Windows Admin I Chapter 8: IMPLEMENTING ACTIVE
DIRECTORY CERTIFICATE SERVICES
Why should there be more than one domain controller in a domain? - ✔✔
Improved performance
Redundancy
Enhanced recoverability
If you enable WinRM using a GPO, which protocol does it use? - ✔✔HTTP
What is the output of the following command?
Enter-PSSession -ComputerName PLABDM01 - ✔✔It will open a remote PowerShell session
on PLABDM01.
To allow WinRM service to receive network requests, which port should you open in the
Windows Firewall policy? - ✔✔5985
You are creating a new Active Directory (AD)forest. How many naming contexts for the entire
AD Forest? - ✔✔1
On your Windows 10 system, if you execute the command gpedit.msc in the Run dialog box,
which of the following snap-in will open? - ✔✔Local Group Policy Editor
,Which of the following task must you perform before deleting the files from the
C:\Windows\SoftwareDistribution folder? - ✔✔Stop the wuauserv service
Which of the following tool allows you to modify the Active Directory Schema? - ✔✔LDIFDE
Which of the following tool is likely to provide an output in the following manner:
dn: OU=APAC,DC=PRACTICELABS,DC=COMdn:
OU=IT,OU=APAC,DC=PRACTICELABS,DC=COMdn:
CN=GlobalIT,OU=IT,OU=APAC,DC=PRACTICELABS,DC=COM - ✔✔LDIFDE
What does the group nesting depend on? - ✔✔Group scope of the groups being nested
You have a forest named PLAB.com and two domains, PLABA and PLABB. You want to add
the users from both the domains to a group that should be restricted within the PLABA domain.
Which type of group scope should you set for this group? - ✔✔Domain Local
If a domain is set in the Mixed mode and not in the native mode, which of the following group
scope is unavailable? - ✔✔Universal
When performing an offline join, which is the first system on which the djoin.exe needs to be
run? - ✔✔Domain Controller
,You want to remove a computer from the domain and then perform an offline join. To do this,
you remove the system using the Remove-Computer command on the PowerShell on the system.
What is the next step that you should perform? - ✔✔Delete the system account from Active
Directory Users and Computers
You want the account lockout duration to be indefinite using the Account lockout duration
policy. What is the number that you should specify to enable this? - ✔✔0
You want to collect information about the locked-out user accounts in the domain. Which of the
following commands should you use? - ✔✔Search-ADAccount -LockedOut
What is the output of the following command:
Get-ADUser -Filter 'Name -like "*"' -SearchBase
"ou=HelpDesk,ou=EMEA,dc=practicelabs,dc=com" | Disable-ADAccount - ✔✔Disables the
user accounts in the Helpdesk OU
Which types of files can an administrator download from a GPO central store? - ✔✔ADMX
ADML
Identify the correct statements for a starter GPO. - ✔✔Starter GPOs can be imported and
exported.
, Starter GPOs provide the ability to combine a collection of Administrative Template policy in a
single object.
Starter GPOs are created based on existing GPOs in the domain.
You want to migrate a GPO from a parent domain to the child domain. Which command should
you use? - ✔✔Import Settings
What is the intent of using a migration table? - ✔✔Copy or import GPO into a domain
Which group members will have complete control of the GPO that is created by themselves ? -
✔✔Group Policy Creator Owners
To which of the following can you link the Group Policy Software Installation (GPSI)? -
✔✔Both User Configuration and Computer Configuration containers
You had assigned the 7-Zip application to the user. However, when the user logs on to the
system, the 7-Zip icon is not available. What could be the possible reason? - ✔✔Network latency
has delayed the installation.
You have published an application using Group Policy. When an application is published, what
will be the outcome? - ✔✔The application will be listed in the Control Panel > Program but not
installed.
DIRECTORY CERTIFICATE SERVICES
Why should there be more than one domain controller in a domain? - ✔✔
Improved performance
Redundancy
Enhanced recoverability
If you enable WinRM using a GPO, which protocol does it use? - ✔✔HTTP
What is the output of the following command?
Enter-PSSession -ComputerName PLABDM01 - ✔✔It will open a remote PowerShell session
on PLABDM01.
To allow WinRM service to receive network requests, which port should you open in the
Windows Firewall policy? - ✔✔5985
You are creating a new Active Directory (AD)forest. How many naming contexts for the entire
AD Forest? - ✔✔1
On your Windows 10 system, if you execute the command gpedit.msc in the Run dialog box,
which of the following snap-in will open? - ✔✔Local Group Policy Editor
,Which of the following task must you perform before deleting the files from the
C:\Windows\SoftwareDistribution folder? - ✔✔Stop the wuauserv service
Which of the following tool allows you to modify the Active Directory Schema? - ✔✔LDIFDE
Which of the following tool is likely to provide an output in the following manner:
dn: OU=APAC,DC=PRACTICELABS,DC=COMdn:
OU=IT,OU=APAC,DC=PRACTICELABS,DC=COMdn:
CN=GlobalIT,OU=IT,OU=APAC,DC=PRACTICELABS,DC=COM - ✔✔LDIFDE
What does the group nesting depend on? - ✔✔Group scope of the groups being nested
You have a forest named PLAB.com and two domains, PLABA and PLABB. You want to add
the users from both the domains to a group that should be restricted within the PLABA domain.
Which type of group scope should you set for this group? - ✔✔Domain Local
If a domain is set in the Mixed mode and not in the native mode, which of the following group
scope is unavailable? - ✔✔Universal
When performing an offline join, which is the first system on which the djoin.exe needs to be
run? - ✔✔Domain Controller
,You want to remove a computer from the domain and then perform an offline join. To do this,
you remove the system using the Remove-Computer command on the PowerShell on the system.
What is the next step that you should perform? - ✔✔Delete the system account from Active
Directory Users and Computers
You want the account lockout duration to be indefinite using the Account lockout duration
policy. What is the number that you should specify to enable this? - ✔✔0
You want to collect information about the locked-out user accounts in the domain. Which of the
following commands should you use? - ✔✔Search-ADAccount -LockedOut
What is the output of the following command:
Get-ADUser -Filter 'Name -like "*"' -SearchBase
"ou=HelpDesk,ou=EMEA,dc=practicelabs,dc=com" | Disable-ADAccount - ✔✔Disables the
user accounts in the Helpdesk OU
Which types of files can an administrator download from a GPO central store? - ✔✔ADMX
ADML
Identify the correct statements for a starter GPO. - ✔✔Starter GPOs can be imported and
exported.
, Starter GPOs provide the ability to combine a collection of Administrative Template policy in a
single object.
Starter GPOs are created based on existing GPOs in the domain.
You want to migrate a GPO from a parent domain to the child domain. Which command should
you use? - ✔✔Import Settings
What is the intent of using a migration table? - ✔✔Copy or import GPO into a domain
Which group members will have complete control of the GPO that is created by themselves ? -
✔✔Group Policy Creator Owners
To which of the following can you link the Group Policy Software Installation (GPSI)? -
✔✔Both User Configuration and Computer Configuration containers
You had assigned the 7-Zip application to the user. However, when the user logs on to the
system, the 7-Zip icon is not available. What could be the possible reason? - ✔✔Network latency
has delayed the installation.
You have published an application using Group Policy. When an application is published, what
will be the outcome? - ✔✔The application will be listed in the Control Panel > Program but not
installed.
