Final: 70-411 Chapter: Chapters 1-22 – Flashcards
Unlock all answers in this set
Unlock answersquestion
automated network-based installations based on network-based boot and installation media
answer
Windows Deployment Services (WDS) is a software platform and technology that allows you to perform which function?
question
Transport Server and Deployment Server
answer
Which two role services does the WDS Role include?
question
It's used to boot to a WDS Server to install a preinstallation environment.
answer
What role does preboot execution environment (PXE) play in WDS?
question
boot.wim
answer
What is the name of the Windows Server 2012 installation DVD boot image file?
question
It removes a system's name and SID.
answer
What function does the System Preparation Utility (Sysprep.exe) perform on a system?
question
answer files
answer
What type of XML file do you need to create and add information to when performing an unattended operating system installation via WDS?
question
offline
answer
How do you mount a Windows image using Dism.exe so that you can update it?
question
dynamic driver provisioning
answer
Which feature of Windows Server allows you to add driver packages to WDS and then deploy them?
question
Windows 8
answer
Windows PE 4.0 is based on which operating system?
question
BIOS
answer
Where in a system do you configure PXE?
question
DHCP
answer
The initial configuration of WDS includes setup of what other server?
question
It presents the Windows Welcome Wizard on the next boot.
answer
When using sysprep on the master computer, why do you include the /oobe parameter?
question
on bootable media
answer
Where do you place a discover image to ensure proper deployment?
question
Windows Assessment and Deployment Kit (ADK)
answer
To convert a discover image to a bootable ISO image, what non-included component do you need to download and install?
question
System Image Manager (SIM)
answer
What Microsoft tool do you use to create and manage Windows setup answer files?
question
out-of-band patches
answer
What kind of updates are released on an as-required basis and are not part of the standard release cycle?
question
Be sure that you have a good backup.
answer
What critical step you should perform before applying patches or updates?
question
small
answer
Windows Updates, especially the Automatic Updates feature of Windows Updates, are for what kind of environments?
question
Distributed and Central
answer
You can configure Windows Server Update Service (WSUS) in one of two modes: Autonomous or Replica. Autonomous provides one type of management and Replica provides another. What are the two management types?
question
8530
answer
What is the default port number for WSUS synchronization?
question
Client-side and Server-side targeting
answer
What two ways can you assign computers to groups in WSUS?
question
Test the updates on your own systems before approving for rollout.
answer
WSUS allows you to automatically approve every update, but you shouldn't necessarily do that. What should you do before approving updates to be installed?
question
net start wuauserv
answer
Which of the following is the proper method of starting the Windows Update service?
question
the SCCM agent
answer
To get the full capability of SCCM, which component must you install on each system on your network?
question
It is a tested, cumulative set of hotfixes, security updates, critical updates, and updates, as well as additional fixes for problems found internally since the release of the product.
answer
What is the definition of a service pack?
question
Internet Explorer proxy settings
answer
If Windows Update fails to retrieve updates, what should you check first?
question
speed and load between sites and the number of clients
answer
The number of WSUS servers you need is determined by the number of sites you have and what two other factors?
question
another WSUS server on your network
answer
WSUS can retrieve updates directly from Microsoft or from what other source?
question
All Computers
answer
By default, to which computer group are computers assigned in WSUS?
question
one
answer
Other than the default computer group, how many other groups may a computer be assigned to in WSUS?
question
Two minutes
answer
When you set a service to start automatically with delayed start, how long is the delay?
question
minimal
answer
When creating service accounts, you should follow the rule of what type of rights and permissions?
question
Use separate accounts for both services.
answer
If you install SQL Server and a third-party backup service on the same system, what rule should you follow when creating service accounts?
question
Save useful event filters as custom views that can be reused.
answer
Which of the following tasks does the Event Viewer MMC snap-in allow you to perform?
question
log viewer
answer
The Event Viewer is essentially what kind of tool?
question
Send an email, start a program, and display a message.
answer
What types of tasks can you add to events?
question
event subscription
answer
Microsoft's new Event Viewer allows you to collect events from remote computers and store them locally. By what name is this collection of events known?
question
event receiving
answer
What function does a computer perform when it's issued the command wecutil qc?
question
Stability Index
answer
The Reliability Monitor provides a range of numbers to help you evaluate the reliability of a computer. What is the name of this range of numbers?
question
Enable the Reliability Monitor.
answer
What do you need to do if you run the Reliability Monitor but it is blank?
question
during normal usage
answer
To examine performance correctly, you must establish a performance baseline. When do you perform this task?
question
that you might have a bottleneck
answer
What can Task Manager tell you about performance?
question
quick glance
answer
Task Manager is not a definitive performance tool because it gives you what kind of look at computer performance?
question
process
answer
What term describes an instance of a program being executed?
question
services and processes
answer
Resource Monitor is a powerful tool for understanding how your system resources are used by what two system consumers?
question
targets
answer
What are DFS Namespace shared folders referred to in relation to the virtual folders?
question
where the namespaces are stored
answer
What is the primary difference between domain-based namespace and stand-alone namespace?
question
5,000
answer
The default namespace mode is Windows Server 2008, which supports up to 50,000 folders. How many folders does using non-Windows Server 2008 provide?
question
referral
answer
What term is defined as "an ordered list of servers or targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or a DFS folder with targets"?
question
NTFS and shared folder permissions
answer
How do you secure DFS Namespaces?
question
additional storage space required
answer
What is the primary disadvantage of DFS Replication?
question
It replicates deleted, changed, and corrupted files.
answer
DFS Replication does not replace the need for backups because of what feature of replication?
question
full mesh
answer
By default, replication groups use what type of topology to replicate to all members of the group?
question
hub/spoke
answer
Which replication topology is more efficient than the default replication topology and allows you to set bandwidth, timing, and directionality to your configuration?
question
remote differential compression (RDC)
answer
What compression algorithm does Microsoft use to limit the amount of bandwidth used in DFS Replication?
question
last-writer wins
answer
What type of resolution model does DFS Replication use to resolve simultaneous-write conflicts?
question
660 MB
answer
What is the default quota size of the Conflict and Deleted folder?
question
staging folder
answer
What type of special cache folder does each replication folder use to hold files ready to be replicated?
question
remote differential compression (RDC)
answer
If you want to save on CPU and disk I/O but consume more network bandwidth for replication, which DFS feature can you disable?
question
Change share permissions. AND Disable one of the connections.
answer
What can you do to change bidirectional replication into unidirectional? (Choose two.)
question
role
answer
What type of service is the Windows File Server Resource Manager?
question
It limits the number of gigabytes allocated to a volume or folder.
answer
What effect does using quotas in File Server Resource Manager have?
question
the entire folder and its subtree
answer
Placing a quota limit on a folder applies that limit to what part of the folder?
question
quota template
answer
When you create quotas, you are recommended to use what built-in feature to assist you?
question
File Screening
answer
What technology did Microsoft develop to combat the storage of storage-using and potentially illegal files on corporate servers?
question
Active
answer
Which screening technique prevents a user from saving defined unauthorized files?
question
file screen exception
answer
Some exemptions might be required for certain groups to store otherwise restricted file types. What type of exemption can you set up on folders?
question
templates
answer
What feature can you use to simplify the management of file screens?
question
Storage Reports
answer
What FSRM feature can you use to show the state of file server volumes, quotas, and disallowed files?
question
Simple Mail Transfer Protocol
answer
What does the acronym SMTP stand for?
question
Administrators
answer
What group must you be a member of to enable SMTP?
question
C:StorageReportsScheduled
answer
By default, where are storage reports saved?
question
To allow you to archive unused files
answer
You can generate several different reports from FSRM. One of them gives you a list of Least Recently Accessed Files. What would be the purpose of that report?
question
apply the template to all derived file screens
answer
When you change a file template and save the changes, you have the option to do which one of the following?
question
to notify users that they have reached the quota limit
answer
What is the purpose of setting soft quotas?
question
unreadable
answer
Encryption is the process of converting data into what kind of format?
question
encrypted
answer
After a file has been encrypted, it is stored in what format?
question
decryption
answer
An encrypted file can be converted back to its original format by a process known as what?
question
symmetric
answer
Single-key encryption is also known as what kind of encryption?
question
two
answer
Public-key cryptography uses how many keys?
question
safe
answer
What's the status of your data if someone has your public key?
question
to store passwords in a non-readable format
answer
What is one purpose of using hash function encryption?
question
80
answer
What key length is considered to be minimally strong for encryption algorithms?
question
They're encrypted with the parent folder.
answer
What happens to files and subfolders within an EFS encrypted folder?
question
folder
answer
You can encrypt individual files, but Microsoft recommends encrypting at what level?
question
attribute
answer
EFS encryption is what type of feature that can be enabled or disabled at will, similar in effect to read-only, compression, or hidden?
question
The new files become encrypted.
answer
What happens if you move unencrypted files into an encrypted folder?
question
cipher.exe
answer
If you're a command-line user, what command will encrypt files and folders?
question
Trusted Platform Module
answer
What built-in computer hardware feature makes BitLocker Drive Encryption far more secure than other forms of folder or file-based encryption?
question
servers
answer
On what type of computer is BitLocker not commonly used?
question
to verify a user's identity
answer
Authentication is used for what purpose?
question
to grant access to a user
answer
Authorization is used for what purpose?
question
recording user's actions
answer
Auditing is used for what purpose?
question
High levels of auditing can affect system performance.
answer
Why is choosing what to audit, instead of auditing everything that a user does, a good idea?
question
56
answer
Before Windows 2008 R2, only nine basic audit settings existed. Windows Server 2012 introduces a total of how many audit subsettings?
question
so that you can focus on important audit items
answer
What is the purpose of implementing new audit subsettings?
question
Audit policies might cause conflicts or erratic behavior.
answer
Why should you avoid using basic audit policy settings and advanced audit policy settings together?
question
AuditPol.exe
answer
Which command do you use to manage auditing at the command prompt?
question
in Security logs in Event Viewer
answer
Where can you view audit events?
question
Global Object Access Auditing
answer
Which auditing feature allows you to define computer-wide system access control lists for the file system or the registry?
question
Removable Storage Access
answer
By using what type of policy can you track, limit, or deny a user's ability to use removable storage devices such as USB drives in Windows Server 2012?
question
Group Policy Editor
answer
Which utility do you use to access advanced audit policy settings?
question
Logon/Logoff
answer
What type of audit event notifies you that an account failed to log on?
question
Privilege Use
answer
Shutting down the system is an example of what kind of audit event?
question
audit.csv
answer
When resetting audit settings back to basic mode, what file must you remove as part of the process?
question
IP addresses
answer
The Domain Name System (DNS) works much like a phone book to associate URLs (names) with what kinds of numbers?
question
53
answer
Which TCP/UDP port does the DNS service use to communicate?
question
Fully Qualified Domain Name
answer
What does the acronym FQDN stand for?
question
sales.microsoft.com
answer
Which one of the following is an example of an FQDN?
question
hierarchical distributed
answer
What type of structure does DNS have?
question
.net
answer
Which of the following is an example of a top-level domain?
question
blah.com
answer
Which of the following is an example of a second-level domain?
question
host
answer
A specific, individual computer or other network device in a domain is known as what?
question
DNS resolver
answer
What is another term for DNS client?
question
forward lookup zone
answer
Which type of DNS zone resolves host names to IP addresses?
question
multi-master
answer
By using the Active Directory's integrated zone, DNS follows what kind of model?
question
fault tolerance
answer
What is one of the primary advantages to using Active Directory to store DNS information?
question
They allow you to break up larger domains into smaller, more manageable ones.
answer
What is one advantage of subdomains?
question
necessary resource entries
answer
A stub zone is a zone copy that contains only what type of records?
question
It speeds DNS queries by building a DNS request cache.
answer
What is the primary advantage of a caching-only DNS server?
question
canonical name or CNAME
answer
What is another designation for an Alias?
question
the zone serial number
answer
A Start of Authority record specifies what kind of information about a zone?
question
a CNAME record
answer
If you have a server named server1.blah.com, want to use it as your web server, and have requests point to www.blah.com, what kind of DNS record would you create?
question
reverse lookup zones
answer
Before creating PTR records, what DNS objects must you create?
question
the length of time a record remains in DNS cache
answer
What does Time to Live (TTL) mean in DNS parlance?
question
balanced
answer
Round-robin DNS is a term that refers to what kind of distribution mechanism for DNS responses to queries?
question
ipconfig /all
answer
Which command do you use to verify local DNS settings?
question
It places you into nslookup's interactive mode.
answer
What does issuing the nslookup command with no parameters do on your system?
question
SOA record
answer
Which DNS record contains the serial number for the zone?
question
AD server
answer
Which of the following is an example of an SRV record?
question
delete resource records
answer
You can use the dnscmd command to create zones. What other tasks can you perform with it?
question
maps a host name to a single IPv6 address
answer
If an A record maps a host name to an IP address, what does an AAAA record do?
question
nslookup 192.168.1.50
answer
Which one of the following is correct for querying a PTR record?
question
Execute ipconfig /registerdns.
answer
How can you force a system to update its DNS record?
question
The PTR record doesn't exist.
answer
If you issue the command nslookup 192.168.1.50 and get no response, but then issue nslookup server1 and receive 192.168.1.50 as a response, what do you know is wrong?
question
They no longer supply acceptable bandwidth.
answer
Why are phone lines and ISDN not used today for remote access services (RAS)?
question
two network interface cards
answer
What special hardware configuration should a RAS server have?
question
for enhanced security
answer
Why would you set Verify Caller ID on a remote dial-up connection for a user?
question
Create and distribute an executable file that contains all the settings.
answer
What is the most efficient way to deploy VPN (virtual private network) configurations to hundreds of users?
question
if your users have laptop computers and work from home or office
answer
When would you want to use a split tunnel for users?
question
encapsulation
answer
What term is defined as private data placed in a packet with a header containing routing information that allows the data to traverse a transit network, such as the Internet?
question
You can't ping that interface.
answer
What is the result of enabling security on the RRAS interface in your RAS server?
question
VPN traffic is encrypted.
answer
Why use a VPN for client-to-server connections over the Internet?
question
by cryptographic checksum
answer
How is data verified when transferred through the Internet?
question
PPTP
answer
Of the four VPN tunneling protocols, which has the weakest encryption?
question
PAP
answer
Which authentication method is weakest (least secure)?
question
MS-CHAPv2
answer
Which authentication protocol allows you to change an expired password during the connection process?
question
IKEv2
answer
Which VPN protocol provides constant connectivity?
question
for light traffic on small networks
answer
When is it appropriate to use Windows Server 2012 as a router between two networks?
question
through the use of RIP
answer
How are routing tables created dynamically?
question
Windows 7/Windows Server 2008 R2
answer
DirectAccess was introduced with which workstation/server pair?
question
bi-directional
answer
What kind of connectivity does DirectAccess establish between workstation and server?
question
web
answer
What type of server is the network location server (NLS)?
question
Intra-Site Automatic Tunnel Addressing Protocol
answer
What does the acronym ISATAP stand for?
question
Remote Access Management Console
answer
What utility do you use to configure DirectAccess?
question
two consecutive public IP addresses
answer
Windows Server 2012 varies from the Windows Server 2008 R2 implementation in that it does not require which one of the following?
question
The DirectAccess server must be part of an Active Directory domain.
answer
What is the most basic requirement for a DirectAccess implementation?
question
IP-HTTPS
answer
If the client cannot reach the DirectAccess server using 6to4 or Teredo tunneling, the client tries to connect using what protocol?
question
shows the NRPT rules as configured on the group policy
answer
What does the netsh namespace show policy command do?
question
determines the results of network location detection and the IPv6 addresses of the intranet DNS servers
answer
What does the netsh namespace show effectivepolicy command do?
question
seamless and always on
answer
What kind of connectivity does DirectAccess provide between client computers and network resources?
question
Internet
answer
DirectAccess is for clients connected to which network?
question
computer and user credentials
answer
How do the DirectAccess server and DirectAccess client authenticate each other?
question
Windows Server 2008
answer
Which one of the following operating systems may not act as a DirectAccess client?
question
an AD domain
answer
In addition to meeting operating system requirements, a DirectAccess client must be a member of what?
question
a RADIUS proxy server
answer
What kind of RADIUS server is placed between the RADIUS server and RADIUS clients?
question
authorization
answer
What process determines what a user is permitted to do on a computer or on a network?
question
Network Policy Server
answer
What is a RADIUS server known as in Microsoft parlance?
question
1812 and 1813
answer
Which ports do Microsoft RADIUS servers use officially?
question
the NPS server
answer
When an access client contacts a VPN server or wireless access point, a connection request is sent to what system?
question
the access server
answer
Which system, in a RADIUS infrastructure, handles the switchboard duties of relaying requests to the RADIUS server and back to the client?
question
an Accounting-Response to the access server
answer
What is the final step in the authentication, authorization, and accounting scenario between an access client and the RADIUS server?
question
RADIUS server
answer
To configure RADIUS service load balancing, you must have more than one kind of what system per remote RADIUS server group?
question
priority
answer
Which parameter specifies the order of importance of the RADIUS server to the NPS proxy server?
question
templates
answer
Using what feature can streamline the creation and setup of RADIUS servers?
question
the type of service and the user it's delivered to
answer
What information does the Accounting-Start message contain?
question
the RADIUS accounting server
answer
Which system is the destination for Accounting-Start messages?
question
certificate
answer
What type of NPS authentication is recommended over password authentication?
question
Usernames and passwords are sent in plain text.
answer
Why is password-based authentication not recommended?
question
a certificate authority
answer
Where do you get certificates for authentication purposes?
question
who, when, and how
answer
An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?
question
group membership
answer
Which variable can be set to authorize or deny a remote connection?
question
RADIUS
answer
The default connection request policy uses NPS as what kind of server?
question
locally
answer
Where is the default connection policy set to process all authentication requests?
question
how IP addresses are assigned
answer
What is the last setting in the Routing and Remote Access IP settings?
question
netsh
answer
What command-line utility is used to import and export NPS templates?
question
XML
answer
To which type of file do you export an NPS configuration?
question
when the source NPS database has a higher version number than the version number of the destination NPS database
answer
When should you not use the command-line method of exporting and importing the NPS configuration?
question
who is authorized to connect AND the connection circumstances for connectivity
answer
Network policies determine what two important connectivity constraints?
question
constraints
answer
When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _______________ that have been configured for the policy.
question
denies
answer
If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?
question
Shared Secrets AND Health Policies AND RADIUS Clients
answer
Identify the correct NPS templates. Select all that apply.
question
Client May Request an IP Address AND Server Must Supply an IP Address
answer
Which two of the following are Routing and Remote Access IP settings?
question
Server Settings Determine IP Address Assignment
answer
Which Routing and Remote Access IP setting is the default setting?
question
MPPE 128-Bit
answer
Which of the following is the strongest type of encryption?
question
a computer's overall health
answer
Network Access Protection (NAP) is Microsoft's software for controlling network access of computers based on what?
question
NPS, NPS
answer
Because NAP is provided by _________, you need to install _________ to install NAP.
question
IPv6
answer
DHCP enforcement is not available for what kind of clients?
question
Anti-virus/anti-malware servers AND Software update servers
answer
Identify two remediation server types.
question
read-only
answer
What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?
question
isolation
answer
When you fully engage NAP for remediation enforcement, what mode do you place the policy in?
question
netsh nap client show state
answer
To verify a NAP client's configuration, which command would you run?
question
Security Center AND NAP Agent
answer
Which two components must a NAP client have enabled in order to use NAP?
question
to provide user information in case of a compliance failure
answer
Why do you need a web server as part of your NAP remediation infrastructure?
question
the NAP Server Event Viewer
answer
Where do you look to find out which computers are blocked and which are granted access via NAP?
question
NAP-compliant AND NAP-noncompliant
answer
Health policies are in pairs. What are the members of the pair? Select two.
question
the computers are running Windows Update
answer
You should restrict access only for clients that don't have all available security updates installed if what situation exists?
question
The computer is isolated.
answer
What happens to a computer that isn't running Windows Firewall?
question
network policies AND connection request policies
answer
Health policies are connected to what two other policies?
question
pass all SHV checks
answer
To use the NAP-compliant policy, the client must do what?
question
locally connected computers
answer
Which computers are not affected by VPN enforcement?
question
NTLM
answer
What is the default authentication protocol for non-domain computers?
question
NT LAN Manager
answer
What does the acronym NTLM stand for?
question
sending a password to the server
answer
NTLM uses a challenge-response mechanism for authentication without doing what?
question
a secure network authentication protocol
answer
What type of protocol is Kerberos?
question
secret key
answer
Kerberos security and authentication are based on what type of technology?
question
5 minutes
answer
What is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly?
question
service class, host name, and port number
answer
Which three components make up a service principal name (SPN)?
question
The client receives an access denied error.
answer
What happens if a client submits a service ticket request for an SPN that does not exist in the identity store?
question
ADSI Edit
answer
Which tool can you use to add SPNs to an account?
question
Domain Administrator privileges AND the editor runs from the domain controller
answer
What are the two restrictions for adding SPNs to an account?
question
setspn
answer
Identify another utility that you can use to add SPNs to an account.
question
service
answer
What type of account is an account under which an operating system, process, or service runs?
question
using strong passwords AND granting the least rights possible
answer
When creating accounts for operating systems, processes, and services, you should always configure them with what two things in mind?
question
automatic password management AND simplified SPN management
answer
Name two benefits to using Managed Service Accounts (MSAs).
question
group MSAs
answer
By default, which service accounts will the Windows PowerShell cmdlets manage?
question
Active Directory database
answer
The domain controllers are the computers that store and run the _______________.
question
one
answer
How many PDC Emulators are required, if needed, in a domain?
question
You have a single domain.
answer
You do not place the infrastructure master on a global catalog server unless what situation exists?
question
schema
answer
When you add attributes to an Active Directory object, what part of the domain database are you actually changing?
question
Operations Master
answer
Which Active Directory object is defined as a specialized domain controller that performs certain tasks so that multi-master domain controllers can operate and synchronize properly?
question
at least two
answer
How many global catalogs are recommended for every organization?
question
Install Active Directory Domain Services (AD DS). AND Execute dcpromo from Server Manager.
answer
What two things must you do to a Windows Server to convert it to a domain controller?
question
in a remote site
answer
Where are you most likely to see a Read-Only Domain Controller (RODC)?
question
seize schema master AND seize PDC
answer
Which of the following commands issued at the fsmo maintenance prompt would successfully seize the role of an Operations Master Holder? Select all that apply.
question
Windows Server 2012
answer
Beginning with which server version can you safely deploy domain controllers in a virtual machine?
question
sysprep
answer
What utility must you run on a cloned system to ensure that the clone receives its own SID?
question
writable domain controller
answer
Which type of system must you connect to and use to make changes to Active Directory?
question
Windows Server 2003
answer
Which version of Windows Server introduced incremental universal group membership replication?
question
domain local groups, global groups, and universal groups
answer
What are the three types of groups in a domain?
question
logon AND object searches AND universal group membership
answer
The global catalog stores a partial copy of all objects in the forest. What are the reasons for keeping that partial copy? Select all that apply.
question
It exports/imports Active Directory information.
answer
What function does the CSVDE tool perform?
question
nonauthoritative
answer
If a single domain controller's AD database becomes corrupt, which type of restore should you perform on it?
question
DSRM
answer
To perform an authoritative restore, into what mode must you reboot the domain controller?
question
a unique identifier for a snapshot
answer
What is a GUID?
question
the Active Directory Recycle Bin
answer
What utility first appeared in Windows Server 2008 R2 that allows you to undelete Active Directory containers and objects?
question
every 12 hours
answer
By default, how often does Active Directory "garbage collection" occur?
question
Reset the user's password.
answer
After you undelete a user account with the LDP utility, what action do you need to perform?
question
low-level database corruption
answer
In interactive mode, what aspect of AD can you check with the ntdsutil integrity command?
question
Uninstall Active Directory Domain Services.
answer
What is the proper procedure for removing a domain controller from Active Directory?
question
metadata cleanup
answer
Which of the following ntdsutil commands cleans up metadata?
question
its distinguished name
answer
To perform an authoritative restore of an object or subtree, what bit of information do you need to know about the object?
question
a reference to an attribute within another object
answer
When you do an authoritative restore process, a back-links file is created. What is a back-links file?
question
You have to enable the AD Recycle Bin. AND You have to set the AD forest to Windows Server 2008 R2 or higher.
answer
Before you can use the Active Directory Recycle Bin, what two actions do you have to perform?
question
Restartable Active Directory Domain Services
answer
Windows Server 2012 introduces a new time-saving feature when performing tasks such as AD defragmentation. What is that feature?
question
ntdsutil
answer
Which utility do you use to defragment Active Directory?
question
history AND length AND complexity AND age
answer
What are examples of password policies? Select all that apply.
question
security
answer
Why primarily are account lockout policies put into place?
question
24
answer
What is the default setting for password history?
question
7
answer
What is the default minimum password length in characters?
question
domain administrators
answer
By default, who has read/write capability to the Default Domain Policy?
question
Assign the PSOs to a global security group and add users to the group.
answer
How should you assign Password Settings objects (PSOs) to users?
question
centralized management
answer
What is the primary advantage of using Group Policies in a domain environment?
question
editing local security policies
answer
What is the secpol.msc utility used for?
question
how many days a user must wait before a password reset
answer
What does the minimum password age setting control?
question
because administrator accounts carry more security sensitivity than users do
answer
Why should administrator passwords change more often than user passwords?
question
0 to 24
answer
What is the range of password history settings?
question
Start with a sentence and then add numbers and special characters.
answer
What is an easy method of creating a strong password?
question
It means that passwords never expire, which is a major security problem. AND It means that you've disabled password aging.
answer
Why is a setting of 0 for maximum password age not a good idea? Check all that apply.
question
Password Policy AND Account Lockout Policy AND Kerberos Policy
answer
Account policies contain various subsets. Which of the following are legitimate subsets of account policies? Check all that apply.
question
Default Domain Policy
answer
Which feature affects all users in the domain, including domain controllers?
question
Local group policy, Site, Domain, OU
answer
In which order are Group Policy objects (GPOs) processed?
question
600 seconds
answer
What is the default timeout value for GPOs to process on system startup?
question
Processing is hidden from the user.
answer
GPOs are processed on computer startup and after logon. Why is the user never aware of the processing?
question
The computer establishes a secure link to the domain controller.
answer
What is the first step in the GPO processing order?
question
inheritance
answer
The downward flow of group policies is known as what feature of GPOs?
question
by precedence
answer
If a site, domain, or OU has multiple GPOs, how are the group policies processed?
question
security group filter AND WMI filter
answer
Which two filters can you use to control who or what receives a group policy?
question
Allow Read AND Allow Apply
answer
For users to receive GPO settings, they must have which two permissions to the GPO?
question
Apply Group
answer
By default, which GPO permissions are all authenticated users given?
question
when the policy is processed
answer
At what point are WMI filters evaluated?
question
2003
answer
To use WMI filters, you must have one domain controller running which version of Windows Server or higher?
question
one
answer
How many WMI filters can be configured for a GPO?
question
loopback
answer
What kind of group policies should you enable for student computers?
question
to analyze the cumulative effect of GPOs AND for GPO troubleshooting
answer
What is the primary purpose of running the Group Policy Results Wizard? Check all that apply.
question
Windows 7 AND Windows 8
answer
Which of the following operating systems can have its security settings managed by using security templates? Select all that apply.
question
using Active Directory GPOs AND using the Security Configuration and Analysis snap-in
answer
Which two of the following methods can you use to deploy security templates?
question
the ADM format for newer operating systems
answer
What is an ADMX file?
question
a repository for Administrative Templates
answer
What is the Central Store?
question
Keyword Filters AND Requirements Filters
answer
Which of the following are legitimate Administrative Template Property Filters? Select all that apply.
question
Windows Installer
answer
What is the name of the software component used for installation, maintenance, and removal of software on Windows?
question
.msi
answer
What is the filename extension for the files in which installation information is stored?
question
They deploy customized software installation files
answer
What are MST files used for?
question
Convert it to an MSI file
answer
Windows Installer cannot install .exe files. To distribute a software package that installs with an .exe file, what must you do to it?
question
System Services AND Registry Permissions AND File System Permissions
answer
The Security template allows you to configure which of the following settings? Select all that apply.
question
C:WindowsPolicyDefinitions
answer
Where is the default location for ADMX files?
question
Not Configured AND Enabled AND Disabled
answer
Identify all possible states of an Administrative Template.
question
XML
answer
What language are ADMX files based on?
question
in individual GPOs
answer
Unlike ADM files, ADMX files are not stored where?
question
in the SYSVOL directory
answer
Where is the Central Store located?
question
domain administrators
answer
Which domain users are automatically granted permissions to perform Group Policy Management tasks?
question
if they've become corrupted AND if someone deleted one of the policies
answer
Why would you ever want or need to reset the domain policy and the domain controller policy to the default settings? Select all that apply.
question
Allow Read AND Allow Apply
answer
A user must have which two existing permissions for new permissions to be applied to their accounts for GPO delegation?
question
Disallow Apply
answer
If you don't want a GPO to apply, which group policy permission do you apply to a user or group?
question
that all User Rights Assignments will be replaced
answer
When you're about to reset domain policy and domain controllers policy back to default with the dcgpofix.exe command, what final warning are you given before you accept the change?
question
Group Policy Management Editor
answer
Which utility do you use to create GPO preferences?
question
F6
answer
For GPP editing states, which key do you use to toggle Enable Current?
question
Select the Stop processing items option on the Common tab.
answer
How do you stop processing a preference if an error occurs?
question
Registry
answer
Which Windows extension allows you to copy registry settings and apply them to other computers? create, replace, or delete registry settings?
question
.ini files
answer
Which Windows extension allows you to add, replace, or delete sections or properties in configuration settings or setup information files?
question
? AND *
answer
To copy, replace, update, or delete files, you can use wildcard characters. Which wildcard characters can you use? Select all that apply.
question
Shortcut AND Drive Maps
answer
If you need to provide users access to a common network location, which GPP would you use? Select all that apply.
question
GPP Client-Side Extensions
answer
To support GPPs on older Windows versions (Server and Workstation), you have to install what component from Microsoft?
question
the Registry Wizard
answer
Which component allows you to create multiple Registry preference items based on registry settings that you select?
question
computer name AND CPU speed
answer
Which of the following are possible targets for individual preferences? Select all that apply.
question
item-level targeting
answer
Which term describes changing the scope of individual preference items so that the preference items apply only to selected users or computers?
question
Windows Firewall applet AND Documents folder AND Microsoft Excel AND Printer
answer
Which items can you configure shortcuts to in performing GPP deployments? Select all that apply.
question
Registry AND Shortcuts AND Folders
answer
Windows Settings has multiple preference extensions. Identify all that apply.
question
Replace AND Delete
answer
When working with Network Drive Mapping Preferences, which preference behaviors delete drive mappings? Select all that apply.
question
2008 AND 2008 R2 AND 2012
answer
GPP can be configured on domain controllers running which version of Windows Server? Select all that apply.