Vanessa Mercado CISN 307 Chapter 10 1.

Which of the following is the default forest functional level for a Windows Server 2008 domain controller installed in a new forest? a.Windows 2000 mixed b.Windows 2000 c.Windows Server 2003 d.Windows Server 2008 2.Which of the following is true about forests running at the Windows Server 2003 functional level? (Choose all that apply.) a.You can rename a domain. b.You can create a forest trust with a Windows 2000 forest. c.RODCs can be part of the forest. d.Windows 2000 domain controllers can be part of the forest. 3.The Windows 2000 native domain functional level supports universal groups. True or False? *4.Which of the following is a feature introduced with the Windows Server 2008 domain functional level? (Choose all that apply.) a.Shortcut trusts b.Fine-grained password policies c.DFS replication of Sysvol d.Selective authentication 5.You’re going to introduce a Windows Server 2008 domain controller into a Windows Server 2003 forest. Which of the following should you do? a.First, prepare the forest by running adprep /forestprep on a Windows Server 2003 domain controller performing the schema operations master role. Then run adprep /domainprep in each domain that will have a Windows Server 2008 domain controller. b.First, run adprep /domainprep in each domain that will have a Windows Server 2008 domain controller. Then prepare the forest by running adprep /forestprep on a Windows Server 2003 domain controller performing the infrastructure operations master role. c.First, run adprep /domainprep on a Windows Server 2003 domain controller that holds the schema operations master role. Then run adprep /forestprep on a domain controller performing the infrastructure operations master role.d.First, prepare the forest by running adprep /forestprep on the new Windows Server 2008 domain controller. Then run adprep /domainprep on each new Windows Server 2008 domain controller in each domain. **6.If you need to remove a domain from a forest in which the last domain controller has failed,which program should you use? NTDSutil

c. What should you configure in the forest trust? a. click Change Schedule. 10.One-way trust 13.Trust transitivity c. then ForestA trusts ForestC. True or False? 11.Configure a standard primary zone. ADMT) a. What’s the best way to make this change? a.One-way trust 12.Ntdsutil b.Bob is an administrator in a trusted forest.If you configure a trust between ForestA and ForestB.” You have theIP address of the domain controller in the other forest.In the General tab of the connection object’s Properties dialog box.What is the program for migrating users from one forest to another? ADMT (Active Directory Migration Tool) 8.You want to change the replication schedule between two domain controllers in the same site—and only these two domain controllers—to occur four times per hour.Trust transitivity c. so you try pinging again with this IP address.You’re going to configure a forest trust between Forest A and ForestB and are logged on to a domain controller in the root of ForestA. What should you do before you attempt to create the trust? a. You know you have the correct server and domain name.SID history d.7.Which of the following should you configure if you want users in a trusted forest to have access only to certain resources in your forest.Selective authentication d. and it’s successful.SID filtering b.Security translation 9.Selective authentication d. You want to be sure he can’t gain privileged access to resources in your forestwhile masquerading as a user in his forest who doesn’t normally have privileged access inyour forest. and you have some concerns about his trustworthiness.SID filtering b. . You try to ping a domain controller in the root domain of ForestB and get the reply “Please check the name and try again.Verify that Kerberos v5 is configured correctly in both forests d.Adprep c. b.Verify the IP address assignment of the remote domain controller.Which of the following is associated with Active Directory migration? (Choose all that apply. The KCC hasgenerated all your intrasite connection objects. regardless of permission settings on these resources? a.Configure a stub zone. and a trust exists between ForestB and ForestC.

What do youneed to do to make sure replication will occur between Boston and LA? a.The domain controller holding the PDC emulator role wasn’t contacted by the domain controller that authenticated the user. . and set the schedule to four times per hour. b.Create a site link bridge between Boston and LA.Do nothing. and then install the RODC. Whatshould you do to solve this problem? Add a subnet to the location of the site 17. replication will occur between Boston and LA with the current configuration . What’s the most likely cause of the delay in the user’s ability to log on? a. Chicago.Users of a new network subnet have been complaining that logons and other services aretaking much longer than they did before being moved to the new subnet.In the Site Settings tab of the NTDS Site Settings Properties dialog box. which currently has allWindows Server 2003 domain controllers.You have three sites: Boston. c. andnormal replication between sites caused the delay. click Change Schedule.Run Adprep in the forest and domain. d.b. b. She tries logging on again about 30 minutes later and is success-ful. and set the schedule tofour times per hour.A user calls the help desk to change her forgotten password.Configure a site link between Boston and LA with SMTP.The domain controller where the password was changed was in a different site. run Adprep in theforest and domain.You want to install an RODC in your Windows Server 2003 forest. click ChangeSchedule. 16. and set the schedule to four times per hour. Tell the KCC to check the replication topology. c. How should you go about doing this? a. You discover thatmany logons and requests for DFS resources from workstations in the new subnet are beinghandled by domain controllers in a remote site instead of local domain controllers.Install the RODC in the forest. no additional steps are necessary. c.and change the replication schedule to four times per hour.Create a new connection object for the two domain controllers. 15.Change the forest functional level to Windows Server 2008 first. she attempts to log on with the new password but gets a logon failed message. b. Make sure theobject is marked as automatically generated. and then install the RODC. 4.The domain controller that authenticated the user must have gone down and didn’treceive the password change until it was brought back online. d. d.Create a new connection object between Boston and LA. and LA. install a Windows Server 2008 writeable domaincontroller. You have created site links between Bostonand Chicago and between Chicago and LA with the default site link settings.In the Schedule tab of the server’s Properties dialog box. and then install the RODC.Run Adprep for the forest and domain. She verifies that the correct password is being entered. c. d. A minute later.The intrasite replication schedule is set for 30 minutes instead of 15 seconds.

What should you configure? a. The problem parti-tion is stored on multiple domain controllers in SiteA.Which of the following is true about using SMTP in site links? (Choose all that apply.Domains can span the sites included in the site link. d.Users usually notice a failure of the domain naming master immediately.User authentications are taking a long time.Enable universal group membership caching.An automatically configured bridgehead server b. b. c.A failed ISTG 20. Overall. You want to control the flow of replication traffic between sites.Configure the domain controller as a global catalog server. b. your network con-tains 3000 user and computer accounts. You have 50 users at this site with one domain controller.A manually configured bridgehead server c.Site link bridges d. What should you investigate as thesource of the problem? a.Infrastructure master configured as a global catalog server d. 19.It’s the preferred transport protocol for intersite links. but all other partitions on domain controllers in SiteA are being replicated.You want to decrease users’ logon time at SiteA but not increase replication traffic drastically.PDC emulator and RID master on the same computer c.A certification authority must be installed.Schema master configured as a global catalog server 23.Configure the domain controller as a domain naming master. 22.NTDS settings **21. c.Connection objects between domain controllers in each site b.Configure multiple connection objects between the domain controller in SiteA and aremote global catalog server.A partition stored on a domain controller in SiteA isn’t being replicated to other sites. The domain controller performing which FSMO role will most likely decrease authentication times if it’s upgraded? .A failed site link bridge d.Domain naming master and schema master on the same domain controller b. d. True or False? 24.Which of the following configurations should you avoid? a.Your network is configured in a hub and spoke topology.) a.18. specifically reducing the replication traffic traveling across network links between hub sites to reach satellite sites.It’s best used on slow or unreliable network links.Intersite transports c. What solution can decrease logon times with theleast impact on replication traffic? a.

Domain naming master 25. . and then transfer the RID master role to the new domain controller.Shut down the current RID master and seize the RID master role from the new domain controller.Transfer the RID master role to the new domain controller. and then shut down the old RID master. restore it to the new domain controller. d.Shut down the current RID master.a. What should you do to ensure the smoothest transition? a. and then shut down the old server.Back up the domain controller that’s currently the RID master.PDC emulator c.You’re taking an older server performing the RID master role out of service and will ber e placing it with a new server configured as a domain controller.Infrastructure master d. c. b.RID master b.

Sign up to vote on this title
UsefulNot useful