1.
_______________________ defines how permissions are transmitted from a parent object to a child object.
Explanation
Permission inheritance is the process by which permissions are passed down from a parent object to a child object. This means that if a parent object has certain permissions set, such as read or write access, those permissions will be automatically inherited by any child objects. This allows for efficient management of permissions, as changes made at the parent level will automatically apply to all child objects.
2.
A user principal name (UPN) follows the format ____________________.
Explanation
A user principal name (UPN) follows the format of "username@domain". It consists of the username, which identifies the specific user, followed by the "@" symbol, and then the domain name. The UPN is used as a unique identifier for users in certain systems, such as Active Directory, and allows for easier user management and authentication.
3.
The group “TestGroup” has been added to an objects DACL and assigned the Allow Full control permission. “TestUserA” is a member of “TestGroup”, which has been assigned Deny Write permission for the object. What is “TestUserA”’s effective permissions?
Correct Answer
C. TestUserA can do anything that Full Control would allow him to do, except write to the object.
Explanation
TestUserA can do anything that Full Control would allow him to do, except write to the object. This is because although TestUserA is a member of TestGroup, which has been assigned Deny Write permission, the Deny permission takes precedence over the Allow permission. Therefore, TestUserA is denied the ability to write to the object, even though they have been granted Full Control permission through TestGroup.
4.
Which operations master role is responsible for providing backwards compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers?
Correct Answer
C. PDC emulator master
Explanation
The PDC emulator master is responsible for providing backwards compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers. This role ensures that these older servers can still communicate and function properly within the domain.
5.
Which of the following statements about operations master roles is correct?are added, deleted, or renamed.
Correct Answer
A. By default, the Infrastructure master is chosen randomly per domain
6.
The user “TestUserA” has been added to an objects DACL and assigned the Allow Full control permission. However, “TestUserA” has inherited the Deny Full Control permission for the object from its parent container. What is “TestUserA”’s effective permissions?
Correct Answer
D. TestUserA has Full Control permissions
Explanation
TestUserA has Full Control permissions. Even though TestUserA has inherited the Deny Full Control permission from its parent container, the Allow Full Control permission that was directly assigned to TestUserA on the object overrides the inherited permission. In Windows security, explicit permissions take precedence over inherited permissions. Therefore, TestUserA's effective permission is Full Control.
7.
The _________________________ is a directory partition and contains the most commonly accessed object attributes to facilitate object searches and user logons across domains.
Correct Answer
Global Catalog Partition
Explanation
The Global Catalog Partition is a directory partition that contains the most commonly accessed object attributes. It is designed to facilitate object searches and user logons across domains. By storing a subset of the attributes for all objects in the forest, the Global Catalog Partition allows for efficient and quick searches, reducing the need to access multiple domain controllers. This improves the performance of directory services and enhances the user experience by providing faster logons and searches across the network.
8.
Each entry in the Discretionary access control list is referred to as an ACE. What does ACE stand for?
Correct Answer
D. Access Control Entry
Explanation
An ACE stands for Access Control Entry. In the context of a Discretionary access control list, an ACE refers to each individual entry that specifies the permissions or access rights for a particular user or group. It determines what actions can be performed on a resource or object, such as read, write, or execute. The ACE is an essential component of the access control mechanism, allowing administrators to define and manage the access privileges of different users or groups within a system.
9.
Lightweight Directory Access Protocol (LDAP) was created by the ______________________________.
Correct Answer
IETF;
Internet Engineering Task Force
Explanation
The correct answer is IETF; Internet Engineering Task Force. The IETF is a standards organization that develops and promotes voluntary internet standards, including the Lightweight Directory Access Protocol (LDAP). LDAP was created by the IETF to provide a standard way to access and manage directory information over a network.
10.
What is the name of the default site link that is created when Active Directory is first installed?
Correct Answer
C. DEFAULTIPSITELINK
Explanation
The default site link that is created when Active Directory is first installed is called DEFAULTIPSITELINK.
11.
A ____ is configured manually between domains to bypass the normal referral process.
Correct Answer
A. One-way trust
Explanation
A one-way trust is configured manually between domains to bypass the normal referral process. This means that one domain trusts the other, allowing users in the trusted domain to access resources in the trusting domain. However, the trust is not reciprocated, and users in the trusting domain do not have access to resources in the trusted domain. This type of trust is useful in scenarios where there is a need for limited access between domains, such as in a merger or acquisition situation.
12.
Which operations master role is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?
Correct Answer
A. Infrastructure master
Explanation
The infrastructure master is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains. This role is crucial in maintaining the consistency and synchronization of object names across multiple domains within a forest. The infrastructure master identifies and updates the references to objects when their names are changed, ensuring that the changes are propagated correctly throughout the forest.
13.
All computers assigned an address in a subnet require a router to communicate with one another.
Correct Answer
B. False
Explanation
This statement is false because computers within the same subnet can communicate with each other directly without the need for a router. A subnet is a logical division of an IP network, and all devices within the same subnet can communicate with each other using their IP addresses and subnet mask. A router is only required when communication needs to occur between different subnets.
14.
Which of the following is not an advantage of running a dedicated forest root domain?
Correct Answer
C. reliability
Explanation
Running a dedicated forest root domain does not provide an advantage in terms of reliability. While a dedicated forest root domain can offer benefits such as flexibility, manageability, and security, reliability is not specifically enhanced by this setup. Reliability typically depends on factors such as network infrastructure, hardware, and software configurations, rather than the presence of a dedicated forest root domain.
15.
Which directory partition contains all objects in a domain, including users, groups, computers, OUs, and other objects?
Correct Answer
A. Global Catalog partition
Explanation
The Global Catalog partition contains all objects in a domain, including users, groups, computers, OUs, and other objects. The Global Catalog is a distributed data repository that stores a subset of the most commonly used attributes for objects in a forest. It allows for efficient searching and locating of objects across multiple domains in a forest.
16.
A dedicated forest root domain contains only the forestwide administrative accounts and domain controllers needed to run the forestwide operations master roles. No additional OUs or server roles are installed.
Correct Answer
A. True
Explanation
A dedicated forest root domain is designed to only contain the necessary forestwide administrative accounts and domain controllers that are responsible for performing forestwide operations master roles. This means that no additional organizational units (OUs) or server roles are installed in this domain. The purpose of this setup is to keep the forest root domain clean and focused on its specific administrative functions, ensuring efficient management and operation of the entire forest. Therefore, the statement is true.
17.
Match a term below to the following descriptionThe process for replicating Active Directory objects in which changes to the database can occur on any domain controller and are propagated, or replicated, to all other domain controllers.
Correct Answer
B. Multimaster replication
Explanation
Multimaster replication is the correct answer because it refers to the process of replicating Active Directory objects where changes to the database can occur on any domain controller and are then propagated or replicated to all other domain controllers. This allows multiple domain controllers to have the ability to make changes to the database, making it a more efficient and flexible method of replication.
18.
Explicit permissions never override inherited permissions.
Correct Answer
B. False
Explanation
This statement is incorrect. Inherited permissions can be overridden by explicit permissions. Explicit permissions are permissions that are specifically set for a file or folder, while inherited permissions are permissions that are passed down from a parent object. If explicit permissions are set for a file or folder, they will take precedence over any inherited permissions.
19.
To verify who has been delegated control of an OU, you must ____.
Correct Answer
D. View the OU’s permissions
Explanation
To verify who has been delegated control of an OU, you need to view the OU's permissions. By checking the permissions, you can identify the users or groups that have been granted control over the OU. This will allow you to determine who has been delegated the authority to manage and make changes to the objects within the OU.