Implementing Microsoft Identity Manager (MIM) 2016 Quiz Questions and Answers

Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2. You need to secure several high-privilege user accounts to meet the following requirements: Prevent authentication by using NTLM. Use Kerberos to verify authentication request to any resources. Prevent the users from signing in to a client computer if the computer is disconnected from the domain. What should you do?

Answer :
  • Add the user to the Protected Users group

Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. You need to ensure that a domain administrator can recover a deleted Active Directory object quickly. Which tool should you use?

Answer :
  •  Active Directory Administrative Center

Your company recently deployed a new child domain to an Active Directory forest. You discover that a user modified the Default Domain Policy to configure several Windows components in the child domain. A company policy states that the Default Domain Policy must be used only to configure domain-wide security settings. You create a new Group Policy object (GPO) and configure the settings for the Windows components in the new GPO. You need to restore the Default Domain Policy to the default settings from when the domain was first installed. What should you do?

Answer :
  • From a command prompt, run the dcgpofix.exe command.

Your network contains an Active Directory domain named contoso.com. You have a Group Policy object (GPO) named GPO1. GPO1 is linked to an organizational unit (OU) named OU1. GPO1 contains several corporate desktop restrictions that apply to all computers. You plan to deploy a printer to the computers in OU1. You need to ensure that any user who signs in to a computer that runs Windows 10 in OU1 receives the new printer. All of the computers in OU1 must continue to apply the corporate desktop restrictions from GPO1. What should you configure?

Answer :
  •  a computer preference that uses item-level targeting

Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts. You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU). You need to force users to change their account password at least every 30 days. What should you do?

Answer :
  •  From the Computer Configuration node of DomainPolicy, modify Security Settings.

Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domains controllers named LON-DC01 and LON-DC02 . The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24 You discover that LON-DC02 is not a global catalog server. You need to configure LON-DC02 as a global catalog server. What should you do?

Answer :
  • From Active Directory Sites and Services, modify the NTDS Settings object of LON-DC02

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1. You need to add a domain user named User1 to the local Administrators group on Server1. Solution: From a domain controller, you run the Set-AdComputer cmdlet. Does this meet the goal?

Answer :
  • NO

Your network contains an Active Directory domain. You have a user account that is a member of the Domain Admins group. You have 100 laptops that have a standard corporate image installed. The laptops are in workgroups and have random names. A technician named Tech1 is assigned the task of joining the laptops to the domain. The computer accounts of each laptop must be in an organizational unit (OU) that is associated to the department of the user who will use the laptop. The laptop names must start with four characters indicating the department, followed by a four-digit number. Tech1 is a member of the Domain Users group only. Tech1 has the administrator logon credentials for all the laptops. You need Tech1 to join the laptops to the domain. The solution must ensure that the laptops are named correctly, and the computer accounts of the laptops are in the correct OUs. Solution: You instruct Tech1 to sign in to each laptop, to rename each laptop by using System in Control Panel, and then to join each laptop to the domain by using the Netdom join command. Does this meet the goal?

Answer :
  • YES

Your network contains an Active Directory domain named contoso.com. A user named User1 is in an organizational unit (OU) named OU1. You are troubleshooting a folder access issue for User1. You need a list of groups to which User1 is either a direct member or an indirect member. Solution: You run Get-ADGroup –Identity User1 –Property MemberOf. Does this meet the goal?

Answer :
  • NO

Your network contains an Active Directory domain named contoso.com. A user named User1 is in an organizational unit (OU) named OU1. You are troubleshooting a folder access issue for User1. You need a list of groups to which User1 is either a direct member or ab indirect member. Solution: You run dsget user cn=User1, ou=OU1, dc=contoso, dc=com –memberof –expand. Does this meet the goal?

Answer :
  • YES