So im on to studying practice test questions from measureup as
a precursor to my next exam. My idea is to study theses and basically memorize them until im above the mid 90s. Previously
I kind of felt like this was folly as the idea of a practice test is to gauge where you are in your studies however I came
to the conclusion that memorizing these would in deed further my skill set. So as I go through these im going to share some ideas
that I think are complicated, confusing or important material that may be skipped other places or that I personally seem to
struggle with. This is mostly to help me remember this information but maybe Im not the only person out there that feels that
some of this is overly complicated.
The first topic is groups. This gets so amazingly convoluted from a definitional perspective, as I’ve previously noted, and
measureup does a great job of pointing out the logical problems with the article on group scope. It seems to be saying
that if you have a global group you can basically do any thing with it that you would do with a universal group. However, if we check
these sources we find some interesting differences.
So if we are following a logic train in this question, it would seem from our previous experience, not using only studying, and
reading TechNet articles that we just need to add members.
However after checking the answer we come across this:
Which doesn’t necessarily contradict the text in the group scope technet article but the technet article is a little vague on this point
dont you think?
So this begs the question of how is a global group in practice different from a domain local group? Other than you cant add people across
domains, if you want to switch a domain local group to a global you have to first go to a universal group im not really sure. This concept
is really confusing and seems like possibly an unnecessary group type as domain local and universal seem to cover all the bases after
you start to see all the short comings of this group type. Youtube is also not very helpful in this respect, hopefully Ill meet some one
that can clear all this confusion up for me.
Also, im using an HTML editor and im not sure if thats why the line spacing displays so strange on WordPress. Hopefully its still mostly legible.
Deleted the tumblr and fixed the links pointed to tumblr back toward this site. If I was truly worried about people finding that blog I would/should have probably added a redirection page but im not exactly worried about blowing it up because that seemed more fun to me.
I tried to fix any spelling errors, standardize titles and things like that. If you are browsing this and come across any dead links or spelling errors please email me at nickrbarnes@gmail.com and Ill do my best to correct any errors. If your just board, feel like trolling or have any other concerns you can email me at that address.
Well, I cant believe Ive reached the end of my 4th server book in fleeting (possibly vain) attempts to pass the 70-410 exam. Its been a
fun ride so far I feel like im probably not completely finished with this text. This chapter on firewall’s was short, sweet and to the point
its exactly the same as a client in terms of set up and the only difference is deploying rules with GP & creating rules with PS. So if you
have been paying attention at all in your studies it should mostly be review. However since im a little out of date with client OS certs and
studies I could absolutely use the refresher course and maybe you could too so, you’ll never guess what im going to do. Did you guess add a
youtube lecture? If you did you where right. We could probably also review this
short article from TechNet. Any way here’s what I picked out to watch, hopefully some one out there in internet land will find it helpful.
I actually picked some thing from windows 7 as it seemed to be fairly strong and a video showing how to create and deploy firewall rules with
group policy.
The second one is really short but I still feel like it sort of shows how to create a GP firewall rule.
Please read the header for this post
regarding the answer key situation for these chapters.
1. Which of the following is the filter criterion most commonly used in firewall rules?
A. IP address
B. Subnet masks
C. Protocol numbers
D. Port numbers
Answer: D, honestly didnt know this one as I found the wording confusing but its quite obvious once the intent became clear to me
which honestly feels like a very nubbish thing to have a verbiage issue with.
2. Connection security rules require that network traffic allowed through the firewall use which of the following security mechanisms?
A. EFS
B. IPsec
C. UAC
D. Kerberos
Answer: B, for more information about IPsec check out the TechNet
article.
3. Which of the following actions can you not perform from the Windows Firewall control panel?
A. Allow an application through the firewall in all three profiles.
B. Block all incoming connections for any of the three profiles.
C. Create firewall exceptions based on port numbers for all three profiles.
D. Turn Windows Firewall off for all three profiles.
Answer: A, i find this confusing, this “control panel” is this the MMC snap in? Reading back through
the chapter it looks like it is but they should specify with “advance security as to be a little
more clear because we could be talking about this is not possible from the local control panel
firewall icon and it is from the mmc snap in. However it would appear to indicate that you have
to create a new rule for each profile. That seems a bit redundant when an extra check box upon rule
creation could solve the problem unless we are worried about users fat fingering mistakes and performing
a PSesque catastrophic issue?
4. Which of the following tools cannot enable and disable the Network Discovery firewall rules?
A. File explorer
B. Network and Sharing center
C. Action Center
D. Allowed Apps dialog box
Answer: B, this seems like it would be a question where experience actually using the software would provide
a vast amount of help. That said Im not 100% certain on what a “network discovery firewall rule” is.
Im surely not alone in that and perhaps should consult with google.
This isnt exactly helpful but at least we learn what “network discovery” is
5. Which of the following statements about Windows Firewall are true? (choose all that apply)
A. Applying firewall rules with Group Policy Overwrites all of the firewall rules on the target computer.
B. Applying firewall rules with GP combines the newly deployed rules with the ones already there.
C. Importing firewall rules save from another computer overwrites all of the rules on the target system
D. Importing firewall rules saved from another computer combines both sets of settings.
Answer: B, C
6. Windows Firewall uses three profiles to represent the type of network to which the server is connected. What are
the three profiles?
A. Private, Temporary, and authenticated
B. Public, DMZ, and Private
C. Internet, Secure, and Private
D. Domain, Private, and Public
Answer: D
7. When a user attempts to visit an Internet-based email account, what is the response of Windows Firewall?
A. Firewall will not permit the user to visit non-corporate website.
B. Firewall by default will not block client-initiated network traffic.
C. Firewall will block the webmail account unless the user is pre-authenticated
D. Firewall will block all outbound traffic
Answer: B
8. In the Windows Firewall with Advanced Security console, while creating a new rule, the Program page specifies whether
the _______
A. Rule applies to all programs, to one specific program
B. Rules applies to all user, to one specific user
C. Rule applies to all systems, to one specific system
D. Rules applies to all programs, to one specific program or to a specific service
Answer: D
9. By exporting the Windows Firewall policy, you have a file with a .wfw extension that contains ______.
A. All its rules, including the pre-configured rules and the ones you have created or modified.
B. All the rules you havce created or modified
C. Pre-configured rules to be applies to another firewall
D. Firewall settings as specified by the group policy settings.
I found the material in this chapter to be logically not overly complicated and still completely testable. So its worth really knowing this stuff
which should be too hard. This chapter is mostly enough to actually explain every thing going on with Application Restriction Policies. An important
note thats worth mentioning here is that you cannot use Applocker policies unless you are running 7 or newer clients and at a forrest funcitonal level
of at least 08R2. Well, the domain level might not have to be at that but you cant administer AppLocker policies to servers older than 2008 R2.
Please read the header for this post
regarding the answer key situation for these chapters.
1. Which of the following rule types apply only to Windows Installer packages?
A. Hash rules
B. Certificate rules
C. Internet Zone rules
D. Path rules
Answer: C, This is a miss print in the text as the text calls these Network zone rules and here it says internet. Not sure if there
is a difference. I found a video on the topic and while im not exactly sure what language they are speaking they are covering
the material in this chapter so its interesting none the less.
Any way you might also find this video interesting as it actually shows the verbiage “network” not “internet”, & it reminds me I should have not listened to the person that said hey
you should totally try server, you dont need to re-cert on a client after not touching one in a support role. Le sigh.
2. What is the file type used be the Windows Installer?
A. .inf
B. .bat
C. .msf
D. .msi
Answer: D
3. Which of the following is not one of the Default Security levels that can be used with a software restriction policy?
A. Basic user
B. Unrestricted
C. Restricted
D. Disallowed
Answer: C
4. As part of your efforts to deploy all new applications using GP, you discover that several of the applications you wish
to deploy do not include the necessary installer files. What can you use to deploy these applications?
A. Software restriction policy’s
B. MSI files
C. MDB files
D. ZAP files
Answer: D, the wording here is confusing as it doesnt describe the whole process involved with .zap files. you create a .zap file
in wordpad/notepad is what the text notes but how to create or what the file contains is left a mystery and there is
nothing readily available from a youtube search. However where youtube fails wikipedia
comes to the rescue.
5. Which of the following describes the mathematical equation that creates a digital “fingerprint” of a particular file?
A. Hash rule
B. Hash algorithm
C. Software restriction policy
D. Path rule
Answer: B, this is the equation A is the actual in practice tool.
6. Which of the following rules will allow or disallow a script or an MSI file to run on the basis of how the file has been signed?
A. Path rule
B. Hash rule
C. Network zone rule
D. Certificate rule
Answer: D, for more information this
TechNet article contains links about all of the above.
7. You want to deploy several software applications using Group Policy, such that the applications can be manually installed by the
users from the Add/Remove Programs applet in their local Control Panel. Which installation option should you select?
A. Assign
B. Disallowed
C. Publish
D. Unrestricted
Answer: C
8. You have assigned several applications using GPOs. Users have complained that there is a delay when they double-click on the
application being installed in the background. What option can you use to pre-install assigned applications when users log on or
power on their computers?
A. Uninstall when the application falls out of scope
B. Install This Application At Logon
C. Advanced Installation Mode
D. Path rule
Answer: B
9. Which of the following Default Security Levels in Software Restriction Policies will disallow any executable from running that
has not been explicitly enabled by the active directory administrator?
A. Basic User
B. Restricted
C. Disallowed
D. Power User
Answer: C
Well thats all for now, only one more chapter to read through and publish questions from. Ill probably end up going back through this one
and doing more questions. I feel like ive gotten more out of this material than any other book, which is possibly a result of the amount
of effort that I put into it. I also need to update the links to the tumblr site and take that down at some point in the near future.
Configuring security policys can be some what confusing but from my studying experience in the case of server it seems very similar in theroy
to configuring GP other than the concepts of building and maintaining PKIs. I didnt find this chapter to be overflowing with info but at the
same time it wasnt completely inadequate as an introductory and im sure even with that I probably missed a few things.
Please read the header for this post
regarding the answer key situation for these chapters.
1. Which of the following tools would you use to deploy the settings in a security template to all of the computers
in an Active Directory Domain Services domain?
A. Active Directory Users and Computers
B. Security Templates snap-in
C. Group Policy Object Editor
D. Group policy Management console
Answer: D, any way here’s a video explaining all of this. The narrator meanders a little but hes precise and to the point.
Wait am I describing myself or the guy the in video :0
2. Which of the following are local groups to which you can add users with the Windows Control Panel?
A. Users
B. Power Users
C. Administrators
D. Non-Administrators
Answer: C, A this has been a windows standard for quiet a while & a question that is much more basic than what you might
see other places
3. Which of the following tools would you use to modify the settings in a security template?
A. Active Directory users and computers
B. Security Template snap-in
C. Group Policy Object Editor
D. Group Policy Management console
Answer: B, sec templates are modified and created in the security template snap-in in serv 12. Hopefully it will be the
same in 16 but a better solution could be in place, haven’t seen it yet.
4. The build-in local groups on a server running Windows Server 2012 receive their special capabilities through which of the following
mechanisms.
A. Security options
B. Windows Firewall rules
C. NTFS permissions
D. User rights
Answer: D
5. After configuring and deploying the Audit Directory Service Access policy, what must you do before a computer running Windows
Serv 12 begins logging AD access attempts?
A. You must select the AD objects you want to audit in the ADU&C console
B. You must wait for the audit pol settings to propagate to all of the domain controllers on the network
C. You must open the Audit Directory Service Access Properties sheet and select all of the AD objects you want to audit.
D. You must add an underscore character to the name of every Active Directory object you want to audit.
Answer: B
6. What is the purpose of the Audit Policy section of a Local Group Policy objects (GPO)?
A. Admins can log successful and failed sec events, such as logon events, database errors & system shutdown.
B. Admins can log successful and failed security events, such as loss of data, account access and object access.
C. Admins can log successful and failed events forwarded from other systems.
D. Admins can log events related specifically to domain controllers.
Answer: B, loss of data kind of throws me off here but according to google this is the correct answer. Database errors
seems slightly more sketchy but the TechNet
article mentions neither.
Also here is a video demoing how to create an auditpol, I went through a couple including a 19 minute silent film
that I decided it was fun to narrate my self but you might not be as easily amused as I am so heres one that might
be slightly more helpful.
7. What are the three primary event logs?
A. Application, Forwarded, and System
B. Application, Security, and Setup
C. Application, Security, and System
D. Application, System, and Setup
Answer: C
8. After you create a GPO that contains computer or user settings, but not both, what can you do for faster GPO processing?
A. Set the priority higher for the configured setting area.
B. Manually refresh the GPO settings.
C. Disable the setting area that is not configured.
D. Regardless of weather part of all of a GPO is configured, the GPO is processed at the same speed.
Answer: D
9. What are the two interfaces for creating and managing local user accounts for a computer joined to the domain.
A. Control Panel and ADAC
B. User Accounts control panel and the Local Users and Groups snap-in for MMC
C. ADAC and the Active Directory of Users and Computers snap-in for MMC
D. Server Manager and PowerShell
Answer: B, this one is confusing as it is absolutely possible to create and manage user accounts in PowerShell. Perhaps
local being the keyword here leading this to be more of a client question as opposed to a server question.
10. What did Microsoft introduce in Windows Server 2012 to ensue users with administrative privileges still operate routine
tasks as a standard user?
A. New Group Policy and Local Sec Pol
B. Secure desktop
C. User Account Control (UAC)
D. Built-in admin account
Answer: C, I didnt know this as I assumed it came with 8 because its origin is in vista, I believe.
Creating GPOs can get some what tricky when it comes to studying server as there are a lot of variables. However its not nearly as bad
as DHCP concepts. There’s not a whole lot for me to discuss about this that cant be found other places. But I am going to leave a video
here as this is primarily a GUI topic and that might just be more helpful than just describing it.
Interesting graphics concerning group policy applications, any way heres the second part.
I also really enjoy this guy and hes very consistent. As far as introductory materials go, I think this guy is pretty spot on and great
to watch, not as dry as some materials which can be great for a casual or new student.
Please read the header for this post
regarding the answer key situation for these chapters.
1. Which of the following types of files do Windows Server 2012 GP tools access from a central store by default?
A. ADM files
B. ADMX files
C. Group Policy objects
D. Security templates
Answer: B, since we are on a roll with videos I cant not include Newman from Jurassic Park.
An important note from the chapter was that older machines might run into parsing errors when using a central store. im a little
unclear as to the full extent of the importance of this as im, in a practical sense, in experienced with how GP responds in a
large deployment.
2. Which of the following local GPOs takes precedence on a system with multiple local GPOs?
A. Local Group Policy
B. Administrators Group Policy
C. Non-administrators Group Policy
D. User-specific Group Policy
Answer: D
3. Which of the following techniques can you use to apply GPO settings to a specific group of users in an OU?
A. GPO linking
B. Administrative template
C. Security Filtering
D. Starter GPOs
Answer: C
4. Which of the following best describes the function of a starter GPO?
A. A starter GPO functions as a template for the creation of new GPOs
B. A starter GPO is the first GPO applied by all Active Directory clients.
C. Starter GPOs use a simplified interface for elementary users
D. Starter GPOs contain all of the settings found in the default Domain Policy GPO.
5. When you apply a GPO with a value of Not Configured foe a particular setting to a system on which that same setting is disabled,
what is the result?
A. The setting remains disabled
B. The setting is changed to not configured
C. the setting is changed to enabled
D. The setting generates a conflict error
Answer: A
6. Local GPOs are stored _______, where as Domain GPOs are stored _______.
A. In AD; in AD
B. In AD; on the local computer
C. On the local computer; in AD
D. Local computer; local computer
Answer: C
7. By default, linking a GPO to a container causes all the users and computers in that container to receive the GPO settings.
How can you modify the default permission assignments so that only certain users & computers receive the permissions &
consequently, the settings in the GPO?
A. You cannot separate or divide permission assignments within the linked container.
B. You can create and link a different GPO to the applicable objects, overriding the previous GPO.
C. You remove the applicable objects and place in a new container.
D. You apply security filtering in the GP man console.
8. When multiple GPOs are linked to a container, which GPO in the list has the highest priority?
A. The last
B. The first
C. The most permissive
D. The most restrictive
Answer:B, The last policy applied wins so in the case of a list the first one listed is the last to be applied
9. Group Policy settings are divided into two subcategories: User Configuration and Computer Configuration. Each of these two settings is
further organized into three subnodes. What are the three subnodes?
A. Software settings, Windows Settings, and Delegation templates
B. Software settings, Windows Settings, and Administrative templates
C. Security settings, Windows Settings, and Delegation templates
D. Security settings, Windows Settings, and Administrative templates
Answer: B, this question is, again, much simpler than some thing you would see on an actual test.
10. What is the order in which Windows systems receive and process multiple GPOs?
This is yet another somewhat easy chapter. How ever there is a really interesting note at the beginning, the differences between universal
and global groups are slim except for the fact that when going from a local group to a domain wide group you first have to select universal before
going to global group as seen in this video:
So other than that Im not sure of the differences as both are domain wide groups so it becomes very confusing. However this chapter notes
that the replication traffic for a universal group is actually higher than global groups. Any way, 4 chapters after this one in 2 days to meet
my goal. Plausibly do able but I did allow for some padding so it should be ok to run over just slightly then have two weeks of measure up
prep, hopefully leading to scores there that are close to the 800 range. I think I was in the mid 600s last time I tried.
Please read the header for this post
regarding the answer key situation for these chapters.
1. You are planning an Active Directory Implementation for a company that currently has sales, accounting, and marketing departments. All department
heads want to manage their own users and resources in Active Directory. What feature will permit you to set up Active Directory
to allow each manager to manage his or her own container but not any other containers?
A. Delegation of control
B. Read-only domain controller
C. Multimaster replication
D. SRV records
Answer: A, for more information check out (this is a popular topic) this link or watch the video below.
2. If the user named Amy is located in the sales OU of the sauce.steviebschickenalakingalacarte.com domain, what is the correct syntax
for referencing this user in a command line utility?
A. Amy.steviebschickenalakingalacarte.com
B. cn=amy.ou=sales.dc=steviebschickenalakingalacarte.com
C. cn=amy,ou=sales,dc=steviebschickenalakingalacarte,dc=com
D. dc=com,dn=steviebschickenalakingalacarte,ou=sales,cn=amy
Answer: C, I really didnt know this one but I found the second dc to be confusing but memorable. I also cant find any thing
in the chapter that directly references calling a user in PS. An interesting note hinting that the potential complexity
of PowerShell
3. Which of the following is a container object within Active Directory?
A. Folder
B. Group
C. User
D. OU
Answer: D
4. Which of the following groups do you use to consolidate groups and accounts that either span multiple domains or the entire forest?
A. Global
B. Domain local
C. Built-in
D. Universal
Answer: A, D and as previously discussed they can be confusing when asked to explain the differences. According to google the answer is
simply D but from my understanding A can fit this description as well. Perhaps the term “consolidate” makes a difference? However if
that’s the case, as previously stated A is more efficient than D. For more information on the scope of this confusion
check the TechNet article.
5. Which of the following is not a correct reason for creating an OU?
A. To create a permanent container that cannot be moved or renamed
B. To duplicate the divisions in your organization
C. To delegate administration tasks
D. To assign different Group Policy settings to a specific group of users or computers
Answer: A, OUs can be moved and renamed
6. Which of the following group scope modifications are not permitted? (choose all answers that are correct)
A. Global to universal
B. Global to domain local
C. Universal to global
D. Domain local to universal
Answer: B, you have to take a global group to universal before you can do any thing else with it. For more info please see
the previously linked technet article. Some one could claim that A was also true but I would debate this. Attaching
a video from 08 but from every thing I’ve seen in 12 nothing has changed.
7. In a domain running at the windows server 2012 domain functional level, which of the following security principals can be members of
a global group?
A. Users
B. Computers
C. Universal groups
D. Global groups
Answer: A,B,D
8. You are attempting to delete a global security in the Active Directory Users and Computers console, and the console will not
let you complete a task, Which of the following could possibly be causes for the failure? (choose all that are correct)
A. There are still members in the group.
B. One of the group’s members has the group set as its primary group.
C. You do not have to proper permissions for the container in which the group is located.
D. You cannot select global groups from the Active Directory Users and Computers console.
Answer:B, LDIFDE allows you to do these things. LDAP Data Interchange Format Directory Exchange (LDIFDE.exe) Like CSVDE,
but with more functionality, LDIFDE is a utility that can import AD DS information
and use it to add, delete, or modify objects, in addition to modifying the schema, if
necessary
2. When using CSVDE, what is the first line of the text file that uses proper attribute names?
A. Header row
B. Header record
C. Name row
D. Name record
Answer: B, honestly had no clue on this one. Had to actually read the text and google.
3. Which of the following utlities do you use to perform an offline domain join?
A. Net join
B. Join
C. Djoin
D. Dconnect
Answer: C, given that its the only one of these thats “real” or at least commonly discussed.
4. Which of the following is not a type of user account that can be configured in Windows Server 2012?
A. Local Accounts
B. Domain Accounts
C. Network Accounts
D. Built-in Accounts
Answer: C, these are not a real thing. Built-in accounts also seem obvious as they cannot be created but they can be renamed
and you change other basic parms.
5. Which of the following are the two built-in user accounts created automatically on a computer running Windows Server 2012?
A. Network
B. Interactive
C. Administrator
D. Guest
Answer: C, D as the other two are, again, not “real.”
6. What is the PowerShell cmdlet syntax for creating a new user account?
8. When using the Netdom.exe to join an account, you may add the parameter [/ou:oudn]. If this is left out what is the
default container for created objects?
A. In the same organizational unit (OU) as the admin running netdom.
B. In the users container.
C. In the computers container
D. Without this the task will fail
Answer: C
9. Who may join a computer to the domain?
A. No one, the computer does this itself when authenticating.
B. The comp. only joins as part of the object creation process.
C. Only the domain administrator may join the computer to the domain.
D. Members of the computer’s local Administrators group may join the computer to the domain.
Answer: D, this was actually a really good question. I had no idea until I read this. It seems like once the AD object is created
…. well then im not sure so actually D makes the most sense.
Again, nothing overly complex or misguiding to poor souls who dont seek the full wisdom of the subject who end up severly lacking in
in the context of having enough wisdom to discern the truth of the trickery questions.
Im to the point in reading where Im caught up enough to have to read a chapter then write about it following the reading. I guess thats
a good thing and some thing I possibly should have considered doing to begin with but hey live an learn or zest lava (thats french right?).
Any way I tested respectably on this section so I must be somewhat familiar with it. However it to goes into historical understandings
that are not overly interesting but perhaps good if you have no frame of reference when setting upon a journey into Windows Server study.
Please read the header for this post
regarding the answer key situation for these chapters.
1. Which of the following is a valid leaf object in Active Directory?
A. Domain
B. User
C. Application partition
D. OU
Answer: B, Ive never heard this term used any where else but B makes sense as the term was implying an end unit that couldnt
contain any more AD objects.
2. What is required by DNS for Active Directory to function?
A. Dynamic update support
B. DHCP forwarding support
C. SRV records support
D. Active Directory integration
Answer: C, this is an odd one that I also havent seen before and the only documentation I can find for this is here but yet it mentions
nothing about SVR records. The only MSFT doc that mentions that is about serv 2k. However I have generally found
googling the answers to these questions to come up with good info and thats what we had or what showed up.
3. What is the first domain installed in a new Active Directory forest called?
A. Forest root domain
B. Parent root domain
C. Domain tree root
D. Domain root
Answer: A, not much to talk about here. In case your interested here is this: When beginning a new AD DS installation, the first step is to create a new forest, which you
do by creating the first domain in the forest, the forest root domain.
4. Which of the following cannot contain multiple Active Directory domains?
A. Organizational units
B. Sites
C. Trees
D. Forests
Answer: A, organizational units
5. What are the two basic classes of Active Directory objects?
A. Resource
B. Leaf
C. Domain
D. Container
Answer: B,D again just definitional not much theory or logic to discuss.
6. Which of the following is not true about an object’s attributes?
A. Administrators must manually supply information for certain attributes
B. Every container object has, as an attribute, a list of all the other objects it contains
C. Leaf objects do not contain attributes
D. Active Directory automatically creates the globally unique identifier (GUI)
Answer: C, leaf objects, as in this definition, most certainly contain attributes. Users absolutely have things
associated with them.
7. Which of the following is not a reason why you should try to create as few domains as possible when designing an
Active Directory infrastructure?
A. Creating additional domains increases the administrative burden
B. Each additional domain you create increases the hardware costs of the Active Directory deployment.
C. Some applications might have problems working in a forest with multiple domains.
D. You must purchase a license from MSFT for each domain you create.
Answer: D, you only need license for installs and users based on the type of license you purchase. (sic)
8. Which of the following does an Active Directory client use to locate objects in another domain?
A. DNS
B. Global Catalog
C. DHCP
D. Site Link
Answer: B, none of the other answers have any thing to do with AD objects.
9. What is the default trust relationship between domains in one forest?
A. Two-way trust relationship between trees
B. By default, no trust relationship between domain trees
C. One-way trust relationship between domain trees
D. Each domain tree trusts the forest but not between each other
Answer: A, im surprised to not see the word transitive in this question as it seems to be fairly common. Any way for more information
about this check here.
10. What is an important difference between groups and organizational units (OUs)?
A. An OU can represent the various divisions of your organization.
B. Group membership can be a subset of an OU.
C. OUs are a security entity.
D. Group memberships are independent of the domain’s tree structure.
Answer: D
So any way after realizing how little logic is involved and seeing this section is mostly definitional understanding of ideas (no abstract wing shapes)
you can see how this could be an easier section when testing. Hopefully.
The important thing to remember here is that before you can administer a thing you have to understand it. So while it may be fairly simple
to create records and create a zone, if you dont know what all it does how it works in a general sense its kind of worthless.
Please read the header for this post
regarding the answer key situation for these chapters.
1. Which of the following is not one of the elements of the Domain Name System (DNS)?
Answer: B, Relay agents deal with DHCP. Any way heres some cool techno.
If you play these two at the same time it makes DHCP seem really cool 🙂
Relay agents
2. What is the maximum length for a FQDN including the trailing period?
A. 50 characters
B. 63 characters
C. 255 characters
D. 255 characters for each individual domain name
Answer: C, I was a little unsure of this one so I googled it. For more information on this topic I found the paragraph
located here to be useful.
3. Which of the following would be the correct FQDN for a resource record in a reverse lookup zone if the computer’s IP
address is 10.75.143.88?
A. 88.143.75.10.in-addr.arpa
B. 10.75.143.88 in-addr.arpa
C. in-addr.arpa.88.143.75.10
D. arpa.in-addr. 10.75.143.88
Answer: A, for more information about this I found TechNet to
be the most useful source for information.
4. Which of the following are types of zone transfers supported by the DNS servers in Windows Server 2012?
A. network zone transfers
B. full zone transfers
C. incremental zone transfers
D. partial zone transfers
Answer: B, C, there isnt much info outside of the book about this but here is a TechNet
article on how to create a zone transfer
5. In the fully qualified domain name http://www.sales.contoso.com which of the following is the second-level domain?
A. www
B. sales
C. contoso
D. com
Answer: C, contoso
6. Which DNS configuration item will forward DNS queries to different servers based on the domain name of the query?
A. Iterative forwarder
B. Recursive forwarder
C. Conditional forwarder
D. IPv6 forwarder
Answer: C, more information about conditional forwarders is available here.
7. The IPv6 host record is referred to as a(n):
A. A record
B. AA record
C. AAA record
D. AAAA record
Answer: D
8. A DNS server that hosts a primary or secondary zone containing a particular record can issue the following response to a query
for that record is known as a ________
A. Authoritative answer
B. Non-authoritative answer
C. Referral answer
D. Non-referral answer
Answer: A, again not much to discuss here. Please see the links listed in the intro for more info.
9. Data from a primary zone is transmitted to secondary zones using the following:
A. Zone transfer
B. Zone transmission
C. DNS Zone
D. Active Directory replication
Answer: A
10. The following feature is available only on Active Directory-integrated DNS zones:
A. Dynamic updates
B. Incremental zone transfers
C. Reverse lookup zones
D. Secure dynamic updates
Answer: D, more info about secure dynmic updates can be found here.
xAFTERHOURSx 