Identity with Windows Server 2016 v1.0

Page:    1 / 18   
Exam contains 272 questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to add a domain user named User1 to the local Administrators group on Server1.
Solution: From the Computer Configuration node of GPO1, you configure the Account Policies settings.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

Explanation:
Account Lockout Policy settings encapsulates Password Policy, Account Lockout Policy, and Kerberos Policy. It will not allow you to add a domain user to a local
Administrators group.
References:
https://technet.microsoft.com/pt-pt/library/cc757692(v=ws.10).aspx

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
The Computer account for Server1 is in organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to add a domain user named User1 to the local Administrators group on Server1.
Solution: From the Computer Configuration node of GPO1, you configure the Restricted Groups settings.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : A

Your network contains an Active Directory domain named contoso.com.
All users are in an organizational unit (OU) named Corp_Users.
You plan to modify the description of all the users who have a string of 514 in their mobile phone number.
You need to view a list of the users that will be modified.
What should you run?

  • A. Get-ADOrganizationalUnit-Filter ג€mobilePhone-Like ג€˜*514*ג€™ ג€
  • B. Get-ADUser-LDAPFilter ג€(mobilePhone= ג€˜*514*ג€™)ג€
  • C. Get-ADUser-Filter ג€mobilePhone-Like ג€˜*514*ג€™ ג€
  • D. Get-ADOrganizationalUnit-LDAPFilter ג€(mobilePhone= ג€˜*514*ג€™)ג€


Answer : C

Your network contains an Active Directory domain. The domain contains a computer named Computer1 and an organizational unit (OU) named TestOU. TestOU contains 10 computer accounts that are used for testing. A Group Policy object (GPO) named GPO1 is linked to TestOU.
On Computer1, you modify the User Right Assignment by using the local policy.
You need to apply the User Right Assignment from Computer1 to the 10 test computers.
What should you do?

  • A. On Computer1 run the secedit.exe command and specify the /export parameter. Edit GPO1, and then import a security template.
  • B. On Computer1, run the gpresult.exe command and specify the /x parameter. Edit GPO1, and then import a security template.
  • C. On Computer1, run the secedit.exe command and specify the /export parameter. From Group Policy Management, run the Import Settings Wizard.
  • D. On Computer1, run the gpresult.exe command and specify the /x parameter. From Group Policy Management, run the Restore Group Policy Object Wizard.


Answer : A

Your network contains a single-domain Active Directory forest named contoso.com. The forest functional level is Windows Server 2016. The forest has Dynamic
Access Control enabled. The domain contains two domain controllers named DC1 and DC2. Privileged user accounts used to manage Active Directory reside in a group named Contoso\AD_Admins.
You create an authentication policy named Policy1 and an authentication policy silo named Silo1.
You need to ensure that the accounts in the Contoso\AD_Admins group can sign in to the domain controllers only.
Which three configurations should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create an access control condition in Policy1.
  • B. Create a managed service account and add the account to Permitted Accounts in Silo1.
  • C. Add the domain controllers to the Contoso\AD_Admins group.
  • D. Add the privileged user accounts and the domain controllers to Permitted Accounts in Silo1.
  • E. Assign Silo1 to the privileged user accounts and the domain controllers.


Answer : ADE

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain.
You have a user account that is a member of the Domain Admins group.
You have 100 laptops that have a standard corporate image installed. The laptops are in workgroups and have random names.
A technician named Tech1 is assigned the task of joining the laptops to the domain. The computer accounts of each laptop must be in an organizational unit (OU) that is associated to the department of the user who will use the laptop. The laptop names must start with four characters indicating the department, followed by a four-digit number.
Tech1 is a member of the Domain Users group only. Tech1 has the administrator logon credentials for all the laptops.

You need Tech1 to join the laptops to the domain. The solution must ensure that the laptops are named correctly, and that the computer accounts of the laptops are in the correct OUs.
Solution: You instruct Tech1 to sign in to each laptop, to rename each laptop by using System in Control Panel, and then to join each laptop to the domain by using the Netdom join command.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : A

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain.
You have a user account that is a member of the Domain Admins group.
You have 100 laptops that have a standard corporate image installed. The laptops are in workgroups and have random names.
A technician named Tech1 is assigned the task of joining the laptops to the domain. The computer accounts of each laptop must be in an organizational unit (OU) that is associated to the department of the user who will use the laptop. The laptop names must start with four characters indicating the department, followed by a four-digit number.
Tech1 is a member of the Domain Users group only. Tech1 has the administrator logon credentials for all the laptops.

You need Tech1 to join the laptops to the domain. The solution must ensure that the laptops are named correctly, and that the computer accounts of the laptops are in the correct OUs.
Solution: You pre-create the computer account of each laptop in Active Directory Users and Computers.
You instruct Tech1 to sign in to each laptop, to rename each laptop, and then to join each laptop to the domain by using System in Control Panel.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

HOTSPOT -
Your network contains an Active Directory forest named contoso.com.
You need to add a new domain named fabrikam.com to the forest.
What command should you run? To answer, select the appropriate options in the answer area.
Hot Area:




Answer :

Reference:
https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomain?view=winserver2012r2-ps

HOTSPOT -
Your network contains an Active Directory forest. The forest contains two domain controllers named DC1 and DC2 that run Windows Server 2016. DC1 holds all of the operations master roles.
DC1 experiences a hardware failure.
You plan to use an automated process that will create 1,000 user accounts.
You need to ensure that the automated process can complete successfully.
Which command should you run? To answer, select the appropriate options in the answer area.
Hot Area:




Answer :

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com.
A user named User1 is in an organizational unit (OU) named OU1.
You are troubleshooting a folder access issue for User1.
You need a list of groups to which User1 is either a direct member or an indirect member.
Solution: You run Get-ADGroup ג€"Identity User1 ג€"Property MemberOf.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

Explanation:
The Get-ADGroup cmdlet does not include the MemberOf property. The command above is, therefore, not valid.
References:
https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adgroup?view=win10-ps

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com.
A user named User1 is in an organizational unit (OU) named OU1.
You are troubleshooting a folder access issue for User1.
You need a list of groups to which User1 is either a direct member or an indirect member.
Solution: You run Get-ADUser ג€"Identity User1 ג€"Property MemberOf.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

Explanation:
The Get-ADUser cmdlet does not include the MemberOf property. The command above is, therefore, not valid.
References:
https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduser?view=win10-ps

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com.
A user named User1 is in an organizational unit (OU) named OU1.
You are troubleshooting a folder access issue for User1.
You need a list of groups to which User1 is either a direct member or ab indirect member.
Solution: You run dsget user cn=User1, ou=OU1, dc=contoso, dc=com ג€"memberof ג€"expand.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : A

Explanation:
DSGET displays the properties of a user in the directory. There are two variations of this command. The first variation displays the properties of multiple users.
The second variation displays the group membership information of a single user.
To show the list of groups, recursively expanded, to which the user Mike Danseglio belongs, type: dsget user "CN=Mike Danseglio,CN=users,dc=ms,dc=tld" -memberof ג€"expand
References:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732535%28v%3dws.10%29

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com.
A user named User1 is in an organizational unit (OU) named OU1.
You are troubleshooting a folder access issue for User1.
You need a list of groups to which User1 is either a direct member or an indirect member.
Solution: You instruct User 1 to sign in and run whoami.exe/groups.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : A

References:
https://www.thewindowsclub.com/whoami-windows

Your company has multiple branch offices.
The network contains an Active Directory domain named contoso.com.
In one of the branch offices, a new technician is hired to add computers to the domain.
After successfully joining multiple computers to the domain, the technician fails to join any more computers to the domain.
You need to ensure that the technician can join an unlimited number of computers to the domain.
What should you do?

  • A. Configure the technicianג€™s user account as a managed service account.
  • B. Run the Set-ADComputer cmdlet.
  • C. Modify the Security settings of the Computers container.
  • D. Add the technician to the Domain Computers group.


Answer : C

Explanation:
Users who have the Create Account Objects privilege for the Computers container can create an unlimited number of computer accounts in the domain. You can grant this privilege by accessing the Advanced Security settings on the Security Tab of the Computer container via Active Directory Users And Computers or the
Active Directory Administrative Center.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. Modify the Security settings of the Computers container.
2. Run the Delegation of Control Wizard on the Computers container.
Other incorrect answer options you may see on the exam include the following:
1. Modify the Security settings of the technicianג€™s user account.
2. Run the redircmp.exe command.
3. Add the technician to the Windows Authorization Access Group group.
References:
https://books.google.co.za/books?id=LvNODQAAQBAJ&pg=PT268&lpg=PT268&dq=Modify+the+Security+settings+of+the+Computers+container
+2016&source=bl&ots=1lRBQ21cL0&sig=1AUSon_6cjIqyN_927iOB7z3-Eg&hl=en&sa=X&ved=0ahUKEwjBi4OS- rnbAhXKD8AKHerKDcgQ6AEISjAC#v=onepage&q=Modify%20the%20Security%20settings%20of%20the%20Computers%20container%202016&f=false https://www.itprotoday.com/active-directory/delegating-privileges-active-directory

You create a user account that will be used as a template for new user accounts.
Which setting will be copied when you copy the user account from Active Directory Users and Computers?

  • A. the Department attribute
  • B. the Description attribute
  • C. Permissions
  • D. Remote Desktop Services Profile
  • E. the User logon name attribute
  • F. Published Certificates
  • G. the Office attribute


Answer : A

Explanation:
A user template in Active Directory can be used if you are creating users for a specific department, with exactly the same properties, and membership to the same user groups. A user template is nothing more than a disabled user account that has all these settings already in place.
Reference:
www.rebeladmin.com/2014/07/create-users-with-user-templates-in-ad/

Page:    1 / 18   
Exam contains 272 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.