Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Answer : A
References:
https://www.dtonias.com/access-denied-delete-move-ou-active-directory/
DRAG DROP -
Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2. DC2 is a virtual machine that is hosted on a Hyper-V host named HyperV1. DC1 holds the PDC emulator operations master role.
You need to create a new domain controller named DC3 by using domain controller cloning.
Which five actions should you perform in sequence before you can import the cloned virtual machine? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:
Answer :
References:
https://blogs.technet.microsoft.com/askpfeplat/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012/
Your network contains an Active Directory forest named contoso.com.
Your company plans to hire 500 temporary employees for a project that will last 90 days.
You create a new user account for each employee. An organizational unit (OU) named Temp contains the user accounts for the employees.
You need to prevent the new users from accessing any of the resources in the domain after 90 days.
What should you do?
Answer : C
References:
https://docs.microsoft.com/en-us/powershell/module/addsadministration/set-adaccountexpiration?view=win10-ps
HOTSPOT -
Your network contains an Active Directory forest. The forest contains two sites named Site1 and Site2. Site1 contains 10 domain controllers. Site1 and Site2 connect to each other by using a WAN link.
You run the Active Directory Domain Services Configuration Wizard as shown in the following graphic.
Answer :
Explanation:
By selectively caching credentials, RODCs address some of the challenges that enterprises can encounter in branch offices and perimeter networks (also known as DMZs) that may lack the physical security that is commonly found in datacenters and hub sites.
HOTSPOT -
Your network contains an Active Directory forest named contoso.com. The forest contains the root domain and two child domains named child1.contoso.com and child2.contoso.com.
Child1 contains three domain controllers named DC1, DC2, and DC3. Child2 contains one domain controller named DC4.
You have two accounts named Child1\Admin1 and Child2\Admin2 that you use to perform administrative tasks. Currently, the accounts can manage only the member servers in their respective domain.
You plan to demote DC3 and to remove the Child2 domain.
You need to ensure that Admin1 can demote DC3 and that Admin2 can demote DC4. The solution must use the principle of least privilege.
To which groups should you add Admin1 and Admin2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
References:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domains--level-200-
Your network contains an Active Directory forest. The forest contains a forest root domain named contoso.com and a child domain named eu.contoso.com. Each domain contains two domain controllers that run Windows Server 2012 R2.
The forest functional level is Windows Server 2008 R2. The domain functional level of contoso.com is Windows Server 2012 R2. The domain functional level of eu.contoso.com is Windows Server 2008 R2.
You need to raise the domain functional level of contoso.com to Windows Server 2016. The solution must minimize administrative effort.
What should you do before you raise the domain functional level?
Answer : C
References:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.
Answer : B
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories
Your network contains an Active Directory domain.
You have a user account that is a member of the Domain Admins group.
You have 100 laptops that have a standard corporate image installed. The laptops are in workgroups and have random names.
A technician named Tech1 is assigned the task of joining the laptops to the domain. The computer accounts of each laptop must be in an organizational unit (OU) that is associated to the department of the user who will use the laptop. The laptop names must start with four characters indicating the department, followed by a four-digit number.
Tech1 is a member of the Domain Users group only. Tech1 has the administrator logon credentials for all the laptops.
You need Tech1 to join the laptops to the domain. The solution must ensure that the laptops are named correctly, and that the computer accounts of the laptops are in the correct OUs.
Solution: You script the creation of files domain join, and then you give the files to Tech1.
You instruct Tech1 to sign in to each laptop, and then to run djoin.exe.
Does this meet the goal?
Answer : B
HOTSPOT -
Your network contains an Active Directory domain named adatum.com. The domain contains the objects shown in the following table.
Answer :
HOTSPOT -
Your network contains an Active Directory domain named contoso.com. You plan to automate user account management.
You need to find user accounts that meet specific criteria by using the find command in Active Directory Users and Computers. The solution must minimize administrative effort.
Which Find option should you use for each section? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
References:
https://activedirectorypro.com/find-disabled-active-directory-user-accounts/ https://www.oreilly.com/library/view/active-directory-cookbook/0596004648/ch06s29.html
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named LondonUsers that contains 10,000 users.
You need to modify the Office -
attribute of all the users in the LondonUsers OU.
Solution: From PowerShell, you run the Get-ADUser cmdlet and specify the ג€"SearchBase parameter. You pipe the results to the Set-Aduser cmdlet.
Does this meet the goal?
Answer : A
References:
https://webactivedirectory.com/2011/07/18/simple-powershell-script-to-bulk-update-or-modify-active-directory-user-attributes/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named LondonUsers that contains 10,000 users.
You need to modify the Office attribute of all the users in the LondonUsers OU.
Solution: You create a CSV file. You run csvde.exe and specify the ג€"i and ג€"f parameters.
Does this meet the goal?
Answer : B
References:
https://webactivedirectory.com/2011/07/18/simple-powershell-script-to-bulk-update-or-modify-active-directory-user-attributes/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named LondonUsers that contains 10,000 users.
You need to modify the Office attribute of all the users in the LondonUsers OU.
Solution: You create an LDIF file. You run ldifde.exe and specify the ג€"i and ג€"f parameters.
Does this meet the goal?
Answer : B
References:
https://webactivedirectory.com/2011/07/18/simple-powershell-script-to-bulk-update-or-modify-active-directory-user-attributes/
Your network contains an Active Directory domain named contoso.com.
You need to ensure that the Administrators group on each computer in the domain always contains Contoso\Domain Admins.
What should you do?
Answer : B
References:
https://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/
HOTSPOT -
Your network contains an Active Directory domain named adatum.com.
You create a user named User1.
You need to meet the following requirements:
✑ Ensure that User1 can sign in only during work hours.
✑ Allow User1 to establish a VPN connection.
Which two settings should you configure? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :