25+ REAL-TIME MCSA Interview Questions & Answers [ STEP-IN ]
Last updated on 04th Jul 2020, Blog, Interview Questions
MCSA job interviews are always brainstorming and significant for the applicants. Having being unbeaten in the MCSA interview questions denotes that the candidate has found the carrier to their dream career. Job interviews are always stressful. Therefore, to minimize the tension and nervousness caused before the interviews; the MCSA specialists, MCSA experts, and MCSA trainers of APTRON who have put their quality skill and considering while developing the MCSA interview questions and answers for freshers, and experience hopefuls. If MCSA job seekers pursue the MCSA interview questions provided below, their pressure can be minimized to zilch.
1) Explain what is Windows Server?
Window server is a series of server operating system developed by Microsoft Corporation.
2) Explain what does IntelliMirror do?
IntelliMirror helps to reconcile desktop settings, applications and stored files for users especially for those users who move between workstations or those who works offline
3) Explain how you can set up remote installation procedure without giving access to user?
To do that, you have to go to,
gponameà User Configuration à Windows Settings à Remote Installation Services à Choice Options
4) Mention how many types of queries DNS does?
The types of queries DNS does are
- Iterative Query
- Recursive Query
5) What information is required when TCP/IP is configured on Window Server?
To configure a TCP/PI client for an IPv4 client, you have to provide the IP address and the subnet mask.
6) Explain what does it mean caching only server in terms of DNS?
The caching only DNS server provides information related to queries based on the data it contains in its DNS cache.
7) Explain what is LDAP?
To look up for the information from the server, e-mail and another program follows or uses the internet protocol. This protocol is referred as LDAP or Lightweight Directory Access Protocol.
8) Explain what is INODE?
INODE holds the metadata of files; INODE is a pointer to a block on the disk, and it is unique.
In simple words, it is a unique number allocated to a file in UNIX-like OS.
9) To check TCP/IP configurations and IP connectivity, what are the two command line utilities that can be used?
Ipconfig: To check the computer’s IP configuration, command ipconfig can be used and also it can be used to renew the client’s IP address if it is provided by a DHCP server.
Ping: To check the connection between the local computer and any of the other computer device on the network Ping command is used
10) Explain where is the AD database is held?
AD database is saved in %systemroot%/ntds. Files that controls the AD structure are
11) Mention what windows server 2008 service is used to install client operating system over the network?
WDE ( Windows Deployment Services ) allows you to install client and server operating systems over the network to any computer with a PXE enabled network interface
12) What’s The Essence Of Application Partitions?
The application partitions are a part of the Active Directory system and having said so, they are directory partitions which are replicated to domain controllers. Usually, domain controllers that are included in the process of directory partitions hold a replica of that directory partition. The attributes and values of application partitions is that you can replicate them to any specific domain controller in a forest, meaning that it could lessen replication traffic. While the domain directory partitions transfer all their data to all of the domains, the application partitions can focus on only one in the domain area. This makes application partitions redundant and more available.
13) What Is Licensing Grace Period?
To give some time for the deployment and realization of one Terminal Server license server, the server will provide a licensing grace period. This license grace period is acquired so that you don’t have to have a license server. This grace period will allow you and the server to accept unlicensed clients without requiring further permission from the licensed server. The period will automatically start when you receive your first client and the licensing period will extend until you get a licensing server. That is when a licensing period will end and the licensing server can accept new clients and store their information in the server and this is called the CAL or the client’s access license.
14) What Is An Rd Gateway?
The RD gateway is a remote-desktop gateway. If gateway was the access point to the internet, the remote-desktop gateway allows users from a private network to join it through the RD-gateway, using the remote-desktop connection.
15) What Is Windows Server Backup?
Windows Server Backup is a feature released for the Windows 2008 that provides a number of solutions on backing up the data on your computer in case of a system failure or any other issue. Windows Server Backup can backup a few files to a whole server. The server backup is accessible through command lines and a management console.
16) What Are Synthetic Drivers?
Synthetic drives are different and better than the emulation ones in their functions. They don’t imitate another program but, create another hardware complex device on a virtual platform.
17) What Is Direct Access?
Direct Access enables users to access the websites, applications and internal network file shares securely without the need to connect to a virtual private network (VPN). An internal network is also called a private network or intranet. Every time a Direct Access-enabled computer connects to the Internet, even if this happens before the user logs on, Direct Access sets up bi-directional connectivity with an internal network. Users do not have to think about connecting to the intranet. The remote computers can be managed outside the office by the IT administrators, even when the computers are not connected to the VPN.
18) What Is Dac?
Microsoft Dynamic Access Control or DAC is a data governance tool in Windows Server 2012 that allows administrators control access settings. It uses centralized policies to permit administrators to review who has access to individual files. Files can be classified manually or automatically.
19) What are Pass Through Discs?
A pass through disc is a physical disc used for storing virtual discs and it has a disc format and file system.
20) What is Desktop Virtualization?
Desktop virtualization is a logical procedure to isolate and extract the OS or system from the client that is ready to access it. There are many types of desktop virtualizations some of which include virtual machines while some do not. If the operating system is locally controlled, users have to access their desktop through a network relating to a remote display protocol. The processing of the desktop virtualization is done in a data center. So, applications like tablets can join Host virtual machine. This virtual machine can be accessed by an individual and can be personalized the way he wants it. This is the most common and simplest way of accessing and using a desktop virtualization.
21) What is Branch Cache?
BranchCache™ is designed to improve application responsiveness and reduce WAN link utilization so that the servers can be accessed from remote locations easily. The remote computer uses cache of data that is maintained locally to reduce traffic over a LAN link. The cache can be stored on a server in the branch (Hosted Cache mode) or can be distributed across client computers (Distributed Cache mode).
22) Can we have more than one RID master in the domain?
We cannot have more than one RID master per domain. By defau
lt primary is RID mastre where as if primary fails you can transfer FSMO roles to another DC in the domain.
23) What is group type and group scope? Explain types group types?
When we create group we are supposed to define type and scope for group. Type will define wheathere group can be used to assign permissions on resources or not. We can create a group of type security and distributed wherein security group can be used to assign permission and distributed group used for listing purposes.
24) In which situations do we use authoritative and non authoritative restore?
We do take backups to provision fault tolerance . There are two ways to restore active directory backup- authoritative and non authoritative. When there is a hardware or software failure we can restore the backup and let other DCs to replicate the restored one. This is non authoritative backup. Which is a default one.
If some object gets deleted by mistake and the changes not yet propagated to all DCs then we pick one DC where e can still find this object. Making this DC as authoritative we can allow other DCs to be replicated from this DC.
But here not whole directory is not restored instead the specific object can be made authoritative.
25) What are lingering objects?
Suppose if I delete some objects and the domain controller is offline, then it wont receive any replication because of which the object still persist in offline DC . If server is down for the period of tombstone lifetime then it will be termed as lingering object.
26) What is active directory defragmentation?
Active directory database is stored in ntds.dit. In order to optimize data storage , active directory automatically performs defragmentation every 12 hrs. Which will allow reclaiming space to store new objects.
27) What are related commands related to active directory replication ?
Repadmin tool by microsoft used to check replication between domain controllers.
Repadmin /replsummary- To check current replication health and summary state for DCs.
Repadmin /showrepl- will display the last replication for specific DC.
Repadmin /syncall- Forcefully initiating replication to sync with other DCs.(This can cause a lot of traffic so run it carefully )
Repadmin /replicate – This command will immediately replicate directory partition from source to destination.
28) What is ADSIEDIT ?
It is a tool which provides access to active directory objects and its attributes. We can manage using this tool.
29) What are superseded updates?
Microsoft sometimes provides a complete replacement for multiple updates called superseded updates. You may need this update when you are installing new PC and want to patch it with latest updates. WSUS does not by default decline superseded updates. We need to make sure that superseded updates are no longer needed by your machines and then you can decline them .
30) What are express updates?
When you enable express updates it will only download the changes between current month CU and previous updates. Using express update feature reduces bandwidth while downloading updates.
Take Your Career to Next Level with MCSA Training By Domain Experts
- Instructor-led Sessions
- Real-life Case Studies
31) What are Cumulative updates?
Cumulative updates includes previously released ( bundle of updates). If cumulative updates is installed you won’t need to install previous updates (as they are now the part of CU) .
32) What is USN ?
USN is called as Update sequence Number. When we make changes to the object USN increments and during AD replication higher version only will retain.
33) When do the non authoritative restore is done?
It is default restore method. When there is a server crash, we can simply restore the latest backup of server. When server comes up it gets replicated by other DCs and gets sync.
34) What is blue screen error?
Blue screen error will cause system to restart or shutdown unexpectedly. It will display the blue screen with indication of some kernel module fault. I can be caused by wrong device drivers, or malfunctioning of hardware components.
35) What is active directory federation service?
It is single sign on service which provides authentication for the users who want to access applications outside the forest. We use federation service when we want to provide access to users from other organizations without the need to create their account in our directory.
36) What is RAID?
RAID is Redundant Array of Independent Disk. It is fault tolerance technique used to provide redundancy which ultimately provide protection from data loss. We have several RAID levels in through which we can achieve fault tolerance. There are two types of RAID configuration – Hardware RAID , in which we need RAID card and it can be configured with BIOS. where other is software RAID which RAID configuration can be done which the help of operating system.
37) What is break mirror vs Remove Mirror option in RAID?
If we want to stop mirroring on selected volume then we should say Break Mirror. It will not erase data on volume. If you want to get extra space then simply use remove mirror option as it will flush data on selected disk.
38) What is sysprep Tool?
Sysprep Tool is used while capturing image of machine which will be deployed on multiple machines without creating duplicate SIDs.
39) What is active directory?
Active directory is a service available in windows server by using which we can create domain. It allows the user accounts to be created on server in active directory database. And it allows central management of users and devices in the domain.
40) What is tombstone object?
When we delete any object from active directory , it still remain it database for 180 days and can be easily restored before getting deleted permanently.
41) What is difference between fsmo role transfer and seize role?
When PDC fails, we perform seize role on ADC (forcefully transferring FSMO roles). But if PDC is alive and we want to isolate server for some reason we can transfer FSMO roles from PDC to ADC . This operation is performed on PDC .
42) What is certificate revocation means?
Certificate Authority can Revoke (cancel) certificate before expiration so that they can not be trusted any longer. The certification Revocation list can be published by Certificate Authority.
43) I am having 8 GB pen drive and trying to copy win server 2012 R2 iso, but it is showing error. What is the reason?
The iso file is around 4GB and the space in pen drive is more but if the pen drive is formatted with FAT then it won’t allow the file size more than 4 GB. So format it with NTFS or else if there is some data which you don;t want to lose then just convert it to NTFS using convert <drive name> /fs:ntfs command.
44) What are different files of HyperV?
The HyperV Virtual Machine file formats are as follows:
VHD/VHDX- Virtual Hard disk file
BIN- HyperV machine saved state file. (Pre server 2016 HyperV)
AVHD/AVHDX- These are differencing disk format and created when checkpoint(snapshot) is taken for VM.
VSV- is saved state file. (Available in win 2016 )
VMCX- Virtual Machine Configuration File. (Available in win 2016) It replaces XML file used in pre server 2016 HyperV.
VMRS- VM runtime state file. This file replaces the pre- srever 2016 BIn and VSV files.
45) What is nano server?
Nano server is smallest version of windows specially developed by Microsoft for cloud applications and for containers.
46) What is HyperV shielding feature?
HyperV shielding is feature which protects VMs from getting tampered by unauthorized access. It used secure boot and Bitlocker features.
47) I have standard primary DNS zone for my abc.com domain configured on server DC1 in Mumbai. For Ans: the same domain I am having another server DC2 at Pune location on which DNS is installed. If both locations are connected by a WAN link and I want to make sure that DNS should resolve and update even if the WAN link is down. What can be done in this situation?
When we use standard primary DNS , we need to manually configure secondary DNS server which only can resolve DNS queries but wont update DNS database. But if we use active directory integrated DNS it replicates on DC’s hence maintain redundancy and also support write operations on any server. Hence in the given example We should convert standalone DNS to AD integrated Zone.
48) What is role of OCSP in certificate Authority?
Online certificate status protocol determines status of digital certificate without the need of downloading certificate revocation list.
49) What is the location of the Active Directory database?
The AD database is stored on domain controllers and can be accessed by network applications. All domains can be domain controllers and have a copy of the AD database.
50) What is a Global Catalog?
The Global Catalog is distributed data which holds information about every little thing in all the domain controllers in all the domains in Active Directory domain services. Simply said, the global catalog is a domain controller which holds all the data from Active Directory elements in one forest. The global catalog is usually located on the domain controllers and every domain controller can be set up to maintain a function of becoming a global catalog server. If you are searching, browsing through to the global catalog your search would be faster and in general more broad, because you don’t have to attach referrals for different domain controllers, rather just use the catalog and it’s universal function will transfer you or find you the domain controller right away.
Best MCSA Certification Course & Get Hired By TOP MNCsWeekday / Weekend BatchesSee Batch Details
51) GPO – definition and meaning.
GPO is short for Group Policy Objects, but before explaining group policy objects, first we must focus on group policy in general. What is group policy? Well, group policy is one hierarchically built infrastructure and this infrastructure is built in a way that an administrator can access it from the Active directory system and change settings for different users, configure also settings for the computers and so on. Using the group policy, a network administrator can put limits or choose what you as a user or what a computer can access and use on the network itself. This comes down even to files and folders. If the network administrator wishes to have control of both the user’s web browsing and set up the computer settings for when connecting to a network, it can be done through the Group Policy Management Console and through this console he can have control over all the objects – the Group Policy Objects (GPO).
52) What are the modifications made in Active Directory in Windows 2008?
One of the first modifications made to Active Directory in Windows 2008 is renaming the Active Directory to a different name, Active Directory Domain Service. Other then the name, no other changes have been made in it’s specifications, settings and tools. Then what is the purpose of Active Directory Domain Services? The “domain service” part identifies the directory as a service which can provide authorization and policy management control. It is called a service because the Active Directory could be brought to a full stop and then re-activated. Using the active directory as a service allows easier maintenance of the domain controllers.
53) What is Active Directory’s recycle bin and what is it’s purpose?
The Active Directory’s recycle bin is a modified tool that came in the Windows 2008 pack and is very user-friendly and a very helpful tool for restoring or even storing items in the recycle bin. How does the directory’s recycle bin work you may ask? For example, you may find yourself in a situation where you’ve accidentally deleted an item that you now wish to restore. Even as a network administrator, grabbing the objects from the Active Directory is a wonderful action that Windows 2008 released, because mistakes are often made. This tool enhances the efficiency of the Active Directory service by the several actions this tool provides, like the restoration of objects, putting unneeded items in the recycle bin and using data space more resourcefully and efficiently.
54) What is licensing’s grace period?
To give some time for the deployment and realization of one Terminal Server license server, the server will provide a licensing grace period. This license grace period is acquired so that you don’t have to have a license server. This grace period will allow you and the server to accept unlicensed clients without requiring further permission from the licensed server. The period will automatically start when you receive your first client and the licensing period will extend until you get a licensing server. That is when a licensing period will end and the licensing server can accept new clients and store their information in the server and this is called the CAL or the clients access license.
55) What are the areas of virtualization?
The five branches or major areas of virtualization are application, desktop (the one mentioned above in question 9), storage, network and server. Giving a brief definition for all of these terms will not only be better for an answer of this question, but also will give out that you are actually involved in the technology. The application virtualization in simple terms means controlling or running an application from a remote desktop. The application is delivered and manipulated through application streaming. Desktop virtualization is the involvement of the individual accessing a desktop on a local network through a remote display protocol. This differs much from the server virtualization (which are the big savings in the IT world). The server virtualization is all about covering and hiding a physical part or a hardware part, so that a server instance would function or appear as everything is stable when it really isn’t. This saves up allot of hardware repair and costs as well as maintenance. The network virtualization configures network resources and splits bandwith into individual channels, while the storage virtualization concerns hardware parts by “pulling them together” physically, only to fool the host-operating system that all the hardware parts are well connected, complying with each other and responding well, to one another.
56) What is the function of a virtual disc?
The virtual disc is some sort of a disk image. This disk image is created to work with a guest-operating system which is running on top of your basic, standard system. Using the virtual disc, means creating it so it can replace a physical disc or partition that is there but cannot be recognized by the guest-operating system or is not there at all. Wherever there’s a physical gap in between discs or in hardware parts, the virtual disc can help and replace that part, so the guest-operating system can continue to function without noticing the difference.
57) Explain emulation drivers.
The emulation drivers are mainly devices that imitate another program. In simple terms, emulation drivers are a trick to fool the device that it is some other sort of a device.
58) What is an active directory?
Active Directory is a consolidated and the condensed system that stores various information about objects in a given network and avails the users to make use of this information carried on to the network administrators and users.
59) Explain Domain Controller?
The domain controller is a server system that incorporates the written copy that belongs to Active Directory database in an Active Directory environmental settings.
60) Describe Global catalog server
If a domain controller contains whole objects in the forest, then it is a global catalog server.
Like every domain controllers, a global catalog server stores thorough and writable copies of the schema and configuration directory separations and a full, writable copy of the domain directory separation for the domain that it is hosting.
61) What is OU?
Organizational Units (OU) are containers on a computer with the level of sophistication as in an administrative setting. It supports administrators to organize set of users together so that any alterations occur, security settings and any other administrative works could be fulfilled more effectively.
62) What does Forest do?
A Windows forest is, in general, a set of one or more reliable Windows trees. The trees do not necessarily require an adjacent Domain Name System (DNS) names. A forest allocates a work plan and global catalogue servers. A lone tree can also be named a forest.
63) What is a Tree in MCSA?
A Windows tree is a usually a set of one or more trusted Windows domains with adjoining DNS domains. In this case, “Trusted” connotes the idea that a validated account from one domain is not eliminated by another domain. “Contiguous DNS domains” is simply that they all have the similar root DNS name.
64) Explain Site and Schema.
Sites are manually described associations of subnets. Objects in a site divide between them the exact global catalogue servers and can have a customary set of group planning applied to them.
The schema describes the attributes, objects, classes, and rules that are available in the Active Directory.
65) Why SID (Security Identifier)?
The SID is a peculiar name (alphanumeric character string) that is used to figure out an object, namely a user or a set of users.
66) What are GPO, GPC, and GPT?
Group Policy objects (GPO):
A GPO is a collective Group Policy settings that are stored at the domain level as a virtual object comprised of a Group Policy container (GPC) and a Group Policy template (GPT).
Password history will store as follows:
Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy.
Group Policy Container (GPC)
The Group Policy container (GPC) is an Active Directory container that has included GPO attributes, like version information, GPO status, and moreover a list of other element settings.
Group Policy Template (GPT)
The Group Policy template (GPT) is a file system folder that contains policy data mentioned by .adm files, script files, security settings, and information about applications that are accessible for installation. The GPT is situated in the system volume folder (SysVol) in the domain \Policies sub-folder.
67) How to filter the Scope of a GPO?
By default settings, GPO conditions all users and computers that are included in the connected domain, site, and organizational unit. The administrator can additionally point out the computers and users that are influenced by a GPO by using membership in security groups.
Ever since the arrival of Windows 2000, the administrator can append both computers and users to security groups. Then the administrator can mention which security pool is affected by the GPO with the help of the Access Control List editor.
68) Explain Knowledge Consistency Checker (KCC).
The Knowledge Consistency Checker (KCC) is a Windows element that instinctively creates and manages the intra-site and inter-site copying topology.
69) What is Intra, Inter, and Active Directory replication?
The process of copying that takes place between controllers inside a single site. All of the subnets within the site must be linked by high speed network cables.
Inter-site replication is a process of copying between sites and should be set up by an administrator. Simple Mail Transfer Protocol (SMTP) have to be used for replication between these sites.
Active Directory Replication
Replication must usually happen both (intra-site) within sites and (Inter-site) between sites to keep domain and forest data standardized and customized among domain controllers that store the similar directory partitions.
70) What is USE?
When Microsoft Exchange Server is positioned in an organization, Exchange Server uses Active Directory as a data store and it stretches out the Windows 2000 Active Directory schema to equip it to store objects peculiar to certain Exchange Server.
The ldapDisplayName of the attribute schema ms-Exch-Assistant-Name, ms-Exch-LabeledURI, and ms-Exch-House-Identifier described by Exchange Server contradicts with the iNetOrgPerson schema that Active Directory uses in Windows Server 2003. When Windows Server 2003 Service Pack 1 is located and placed, Adprep.exe will be able to find out the existence of the schema conflict and hinders the updating of the schema until the problem has been restored.
71) How GUID works?
When a new domain user or group account is generated, Active Directory stores the account’s SID in the Object-SID (objectSID) property of a User or Group object. It also allocates the new object a universally unique identifier (GUID), which is a 128-bit value that is distinctive not only in the endeavour but also across the globe. GUIDs are specifically aligned to every object made by Active Directory, not just User and Group objects. Each object’s GUID is stored in its Object-GUID (objectGUID) property. Active Directory uses GUIDs internally to figure out objects.
72) What is the full form of MCSA?
MCSA is abbreviated as Microsoft Certified Solution Associate.
73) What is a Microsoft Certified Solution Associate (MCSA)?
It is a certification program that is mainly designed and developed by Microsoft to enhance your skills in various technologies. Previously this certification is abbreviated as Microsoft Certified System Administrator.
74) What are the exams offered by the MCSA certification program?
The following are the exams that are offered by the MCSA certification program, and they are:
MCSA Windows Server 2012:
Configuring Advanced Windows Server 2012 services
Administration on Windows Server 2012
Installation of Windows Server 2012
MCSA Windows Server 2008:
Configuring MCSA Windows Server 2008, Active Directory
MCSA Windows 10:
Configuration of Window Devices
MCSA Windows 8:
Configuration of Windows 8.1
Supporting Windows 8.1
MCSA SQL Server:
Querying SQL Server 2012
Implementation of Datawarehouse with SQL Server 2012
MCSA Azure or Linux:
Implementation of Azure Infrastructure Solutions
System Administrator for Linux Foundation Certification
75) What is the primary objective of MCSA Windows Server 2012?
To validate your expertise in Windows Server 2012 is the primary objective of MCSA Windows Server 2012. This certification makes you excel your knowledge in computer system administration and computer networks.
76) What does Windows Server 2008 provide?
The MCSA Windows Server 2008 will provide you with a way to excel in your in-depth knowledge of network infrastructure, Server administration, and active directory configuration.
77) Define Active Directory?
Active Directory is a directory service that is released and developed by Microsoft for the Windows domain network. It is also present in many of the server operating systems as a set of services and processes. Many of the organizations depend on Active Directory to maintain proper order in arranging that is file servers, users, computers, and many more. The functioning of the locator service is the exclusive purpose of Active Directory.
78) What makes MCSA SQL Server more effective?
Validates and evaluates your skills in the database and provides methods to develop critical mission solutions to databases. By getting certified with this certification you can able to build your career top MNCs as a database analyst and database developer.
79) What is Domain Controller?
Domain controller is one of the most crucial servers designed by Microsoft. This is a computer server that is responsible for responding to security authentication requests within a Windows domain. It is also defined as a centerpiece of the Windows Active Directory service. There are three roles in domain controllers, and they are:
Global Catalog Server
80) Define Global Catalog Server?
The distributed data storage that is stored in the domain controller is called the Global Catalog Server. This allows applications and users to find objects in the domain of active directory. Global Catalog Server is used to hold a replica of every object in the directory with a small number of their attributes.
81) What is the importance of MCSA Windows Server 2016?
It provides you with a way to master in various Windows Server 2016 skills that are required to reduce costs and increase business value. An individual certified in Windows Server 2016 will have a chance for the positions including computer network specialist, computer network engineer, and network analyst.
82) What Is Passing Through Discs?
A pass through disc is a physical disc used for storing virtual discs and it has a disc format and file system.
83) What Is Application Partition?
Application partitions are directory partitions that are replicated to domain controllers. These are part of the Active Directory system. Domain controllers included in the process of directory partitions have a replica of that partition. The values and attributes of application partitions can lessen replication traffic. The application partitions can focus only on one domain in the domain area unlike the domain directory partitions. This makes them more available and redundant.
84) Explain what is the major difference between NTFS ( New Technology File System) or FAT (File Allocation Table) on a local server?
For local users FAT (File Allocation Table) and FAT32 provides security, while NTFS ( New Technology File System) provides security for domain users as well as local users. NTFS provides file level security which is not possible through FAT32.
85) Explain if it is possible to connect Active Directory to other 3rd party Directory services?
Yes, you can connect other vendors directory services with Microsoft version. By using dirXML or LDAP to connect to other directories.
86) Explain what is SYSVOL folder?
It is a set of files and folders that is stored on the local hard disk of each domain controller in a domain and are replicated by the FRS ( File Replication Service). These files contain group or user policy information.
87) What does it mean by “tattooing” the Registry ?
“ Tattooing” the registry means user can modify and view user preference that are not stored in the maintained portions of the Registry. Even if the group policy is changed or removed, the user preference will still persist in the registry.
88) Define Forests, Trees, and Domains.
A logical group of network objects for example computers, users, devices, etc which share the same active directory database is known as a domain.
The collection of one or more domains is known as a tree. This may also include a contiguous namespace linked in a transitive trust hierarchy