Final: 70-411 Chapter: Chapters 1-22 – Flashcards
320 test answers
Unlock all answers in this set
Unlock answers 320question
It removes a system's name and SID.
answer
What function does the System Preparation Utility (Sysprep.exe) perform on a system?
Unlock the answer
question
answer files
answer
What type of XML file do you need to create and add information to when performing an unattended operating system installation via WDS?
Unlock the answer
question
offline
answer
How do you mount a Windows image using Dism.exe so that you can update it?
Unlock the answer
question
dynamic driver provisioning
answer
Which feature of Windows Server allows you to add driver packages to WDS and then deploy them?
Unlock the answer
question
Windows 8
answer
Windows PE 4.0 is based on which operating system?
Unlock the answer
question
BIOS
answer
Where in a system do you configure PXE?
Unlock the answer
question
DHCP
answer
The initial configuration of WDS includes setup of what other server?
Unlock the answer
question
It presents the Windows Welcome Wizard on the next boot.
answer
When using sysprep on the master computer, why do you include the /oobe parameter?
Unlock the answer
question
on bootable media
answer
Where do you place a discover image to ensure proper deployment?
Unlock the answer
question
Windows Assessment and Deployment Kit (ADK)
answer
To convert a discover image to a bootable ISO image, what non-included component do you need to download and install?
Unlock the answer
question
System Image Manager (SIM)
answer
What Microsoft tool do you use to create and manage Windows setup answer files?
Unlock the answer
question
out-of-band patches
answer
What kind of updates are released on an as-required basis and are not part of the standard release cycle?
Unlock the answer
question
Be sure that you have a good backup.
answer
What critical step you should perform before applying patches or updates?
Unlock the answer
question
small
answer
Windows Updates, especially the Automatic Updates feature of Windows Updates, are for what kind of environments?
Unlock the answer
question
Distributed and Central
answer
You can configure Windows Server Update Service (WSUS) in one of two modes: Autonomous or Replica. Autonomous provides one type of management and Replica provides another. What are the two management types?
Unlock the answer
question
8530
answer
What is the default port number for WSUS synchronization?
Unlock the answer
question
Client-side and Server-side targeting
answer
What two ways can you assign computers to groups in WSUS?
Unlock the answer
question
Test the updates on your own systems before approving for rollout.
answer
WSUS allows you to automatically approve every update, but you shouldn't necessarily do that. What should you do before approving updates to be installed?
Unlock the answer
question
net start wuauserv
answer
Which of the following is the proper method of starting the Windows Update service?
Unlock the answer
question
the SCCM agent
answer
To get the full capability of SCCM, which component must you install on each system on your network?
Unlock the answer
question
It is a tested, cumulative set of hotfixes, security updates, critical updates, and updates, as well as additional fixes for problems found internally since the release of the product.
answer
What is the definition of a service pack?
Unlock the answer
question
Internet Explorer proxy settings
answer
If Windows Update fails to retrieve updates, what should you check first?
Unlock the answer
question
speed and load between sites and the number of clients
answer
The number of WSUS servers you need is determined by the number of sites you have and what two other factors?
Unlock the answer
question
another WSUS server on your network
answer
WSUS can retrieve updates directly from Microsoft or from what other source?
Unlock the answer
question
All Computers
answer
By default, to which computer group are computers assigned in WSUS?
Unlock the answer
question
one
answer
Other than the default computer group, how many other groups may a computer be assigned to in WSUS?
Unlock the answer
question
Two minutes
answer
When you set a service to start automatically with delayed start, how long is the delay?
Unlock the answer
question
minimal
answer
When creating service accounts, you should follow the rule of what type of rights and permissions?
Unlock the answer
question
Use separate accounts for both services.
answer
If you install SQL Server and a third-party backup service on the same system, what rule should you follow when creating service accounts?
Unlock the answer
question
Save useful event filters as custom views that can be reused.
answer
Which of the following tasks does the Event Viewer MMC snap-in allow you to perform?
Unlock the answer
question
log viewer
answer
The Event Viewer is essentially what kind of tool?
Unlock the answer
question
Send an email, start a program, and display a message.
answer
What types of tasks can you add to events?
Unlock the answer
question
event subscription
answer
Microsoft's new Event Viewer allows you to collect events from remote computers and store them locally. By what name is this collection of events known?
Unlock the answer
question
event receiving
answer
What function does a computer perform when it's issued the command wecutil qc?
Unlock the answer
question
Stability Index
answer
The Reliability Monitor provides a range of numbers to help you evaluate the reliability of a computer. What is the name of this range of numbers?
Unlock the answer
question
Enable the Reliability Monitor.
answer
What do you need to do if you run the Reliability Monitor but it is blank?
Unlock the answer
question
during normal usage
answer
To examine performance correctly, you must establish a performance baseline. When do you perform this task?
Unlock the answer
question
that you might have a bottleneck
answer
What can Task Manager tell you about performance?
Unlock the answer
question
quick glance
answer
Task Manager is not a definitive performance tool because it gives you what kind of look at computer performance?
Unlock the answer
question
process
answer
What term describes an instance of a program being executed?
Unlock the answer
question
services and processes
answer
Resource Monitor is a powerful tool for understanding how your system resources are used by what two system consumers?
Unlock the answer
question
targets
answer
What are DFS Namespace shared folders referred to in relation to the virtual folders?
Unlock the answer
question
where the namespaces are stored
answer
What is the primary difference between domain-based namespace and stand-alone namespace?
Unlock the answer
question
5,000
answer
The default namespace mode is Windows Server 2008, which supports up to 50,000 folders. How many folders does using non-Windows Server 2008 provide?
Unlock the answer
question
referral
answer
What term is defined as "an ordered list of servers or targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or a DFS folder with targets"?
Unlock the answer
question
NTFS and shared folder permissions
answer
How do you secure DFS Namespaces?
Unlock the answer
question
additional storage space required
answer
What is the primary disadvantage of DFS Replication?
Unlock the answer
question
It replicates deleted, changed, and corrupted files.
answer
DFS Replication does not replace the need for backups because of what feature of replication?
Unlock the answer
question
full mesh
answer
By default, replication groups use what type of topology to replicate to all members of the group?
Unlock the answer
question
hub/spoke
answer
Which replication topology is more efficient than the default replication topology and allows you to set bandwidth, timing, and directionality to your configuration?
Unlock the answer
question
remote differential compression (RDC)
answer
What compression algorithm does Microsoft use to limit the amount of bandwidth used in DFS Replication?
Unlock the answer
question
last-writer wins
answer
What type of resolution model does DFS Replication use to resolve simultaneous-write conflicts?
Unlock the answer
question
660 MB
answer
What is the default quota size of the Conflict and Deleted folder?
Unlock the answer
question
staging folder
answer
What type of special cache folder does each replication folder use to hold files ready to be replicated?
Unlock the answer
question
remote differential compression (RDC)
answer
If you want to save on CPU and disk I/O but consume more network bandwidth for replication, which DFS feature can you disable?
Unlock the answer
question
Change share permissions. AND Disable one of the connections.
answer
What can you do to change bidirectional replication into unidirectional? (Choose two.)
Unlock the answer
question
role
answer
What type of service is the Windows File Server Resource Manager?
Unlock the answer
question
It limits the number of gigabytes allocated to a volume or folder.
answer
What effect does using quotas in File Server Resource Manager have?
Unlock the answer
question
the entire folder and its subtree
answer
Placing a quota limit on a folder applies that limit to what part of the folder?
Unlock the answer
question
quota template
answer
When you create quotas, you are recommended to use what built-in feature to assist you?
Unlock the answer
question
File Screening
answer
What technology did Microsoft develop to combat the storage of storage-using and potentially illegal files on corporate servers?
Unlock the answer
question
Active
answer
Which screening technique prevents a user from saving defined unauthorized files?
Unlock the answer
question
file screen exception
answer
Some exemptions might be required for certain groups to store otherwise restricted file types. What type of exemption can you set up on folders?
Unlock the answer
question
templates
answer
What feature can you use to simplify the management of file screens?
Unlock the answer
question
Storage Reports
answer
What FSRM feature can you use to show the state of file server volumes, quotas, and disallowed files?
Unlock the answer
question
Simple Mail Transfer Protocol
answer
What does the acronym SMTP stand for?
Unlock the answer
question
Administrators
answer
What group must you be a member of to enable SMTP?
Unlock the answer
question
C:StorageReportsScheduled
answer
By default, where are storage reports saved?
Unlock the answer
question
To allow you to archive unused files
answer
You can generate several different reports from FSRM. One of them gives you a list of Least Recently Accessed Files. What would be the purpose of that report?
Unlock the answer
question
apply the template to all derived file screens
answer
When you change a file template and save the changes, you have the option to do which one of the following?
Unlock the answer
question
to notify users that they have reached the quota limit
answer
What is the purpose of setting soft quotas?
Unlock the answer
question
unreadable
answer
Encryption is the process of converting data into what kind of format?
Unlock the answer
question
encrypted
answer
After a file has been encrypted, it is stored in what format?
Unlock the answer
question
decryption
answer
An encrypted file can be converted back to its original format by a process known as what?
Unlock the answer
question
symmetric
answer
Single-key encryption is also known as what kind of encryption?
Unlock the answer
question
two
answer
Public-key cryptography uses how many keys?
Unlock the answer
question
safe
answer
What's the status of your data if someone has your public key?
Unlock the answer
question
to store passwords in a non-readable format
answer
What is one purpose of using hash function encryption?
Unlock the answer
question
80
answer
What key length is considered to be minimally strong for encryption algorithms?
Unlock the answer
question
They're encrypted with the parent folder.
answer
What happens to files and subfolders within an EFS encrypted folder?
Unlock the answer
question
folder
answer
You can encrypt individual files, but Microsoft recommends encrypting at what level?
Unlock the answer
question
attribute
answer
EFS encryption is what type of feature that can be enabled or disabled at will, similar in effect to read-only, compression, or hidden?
Unlock the answer
question
The new files become encrypted.
answer
What happens if you move unencrypted files into an encrypted folder?
Unlock the answer
question
cipher.exe
answer
If you're a command-line user, what command will encrypt files and folders?
Unlock the answer
question
Trusted Platform Module
answer
What built-in computer hardware feature makes BitLocker Drive Encryption far more secure than other forms of folder or file-based encryption?
Unlock the answer
question
servers
answer
On what type of computer is BitLocker not commonly used?
Unlock the answer
question
to verify a user's identity
answer
Authentication is used for what purpose?
Unlock the answer
question
to grant access to a user
answer
Authorization is used for what purpose?
Unlock the answer
question
recording user's actions
answer
Auditing is used for what purpose?
Unlock the answer
question
High levels of auditing can affect system performance.
answer
Why is choosing what to audit, instead of auditing everything that a user does, a good idea?
Unlock the answer
question
56
answer
Before Windows 2008 R2, only nine basic audit settings existed. Windows Server 2012 introduces a total of how many audit subsettings?
Unlock the answer
question
so that you can focus on important audit items
answer
What is the purpose of implementing new audit subsettings?
Unlock the answer
question
Audit policies might cause conflicts or erratic behavior.
answer
Why should you avoid using basic audit policy settings and advanced audit policy settings together?
Unlock the answer
question
AuditPol.exe
answer
Which command do you use to manage auditing at the command prompt?
Unlock the answer
question
in Security logs in Event Viewer
answer
Where can you view audit events?
Unlock the answer
question
Global Object Access Auditing
answer
Which auditing feature allows you to define computer-wide system access control lists for the file system or the registry?
Unlock the answer
question
Removable Storage Access
answer
By using what type of policy can you track, limit, or deny a user's ability to use removable storage devices such as USB drives in Windows Server 2012?
Unlock the answer
question
Group Policy Editor
answer
Which utility do you use to access advanced audit policy settings?
Unlock the answer
question
Logon/Logoff
answer
What type of audit event notifies you that an account failed to log on?
Unlock the answer
question
Privilege Use
answer
Shutting down the system is an example of what kind of audit event?
Unlock the answer
question
audit.csv
answer
When resetting audit settings back to basic mode, what file must you remove as part of the process?
Unlock the answer
question
IP addresses
answer
The Domain Name System (DNS) works much like a phone book to associate URLs (names) with what kinds of numbers?
Unlock the answer
question
53
answer
Which TCP/UDP port does the DNS service use to communicate?
Unlock the answer
question
Fully Qualified Domain Name
answer
What does the acronym FQDN stand for?
Unlock the answer
question
sales.microsoft.com
answer
Which one of the following is an example of an FQDN?
Unlock the answer
question
hierarchical distributed
answer
What type of structure does DNS have?
Unlock the answer
question
.net
answer
Which of the following is an example of a top-level domain?
Unlock the answer
question
blah.com
answer
Which of the following is an example of a second-level domain?
Unlock the answer
question
host
answer
A specific, individual computer or other network device in a domain is known as what?
Unlock the answer
question
DNS resolver
answer
What is another term for DNS client?
Unlock the answer
question
forward lookup zone
answer
Which type of DNS zone resolves host names to IP addresses?
Unlock the answer
question
multi-master
answer
By using the Active Directory's integrated zone, DNS follows what kind of model?
Unlock the answer
question
fault tolerance
answer
What is one of the primary advantages to using Active Directory to store DNS information?
Unlock the answer
question
They allow you to break up larger domains into smaller, more manageable ones.
answer
What is one advantage of subdomains?
Unlock the answer
question
necessary resource entries
answer
A stub zone is a zone copy that contains only what type of records?
Unlock the answer
question
It speeds DNS queries by building a DNS request cache.
answer
What is the primary advantage of a caching-only DNS server?
Unlock the answer
question
canonical name or CNAME
answer
What is another designation for an Alias?
Unlock the answer
question
the zone serial number
answer
A Start of Authority record specifies what kind of information about a zone?
Unlock the answer
question
a CNAME record
answer
If you have a server named server1.blah.com, want to use it as your web server, and have requests point to www.blah.com, what kind of DNS record would you create?
Unlock the answer
question
reverse lookup zones
answer
Before creating PTR records, what DNS objects must you create?
Unlock the answer
question
the length of time a record remains in DNS cache
answer
What does Time to Live (TTL) mean in DNS parlance?
Unlock the answer
question
balanced
answer
Round-robin DNS is a term that refers to what kind of distribution mechanism for DNS responses to queries?
Unlock the answer
question
ipconfig /all
answer
Which command do you use to verify local DNS settings?
Unlock the answer
question
It places you into nslookup's interactive mode.
answer
What does issuing the nslookup command with no parameters do on your system?
Unlock the answer
question
SOA record
answer
Which DNS record contains the serial number for the zone?
Unlock the answer
question
AD server
answer
Which of the following is an example of an SRV record?
Unlock the answer
question
delete resource records
answer
You can use the dnscmd command to create zones. What other tasks can you perform with it?
Unlock the answer
question
maps a host name to a single IPv6 address
answer
If an A record maps a host name to an IP address, what does an AAAA record do?
Unlock the answer
question
nslookup 192.168.1.50
answer
Which one of the following is correct for querying a PTR record?
Unlock the answer
question
Execute ipconfig /registerdns.
answer
How can you force a system to update its DNS record?
Unlock the answer
question
The PTR record doesn't exist.
answer
If you issue the command nslookup 192.168.1.50 and get no response, but then issue nslookup server1 and receive 192.168.1.50 as a response, what do you know is wrong?
Unlock the answer
question
They no longer supply acceptable bandwidth.
answer
Why are phone lines and ISDN not used today for remote access services (RAS)?
Unlock the answer
question
two network interface cards
answer
What special hardware configuration should a RAS server have?
Unlock the answer
question
for enhanced security
answer
Why would you set Verify Caller ID on a remote dial-up connection for a user?
Unlock the answer
question
Create and distribute an executable file that contains all the settings.
answer
What is the most efficient way to deploy VPN (virtual private network) configurations to hundreds of users?
Unlock the answer
question
if your users have laptop computers and work from home or office
answer
When would you want to use a split tunnel for users?
Unlock the answer
question
encapsulation
answer
What term is defined as private data placed in a packet with a header containing routing information that allows the data to traverse a transit network, such as the Internet?
Unlock the answer
question
You can't ping that interface.
answer
What is the result of enabling security on the RRAS interface in your RAS server?
Unlock the answer
question
VPN traffic is encrypted.
answer
Why use a VPN for client-to-server connections over the Internet?
Unlock the answer
question
by cryptographic checksum
answer
How is data verified when transferred through the Internet?
Unlock the answer
question
PPTP
answer
Of the four VPN tunneling protocols, which has the weakest encryption?
Unlock the answer
question
PAP
answer
Which authentication method is weakest (least secure)?
Unlock the answer
question
MS-CHAPv2
answer
Which authentication protocol allows you to change an expired password during the connection process?
Unlock the answer
question
IKEv2
answer
Which VPN protocol provides constant connectivity?
Unlock the answer
question
for light traffic on small networks
answer
When is it appropriate to use Windows Server 2012 as a router between two networks?
Unlock the answer
question
through the use of RIP
answer
How are routing tables created dynamically?
Unlock the answer
question
Windows 7/Windows Server 2008 R2
answer
DirectAccess was introduced with which workstation/server pair?
Unlock the answer
question
bi-directional
answer
What kind of connectivity does DirectAccess establish between workstation and server?
Unlock the answer
question
web
answer
What type of server is the network location server (NLS)?
Unlock the answer
question
Intra-Site Automatic Tunnel Addressing Protocol
answer
What does the acronym ISATAP stand for?
Unlock the answer
question
Remote Access Management Console
answer
What utility do you use to configure DirectAccess?
Unlock the answer
question
two consecutive public IP addresses
answer
Windows Server 2012 varies from the Windows Server 2008 R2 implementation in that it does not require which one of the following?
Unlock the answer
question
The DirectAccess server must be part of an Active Directory domain.
answer
What is the most basic requirement for a DirectAccess implementation?
Unlock the answer
question
IP-HTTPS
answer
If the client cannot reach the DirectAccess server using 6to4 or Teredo tunneling, the client tries to connect using what protocol?
Unlock the answer
question
shows the NRPT rules as configured on the group policy
answer
What does the netsh namespace show policy command do?
Unlock the answer
question
determines the results of network location detection and the IPv6 addresses of the intranet DNS servers
answer
What does the netsh namespace show effectivepolicy command do?
Unlock the answer
question
seamless and always on
answer
What kind of connectivity does DirectAccess provide between client computers and network resources?
Unlock the answer
question
Internet
answer
DirectAccess is for clients connected to which network?
Unlock the answer
question
computer and user credentials
answer
How do the DirectAccess server and DirectAccess client authenticate each other?
Unlock the answer
question
Windows Server 2008
answer
Which one of the following operating systems may not act as a DirectAccess client?
Unlock the answer
question
an AD domain
answer
In addition to meeting operating system requirements, a DirectAccess client must be a member of what?
Unlock the answer
question
a RADIUS proxy server
answer
What kind of RADIUS server is placed between the RADIUS server and RADIUS clients?
Unlock the answer
question
authorization
answer
What process determines what a user is permitted to do on a computer or on a network?
Unlock the answer
question
Network Policy Server
answer
What is a RADIUS server known as in Microsoft parlance?
Unlock the answer
question
1812 and 1813
answer
Which ports do Microsoft RADIUS servers use officially?
Unlock the answer
question
the NPS server
answer
When an access client contacts a VPN server or wireless access point, a connection request is sent to what system?
Unlock the answer
question
the access server
answer
Which system, in a RADIUS infrastructure, handles the switchboard duties of relaying requests to the RADIUS server and back to the client?
Unlock the answer
question
an Accounting-Response to the access server
answer
What is the final step in the authentication, authorization, and accounting scenario between an access client and the RADIUS server?
Unlock the answer
question
RADIUS server
answer
To configure RADIUS service load balancing, you must have more than one kind of what system per remote RADIUS server group?
Unlock the answer
question
priority
answer
Which parameter specifies the order of importance of the RADIUS server to the NPS proxy server?
Unlock the answer
question
templates
answer
Using what feature can streamline the creation and setup of RADIUS servers?
Unlock the answer
question
the type of service and the user it's delivered to
answer
What information does the Accounting-Start message contain?
Unlock the answer
question
the RADIUS accounting server
answer
Which system is the destination for Accounting-Start messages?
Unlock the answer
question
certificate
answer
What type of NPS authentication is recommended over password authentication?
Unlock the answer
question
Usernames and passwords are sent in plain text.
answer
Why is password-based authentication not recommended?
Unlock the answer
question
a certificate authority
answer
Where do you get certificates for authentication purposes?
Unlock the answer
question
who, when, and how
answer
An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?
Unlock the answer
question
group membership
answer
Which variable can be set to authorize or deny a remote connection?
Unlock the answer
question
RADIUS
answer
The default connection request policy uses NPS as what kind of server?
Unlock the answer
question
locally
answer
Where is the default connection policy set to process all authentication requests?
Unlock the answer
question
how IP addresses are assigned
answer
What is the last setting in the Routing and Remote Access IP settings?
Unlock the answer
question
netsh
answer
What command-line utility is used to import and export NPS templates?
Unlock the answer
question
XML
answer
To which type of file do you export an NPS configuration?
Unlock the answer
question
when the source NPS database has a higher version number than the version number of the destination NPS database
answer
When should you not use the command-line method of exporting and importing the NPS configuration?
Unlock the answer
question
who is authorized to connect AND the connection circumstances for connectivity
answer
Network policies determine what two important connectivity constraints?
Unlock the answer
question
constraints
answer
When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _______________ that have been configured for the policy.
Unlock the answer
question
denies
answer
If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?
Unlock the answer
question
Shared Secrets AND Health Policies AND RADIUS Clients
answer
Identify the correct NPS templates. Select all that apply.
Unlock the answer
question
Client May Request an IP Address AND Server Must Supply an IP Address
answer
Which two of the following are Routing and Remote Access IP settings?
Unlock the answer
question
Server Settings Determine IP Address Assignment
answer
Which Routing and Remote Access IP setting is the default setting?
Unlock the answer
question
MPPE 128-Bit
answer
Which of the following is the strongest type of encryption?
Unlock the answer
question
a computer's overall health
answer
Network Access Protection (NAP) is Microsoft's software for controlling network access of computers based on what?
Unlock the answer
question
NPS, NPS
answer
Because NAP is provided by _________, you need to install _________ to install NAP.
Unlock the answer
question
IPv6
answer
DHCP enforcement is not available for what kind of clients?
Unlock the answer
question
Anti-virus/anti-malware servers AND Software update servers
answer
Identify two remediation server types.
Unlock the answer
question
read-only
answer
What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?
Unlock the answer
question
isolation
answer
When you fully engage NAP for remediation enforcement, what mode do you place the policy in?
Unlock the answer
question
netsh nap client show state
answer
To verify a NAP client's configuration, which command would you run?
Unlock the answer
question
Security Center AND NAP Agent
answer
Which two components must a NAP client have enabled in order to use NAP?
Unlock the answer
question
to provide user information in case of a compliance failure
answer
Why do you need a web server as part of your NAP remediation infrastructure?
Unlock the answer
question
the NAP Server Event Viewer
answer
Where do you look to find out which computers are blocked and which are granted access via NAP?
Unlock the answer
question
NAP-compliant AND NAP-noncompliant
answer
Health policies are in pairs. What are the members of the pair? Select two.
Unlock the answer
question
the computers are running Windows Update
answer
You should restrict access only for clients that don't have all available security updates installed if what situation exists?
Unlock the answer
question
The computer is isolated.
answer
What happens to a computer that isn't running Windows Firewall?
Unlock the answer
question
network policies AND connection request policies
answer
Health policies are connected to what two other policies?
Unlock the answer
question
pass all SHV checks
answer
To use the NAP-compliant policy, the client must do what?
Unlock the answer
question
locally connected computers
answer
Which computers are not affected by VPN enforcement?
Unlock the answer
question
NTLM
answer
What is the default authentication protocol for non-domain computers?
Unlock the answer
question
NT LAN Manager
answer
What does the acronym NTLM stand for?
Unlock the answer
question
sending a password to the server
answer
NTLM uses a challenge-response mechanism for authentication without doing what?
Unlock the answer
question
a secure network authentication protocol
answer
What type of protocol is Kerberos?
Unlock the answer
question
secret key
answer
Kerberos security and authentication are based on what type of technology?
Unlock the answer
question
5 minutes
answer
What is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly?
Unlock the answer
question
service class, host name, and port number
answer
Which three components make up a service principal name (SPN)?
Unlock the answer
question
The client receives an access denied error.
answer
What happens if a client submits a service ticket request for an SPN that does not exist in the identity store?
Unlock the answer
question
ADSI Edit
answer
Which tool can you use to add SPNs to an account?
Unlock the answer
question
Domain Administrator privileges AND the editor runs from the domain controller
answer
What are the two restrictions for adding SPNs to an account?
Unlock the answer
question
setspn
answer
Identify another utility that you can use to add SPNs to an account.
Unlock the answer
question
service
answer
What type of account is an account under which an operating system, process, or service runs?
Unlock the answer
question
using strong passwords AND granting the least rights possible
answer
When creating accounts for operating systems, processes, and services, you should always configure them with what two things in mind?
Unlock the answer
question
automatic password management AND simplified SPN management
answer
Name two benefits to using Managed Service Accounts (MSAs).
Unlock the answer
question
group MSAs
answer
By default, which service accounts will the Windows PowerShell cmdlets manage?
Unlock the answer
question
Active Directory database
answer
The domain controllers are the computers that store and run the _______________.
Unlock the answer
question
one
answer
How many PDC Emulators are required, if needed, in a domain?
Unlock the answer
question
You have a single domain.
answer
You do not place the infrastructure master on a global catalog server unless what situation exists?
Unlock the answer
question
schema
answer
When you add attributes to an Active Directory object, what part of the domain database are you actually changing?
Unlock the answer
question
Operations Master
answer
Which Active Directory object is defined as a specialized domain controller that performs certain tasks so that multi-master domain controllers can operate and synchronize properly?
Unlock the answer
question
at least two
answer
How many global catalogs are recommended for every organization?
Unlock the answer
question
Install Active Directory Domain Services (AD DS). AND Execute dcpromo from Server Manager.
answer
What two things must you do to a Windows Server to convert it to a domain controller?
Unlock the answer
question
in a remote site
answer
Where are you most likely to see a Read-Only Domain Controller (RODC)?
Unlock the answer
question
seize schema master AND seize PDC
answer
Which of the following commands issued at the fsmo maintenance prompt would successfully seize the role of an Operations Master Holder? Select all that apply.
Unlock the answer
question
Windows Server 2012
answer
Beginning with which server version can you safely deploy domain controllers in a virtual machine?
Unlock the answer
question
sysprep
answer
What utility must you run on a cloned system to ensure that the clone receives its own SID?
Unlock the answer
question
writable domain controller
answer
Which type of system must you connect to and use to make changes to Active Directory?
Unlock the answer
question
Windows Server 2003
answer
Which version of Windows Server introduced incremental universal group membership replication?
Unlock the answer
question
domain local groups, global groups, and universal groups
answer
What are the three types of groups in a domain?
Unlock the answer
question
logon AND object searches AND universal group membership
answer
The global catalog stores a partial copy of all objects in the forest. What are the reasons for keeping that partial copy? Select all that apply.
Unlock the answer
question
It exports/imports Active Directory information.
answer
What function does the CSVDE tool perform?
Unlock the answer
question
nonauthoritative
answer
If a single domain controller's AD database becomes corrupt, which type of restore should you perform on it?
Unlock the answer
question
DSRM
answer
To perform an authoritative restore, into what mode must you reboot the domain controller?
Unlock the answer
question
a unique identifier for a snapshot
answer
What is a GUID?
Unlock the answer
question
the Active Directory Recycle Bin
answer
What utility first appeared in Windows Server 2008 R2 that allows you to undelete Active Directory containers and objects?
Unlock the answer
question
every 12 hours
answer
By default, how often does Active Directory "garbage collection" occur?
Unlock the answer
question
Reset the user's password.
answer
After you undelete a user account with the LDP utility, what action do you need to perform?
Unlock the answer
question
low-level database corruption
answer
In interactive mode, what aspect of AD can you check with the ntdsutil integrity command?
Unlock the answer
question
Uninstall Active Directory Domain Services.
answer
What is the proper procedure for removing a domain controller from Active Directory?
Unlock the answer
question
metadata cleanup
answer
Which of the following ntdsutil commands cleans up metadata?
Unlock the answer
question
its distinguished name
answer
To perform an authoritative restore of an object or subtree, what bit of information do you need to know about the object?
Unlock the answer
question
a reference to an attribute within another object
answer
When you do an authoritative restore process, a back-links file is created. What is a back-links file?
Unlock the answer
question
You have to enable the AD Recycle Bin. AND You have to set the AD forest to Windows Server 2008 R2 or higher.
answer
Before you can use the Active Directory Recycle Bin, what two actions do you have to perform?
Unlock the answer
question
Restartable Active Directory Domain Services
answer
Windows Server 2012 introduces a new time-saving feature when performing tasks such as AD defragmentation. What is that feature?
Unlock the answer
question
ntdsutil
answer
Which utility do you use to defragment Active Directory?
Unlock the answer
question
history AND length AND complexity AND age
answer
What are examples of password policies? Select all that apply.
Unlock the answer
question
security
answer
Why primarily are account lockout policies put into place?
Unlock the answer
question
24
answer
What is the default setting for password history?
Unlock the answer
question
7
answer
What is the default minimum password length in characters?
Unlock the answer
question
domain administrators
answer
By default, who has read/write capability to the Default Domain Policy?
Unlock the answer
question
Assign the PSOs to a global security group and add users to the group.
answer
How should you assign Password Settings objects (PSOs) to users?
Unlock the answer
question
centralized management
answer
What is the primary advantage of using Group Policies in a domain environment?
Unlock the answer
question
editing local security policies
answer
What is the secpol.msc utility used for?
Unlock the answer
question
how many days a user must wait before a password reset
answer
What does the minimum password age setting control?
Unlock the answer
question
because administrator accounts carry more security sensitivity than users do
answer
Why should administrator passwords change more often than user passwords?
Unlock the answer
question
0 to 24
answer
What is the range of password history settings?
Unlock the answer
question
Start with a sentence and then add numbers and special characters.
answer
What is an easy method of creating a strong password?
Unlock the answer
question
It means that passwords never expire, which is a major security problem. AND It means that you've disabled password aging.
answer
Why is a setting of 0 for maximum password age not a good idea? Check all that apply.
Unlock the answer
question
Password Policy AND Account Lockout Policy AND Kerberos Policy
answer
Account policies contain various subsets. Which of the following are legitimate subsets of account policies? Check all that apply.
Unlock the answer
question
Default Domain Policy
answer
Which feature affects all users in the domain, including domain controllers?
Unlock the answer
question
Local group policy, Site, Domain, OU
answer
In which order are Group Policy objects (GPOs) processed?
Unlock the answer
question
600 seconds
answer
What is the default timeout value for GPOs to process on system startup?
Unlock the answer
question
Processing is hidden from the user.
answer
GPOs are processed on computer startup and after logon. Why is the user never aware of the processing?
Unlock the answer
question
The computer establishes a secure link to the domain controller.
answer
What is the first step in the GPO processing order?
Unlock the answer
question
inheritance
answer
The downward flow of group policies is known as what feature of GPOs?
Unlock the answer
question
by precedence
answer
If a site, domain, or OU has multiple GPOs, how are the group policies processed?
Unlock the answer
question
security group filter AND WMI filter
answer
Which two filters can you use to control who or what receives a group policy?
Unlock the answer
question
Allow Read AND Allow Apply
answer
For users to receive GPO settings, they must have which two permissions to the GPO?
Unlock the answer
question
Apply Group
answer
By default, which GPO permissions are all authenticated users given?
Unlock the answer
question
when the policy is processed
answer
At what point are WMI filters evaluated?
Unlock the answer
question
2003
answer
To use WMI filters, you must have one domain controller running which version of Windows Server or higher?
Unlock the answer
question
one
answer
How many WMI filters can be configured for a GPO?
Unlock the answer
question
loopback
answer
What kind of group policies should you enable for student computers?
Unlock the answer
question
to analyze the cumulative effect of GPOs AND for GPO troubleshooting
answer
What is the primary purpose of running the Group Policy Results Wizard? Check all that apply.
Unlock the answer
question
Windows 7 AND Windows 8
answer
Which of the following operating systems can have its security settings managed by using security templates? Select all that apply.
Unlock the answer
question
using Active Directory GPOs AND using the Security Configuration and Analysis snap-in
answer
Which two of the following methods can you use to deploy security templates?
Unlock the answer
question
the ADM format for newer operating systems
answer
What is an ADMX file?
Unlock the answer
question
a repository for Administrative Templates
answer
What is the Central Store?
Unlock the answer
question
Keyword Filters AND Requirements Filters
answer
Which of the following are legitimate Administrative Template Property Filters? Select all that apply.
Unlock the answer
question
Windows Installer
answer
What is the name of the software component used for installation, maintenance, and removal of software on Windows?
Unlock the answer
question
.msi
answer
What is the filename extension for the files in which installation information is stored?
Unlock the answer
question
They deploy customized software installation files
answer
What are MST files used for?
Unlock the answer
question
Convert it to an MSI file
answer
Windows Installer cannot install .exe files. To distribute a software package that installs with an .exe file, what must you do to it?
Unlock the answer
question
System Services AND Registry Permissions AND File System Permissions
answer
The Security template allows you to configure which of the following settings? Select all that apply.
Unlock the answer
question
C:WindowsPolicyDefinitions
answer
Where is the default location for ADMX files?
Unlock the answer
question
Not Configured AND Enabled AND Disabled
answer
Identify all possible states of an Administrative Template.
Unlock the answer
question
XML
answer
What language are ADMX files based on?
Unlock the answer
question
in individual GPOs
answer
Unlike ADM files, ADMX files are not stored where?
Unlock the answer
question
in the SYSVOL directory
answer
Where is the Central Store located?
Unlock the answer
question
domain administrators
answer
Which domain users are automatically granted permissions to perform Group Policy Management tasks?
Unlock the answer
question
if they've become corrupted AND if someone deleted one of the policies
answer
Why would you ever want or need to reset the domain policy and the domain controller policy to the default settings? Select all that apply.
Unlock the answer
question
Allow Read AND Allow Apply
answer
A user must have which two existing permissions for new permissions to be applied to their accounts for GPO delegation?
Unlock the answer
question
Disallow Apply
answer
If you don't want a GPO to apply, which group policy permission do you apply to a user or group?
Unlock the answer
question
that all User Rights Assignments will be replaced
answer
When you're about to reset domain policy and domain controllers policy back to default with the dcgpofix.exe command, what final warning are you given before you accept the change?
Unlock the answer
question
Group Policy Management Editor
answer
Which utility do you use to create GPO preferences?
Unlock the answer
question
F6
answer
For GPP editing states, which key do you use to toggle Enable Current?
Unlock the answer
question
Select the Stop processing items option on the Common tab.
answer
How do you stop processing a preference if an error occurs?
Unlock the answer
question
Registry
answer
Which Windows extension allows you to copy registry settings and apply them to other computers? create, replace, or delete registry settings?
Unlock the answer
question
.ini files
answer
Which Windows extension allows you to add, replace, or delete sections or properties in configuration settings or setup information files?
Unlock the answer
question
? AND *
answer
To copy, replace, update, or delete files, you can use wildcard characters. Which wildcard characters can you use? Select all that apply.
Unlock the answer
question
Shortcut AND Drive Maps
answer
If you need to provide users access to a common network location, which GPP would you use? Select all that apply.
Unlock the answer
question
GPP Client-Side Extensions
answer
To support GPPs on older Windows versions (Server and Workstation), you have to install what component from Microsoft?
Unlock the answer
question
the Registry Wizard
answer
Which component allows you to create multiple Registry preference items based on registry settings that you select?
Unlock the answer
question
computer name AND CPU speed
answer
Which of the following are possible targets for individual preferences? Select all that apply.
Unlock the answer
question
item-level targeting
answer
Which term describes changing the scope of individual preference items so that the preference items apply only to selected users or computers?
Unlock the answer
question
Windows Firewall applet AND Documents folder AND Microsoft Excel AND Printer
answer
Which items can you configure shortcuts to in performing GPP deployments? Select all that apply.
Unlock the answer
question
Registry AND Shortcuts AND Folders
answer
Windows Settings has multiple preference extensions. Identify all that apply.
Unlock the answer
question
Replace AND Delete
answer
When working with Network Drive Mapping Preferences, which preference behaviors delete drive mappings? Select all that apply.
Unlock the answer
question
2008 AND 2008 R2 AND 2012
answer
GPP can be configured on domain controllers running which version of Windows Server? Select all that apply.
Unlock the answer
