70-411 R2 Test Bank Lesson 16

70-411 Test Bank, Lesson 16 Configuring Domain Controllers
15 Multiple Choice
6 Short Answer
4 Best Answer
4 Build List
4 Repeated Answer
33 questions
Multiple Choice
1. The domain controllers are the computers that store and run the _______________.
a. user database
b. services database
c. Managed Service Accounts database
d. Active Directory database
Answer: d
Difficulty: Easy
Section Ref: Understanding Domain Controllers
Explanation: The domain controllers are the servers that store and run the Active
Directory database.
2. How many PDC Emulators are required, if needed, in a domain?
a. one
b. two
c. three
d. four
Answer: a
Difficulty: Easy
Section Ref: Managing Operations Masters
Explanation: A domain requires just one Primary Domain Controller Emulator.
3. You do not place the infrastructure master on a global catalog server unless what
situation exists?
a. You have a single domain.
b. You have Windows NT 4.0 systems to support.
c. You have multiple schemas.
d. Your AD DS is Windows 2008 or higher.

Answer: a
Difficulty: Medium
Explanation: Do not place the infrastructure master on a global catalog server
unless you have only one domain or all the domain controllers in your forest are
also global catalogs.
4. When you add attributes to an Active Directory object, what part of the domain
database are you actually changing?
a. FSMO
b. schema
c. directory structure
d. organizational units
Answer: b
Difficulty: Medium
Explanation: When you add attributes to an Active Directory object, you change the
schema of the domain database.
5. Which Active Directory object is defined as a specialized domain controller that
performs certain tasks so that multi-master domain controllers can operate and
synchronize properly?
a. Schema Master
b. Forest
c. RODC
d. Operations Master
Answer: d
Difficulty: Medium
Explanation: Operations Masters are specialized domain controllers that perform
certain tasks so that multi-master domain controllers can operate and synchronize
properly.
6. How many global catalogs are recommended for every organization?
a. at least one
b. at least two
c. at least three
d. no fewer than four
Answer: b
Difficulty: Medium
Section Ref: Managing Global Catalogs and Configuring Universal Group Membership
Caching
Explanation: Initially, it was recommended to have global catalogs at every site.
Nonetheless, every organization should have at least two global catalogs for fault
tolerance.
7. What two things must you do to a Windows Server to convert it to a domain
controller?
a. Install Server Manager.
b. Install Active Directory Domain Services (AD DS).
c. Install DNS.
d. Execute dcpromo from Server Manager.
Answer: b and d
Difficulty: Medium
Explanation: A domain controller is a Windows server that stores a replica of the
account and security information for the domain and defines the domain
boundaries. To make a computer running Windows Server 2012 or Windows Server
2012 R2 a domain controller, you must install the AD DS and execute dcpromo from
Server Manager.
8. Where are you most likely to see a Read-Only Domain Controller (RODC)?
a. in a small network instead of in an enterprise
b. in an enterprise network
c. in a remote site
d. in the place of a standard domain controller
Answer: c
Difficulty: Medium
Section Ref: Installing and Configuring an RODC
Explanation: An RODC was created to be used in places where a domain controller is
needed but the physical security of the domain controller could not be guaranteed.
For example, it might be placed in a remote site that is not very secure and has a
slower WAN link. Because it has a slow WAN link, a local domain controller would
benefit the users at that site.
9. Which of the following commands issued at the fsmo maintenance prompt would
successfully seize the role of an Operations Master Holder? Select all that apply.
a. seize schema master
b. seize global master
c. seize PDC
d. seize domain control

Answer: a and c
Difficulty: Medium
Section Ref: Seizing the Operations Masters Role
Explanation: At the fsmo maintenance prompt, the seize schema master command
and the seize PDC command would both seize the role of an Operations Master
Holder.
10. Beginning with which server version can you safely deploy domain controllers in
a virtual machine?
a. Windows Server 2003
b. Windows Server 2008
c. Windows Server 2008 R2
d. Windows Server 2012
Answer: d
Difficulty: Medium
Section Ref: Cloning a Domain Controller
Explanation: Starting with Windows Server 2012, you can safely virtualize a domain
controller and rapidly deploy virtual domain controllers through cloning.
11. What utility must you run on a cloned system to ensure that the clone receives
its own SID?
a. adprep /renew
b. sysprep
c. dcpromo
d. ntconfig
Answer: b
Difficulty: Easy
Explanation: Before, if you cloned any server, the server would end up with the
same domain or forest, which is unsupported with the same domain or forest. You
would then have to run sysprep, which would remove the unique security
information before cloning and then promote a domain controller manually. When
you clone a domain controller, you perform safe cloning, in which a cloned domain
controller automatically runs a subset of the sysprep process and promotes the
server to a domain controller automatically.
12. Which type of system must you connect to and use to make changes to Active
Directory?
a. RODC
b. Forest Master
c. writable domain controller
d. domain tree
Answer: c
Difficulty: Easy
Explanation: Because the RODC has only a read-only copy of the Active Directory
database, you need to connect to a writable domain controller to make changes to
Active Directory.
13. Which version of Windows Server introduced incremental universal group
membership replication?
a. Windows Server 2000
b. Windows Server 2003
c. Windows Server 2008
d. Windows Server 2012
Answer: b
Difficulty: Medium
Caching
Explanation: Since Windows Server 2003, incremental universal group membership
replication was introduced, which significantly decreased the amount of replication
traffic of universal groups.
14. What are the three types of groups in a domain?
a. domain trust groups, domain schema groups, and universal groups
b. domain local groups, global groups, and universal groups
c. global groups, domain trust groups, and schema groups
d. universal groups, global catalog groups, and schema groups
Answer: b
Difficulty: Hard
Caching
Explanation: A domain has three types of groups: domain local groups, global
groups, and universal groups.
15. The global catalog stores a partial copy of all objects in the forest. What are the
reasons for keeping that partial copy? Select all that apply.
a. logon
b. object searches
c. universal group membership
d. schema integrity
Answer: a, b, and c
Difficulty: Hard
Caching
Explanation: The global catalog has a partial copy of all objects for all other domains
in the forest. The partial copy of all objects is used for logon, object searches, and
universal group membership.
Short Answer
16. Active Directory is a major component in what three areas of computer and user
management?
Answer: Authentication, authorization, and auditing
Difficulty: Medium
Explanation: Because Active Directory is a major component in authentication,
authorization, and auditing, you need to know how the different types of domain
controllers are used to create the Active Directory environment.
17. What type of replication does an RODC perform?
Answer: An RODC accepts only inbound replication connections from writable
domain controllers. It performs no outbound replication.
Difficulty: Medium
Explanation: An RODC does not perform any outbound replication and accepts only
inbound replication connections from writable domain controllers. Because the
RODC has only a read-only copy of the Active Directory database, you need to
connect to a writable domain controller to make changes to Active Directory.
18. What are the two basic requirements before you deploy an RODC?
Answer: Your forest has to be at Windows Server 2003 functional level or higher,
and you have to have at least one writable Windows Server 2008 or higher domain
controller.
Difficulty: Hard
Explanation: To deploy an RODC, you need to ensure that the forest functional level
is Windows Server 2003 or higher and deploy at least one writable domain
controller running Windows Server 2008 or higher.
19. How does Active Directory attempt to resolve conflicts?

Answer: By using version IDs and timestamps
Difficulty: Hard
Explanation: With Active Directory, domain controllers follow a multi-master
replication model that ensures copies of all domain objects are found on each
domain controller within a domain so that they can be quickly and easily accessed
and to provide fault tolerance. To help resolve conflicts and such, all transactions
use version IDs and timestamps.
20. What are two significant advantages of universal group membership caching
(UGMC)?
Answer: UGMC has better logon performance and minimizes WAN usage.
Difficulty: Hard
Caching
Explanation: UGMC provides better logon performance and minimizes WAN usage.
When a user logs on, requests do not have to go over a WAN link and WAN usage for
replication traffic because the domain controller does not have to hold information
about forest-wide objects. Also, these remote domain controllers are not listed in
DNS as providers of global catalog services for the forest, further reducing
bandwidth constraints.
21. What is a global catalog server?
Answer: A global catalog server is a domain controller that keeps a full copy of all
AD objects for its host domain and a partial copy for all other domains in the forest.
Difficulty: Medium
Explanation: A global catalog servers is a domain controller that stores a full copy of
all Active Directory objects in the directory for its host domain and a partial copy of
all objects for all other domains in the forest. Applications and clients can query the
global catalog to locate any object in a forest.
Best Answer
22. Although the changes are easy to make, why is changing the AD Schema such a
big deal?
a. The changes replicate to all domain controllers.
b. The changes could corrupt the database.
c. Doing so affects all objects for that object type.
d. Doing so requires controlled changes.
Answer: b
Difficulty: Hard
Explanation: When you add attributes to an Active Directory object, you change the
schema of the domain database. Although making those changes is relatively easy,
modifying the schema is considered a big deal because it affects all objects for that
object type and can corrupt the database.
23. Where in the forest is a global catalog automatically created?
a. the PDC Emulator
b. the most powerful system
c. the first domain controller
d. the schema master
Answer: c
Difficulty: Medium
Caching
Explanation: A global catalog is created automatically on the first domain controller
in the forest. Optionally, other domain controllers can be configured to serve as
global catalogs.
24. Which utility do you use to manage Active Directory from the command line?
a. netdom
b. dnscmd
c. dcpromo
d. ntdsutil
Answer: d
Difficulty: Medium
Explanation: The ntdsutil.exe command-line tool allows you to manage Active
Directory, including performing maintenance on the Active Directory database,
managing and controlling single master operations, and removing metadata left
behind by domain controllers that were removed from the network without being
properly uninstalled.
25. Which command-line command do you use to allow Windows Server 2003
domain controllers to replicate to RODCs?
a. netdom /RODCPrep
b. netsh /RODCPrep
c. ntdsutil /RODCPrep
d. ADPrep /RODCPrep
Answer: d
Difficulty: Hard
Explanation: If any domain controllers run Windows Server 2003, you need to
configure permissions on DNS application directory partitions to allow them to
replicate to RODCs by running the ADPrep /RODCPrep command.
Build List
26. Order the following steps necessary to install an RODC.
a. Promote the server to a domain controller.
b. Select the delegated administrator account for the RODC.
c. Enter and confirm the password for Directory Service Restore Mode (DSRM).
d. Open Server Manager > Active Directory Domain Services (AD DS).
e. Select Read only domain controller (RODC).
f. Add the domain controller to an existing domain.
g. Select the correct site name.
Answer: D A F E G C B
Difficulty: Medium
Explanation: Refer to the steps to Install a Read-Only Domain Controller.
27. Order the following steps required in deploying a cloned virtualized domain
controller.
a. Grant the source virtualized domain controller the permission to be cloned by
adding the source virtualized domain controller to the Cloneable Domain Controllers
group.
b. Run New-ADDCCloneConfigFile to create the clone configuration file, which is
stored in C:\Windows\NTDS.
c. In Hyper-V, export and then import the virtual machine of the source domain
controller.
d. Run the Get-ADDCCloningExcludedApplicationList cmdlet in PowerShell to
determine which services and applications on the domain controller are
incompatible with the cloning.
Answer: A D B C
Difficulty: Medium
Explanation: Refer to the four primary steps to deploy a cloned virtualized domain
controller.
28. Order the following steps required to seize the role of an operations master
holder.
a. Open a command prompt with Administrative privileges.
b. Exit up one level.
c. Execute connect to server <FQDN_of_desired_role_holder>.
d. Execute one of the seize commands.
e. Execute ntdsutil -> roles -> connections.
Answer: A E C B D
Difficulty: Medium
Explanation: Refer to the steps outlined in Seize the Role of an Operations Master
Holder.
29. Order the following steps required to transfer the holders of domain naming
operations master role.
a. Change the Operations Master.
b. In the console tree, right-click Active Directory Domains and Trusts and select
Operations Master.
c. Select the domain controller you want to transfer the role to.
d. Open Active Directory Domains and Trusts > Connect to Domain Controller.
Answer: D C B A
Difficulty: Easy
Section Ref: Transferring the Operations Masters Role
Explanation: Refer to the steps to Transfer the Holders of Domain Naming
Operations Master Role.
Repeated Answer
30. Which term describes a collection of domains grouped together in hierarchical
structures that share a common root domain?
a. organizational units
b. domains
c. domain trees
d. forests
Answer: c
Difficulty: Medium
Explanation: Domain trees are collections of domains grouped together in
hierarchical structures that share a common root domain. A domain tree can have a
single domain or many domains.
31. Which term describes an administrative boundary for users and computers,
which are stored in a common directory database?
b. domains
c. domain trees
d. forests
Answer: b
Difficulty: Medium
Explanation: A domain is an administrative boundary for users and computers,
which are stored in a common directory database. A single domain can span
multiple physical locations or sites and can contain millions of objects.
32. Which term describes a collection of domain trees that share a common Active
Directory Domain Services (AD DS)?
b. domains
c. domain trees
d. forests
Answer: d
Difficulty: Medium
Explanation: A forest is a collection of domain trees that share a common Active
Directory Domain Services (AD DS). A forest can contain one or more domain trees
or domains, all of which share a common logical structure.
33. Which term describes containers in a domain that allow you to organize and
group resources for easier administration, including providing for delegating
administrative rights?
b. domains
c. domain trees
d. forests
Answer: a
Difficulty: Medium
Explanation: Organization units serve as containers in a domain that allow you to
organize and group resources for easier administration, including providing for
delegating administrative rights.

70-411 R2 Test Bank Lesson 16

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

70-411 R2 Test Bank Lesson 16

Uploaded by

Copyright:

Available Formats

70-411 Test Bank, Lesson 16 Configuring Domain Controllers

d. Your AD DS is Windows 2008 or higher.

d. seize domain control

19. How does Active Directory attempt to resolve conflicts?

You might also like