Chapter 18-19 Test Review
Unlock all answers in this set
Unlock answersquestion
What service works with Group Policy to install, upgrade, patch, or remove software applications?
answer
Windows Installer
question
What is required to prepare applications with an approval stamp from Microsoft on its packaging, including the Certified for Windows Server 2012 logo, for Windows Installer?
answer
Nothing—the application is Windows Installer-enabled
question
When configuring a GPO to deploy a software package, what is the difference between assigning and publishing the application?
answer
Assigning forces the application, whereas publishing provides the option to install.
question
After deploying software by GPO using the Published option, where is the package made available for the user?
answer
Windows Control Panel
question
After deploying software by GPO using the Assigned option, where is the package made available for the user?
answer
Start menu or desktop
question
When configuring software restriction policies, there are four rules that help determine the programs that can or cannot run. Select which of the following is NOT one of those rules.
answer
File location rule
question
Not all software on the market provides .msi support. What is your best option to use Windows Installer to assign and publish the software?
answer
Repackage the software for Windows Installer.
question
What is AppLocker also known as?
answer
Application control policies
question
In what Group Policy objects container are AppLocker settings located?
answer
Computer ConfigurationWindows SettingsSecurity SettingsApplication Control PoliciesAppLocker
question
What Windows versions support the use of AppLocker polices, which poses a disadvantage compared to using software restriction policies?
answer
Windows 7 and Windows Server 2008 R2 or later
question
How does AppLocker handle all executables, installer packages, and scripts by default?
answer
AppLocker blocks all by default, except for those specified in Allow rules.
question
What service does AppLocker require running to function properly?
answer
Application Identity
question
What are the three default security levels within software restriction policies?
answer
Unrestricted, Disallowed, and Basic User
question
Unrestricted, Disallowed, and Basic User are the three default security levels of ----.
answer
software restriction policies
question
What is the greatest advantage of AppLocker over software restriction policies?
answer
You can create rules automatically.
question
What service uses the three file types: .msi, .mst, and .msp?
answer
Windows Installer
question
What's a best practice precautionary step regarding compatibility before distributing applications to all users?
answer
Testing them, separately, and all together
question
The functionality of __________ depends on the rules that identify software, followed by the rules that govern its usage.
answer
software restriction policies
question
After you create a new software restriction policy, what folder enables you to create rules that specify the conditions under which programs can be executed or denied?
answer
Additional Rules folder
question
If a software package is set as Assigned, the option to Install This Application At Logon is available. This option enables the application to be installed immediately, rather than advertised on the Start menu. However, when should this method be avoided?
answer
If users have slow links between their workstations and the software distribution point
question
What is the most common way to implement software restriction policies?
answer
Linking Group Policy objects to Active Directory Domain Services containers, so that you can apply their policy settings to several computers simultaneously
question
You want to deploy software using Group Policy. What is necessary before assigning the software to a user account?
answer
You must create a distribution share, also called a software distribution point. Then create the Group Policy Object, specifying how to deploy the application.
question
When installing software using Group Policy, what file or files does an administrator use?
answer
Windows Installer package files, or .msi files—modifications to the package files require transform files, or .mst files. Further, patch files are designated as .msp files.
question
Software restriction relies on four types of rules to specify which programs can or cannot run. What type uses a digital certificate to confirm its legitimacy?
answer
Certificate
question
Software restriction relies on four types of rules to specify which programs can or cannot run. What type identifies software by its directory where the application is stored in the file system?
answer
Path
question
Software restriction relies on four types of rules to specify which programs can or cannot run. What type relies on a value generated by an algorithm that creates a fingerprint of the file, which makes it impossible for another program to have the same value?
answer
Hash
question
Software restriction relies on four types of rules to specify which programs can or cannot run. What type enables Windows Installer packages to be installed only if they come from a trusted area of the network?
answer
Network zone
question
Firewall rules function in two ways: admit all traffic, except that which conforms to the applied rules, and secondly, block all traffic, except that which conforms to the applied rules. How does the Windows Firewall work for inbound traffic and for outbound traffic?
answer
Inbound—block all. Outbound—permit all
question
What does a firewall protect your company against?
answer
Network intrusion attempts, such as a denial of service attack
question
Windows Firewall uses three profiles to represent the type of network to which the server is connected. What are the three profiles?
answer
Domain, private, and public
question
For the Windows Firewall private profile, what type of network is expected?
answer
An internal network that is not accessible by unauthorized users
question
What does the term "filter" refer to in the Windows Firewall With Advanced Security console?
answer
The ability to display inbound or outbound rules according to a profile
question
If a user attempts to use an Internet-based e-mail account, how will Windows Firewall respond?
answer
The firewall does not block client-initiated network traffic by default.
question
What tool offers more flexibility in creating rules compared with the Windows Firewall interface under Control Panel?
answer
Windows Firewall With Advanced Security snap-in for the Microsoft Management console
question
In the Windows Firewall With Advanced Security console, while creating a new rule, the Program page specifies whether the ______.
answer
rule applies to all programs, to one specific program, or to a specific service
question
By exporting the Windows Firewall policy, you have a file with a .wfw extension that contains _____.
answer
all its rules, including the preconfigured rules and the ones you have created or modified
question
If an administrator wants to enable the "Block all incoming connections, including those in the list of allowed apps" setting, to which of the firewall profiles does it apply?
answer
Public, private, and domain
question
Windows Firewall allows an administrator to import and export firewall rules. What are the rules' file extension?
answer
.wfw
question
What is the typical incoming port number for a web server?
answer
80
question
You can configure the Windows Firewall to allow or block specific _________.
answer
ports, protocols, applications, users, and IP address ranges
question
What GPO node presents the interface with which to configure Windows Firewall properties?
answer
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsWindows Firewall with Advanced Security
question
Which of the three Windows Firewall profiles is most appropriate for a library kiosk?
answer
Public
question
Which of the three Windows Firewall profiles is most appropriate for a company file and print server?
answer
Private
question
Which of the three Windows Firewall profiles is most appropriate for a company domain controller?
answer
Domain
question
Which of the three firewall profiles will turn on the firewall by default?
answer
All three: domain, private, and public
question
A firewall is essentially a series of _____ that examine the contents of packets and the traffic patterns to and from the network to determine which packets they should allow to pass through.
answer
filters
question
What is the primary objective of a firewall?
answer
To permit traffic in and out for legitimate users, and to block the rest
question
In Windows Firewall Customized Settings, there are three profiles (public, private, and domain). What differentiates these profiles from each other?
answer
Public is for servers accessible to temporary users. Private is for servers on an internal network. Domain is for servers in which users are all authenticated.
question
When creating a firewall exception, what is the difference between opening a port and allowing an application through?
answer
Allowing an application opens the specified port only while the program is running, and thus is less risky.
question
Windows Firewall allows you to create inbound, outbound, and connection security rules for individual servers or systems. How can you do this for multiple systems?
answer
You can create a new Group Policy Object and you can import settings from a policy file created earlier. Then deploy the GPO to other systems on the network.
question
What parameter in the Windows Firewall New Inbound Rule Wizard specifies the IP address range of local and remote systems to which the rule applies?
answer
Scope
question
What parameter in the Windows Firewall New Inbound Rule Wizard specifies the exact type of traffic at the network or transport layer, which the firewall can block or allow?
answer
Protocol and Ports
question
What parameter in the Windows Firewall New Inbound Rule Wizard specifies what the firewall should do when a packet matches the rule?
answer
Action
question
What parameter in the Windows Firewall New Inbound Rule Wizard specifies whether the rule applies to all programs, to one specific program, or to a specific service?
answer
Program
