1.  A ------------------group is a group that contains the same users as an OU. (Fill in the blank)

A. Operation

B.  Administration

C. Primary

D. Shadow

Ans: D


2. ACL stands for Access Control List

A. True

B. False

Ans: A

3. How do you create a group by using Active Directory Users and Computers snap- in?

A. Left click the OU in which you want to create a group, select New, and choose Group.

B. Right click the OU in which you want to create a group, select New, and choose Group.

C. This can only be done in the registry editor.

D. You can create a group by typing MSCONFIG in the Run box.

Ans: B

4. LDIFDE is a defragment tool in all versions of Windows Server.

A. False

B. True

Ans: A

5. The Dsadd command –secgrp {yes | no} specifies group type: security (yes) or distribution (no).

A. False

B. True

Ans: B

6. What option can you use to prevent deleting a group in Windows Server 2008?

A. You could prevent this by formatting the hard drive.

B. You can prevent deleting a group by restarting the computer.

C. Protect object from accidental deletion.

D. Use /noreboot to prevent deleting a group.

Ans: C

7. There are two types of groups in Active Directory.

A. True

B. False

Ans: A

8. What default group has the right to log on locally, start and stop services, perform backup and restore operations, format disks, create or delete shares, and even power down domain controllers?

A. Server Operators

B. Schema Admins

C. Enterprise Admins

D. Backup Operators

Ans: A

9. How many group scopes are there in Active Directory?

A. Three

B. Zero

C. Ten

D. Five

Ans: A

10. What is the basic syntax for Dsrm?

A. dsrm ObjectND.,,(subtree-(+exclude)) (+yesprompt) (*c)

B. dsrn ObjectDN.<*subtree-exclude*> noprompt – c

C. dsrm ObjectDN…[-subtree [-exclude]] [-noprompt] [-c]

D. dsrm ObjectN…. [-subtree [-exclude]] [noprompt] [c-]

Ans: B

11. Which is not one of the four divisions or container structures in Active Directory?

A. Forests

B. Domain

C. Webs

D. Organizational units

E. Sites

Ans: C

12. What is a forest?

A. Physical groupings independent of the domain and OU structure. Sites distinguish between locations connected by low- and high-speed connections and are defined by one or more IP subnets.

B. The collection of every object, its attributes and attribute syntax in the Active Directory.

C. Containers in which domains can be grouped. They create a hierarchy for the domain and create the structure of the Active Directory's company in geographical or organizational terms.

D. A collection of computers that share a common set of policies, a name and a database of their members.

Ans: B

13. What do domain controllers do?

A. Store the database, maintain the policies and provide the authentication of domain logons.

B. Control granular settings in a domain environment.

C. Receive and relay domain commands

Ans: A

14. What are Group Policy Objects?

A. A set of folder rules that determine where Outlook will save email messages.

B. Affords the capability for secure extension of network operations to the Web

C. They determine the hierarchy of a domain, which can fit the operational structure of an organization.

D. A collection of settings that define what a system will look like and how it will behave for a defined group of users.

Ans: D

15. In Windows Server 2012 and Windows 8, Group Policy Objects give administrators the ability to select new Internet Explorer policies.

A. True

B. False

Ans: A

16. Active Directory Rights Management Services is designed to give complete control of all documents stored in RMS-enabled applications.

A. True

B. False

Ans: B

17. According to Jonathan Hassell, what is a good practice to follow with forest trusts?

A. Use shortcut trusts

B. Keep a current list of all trust relationships in the forest

C. Back up and ensure you have restore capability

D. All of the above

Ans: D

18. According to Gary Olsen, domain controller load can be insufficient for the following reason(s):

A. Inefficient LDAP queries can put an unpredictable load on the DC.

B. The number of authenticated clients is unpredictable because multiple DCs share the load for clients in and out of the site.

C. Active Directory (AD) analysis and monitoring tools put additional load on the DC.

D. A and C only

E. A, B and C

Ans: E

18. About how many settings are in a single Group Policy Object

A. 1,800

B. 3,200

C. 900

D. 5,000

Ans: A

19. In what version of Windows did Microsoft adopt Kerberos as an authentication policy?

A. Windows NT

B. Windows Server 2003 R2

C. Windows Server 2000

D. Windows 2008

Ans: C

20. Between Sites you can also choose to use ________ for replication, but only for changes in the Schema or Configuration.

A. Internet Message Access Protocol

B. Post Office Protocol

C. Simple Mail Transfer Protocol

D. E-mail

Ans: C

21.  Active Directory and a Windows-based file server are not required to implement ________ on client Windows computers.

A. Windows Registry

B. Internet Explorer

C. Windows 2000

D. Roaming user profile

Ans: D

22.  Authentication across this type of trust is Kerberos based (as opposed to ________).

A. LM hash


C. Samba (software)

D. Integrated Windows Authentication

Ans: B

23.  Unlike earlier versions of Windows which used ________ to communicate, Active Directory is fully integrated with DNS and TCP/IP—indeed DNS is required.


B. NetBIOS Frames protocol

C. Server Message Block

D. Ethernet

Ans: A

24.  Another option is to use ________ with its translucent overlay, which can extend entries in any remote LDAP server with additional attributes stored in a local database.

A. Mac OS X

B. Berkeley DB

C. Berkeley Software Distribution


Ans: D

25.  A different 'cost' can be given to each link (e.g., DS3, T1, ________ etc.) and the site link topology will be altered accordingly by the KCC.

A. OSI model

B. Integrated Services Digital Network

C. Universal Serial Bus

D. Physical Layer

Ans: B


26.  AGDLP (implementing ________ using nested groups)

A. Mandatory access control

B. Active Directory

C. Microsoft SQL Server

D. Role-based access control

Ans: D

27.  Active Directory is a technology created by ________ that provides a variety of network services, including:

A. Microsoft

B. Internet Explorer

C. Microsoft Office

D. Microsoft Windows

Ans: A

28.  ADAM is capable of running as a service, on computers running Microsoft ________ or Windows XP Professional.

A. Windows Server 2003

B. Windows Server 2008

C. Windows 2000

D. Microsoft Windows

Ans: A

29. In ________, ADAM has been renamed AD LDS (Lightweight Directory Services).

A. Microsoft Windows

B. Windows Vista

C. Windows Server 2008

D. Windows 2000

Ans: C

30. To which of the following Active Directory containers can Group Policies be applied?

A. sites

B. OUs

C. domains

D. all of the above

Ans: D

31. To create a GPO for a domain or an organizational unit, you use either the Active Directory Users and Computers console or the __________.

A. Group Policy Maintenance console

B. Domain Policy Management console

C. Group Policy Management Console

D. Active Directory Sites and Services console

Ans: C

32. For each GPO, there is a GPC container stored in the System\Policies folder in the __________.

A. Active Directory Domains and Trusts console

B. Active Directory GPO and Sites console

C. Active Directory Users and Computers console

D. Active Directory Group Policy console

Ans: C

33. Each GPT folder is identified by the ___________ for the GPO.





Ans:  D

34. Group Policy settings are divided into two categories: Computer Configuration settings and __________.

A. Policy Configuration settings

B. Organizational Configuration settings

C. Group Configuration settings

D. User Configuration settings

Ans: D

35. Which of the following containers contains all Registry-based Group Policy settings, including settings for Windows Components, System, and Network?

A. Administrative Templates

B. Software Templates

C. Windows Templates

D. Logon Settings

Ans: A

36. Which of the following is a function of the GPMC?

A. It can be used to link sites, search for sites, and to delegate Group Policy-related features.

B. It can be used to sign and encrypt all LDAP communications.

C. It provides administrators with the ability to back up, restore, import, and copy/paste GPOs, as well as to create, delete, and rename them.

D. It can be used to view all Group Policy management functions.

Ans:  C

37. Which of the following are exceptions to the order in which GPOs are processed?

A. The default order for processing Group policy settings is also affected by selecting the Enforced setting.

B. You can modify the default behavior by using the Block Inheritance option.

C. If a computer belongs to a workgroup, it processes only local GPOs.

D. all of the above

Ans: D

38. when you configure loopback in ________ mode, the Computer Configuration GPO settings are appended to the default list of GPOs.

A. Replace

B. Merge

C. Default

D. Append

Ans: B

39. In order to delegate permissions for a GPO, you must have the ___________ permission for the GPO.

A. Edit user, context, menu

B. Edit settings, delete, and modify security

C. Edit group, delete, modify user

D. none of the above

Ans: B

40. The GPMC combines the functionality of the ACL Editor, Delegation Wizard, and Resultant Set of Policy tool.

A. True

B. False

Ans: A

41. The GPT contains all of the Registry entries, as well as associated files and folders required to implement the various GPO functions.

A. True

B. False

Ans:  A

42. Administrative settings are used to determine the applications that will be distributed to computers or users via a GPO.

A. True

B. False

Ans:  B

43. The User Group Policy loopback processing mode is used when both the user account and the computer account are members of a Windows 2000 or later domain.

A. True

B. False

Ans: A

44. You assign permissions to delegate administrative control over a GPO on the Delegation tab in the GPMC.

A. True

B. False

Ans: A