Active Directory MCQs

Active Directory MCQs

These Active Directory multiple-choice questions and their answers will help you strengthen your grip on the subject of Active Directory. You can prepare for an upcoming exam or job interview with these 100+ Active Directory MCQs.
So scroll down and start answering.

1: What is an example of a scenario when you would need to rename a domain controller?

A.   When registering another user.

B.   When replacing computer hardware.

C.   When logging out.

D.   When logging in.

2: What tool is required to make any changes in Windows Time Service?

A.   TIMEnt.exe

B.   W32tm.exe

C.   ntp.exe

D.   T32v.exe

3: Five people in Accounting have the need to print checks on a network computer. No one else should have access to this printer. What is the best way to set this up?

A.   Include the printer as an object in Active Directory Users and Groups, create a security group of those users who can print to that printer, then give them exclusive rights to print.

B.   Make sure that the printer can be reached by name on the network. In Active Directory Group Policy Manager create a group policy that hides the printer name for all users except for the group in Accounting.

C.   Setup a new resource domain, add those users to that need to print to that printer and the printer in Active Directory Users and Groups, then create a one way forest-to-forest trust in Active Directory Domains and Trusts to allow only those users to print

D.   Set up a subnet on the corporate switch for the port that is attached to the printer. Give the printer an IP address on that subnet, then set up routes on the computers of the users who will print to that printer.

4: Members of which of the following groups can perform actions in multiple domains within a forest?

A.   Power Users

B.   Forest Admins

C.   Domain Admins

D.   Enterprise Admins

5: An Active Directory Forest is ___________________

A.   a collection of different domains connected via two way trusts that don't share the same DNS name space, but share authentication and policy management.

B.   a method for visualizing autonomous sites that are connected via high speed networks but independent of domain hierarchies.

C.   the sum total of all the objects both physical and logical including their properties in an Active Directory domain and managed from a PDC.

D.   the different databases and their interactions that comprise the Active Directory for the management of objects, domain security and policy.

6: The ADSIEDIT tool is used to:

A.   Edit DNS records of Active Directory members.

B.   Remove inactive objects in the Active Directory.

C.   Directly add, delete or modify components in the Active Directory.

D.   Filter SID components in the DHCP registry.

7: Which one of the following is NOT one of the 5 Operation Master (FSMO) Roles?

A.   Infrastructure Master Role

B.   Domain Naming Master Role

C.   NTLM Master Role

D.   RID Master Role

8: What two operations masters roles exist in each forest?

A.   The operations master, and the domain controlling master.

B.   The schema master, and the domain naming master.

C.   The system master, and the user master.

D.   The super master, and the user master.

9: What two ways can trust relationships be defined?

A.   Inside, or outside.

B.   Open, or closed.

C.   Four-way, or two-way.

D.   One-way, or two-way.

10: What is Windows Time Service responsible for?

A.   Setting Active Directory's clock timing.

B.   Synchronizing the system clock so the system runs better.

C.   Setting the system time to the appropriate time zone.

D.   Synchronizing the time of all the computers running on the network.

11: What does it mean when a “trust” exists?

A.   Two domains block each other so only users can access the computer.

B.   Authentication is only allowed for administrators.

C.   Authentication is allowed for all users.

D.   The authentication coming from each domain trusts the authentications coming from the other domain.

12: How must drives containing database files, or log files, be formatted?

A.   FAT32

B.   ext2

C.   FAT12


13: Which of the following is NOT an Active Directory object?

A.   Email Address

B.   Domain user

C.   Domain Server

D.   Computer

14: What is LDAP?

A.   Local Directory Application Programming Interface.

B.   Lightweight Directory Access Protocol.

C.   Logical Directory Access Protocol.

D.   Local Domain Administration Protocol.

15: A user is complaining that they can't login to the domain because they have tried to login too many times with their password

A.   Tell the user to turn off the computer and restart it, then log in.

B.   In the Active Domain Domains andTrusts, find the users login server right click and choose Replicate Now, then ask the user to login

C.   Ask the user to get someone else to login for them.

D.   In the Active Directory Users and Computers, find and open the user object, choose the Account tab and unlock the account.

16: What is an OU?

A.   Organizational Utility Services

B.   Organizational Unit

C.   Optional Upgrade

D.   Operational Unit

17: What do Domain Controllers do?

A.   Receive and relay domain commands

B.   Assign IP addresses to domain computers

C.   Control granular settings in a domain environment

D.   Store the database, maintain the policies and provide the authentication of domain logons

18: You update a GPO and return to the users computer to see the results but they don't show up. What is the least disruptive way to see the results?

A.   Run the command: gpupdate /force

B.   Run the command: ipconfig /flushdns

C.   Run the command: nbtstat /R

D.   Perform a warm boot of the computer

19: In relation to backup and restore procedures, what provides a default location for files that must be shared for common access throughout a domain?





20: What is Kerberos?

A.   The program that underlies Active Directory Group Policy management.

B.   The script complier used for parsing and interpreting SYSVOL scripts.

C.   A messaging protocol used in Active Directory for intersite transport in multi-site domains.

D.   A security protocol used for authentication in Active Directory.

21: What command is used to check whether the policy is applied or not?





22: Which of the following are NOT a logical component of Active Directory?

A.   Branch

B.   Forest

C.   OU

D.   Domain

23: Fred in Marketing needs to share files with his small team on a confidential project. What should you do to help?

A.   Create a Group policy that identifies each member of Fred's team that will redirect and map a drive to a hidden folder on the server.

B.   Dedicate a computer to Fred's group and give each person local rights to the computer .

C.   Create and share a folder on Fred's PC and write a login script that will map a drive to that folder for each member of Fred's team.

D.   Create an Active Directory Security Group and assign Fred and his team to it. Create a directory on the file server and give that group exclusive rights to the directory. Share that folder with Fred's team.

24: A domain computer is no longer authenticating on the domain. How do you fix the problem?

A.   From the computer, change the computer's login password in Local Security Manager, then reboot.

B.   From the Active Directory Users and Groups Manager find the computer in the directory and delete it.

C.   Rename the computer and reboot it.

D.   From the computer, remove from the computer from the domain reboot, and rejoin it to the domain

25: To add a new user via Windows PowerShell you would use the following cmdlet:

A.   New-ADUser

B.   New-Item

C.   New-DSObj

D.   Set-ADUser

26: Command to create / run Active Directory Services

A.   tracert

B.   dcpromo.exe

C.   traceroute

D.   Fixboot


27: When creating a domain for the first time, what must be configured properly to easily join computers to your domain?

A.   Default Domain Policy (GPO)

B.   IIS

C.   DNS Server and services


E.   DCHP Server

28: One can change the Active Directory Path while creation of the Active Directory

A.   No

B.   Yes

29: What is SYSVOL referring to in the context of Active Directory?

A.   The Active Directory SYSVOL shared folder.

B.   The Active Directory shared network.

C.   The Active Directory SYSVOL system.

30: How are multiple sites connected for replication in Active Directory?

A.   They are connected by Connection objects.

B.   They are connected by Network objects.

C.   They are connected by Link Bot objects.

D.   They are connected by Site Link objects.

31: When is it necessary to manage domain and forest trusts?

A.   When your organization needs to collaborate with users or resources in other domains, forest trusts, or realms.

B.   When your organization needs to access other forest trusts only.

C.   Only when your organization needs to access other domains.

D.   Never. They are automatically managed.

32: Which one is NOT FSMO role?

A.   Flexible Master

B.   RID Master

C.   Infrastructure Master

D.   Schema Master

33: What is a Global Catalog?

A.   An historical catalog of all authentication traffic in the entire forest.

B.   A listing of all users information that is published by intervals from the Active Directory to Microsoft Exchange.

C.   A database of every object in an active directory tree, containing the most frequently used object attributes.

D.   The listing of all Group Policies in an Active Directory domain and their implementation schema.

34: What best practice ensures that all trust relationships are preserved within a domain?

A.   Performing annual backups.

B.   Keeping the system running.

C.   Rebuilding the system every year.

D.   Performing regular backups.

35: The Active Directory database is stored in the ______ directory.

A.   %windir&\ntds

B.   %windir%\etc

C.   %windir%\sysvol

D.   %windir%\inf

36: What version of Windows Server was the Read Only Domain Controller (RODC) introduced?

A.   Windows 2012

B.   Windows 2000

C.   Windows 2003 R

D.   Windows 2008

37: Which of the following is NOT a DNS Zone?

A.   Stub Zone

B.   Internal Lookup Zone

C.   Primary Zone

D.   Forward Lookup Zone

38: Which of the following is NOT an Active Directory role?

A.   Active Directory Network Object Services

B.   Active Directory Federated Services

C.   Active Directory Certificate Services

D.   Active Directory Domain Services

39: Are the different types of trusts set automatically, or must they be set manually?

A.   The trusts that need manual configuration are contingent upon how Active Directory is organized, and whether different versions of Windows coexist on the network.

B.   All trusts are set automatically.

C.   All trusts are set automatically, and they cannot be changed.

D.   All trusts must be set manually.

40: When you move the database file, where are registry entries that Ntdsutil.exe edits located?



C.   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\

D.   \SYSTEM\CurrentControlSet\Services\NTDS\HKEY_LOCAL_MACHINE

41: If you need to change the default file size of the staging folder, where do you change the staging space limit registry entry?

A.   HKEY_Local_Machine\NtFrs\Parameters

B.   System\CurrentControlSet\Services\NtFrs\Parameters\HKEY_Local_Machine

C.   HKEY_Local_Machine\System\CurrentControlSet\Services\NtFrs\Parameters

D.   HKEY_Local_Machine\User\Share\Etc\NtFrs\Parameters

42: Should you log in to your computer as an administrator to complete administrative tasks?

A.   Yes.

B.   No. Use “Run as” to complete them.

C.   Yes, and stay logged in continually.

D.   Yes. You should always log in as an administrator, but log out after you are finished.

43: What is a DSRM password used for?

A.   It is used to log onto a domain controller that has been rebooted into DSRM mode to delete its copy of Active Directory.

B.   It is used to log into the system.

C.   It is used to log onto a domain controller that has been rebooted into DSRM mode to take its copy of Active Directory off-line.

D.   It is used to log into Active Directory in the case that DSRM needs to be taken off-line.

44: What benefit is gained from using global or universal groups when specifying permissions on domain directory objects?

A.   Access is allowed to all users.

B.   Permissions are granted to fewer users.

C.   Permissions are totally deleted.

D.   Permissions are transparent across the system, leaving less opportunities for intrusion.

45: Why is documentation one of the most critical aspects of Active Directory security administration?

A.   It is essential for performance audits.

B.   It is essential for network administration.

C.   It is essential for domain audits.

D.   It is essential for security audits.

46: You are trying to determine the name of a host but only have the IP Address, what command can you run to finds it's name?

A.   ping (IP Address)

B.   ping -a (IP Address)

C.   tracert (IP Address)

D.   ping -h (IP Address)

47: What is KCC?

A.   It is the Knowledge Consistency Checker used to generate the replication topology in Active Directory Domains and Trusts.

B.   It is the Kerberos Consignment Client, which checks and passes Kerberos authentication packets between clients.

C.   It is the Knowledge Capture Client, used by the Schema Manager in mapping and maintaining domain morphology.

D.   It is the Key Collection Center, the database used in conjunction with Key Distribution Center for exchange Kerberos keys during authentication.

48: Your company and its partner want to share files on servers in both of their laboratories. What's the easiest way to make this happen?

A.   Set up a Two Way External Trust via Active Directory Domains and Trusts, then setup security groups to share directories.

B.   Set up a server on the internet and utilize Windows R-Sync to replicate data from the servers from each partners servers. Set up a Radius Server with user accounts then provide the users with VPN access to the data.

C.   Create a group in your company's Active Directory Users and Groups, then create user accounts for the people who will need access to resources in your domain, restrict resources to that group. Have your partner do the same on their domain.

D.   Utilize Active Directory Cloud Authentication Services (CA) to create user groups from both companies to access shared data.

49: What security practice does not involve the configuration of software or hardware?

A.   Domain security.

B.   Network security.

C.   Computer security.

D.   Physical security.

50: An Active Directory Forest comprised of Windows 2008 R2 domain controllers will need to incorporate a Windows 2003 R2 Domain controller. What version level will the Forest function?

A.   It will function at the Windows 2003 R2 level.

B.   It will function at the 2008 R2 level.

C.   All domain objects created on the 2008 R2 domain controllers will function as 2008 R2 those from the incorporated 2003 R2 servers will continue to operate as 2003 objects.

D.   It depends on the site the 2003 R2 domain controller is located.