So we are almost done with this set. As discussed previously I may attempt two more sets of questions from other books. I also need to go
back and edit the formatting of some of the earlier ones to keep the bolding in line. This is actually more fun than I thought it would be and
Ive uncovered a few week areas other than the ones that involve math. on to 51-60, hopefully ill get this whole thing done today as its really not
that much work. Kind of disappointing when I cant get 10 done in a day.
51. Your network contains a single AD domain, StevieBsChickenALaKingALaCarte.com. DC1 exists in your main office and contains all FSMO roles. DC2 is located in a branch site connected via
a 10-mbps WAN link. DC2 does not contain any FISMO roles. Due to a situation invloving a tree getting thunder
struck your WAN link goes down and no users can log on. Which FSMO role must you bring online locally to ensure that users can log on.
A. Infrastructure master
B. Domain naming master (read through previous link(s))
C. PDC emulator
D. RID master
Answer: The most basic thing you need to bring online is the C in this legacy server scenario thats simply implied rather than stated. I also started typing the
full text of the answer from Q and im going to leave that here because Im too lazy to use the backspace button. “The PDC emulator is probably one of the more critical roles. It servers as a primary domain controller
for legacy servers such as Windows NT 4.0 client computers authenticating to the domain. Today, the PDC emulator functions to handle daily operations such as logons,
directory maintenance such as object changes or even password changes. This server also acts as a time sync master for the forest”
52. You are the administrator for the StevieBsChickenALaKingALaCarte.com domain which consists of 3 domain controllers and 23 Windows Server 2012 R2 member servers. You plan to
remove DC3. You need to identify which SVR records are registered by DC3. How can you retrieve this information?
A. Run the ntdsutil.exe /SRV
B. Open SRV.dns in %windir% system32config
C. Open netlogon.dns in %windir% system32config
D. Run nslookup /SRV/Server:DC3
Answer: Well are you sitting at the machine or are you trying to do this remotely? Some of these look like remoting. Personally I think its C but im not absolutely certain about that.
Q confirms that C is correct.
53. Your network consists of a single Active Directory domain-StevieBsChickenALaKingALaCarte.com Currently, two domain controllers exist.
DC2 is a Winders Server 2012 domain controller holding the PDC emulator role. DC1 is a Windows Server 2008 R2 file and print server named Server1.
You need to perform an offline domain join of Server1. How can you accomplish this?
A. Run dsadd.exe to join Server1
B. Upgrade DC1 to Windows Server 2012
C. Transfer all FSMO roles to DC2
D. Run Djoin.exe to join Server1
Answer: D, not a whole lot worth explaining on this one.
54. Your network consists of a single Active Directory domain pearson.com. You need to
retrieve a list of all servers along with the last time they authenticated with ADDS. Which cmdlet can you use to accomplish this?
A. Get-ADComputer and specify the last logon property
B. Get-ADServer and specify the last logon property
D. DSquery ADServers
Answer: A but your also going to have to specify server names if you only want servers.
55. You are the administrator for StevieBsChickenALaKingALaCarte.com. You have recently created a new share, Share1 located in the
pasta.StevieBsChickenALaKingALaCarte.com child domain. You grant access to share1 using a global group named PastaUers. A Domain Local
distribution group, PastaDist is located in the parent domain StevieBsChickenALaKingALaCarte.com. You need to allow members in PastaDist
access to share1. What must you do first
A. Convert Group1 to a universal security group.
B. Convert Group1 to a domain local security group.
C. Convert Group1 to a global distribution group.
D. Convert Group1 to a universal distribution group.
Answer: One this is for certain is has to be a universal group because it needs access to resources in another domain and you cant go local to global,
you have to go to universal first. So that narrows are starting point to D or A. Im assuming that you can do two steps at once so since its already a distro group im going with D. Per Q the answer
is actually A so I was wrong.
56. AS the only network admin for your company you are feeling overwhelmed with the increased administrative overhead of supporting the business.
The company has recently expanded so mike decides to bring on a junior administrator. He wants to ensure that the new junior administrator is only able to link and unlink GPOs that are
created for computers located in the Poultry OU. Mike uses the Delegation of Control Wizard on the Poultry OU. Shortly after, Mike needs to make a
change to what he has previously delegated. How can Mike view the existing authority for Jr. Admin and make the necessary changes?
A. Modify the permissions in the security tab of the Poultry OU
B. Add the junior admins user account to the domain admins group
C. Add the junior admins user account to the local admins group on all warehouse workstations
D. Add the junior admin’s user account to the Enterprise Admins group.
Answer: generally the best answer for these scenarios is “use the delegation of control wizard” and its never make a
person any sort of global admin so with that being the case I think the only viable answer would be A
57. You work for a company that contains a single active directory forest. The forest contains two
domains: StevieBsChickenALaKingALaCarte.com and Sauce.StevieBsChickenALaKingALaCarte.com. You are the senior systems engineer for StevieBsChickenALaKingALaCarte.com
You have recently acquired three new branch sites, each containing a DC, a file server and an application server. One of the tasks on your plate is to
standardize backups across the domain. Part of the solutions requires you to ensure that members of the doamin group
BackupAdmins are added to the local Backup Operators group on all servers in the domain. How can you do this with the
least administrative effort?
A. Log in to each server and add the domain BackupAdmins group to the local Backup Operators group.
B. Configure a restricted group for StevieBsChickenALaKingALaCarteBackupAdmins.
C. Configure a restricted group for the local Backup Operators group on each server.
D. Nest the local Backup Opperators group in the StevieBsChickenALaKingALaCarteBackupAdmins group.
Answer: so this term “restricted group” gets a bit muddy. What does this even mean? I have no idea honestly, logically its like the “print
device” scenario discussed earlier. Isnt every created group a “restricted group”? TechNet
has this to say about restricted groups “Restricted groups allow an administrator to define two properties for security-sensitive groups (that is, "restricted” groups).“
So yeah you could just say "group” and specify a domain verb like local, global, or universal (even those two are almost the same).Im not sure if this
requires extra work when writing questions or what but its a fairly common theam. Any way, the answer is B.
58. In your domain all DCs run Server 2012R2 with the exception of one legacy 2008 DC. Your domain consists of 20 windows server 2012 member servers located in
the servers OU and 150 Windows 8.1 client workstations located in the Workstations OU. You need to create a group named Group1 on all servers in the domain. No other
computer should receive this group. What should you configure.
A. A local users and groups preference setting linked to the Servers OU
B. A local users and groups preference setting linked to the domain
C. A restricted groups setting linked to the domain
D. A restricted groups setting linked to the Servers ou
Answer: So clearly you need to make a group, again in spite of the conflicting nomenclature jargon
(not sure what type of people this program is supposed to produce?), that is linked to servers specifically
and not the domain in general. So with no clue as to the intent of group on, meaning I dont know if this is a “computer” type ou that has nothing to do
with logins or if it needs to be an account with a login/pw associated with it. Very confusing terms here, maybe you need to email servers?
I mean I understand the purpose behind this loose logic of test prep questions but its still annoying. That said im assuming its D. I was wrong, Q says its A.
59.Which Powershell cmdlet can you use to create a new GPO?
D. DSAdd.exe /NewGPO
Answer: B, thank goodness for the easy ones that dont require much typing and
have more logical answers.
60. Your company has hired a new chief security officer. One of her requirements is to ensure
that all local administrator accounts receive UAC prompts when any elevated task is preformed. You plan to implement
this via a group policy. What is the appropriate location for configuring these policies?
A. Security SettingsLocal Policies
B. Security SettingsAccount Policies
C. Security SettingsWindows Firewall with Advanced Security
D. Security settingsApplication control policies
Answer: This is very specific question and im honestly not sure but I know it isnt C and proably not D, Account policies
doesnt exactly make sense but A may not be right, however Q confirms A.