CIS 277 - R4

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Cendy
C
Cendy
Community Contributor
Quizzes Created: 9 | Total Attempts: 14,389
Questions: 25 | Attempts: 584

SettingsSettingsSettings
CIS Quizzes & Trivia

Review Question Chapter 4


Questions and Answers
  • 1. 

    The protocol for accessing Active Directory objects and services is based on which of the fol-lowing standards?

    • A.

      DNS

    • B.

      LDAP

    • C.

      DHCP

    • D.

      ICMP

    Correct Answer
    B. LDAP
    Explanation
    LDAP (Lightweight Directory Access Protocol) is the correct answer for this question. LDAP is a standard protocol used to access and manage directory information, such as Active Directory objects and services. It provides a way to query, add, modify, and delete directory entries. DNS (Domain Name System) is a separate protocol used for translating domain names to IP addresses. DHCP (Dynamic Host Configuration Protocol) is used for automatically assigning IP addresses to devices on a network. ICMP (Internet Control Message Protocol) is used for network diagnostics and error reporting.

    Rate this question:

  • 2. 

    Which MMC do you use to create OUs?

    • A.

      Active Directory Sites and Services

    • B.

      Active Directory Domains and Trusts

    • C.

      Active Directory Users and Computers

    • D.

      Computer Management

    Correct Answer
    C. Active Directory Users and Computers
    Explanation
    Active Directory Users and Computers is the MMC (Microsoft Management Console) that is used to create Organizational Units (OUs) in Active Directory. OUs are containers used to organize and manage objects like users, groups, and computers within a domain. Active Directory Sites and Services is used to manage the replication and site configuration in a multi-site Active Directory environment. Active Directory Domains and Trusts is used to manage domain and trust relationships. Computer Management is a separate utility used to manage local computer settings and resources.

    Rate this question:

  • 3. 

    Which wizard is used to assign users the authority to perform certain tasks on Active Directory  objects?

    Correct Answer
    Delegation of Control Wizard
    Delegation of Control
    Explanation
    The Delegation of Control Wizard is used to assign users the authority to perform certain tasks on Active Directory objects. This wizard allows administrators to delegate specific permissions to users or groups, granting them the ability to perform tasks such as creating, modifying, or deleting objects within the Active Directory. By using this wizard, administrators can ensure that users have the necessary permissions to perform their assigned tasks without granting them unnecessary privileges. Delegation of Control, on the other hand, refers to the process of assigning these permissions and is closely related to the use of the Delegation of Control Wizard.

    Rate this question:

  • 4. 

    User, computer, and group accounts can be referred to as which of the following?

    • A.

      Discretionary access accounts

    • B.

      Security descriptors

    • C.

      Local objects

    • D.

      Security principals

    Correct Answer
    D. Security principals
    Explanation
    The term "security principals" is used to refer to user, computer, and group accounts. These accounts are considered as security principals because they are entities that can be assigned permissions and access rights within a system. They play a crucial role in determining who can access certain resources and perform specific actions within a computer network.

    Rate this question:

  • 5. 

    Which of the following must you modify if you want to change an Active Directory object’s permissions?

    • A.

      DACL

    • B.

      SACL

    • C.

      Object attributes

    • D.

      Object schema

    Correct Answer
    A. DACL
    Explanation
    If you want to change an Active Directory object's permissions, you must modify the DACL (Discretionary Access Control List). The DACL is a list of access control entries (ACEs) that determine the permissions granted or denied to users or groups on the object. By modifying the DACL, you can add or remove permissions for specific users or groups, allowing you to control who can access or modify the object.

    Rate this question:

  • 6. 

    An object’s owner automatically has Full control permission for the object. True or False?

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    The statement is false because an object's owner does not automatically have full control permission for the object. While the owner may have certain permissions by default, the level of control granted to the owner depends on the specific settings and permissions assigned to the object. The owner may have full control, but it is not automatic.

    Rate this question:

  • 7. 

    JDoe is a member of a group that has Full control permission for an OU, which the groupinherited from a parent OU. What is the best way to stop JDoe from having Write permis-sion to this OU without affecting any other permissions?

    • A.

      Remove JDoe from the group.

    • B.

      Add a Deny ACE for JDoe to the parent OU.

    • C.

      Add an explicit Deny ACE for JDoe to the OU.

    • D.

      Add a Deny ACE for the group to the parent OU.

    Correct Answer
    C. Add an explicit Deny ACE for JDoe to the OU.
    Explanation
    The best way to stop JDoe from having Write permission to the OU without affecting any other permissions is to add an explicit Deny ACE for JDoe to the OU. By adding this explicit Deny ACE, it specifically denies JDoe from having the Write permission to the OU, while leaving the other permissions intact. This allows for targeted control over JDoe's access without impacting the rest of the group's permissions inherited from the parent OU.

    Rate this question:

  • 8. 

    You’re logged on as Administrator to a domain controller and are trying to troubleshoot aproblem with a user’s access to Active Directory objects. You open Active Directory Usersand Computers to access an object’s properties. However, you can’t view the object’s per-missions. What is the most likely problem?

    • A.

      You don’t have sufficient permissions to view the object’s permissions.

    • B.

      You need to open Active Directory Domains and Trusts.

    • C.

      You need to enable Advanced Features.

    • D.

      You need to run the View Object Permissions Wizard.

    Correct Answer
    C. You need to enable Advanced Features.
    Explanation
    The most likely problem is that you need to enable Advanced Features. Enabling Advanced Features in Active Directory Users and Computers allows you to view additional options and settings, including the object's permissions. Without enabling this feature, you may not have access to view the object's permissions.

    Rate this question:

  • 9. 

    A user’s permissions to an object that are a combination of inherited and explicit permis-sions assigned to the user’s account and groups the user belongs to are referred to as whichof the following?

    • A.

      Inherited permissions

    • B.

      Effective permissions

    • C.

      Explicit permissions

    • D.

      Access permissions

    Correct Answer
    B. Effective permissions
    Explanation
    Effective permissions refer to the combination of inherited and explicit permissions assigned to a user's account and the groups they belong to. These permissions determine the level of access the user has to an object. Inherited permissions are permissions that are passed down from a parent object, while explicit permissions are permissions that are directly assigned to a user or group. Access permissions are a general term that refers to the level of access granted to a user or group.

    Rate this question:

  • 10. 

    Inherited permissions always override explicit permissions. True or False?

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    Inherited permissions do not always override explicit permissions. Explicit permissions are directly assigned to a specific user or group, while inherited permissions are passed down from parent objects in a file system or directory structure. In some cases, explicit permissions may take precedence over inherited permissions, depending on the settings and configurations of the system. Therefore, the statement that inherited permissions always override explicit permissions is false.

    Rate this question:

  • 11. 

    You’re viewing the DACL for an OU and notice an inherited ACE for a user account thatgives the account permission to the OU that it shouldn’t have. You want to remove the ACE  from the OU, but you  get an  error  message   when   you   attempt    to   do s  o. What do you    need to do?

    • A.

      Open Active Directory Users and Computers in administrative mode.

    • B.

      Use ADSI Edit to remove permissions.

    • C.

      Disable inheritance on the OU.

    • D.

      Add an explicit Deny ACE for the user account.

    Correct Answer
    C. Disable inheritance on the OU.
    Explanation
    To remove the inherited ACE for the user account that shouldn't have permission to the OU, you need to disable inheritance on the OU. By disabling inheritance, the OU will no longer inherit permissions from its parent objects, including the ACE that gives the account permission. This allows you to have more control over the permissions specifically assigned to the OU.

    Rate this question:

  • 12. 

    A user is having trouble accessing an OU, so you need to determine the user’s permissionsto the OU. You log on to the domain controller as Administrator and view the Security tabof the OU’s Properties dialog box. What do you do next?

    Correct Answer
    Click the Advanced button, click the Effective Permissions tab, click the Select button, type the user s account name, and click OK.
    Explanation
    After logging on to the domain controller as Administrator and viewing the Security tab of the OU's Properties dialog box, the next step is to click the Advanced button. This will open the Advanced Security Settings window. From there, click on the Effective Permissions tab to determine the user's permissions to the OU. To specifically check the user's permissions, click the Select button, type the user's account name, and click OK. This will display the effective permissions for the user on the OU.

    Rate this question:

  • 13. 

    Which of the following is a reason for establishing multiple sites? ( Choose all that apply.)

    • A.

      Improving authentication efficiency

    • B.

      Enabling more frequent replication

    • C.

      Reducing traffic on the WAN

    • D.

      Having only one IP subnet

    Correct Answer(s)
    A. Improving authentication efficiency
    C. Reducing traffic on the WAN
    Explanation
    Establishing multiple sites can improve authentication efficiency because it allows for distributed authentication servers, reducing the load on a single server and improving response times. It can also reduce traffic on the WAN by enabling local access to resources, rather than having all traffic traverse the wide area network.

    Rate this question:

  • 14. 

    Which of the following is a reason to use multiple domains? ( Choose all that apply.)

    • A.

      Need for different name identities

    • B.

      Replication control

    • C.

      Need for differing account policies

    • D.

      Easier access to resources

    Correct Answer(s)
    A. Need for different name identities
    B. Replication control
    C. Need for differing account policies
    Explanation
    Using multiple domains can be beneficial for several reasons. Firstly, it allows for the need of different name identities, which can be useful in situations where different departments or organizations within a larger entity require separate domain names. Secondly, multiple domains can be used for replication control, enabling the distribution of data and services across different domains to improve performance and reliability. Lastly, having multiple domains can facilitate the need for differing account policies, allowing for different security settings and access controls based on specific requirements.

    Rate this question:

  • 15. 

    Trust relationships between all domains in a forest are two-way transitive trusts. True or False?

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Trust relationships between all domains in a forest are two-way transitive trusts. This means that if Domain A trusts Domain B, then Domain B also trusts Domain A. Additionally, if Domain A trusts Domain B and Domain B trusts Domain C, then Domain A trusts Domain C. Therefore, the statement is true.

    Rate this question:

  • 16. 

    What can you do to integrate user authentication between Linux and Active Directory?

    • A.

      Create a realm trust.

    • B.

      Create an external trust.

    • C.

      Create a one-way trust.

    • D.

      Create a transitive trust.

    Correct Answer
    A. Create a realm trust.
    Explanation
    Creating a realm trust allows for the integration of user authentication between Linux and Active Directory. A realm trust establishes a trust relationship between two realms, in this case, the Linux realm and the Active Directory realm. This trust enables users from the Linux realm to authenticate against the Active Directory realm, allowing for seamless user authentication and access control across both systems.

    Rate this question:

  • 17. 

    What can you do to reduce the delay caused by authentication referral?

    • A.

      Create a forest trust.

    • B.

      Create an external trust.

    • C.

      Create a shortcut trust.

    • D.

      Create a transitive trust.

    Correct Answer
    C. Create a shortcut trust.
    Explanation
    Creating a shortcut trust can help reduce the delay caused by authentication referral. A shortcut trust is a trust relationship between two domains in a forest that enables authentication requests to be directly sent between them, bypassing the need for referrals. This reduces the time taken for authentication and improves overall efficiency.

    Rate this question:

  • 18. 

    Which of the following is a valid reason for using multiple forests?

    • A.

      Centralized management

    • B.

      Need for different schemas

    • C.

      Easy access to all domain resources

    • D.

      Need for a single global catalog

    Correct Answer
    B. Need for different schemas
    Explanation
    Using multiple forests allows for the need of different schemas. A schema defines the structure and organization of objects within a directory service. Different departments or divisions within an organization may have unique requirements for their directory service, such as different attributes or object classes. By using multiple forests, each department or division can have its own schema tailored to its specific needs, while still maintaining a separate and isolated directory service. This allows for greater flexibility and customization in managing and organizing directory resources.

    Rate this question:

  • 19. 

    You have an Active Directory forest of two trees and eight domains. You haven’t changed any of the operations master domain controllers. On which domain controllers is the schema master?

    • A.

      All domain controllers

    • B.

      The last domain controller installed

    • C.

      The first domain controller in the forest root domain

    • D.

      The first domain controller in each tree

    Correct Answer
    C. The first domain controller in the forest root domain
    Explanation
    The schema master is located on the first domain controller in the forest root domain. In an Active Directory forest, there is a single schema master responsible for managing the schema, which defines the structure and attributes of objects in the directory. The schema master role is held by the first domain controller in the forest root domain by default, and it is not automatically changed unless manually transferred. Therefore, in this scenario, the schema master would be on the first domain controller in the forest root domain.

    Rate this question:

  • 20. 

    Which of the following is not a function of the global catalog?

    • A.

      Facilitates forestwide searches

    • B.

      Keeps universal group memberships

    • C.

      Facilitates intersite replication

    • D.

      Facilitates forestwide logons

    Correct Answer
    D. Facilitates forestwide logons
    Explanation
    The global catalog is responsible for facilitating forestwide searches, keeping universal group memberships, and facilitating intersite replication. However, it is not responsible for facilitating forestwide logons. Forestwide logons are handled by the domain controllers, which authenticate user credentials and grant access to resources within the domain. The global catalog, on the other hand, is a distributed data repository that stores a subset of attributes for all objects in the forest, allowing for efficient searches and queries across multiple domains.

    Rate this question:

  • 21. 

    Which of the following do all domains in the same forest have in common? ( Choose all that apply.)

    • A.

      The same domain name

    • B.

      The same schema

    • C.

      The same user accounts

    • D.

      The same global catalog

    Correct Answer(s)
    B. The same schema
    D. The same global catalog
    Explanation
    All domains in the same forest have the same schema because the schema defines the structure and attributes of objects in the Active Directory. The same global catalog is also shared by all domains in the same forest, as the global catalog contains a partial replica of all objects in the forest. However, they may not necessarily have the same domain name or the same user accounts, as each domain in the forest can have its own unique domain name and set of user accounts.

    Rate this question:

  • 22. 

    Your company has merged with another company that also uses Windows Server 2008 andActive Directory. You want to give the other company’s users access to your company’sdomain resources and vice versa without duplicating account information and with the leastadministrative effort. How can you accomplish this? (create what?)

    Correct Answer(s)
    Create a forest trust
    Explanation
    To give the other company's users access to your company's domain resources and vice versa without duplicating account information and with the least administrative effort, you can create a forest trust. A forest trust establishes a secure and transitive trust relationship between the two Active Directory forests, allowing users from both forests to access resources in either domain without the need for duplicate accounts or excessive administrative overhead.

    Rate this question:

  • 23. 

    Which is responsible for determining the replication topology?

    • A.

      GPO

    • B.

      RID

    • C.

      KCC

    • D.

      PDC

    Correct Answer
    C. KCC
    Explanation
    The Knowledge Consistency Checker (KCC) is responsible for determining the replication topology in a Windows Active Directory environment. It is a built-in component that runs on domain controllers and is responsible for creating and maintaining the replication connections between domain controllers. The KCC analyzes the network topology and the site configuration to determine the most efficient replication path between domain controllers. It also adjusts the replication topology dynamically as the network or site configuration changes.

    Rate this question:

  • 24. 

    Which is responsible for management of adding, removing, and renaming domains in a forest?

    • A.

      Schema master

    • B.

      Infrastructure master

    • C.

      Domain naming master

    • D.

      RID master

    Correct Answer
    C. Domain naming master
    Explanation
    The domain naming master is responsible for managing the addition, removal, and renaming of domains within a forest. This role ensures that the domain names are unique and properly managed within the forest. It helps maintain the integrity and organization of the forest by overseeing the domain naming process. The domain naming master ensures that any changes made to the domain structure are correctly implemented and coordinated across the forest.

    Rate this question:

  • 25. 

    Which of the following is a directory partition? (Choose all that apply.)

    • A.

      Domain directory partition

    • B.

      Group policy partition

    • C.

      Schema directory partition

    • D.

      Configuration partition

    Correct Answer(s)
    A. Domain directory partition
    C. Schema directory partition
    Explanation
    A directory partition is a logical division of the Active Directory database that contains specific types of objects. The Domain directory partition is a partition that holds information about a specific domain in a forest. It stores objects such as users, groups, and computers that belong to that domain. The Schema directory partition, on the other hand, holds the definition and structure of all objects in the forest. It determines the types of objects that can be created and the attributes associated with them. Therefore, both the Domain directory partition and the Schema directory partition are examples of directory partitions.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Jan 28, 2012
    Quiz Created by
    Cendy

Related Topics

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.