Deploy and manage identity infrastructure Microsoft Quiz Answers

Get Deploy and manage identity infrastructure Microsoft Quiz Answers

Learn about Active Directory Domain Services fundamentals, and then learn to configure and manage AD DS, Group Policy Objects, and how to implement hybrid identity with Windows Server.

This learning path helps prepare you for Exam AZ-800: Administering Windows Server Hybrid Core Infrastructure.

Prerequisites:

• Windows Server 2012 or Windows Server 2016.
• Core networking technologies

Module 1: Introduction to AD DS

Learn about the fundamentals of Active Directory Domain Services (AD DS) in Windows Server 2019, including forests, domains, sites, domain controllers, organizational units (OUs), users, and groups.

Learning objectives:

After completing this module, you’ll be able to:

• Describe AD DS.
• Describe users, groups, and computers.
• Identify and describe AD DS forests and domains.
• Describe OUs.
• Manage objects and their properties in AD DS.

Prerequisites:

To get the best learning experience from this module, you should have knowledge and experience of:

• Windows Server.
• Core networking technologies.

This module is part of these learning paths:

• Active Directory Domain Services
• Deploy and manage identity infrastructure

Quiz 1: Manage objects and their properties in AD DS

Q1. Which PowerShell command could you use to add a user?

• Get-ADUser
• New-ADUser
• Set-ADUser

Quiz 2: Knowledge check

Q1. What scope of group can be assigned permissions anywhere in an AD DS forest and can have members from anywhere in the forest?

• Global
• Universal
• Domain local

Q2. What type of trust relationship is automatically created between the domains Contoso.com and Seattle.Contoso.com?

• A parent and child two-way transitive trust
• A tree-root trust
• A Shortcut trust

Q3. Which of the following is a built-in container in an AD DS domain that can hold computer accounts?

• The Domain Controllers OU
• The IT OU
• System

Module 2: Manage AD DS domain controllers and FSMO roles

Learn about essential AD DS domain controllers management and maintenance tasks, including their deployment, backup and recovery, and schema management. Find out about design considerations for optimal number, roles, and location of domain controllers.

Learning objectives:

After completing this module, you’ll be able to:

• Deploy AD DS domain controllers.
• Maintain AD DS domain controllers.
• Describe the AD DS global catalog role and its placement considerations.
• Describe AD DS operations master roles, their placement considerations, and their management tasks.
• Describe AD DS schema and its management tasks.

Prerequisites:

To get the best learning experience from this module, you should have knowledge and experience of:

• Windows Server 2012 or Windows Server 2016.
• Core networking technologies.
• Active Directory Domain Services (AD DS).

This module is part of these learning paths:

• Active Directory Domain Services
• Deploy and manage identity infrastructure

Quiz 1: Manage AD DS operations masters

Q1. What tool allows the transfer of the Infrastructure Master operations master role?

• Active Directory Users and Computers
• Active Directory Domains and Trusts
• Active Directory Schema

Quiz 2: Manage AD DS schema

Q1. Which tool can you use to trigger an AD DS schema update?

• ADSI.MSC
• Active Directory Schema console
• Active Directory Users and Computers console

Quiz 3: Knowledge check

Q1. When deploying the first domain controller in a forest by running the Active Directory Domain Services Configuration Wizard, which of the following options is configured by default?

• RODC
• Global catalog
• DNS name

Q2. What does the global catalog contain?

• A copy of all objects and their attributes from all domains in an AD DS forests
• A copy of all objects and some of their attributes from all domains in an AD DS forest
• A copy of all objects and all their attributes from all domains in an AD DS forest

Q3. Which of the following operations master is a forest-level operations master?

• Infrastructure
• Domain naming
• RID

Module 3: Implement Group Policy Objects

Learn to implement Group Policy Objects (GPOs) in Active Directory Domain Services (AD DS) in Windows Server 2019.

Learning objectives:

After completing this module, you’ll be able to:

• Describe GPOs.
• Describe GPO scope and inheritance.
• Describe domain-based GPOs.
• Create and configure GPOs.
• Explain GPO storage.
• Describe administrative templates and the Central Store.

Prerequisites:

To get the best learning experience from this module, you should have knowledge and experience of:

• AD DS concepts and technologies.
• Core networking technologies.
• Windows client operating systems such as Windows 10.
• Windows PowerShell basics.

This module is part of these learning paths:

• Active Directory Domain Services
• Deploy and manage identity infrastructure

Quiz 1: Create and configure a domain-based GPO

Q1. In the Contoso.com domain, in the Marketing OU, an administrator creates a GPO called Folder Redirection. The administrator wants the policy to apply to all users in the Marketing OU, except for the Marketing managers. What should the administrator do to prevent the Folder Redirection GPO from applying to the managers, but allow all other GPOs linked to the Marketing OU to apply to the managers?

• Create a WMI filter that identifies the managers’ computers and use that filter to Deny the application of the GPO to the managers.
• Move the marketing manager user accounts to their own child OU in Marketing, and then implement Block Inheritance on the child OU.
• Create a global security group called Marketing Managers and add the marketing manager user accounts to the group. Then configure GPO security filtering to Deny the Apply Policy permission to this group.

Quiz 2: Knowledge check

Q1. In Adatum.com, there are two sites: London and Windsor. A single GPO (called London settings) is linked to London and another (Windsor settings) is linked to Windsor. In addition, there are two GPOs linked to the Adatum.com domain: The Default Domain GPO (which is Enforced) and a further policy: Adatum Folder Redirection (which has a link order value of 2). The Sales OU has a linked GPO called Sales Desktop settings. A user in the Sales department based in Windsor, whose user account and computer account reside in the Sales OU, is experiencing problems with settings on their computer. An administrator decides to investigate. The administrator suspects that there are conflicting settings in the various GPOs that apply to the user and their computer. Which GPO’s settings take precedence?

• The Default Domain GPO
• The Windsor settings GPO
• The Sales Desktop settings GPO

Q2. Which of the following options contains the GPO settings?

• The Group Policy container
• The Group Policy template

Q3. The IT department in Adatum is deploying a new version of Microsoft Office in their on-premises environment. The administrator wants to configure settings with GPOs for Office. What should they do?

• Download and install new .adml files and then configure the desired settings in the Administrative Templates node in the appropriate GPO.
• Copy the content of the Windows\PolicyDefinitions folder to the Central Store.
• Download and install new administrative template files and then configure the desired settings in the Administrative Templates node in the appropriate GPO.

Module 4: Manage advanced features of AD DS

Learn about advanced AD DS administration tasks, including creating trust relationships, implementing Enhanced Security Administrative Environment (ESAE) forests, monitoring and troubleshooting AD DS replication, and creating custom AD DS partitions.

Learning objectives:

After completing this module, you’ll be able to:

• Identify the purpose, types, and the process of creating trust relationships.
• Describe the purpose and the process of implementing ESAE forests.
• Monitor and troubleshoot AD DS replication.
• Identify the purpose and the process of creating custom AD DS partitions.

Prerequisites:

To get the best learning experience from this module, you should have knowledge and experience of:

• Windows Server 2012 or Windows Server 2016
• Core networking technologies
• Implementing and managing Active Directory Domain Services (AD DS)

This module is part of these learning paths:

• Active Directory Domain Services
• Deploy and manage identity infrastructure

Quiz 1: Create custom AD DS partitions

Q1. Which tool can be used to create, list, and delete a custom application partition?

• ntdsutil
• netdom
• disk part

Quiz 2: Knowledge check

Q1. What functionality does the transitivity of a two-way forest trust provide?

• If you create a forest trust between Forest 1 and Forest 2 and you create a forest trust between Forest 2 and Forest 3, Forest 1 implicitly trusts Forest 3.
• All domains in both trusted forests trust each other.
• All users in the trusted forest can authenticate for services and access on all computers in the trusting forest.

Q2. How should a trust between an ESAE forest and a production forest be configured?

• One-way with forest-wide authentication and the ESAE forest trusting the production forest
• One-way with selective authentication and the production forest trusting the ESAE forest
• One-way with the forest-wide authentication and the production forest trusting the ESAE forest

Q3. Which of the following tools can be used to monitor and troubleshoot AD DS replication?

• Nltest.exe
• Dcdiag.exe
• Netdom.exe

Module 5: Implement hybrid identity with Windows Server

In this module, you’ll learn to configure an Azure environment so that Windows IaaS workloads requiring Active Directory are supported. You’ll also learn to integrate on-premises Active Directory Domain Services (AD DS) environment into Azure.

Learning objectives:

After completing this module, you will be able to:

• Select an Azure AD integration model.
• Plan for Azure AD integration.
• Prepare on-premises AD DS for directory synchronization.
• Install and configure directory synchronization using Azure AD Connect.
• Implement Seamless Single Sign-on (SSO).
• Enable Azure AD login for an Azure Windows virtual machine (VM).
• Describe Azure AD DS.
• Implement and configure Azure AD DS.
• Manage Windows Server 2019 in an Azure AD DS instance.
• Join a Windows Server VM to a managed domain.

Prerequisites:

In order to get the best learning experience from this module, it’s important that you have knowledge and experience of the following:

• Managing Windows Server operating system and Windows Server workloads in on-premises scenarios, including Active Directory Domain Services (AD DS), Domain Name System (DNS), the Distributed File System (DFS), Hyper-V, and file and storage services.
• Common Windows Server management tools.
• Core Microsoft compute, storage, networking, and virtualization technologies.
• On-premises resiliency Windows Server-based compute and storage technologies.
• Implementing and managing IaaS services in Microsoft Azure.
• Azure Active Directory (Azure AD).
• Security-related technologies (firewalls, encryption, multi-factor authentication).
• Windows PowerShell scripting.
• Automation and monitoring.

This module is part of these learning paths:

• Deploy and manage identity infrastructure
• Implement a Windows Server hybrid cloud infrastructure
• Implement Windows Server IaaS VM Identity

Quiz 1: Knowledge check 1

Q1. Which of the following statements about Azure AD is true?

• Azure AD implements the same authentication protocols as on-premises AD DS.
• Azure AD is essentially on-premises AD DS in the cloud.
• Azure AD users and groups are created in a flat structure.

Q2. Contoso IT staff have set up Azure AD Connect and are beginning to synchronize accounts. Maria in IT finds a new user account in Azure AD that has been created by the Azure AD Connect process. Which of the following accounts would Maria have found?

• Maria found an account called MSOL_c778af008d92.
• Marie found an account called Sync_CONTOSO-DC1_c778af008d92@Contoso.com.
• Maria found an account called AAD_c778af008d92.

Q3. Which of the following sign-in methods is NOT available for Contoso IT staff to combine with Seamless SSO?

• Password Hash Synchronization.
• AD FS.
• Pass-through authentication.

Quiz 2: Knowledge check 2

Q1. When planning to implement Azure AD DS, which of the following statements are true?

• It’s possible to extend the schema for the Azure AD DS domain.
• Nested OUs are supported.
• It’s not possible to target OUs with built-in GPOs.

Q2. Which role from the following groups in an Azure AD DS domain can administer DNS on the managed domain, create and administer custom OUs on the managed domain, and administer computers joined to the managed domain?

• AAD DC Administrators.
• Enterprise Admins.
• Administrators.

Q3. Which of the following tasks can Azure AD DS domain administrators perform?

• Add domain controllers to the managed domain.
• Configure the built-in GPO for the AADDC Computers and AADDC Users containers in the managed domain.
• Connect to domain controllers for the managed domain using Remote Desktop.

Module 6: Deploy and manage Azure IaaS Active Directory domain controllers in Azure

In this module, you’ll learn how to extend an existing Active Directory environment into Azure by placing IaaS VMs configured as domain controllers onto a specially configured Azure virtual network (VNet) subnet.

Learning objectives:

After completing this module, you will be able to:

• Select an option to implement directory and identity services by using Active Directory Domain Services (AD DS) in Azure.
• Deploy and configure AD DS domain controllers in Azure VMs.
• Install a replica AD DS domain controller in an Azure VM.
• Install a new AD DS forest on an Azure VNet.

Prerequisites:

In order to get the best learning experience from this module, it’s important that you have knowledge and experience of the following:

• Managing Windows Server operating system and Windows Server workloads in on-premises scenarios, including Active Directory Domain Services (AD DS), Domain Name System (DNS), the Distributed File System (DFS), Hyper-V, and file and storage services.
• Common Windows Server management tools.
• Core Microsoft compute, storage, networking, and virtualization technologies.
• On-premises resiliency Windows Server-based compute and storage technologies.
• Implementing and managing IaaS services in Microsoft Azure.
• Azure Active Directory (Azure AD).
• Security-related technologies (firewalls, encryption, multi-factor authentication).
• Windows PowerShell scripting.
• Automation and monitoring.

This module is part of these learning paths:

• Deploy and manage identity infrastructure
• Implement Windows Server IaaS VM Identity

Quiz 1: Knowledge check

Q1. Contoso want to deploy an LDAP-aware LOB application in Azure. Which of the following deployment models best suits this scenario?

• Deploy a separate AD forest that’s trusted by domains in their on-premises AD forest.
• Deploy AD DS only on an Azure VM.
• Deploy AD DS in an on-premises infrastructure and on an Azure VM.

Q2. When planning deployment for AD domain controllers in Azure, how can an administrator at Contoso control Active Directory replication?

• They must establish the appropriate trust relationships.
• They must configure sites in AD DS.
• Configure a static IP address for each VM.

Q3. Which of the following options reduces the amount of egress traffic when deploying AD domain controllers in Azure?

• Active Directory sites.
• Add trust relationships.
• Read-only domain controllers.

Conclusion:

I hope this Deploy and manage identity infrastructure Microsoft Quiz Answers would be useful for you to learn something new from this problem. If it helped you then don’t forget to bookmark our site for more Coding Solutions.

This Problem is intended for audiences of all experiences who are interested in learning about Data Science in a business context; there are no prerequisites.

Keep Learning!

More Coding Solutions >>

LeetCode Solutions

Hacker Rank Solutions

CodeChef Solutions