in the domain. b. Use an account that is a member of the Enterprise Admins group to join the computer to the domain. c. Upgrade the domain controller to Windows Server 2003. d. Run adprep /domainprep on the Windows Server 2000 computer. e. Run adprep /forestprep on the Windows Server 2000 computer.

____ 11. You are a network administrator for Blue Yonder Airlines, which has

an Active Directory domain named blueyonderairlines.com. The forest root domain controllers all run Microsoft Windows Server 2003, Standard Edition. There is also a child domain named tower.blueyonderairlines.com, which still uses Microsoft Windows 2000 domain controllers. You need to move an organizational unit (OU) named ATC from the child domain to the parent domain. Which of the following tools allow you to accomplish your goal? a. Movetree c. ADMT b. ClonePrincipal d. Dsmove

____ 12. You are a network administrator for City Power & Light, which has an Active Directory domain named cpandl.com. The company is currently using another domain, named cpandl.local, which is in a separate forest. You must migrate users from one domain to the other. Both domains use domain controllers running Windows Server 2003, Standard Edition. You want to migrate user passwords from cpandl.local to cpandl.com. You are not allowed to modify the Default Domain Policy of either domain. Which of the following is an appropriate step to accomplish this task? a. Enable the Let Everyone permissions apply to anonymous users in cpandl.local domain. b. Add the Anonymous Logon group to the Pre-Windows 2000 Compatible Access group in the cpandl.com domain. c. Create a cpandl$$$ group in the cpandl.com domain. d. Create a cpandl$$$ group in the cpandl.local domain.

____ 13. You are a network administrator for Wingtip Toys, which has an Active Directory domain named wingtiptoys.com. The company is currently using another domain, named wingtiptoys.local, which is in a separate forest. You must migrate users from one domain to the other. Both domains use domain controllers running Microsoft Windows Server 2003, Standard Edition. You want to migrate user passwords from wingtiptoys.local to wingtiptoys.com. A colleague assists you in preparation for this migration. When you begin a trial migration, you see an error message that reads: Unable To Establish A Session With The Password Export Server. Password Migration Has Not Been Enabled On The Source Server. Would You Like To

Select A Different Password DC?

What must you do in order to enable password migration between the two servers you selected? a. On the domain controller in wingtiptoys.local, set the AllowPasswordExport: value to 1. b. On the domain controller in wingtiptoys.com, set the AllowPasswordExport: value to 0. c. Install Pwdmig.exe on the domain controller in the wingtiptoys.local domain. d. Install Pwdmig.exe on the domain controller in the wingtiptoys.com domain.

____ 14. You are a network administrator for Wide World Importers, which has an Active Directory domain named wideworldimporters.com. The company is currently using another domain, named wideworldimporters.local, which is in a separate forest. You must migrate users from one domain to the other. Both domains use domain controllers running Windows Server 2003 Standard Edition. You want to migrate user passwords from wideworldimporters.local to wideworldimporters.com. A colleague assists you in preparation for this migration. When you begin a trial migration, you see the following error message: Unable To Establish A Session With The Password Export Server. The Local Machine Does Not Have An Encryption Key For Course Domain 'Wideworldimporters.Local'. Please Install A Local Encryption Key.

What must you do next in order to resolve this error? a. Run the ADMT key command on the domain controller in the wideworldimporters.com domain. b. Run the ADMT key command on the domain controller in the wideworldimporters.local domain. c. Run SYSKEY on the domain controller in the wideworldimporters.local domain. d. Run SYSKEY on the domain controller in the wideworldimporters.com

domain. e. Enable the Encrypting File System on the SYSVOL of the domain controller in the wideworldimporters.com domain.

____ 15. You are a network administrator for Fourth Coffee, which has an Active Directory domain named fourthcoffee.com. The company is currently using another domain, named fourthcoffee.local, which is in a separate forest. You must migrate users from one domain to the other. Both domains use domain controllers running Microsoft Windows Server 2003, Standard Edition. You want to migrate user passwords from fourthcoffee.local to fourthcoffee.com. A colleague assists you in preparation for this migration. When you begin a trial migration, you see the following error message: Unable To Establish A Session With The Password Export Server. The Source Server Does Not Have The Password Migration Component Installed.

What must you do next in order to resolve this error? a. Run the ADMT key command on the domain controller in the fourthcoffee.com domain. b. Run SYSKEY on the domain controller in the fourthcoffee.com domain c. Install Pwdmig.exe on the domain controller in the fourthcoffee.local domain d. On the domain controller in fourthcoffee.com, set the AllowPasswordExport value to 0. e. Create a fourthcoffee$$$ group in the cpandl.com domain

____ 16. You are a network administrator for Trey Research, which has an Active Directory domain named treyresearch.net. The company is currently using another domain, named treyresearch.local, which is in a separate forest. You must migrate users from one domain to the other. Both domains use domain controllers running Microsoft Windows Server 2003, Standard Edition. You must migrate objects from the treyresearch.local domain to the treyresearch.net domain. You attempt to create a cross-forest trust, but the

domain controller in treyresearch.local is unable to locate the domain controller in treyresearch.net. Which of the following actions resolves this problem? a. Configure an LMHOSTS file with the IP address and hostname of a domain controller in treyresearch.net on a treyresearch.local domain controller. b. Configure a hosts file with the IP address and hostname of a domain controller in treyresearch.net on a treyresearch.local domain controller. c. Configure conditional forwarding for the treyresearch.local domain to a DNS server in that domain on a DNS server in the treyresearch.net domain. d. Configure conditional forwarding for the treyresearch.net domain to a DNS server in that domain on a DNS server in the treyresearch.local domain.

____ 17. You are a network administrator for Tailspin Toys. Company management wants to migrate all user and computer accounts from its former Microsoft Windows 2000 domain, named tailspintoys.local, to the newly installed tailspintoys.com. All domain controllers on tailspintoys.com run Microsoft Windows Server 2003, Enterprise Edition. Which of the following must be true before user and computer accounts can be migrated using Active Directory Migration Tool (ADMT)? a. Tailspintoys.local must be in Windows 2000 mixed mode. b. Tailspintoys.local must be in Windows 2000 native mode. c. Tailspintoys.com must be using a domain functional level of Windows 2000 mixed. d. Tailspintoys.com must be using a domain functional level of Windows 2000 native or later.

____ 18. You are a network administrator for Consolidated Messenger. Company management wants to migrate all user and computer accounts from its former Microsoft Windows 2000 domain named consolidatedmessenger.local to the newly installed consolidatedmessenger.com. All domain controllers on consolidatedmessenger.com run Microsoft Windows Server 2003, Enterprise

Edition. Which of the following must be true in order for you to migrate passwords from the Windows 2000 domain to the Windows Server 2003 domain? a. The Everyone group must be part of the Pre-Windows 2000 Compatible Access group in the consolidatedmessenger.com domain. b. The Everyone group must be part of the Pre-Windows 2000 Compatible Access group in the consolidatedmessenger.local domain. c. You must configure a password export server in the consolidatedmessenger.com domain. d. You must install the Pwdmig.exe application to a domain controller on the consolidatedmessenger.com domain.

____ 19. You are a network administrator for Fabrikam, Inc., which has an Active Directory domain named fabrikam.com. You are planning to migrate passwords from a Microsoft Windows NT version 4.0 domain to the fabrikam.com domain. All domain controllers on fabrikam.com run Microsoft Windows Server 2003, Standard Edition. The domain controllers on the Windows NT version 4.0 domain run Windows NT Server 4.0 with Service Pack 2. Which of the following is necessary in order to migrate passwords from the Windows NT version 4.0 domain to the Windows Server 2003 domain? a. Install the high-encryption pack on the domain controllers of the fabrikam.com domain. b. Install Windows NT version 4.0 Service Pack 6a High Encryption on the Windows NT version 4.0 domain controllers. c. Install the PwdMig.exe application on the domain controllers of the fabrikam.com domain. d. Run the ADMT key utility on the Windows NT version 4.0 domain controllers.

____ 20. You are a network administrator for Graphic Design Institute, which has an Active Directory domain named graphicdesigninstitute.com. You are planning to migrate user accounts from a child domain named

cad.graphicdesigninstitute.com to the parent domain, graphicdesigninstitute.com. Your manager wants to know all the possible options concerning passwords when you migrate these user accounts. Which of the following is not an option when using Active Directory Migration Tool (ADMT) to perform the migration? a. Migrate passwords b. Complex passwords c. Passwords the same as the user name d. Passwords the same as the computer name

____ 21. You are a network administrator for Humongous Insurance, which has an Active Directory domain named humongousinsurance.com. The company also has another domain named humongousinsurance.local. All of the domain controllers for humongousinsurance.com run Microsoft Windows Server 2003, Standard Edition. All of the domain controllers for humongousinsurance.local run Microsoft Windows 2000 Server. Company management wants you to migrate resources from the Windows 2000 domain to the Windows Server 2003 domain. Which of the following are you not able to migrate with Active Directory Migration Tool (ADMT)? a. User accounts c. Service accounts b. Computer accounts d. Organizational units

____ 22. You are a network administrator for Litware, Inc. The company is planning to upgrade their Microsoft Windows NT version 4.0 domain to Microsoft Windows Server 2003 Active Directory. There are two domain controllers on the existing network. The Primary Domain Controller (PDC) is named PDC1 and the backup domain controller (BDC) is named BDC1. All of the computers in the domain run Microsoft Windows XP Professional. There are also two member servers. One member server runs Windows NT Server version 4.0. This server is named NT4Member. The other member server runs Microsoft Windows 2000 Server and is named W2KSrv. In order to upgrade the domain, which computer must you upgrade? a. W2KSrv c. BDC1

b. NT4Member d. PDC1

____ 23. You are a network administrator for Lucerne Publishing, which has an Active Directory domain named lucernepublishing.com. You and your colleague, Terry, are finalizing upgrades from the company. You ask Terry to upgrade the last Microsoft Windows NT 4.0 Server to Microsoft Windows Server 2003. Terry tells you that he receives an error message when he attempts the upgrade from CD-ROM. He thinks there is something wrong with the CD-ROM drive. You check the CD-ROM and see that he is using a Microsoft Windows Server 2003, Standard Edition CD-ROM. What should you tell Terry to do in order to complete his upgrade? a. Run Adprep /domainprep on the Windows NT version 4.0, Enterprise Edition computer b. Run Adprep /forestprep on the Windows NT version 4.0, Enterprise Edition computer c. Run Winnt32 /checkupgrade only on the Windows NT version 4.0, Enterprise Edition computer d. Use a Windows Server 2003, Enterprise Edition CD to perform the upgrade

____ 24. You are a network administrator for Margie's Travel, which has an Active Directory domain named margiestravel.com. The domain was recently upgraded from Microsoft Windows 2000 to Microsoft Windows Server 2003. However, not all of the domain controller upgrades were completed. You are assigned to complete these upgrades. Your manager mentions that you should modify the User Rights assignment to complete the upgrade. He cannot remember specifically what you must do. You log on to one of the Windows Server 2000 domain controllers using the default administrator account. You attempt the upgrade and receive the following error message: You Must Be An Administrator To Run This Application.

The user rights for the Domain Controller Security policy are configured as shown in the following figure.

What must you do in order to be able to complete the upgrade? a. Add the Everyone group to the Pre-Windows 2000 Compatible Access group. b. Give the default administrator account the Back Up Files And Directories right. c. Give the default administrator account the Create A Token Object right. d. Create a margiestravel$$$ account on the Windows 2000 domain. e. Create a margiestravel$$$ account on the Windows Server 2003 domain. 25. You are a network administrator for Woodgrove Bank, which has an Active Directory domain named woodgrovebank.com. All domain controllers on the domain run Microsoft Windows Server 2003, Standard Edition. Client computers on the domain run Windows 95, Windows 98, Windows NT version 4.0, Windows 2000 Professional, and Windows XP Professional. Once you upgrade the domain from Windows NT version 4.0 to Windows Server 2003, your client computers cannot log on to the domain.

Your manager does not want you to install any additional software to the client computers. Which of the following solutions allow the client computers to log on to the domain? a. Disable the SMB signing requirement on the domain controllers. b. Require Kerberos logons on the domain controllers. c. Require IPSec on the domain controllers. d. Add the Authenticated Users group to the PreWindows 2000 Compatible Access group on the domain controllers.

____ 26. You are a network administrator for Proseware, Inc., which has an Active Directory domain named proseware.com. All domain controllers on the domain run Microsoft Windows Server 2003, Standard Edition. Client computers on the domain run Windows 95 and Windows XP Professional. You complete an upgrade of the domain from Windows 2000 to Windows Server 2003. Users on the network who use Windows 95 client computers are now unable to log on to the domain. They report they see the error message: The Domain Password You Supplied Is Not Correct, Or Access To Your Logon

Server Has Been Denied.

What can you do to allow these clients to log on to the domain? a. Install the Directory Services Client Update for Windows 95. b. Require Kerberos logons on the domain controllers. c. Require IPSec on the domain controllers. d. Add the Authenticated Users group to the PreWindows 2000 Compatible Access group on the domain controllers

____ 27. You are a network administrator for the School of Fine Art, which has an Active Directory domain named fineartschool.net. All domain controllers on the domain run Microsoft Windows Server 2003, Standard Edition. You recently upgraded the domain from Windows NT version 4.0. Some users are reporting that they can no longer log on to the domain. They report this error message: The System Could Not Log You On. Make Sure Your User Name And Domain Are Correct, Then Type Your Password Again. Letters In Passwords Must Be Typed Using The Correct Case. Make Sure That Caps Lock Is Not Accidentally On. They had no problems logging on before the upgrade of the domain. Which of the following is a possible solution to this problem? a. Have all Domain Users to log on locally to the domain controllers. b. Remove the Everyone group from the PreWindows 2000 Compatible Access group. c. Install Service Pack 6a on all Windows NT version 4.0 computers. d. Remove File And Printer Sharing For Microsoft Networks from the Windows NT 4.0 computers.

Prev Page Next Page Close