Flashcards About Final Review
Unlock all answers in this set
Unlock answersquestion
CONFIGURABLE OBJECTS IN DHCP-RANGE OF IP ADDRESSES-ALLOCATED CLIENTS
answer
DHCO SCOPES
question
CREATE CONDITIONS IN A DHCP POLICY
answer
*USER CLASS *VENDOR CLASS *MAC ADDRESS *CLIENT IDENTIFIER
question
DESCRIBES-NETWORK TRANSMISSIONS-PACKETS SENT-ONE HOST TO ALL OTHER HOSTS
answer
BROADCAST
question
IPV4 ADDRESS SPACE IPV6 ADDRESS SPACE
answer
*32 *128
question
DHCP FAILOVER LISTEN-FAILOVER TRAFFIC
answer
TCP PORT 647
question
NETWORK TRANSMISSION-WHERE PACKETS SENT-ONE SPECIFIC GROUP OF OTHER HOSTS
answer
MULTICAST
question
DNS ZONES TYPES-DNSSEC BE ENABLED
answer
*A STANDARD PRIMARY FORWARD LOOKUP ZONE *AN ACTIVE DIRECTORY INTERGRATED REVERSE LOOKUP ZONE
question
FUNCTION-RRSIG RECORD
answer
*RETURNED TO THE CLIENT IN RESPONSE TO A *SUCCESSFUL QUERY ALONG WITH THE A RECORD
question
RANDOMIZATION FOR DNS QUERIES
answer
SOCKET POOL
question
NET EFFECT-RECURSION DISABLED -DNS SERVER- ROOT HINTS CONFIGURATION
answer
THE DNS SERVER WILL BE ABLE TO PROVIDE ONLY ANSWERS TO QUERIES ABOUT INTERNAL DNS ZONES
question
DEFAULT SIZE-DNS SOCKET POOL
answer
2,500
question
DNSSEC PUBLIC KEY INFRASTRUCTURE (PKI)
answer
*PROOF OF IDENTITY OF DNS RECORDS * VERIFIED DENIAL OF EXISTENCE
question
DNS DEBUG LOGGING -PERFORMED AGAINST DNS SERVER
answer
*PACKET CONTENTS: QUERIES/TRANSFERS *PACKET TYPE: REQUEST
question
DELEGATING ADMINISTRATIVE ACCESS
answer
ADD THE USER'S ACTIVE DIRECTORY ACCOUNTS TO A SPECIAL GLOBAL SECURITY GROUP CREATED FOR THIS PURPOSE (E.G.,DNS SERVICE MANAGERS) AND THEN ADD THAT GROUP TO THE DNS ADMINS LOCAL GROUP
question
SIGN THE DNSKEY RECORDS
answer
KEY SIGNING KEY
question
IPAM SERVER IS FALSE
answer
AN IPAM SERVER CAN BE A DOMAIN CONTROLLER
question
POWERSHELL CMDLET-IPAM PROVISIONING GPOS
answer
INVOKE-IPAMGPOPROVISIONING
question
RIGHT-CLICK ON A DHCP-ISSUED-IPAM CONSOLE
answer
*DELETE DHCP RESERVATION *DELETE DNS HOST RECORD *CREATE DHCP RESERVATION
question
HOW OFTEN-PROCESS RUN-COLLECTS-ZONE STATUS-DNS SERVERS
answer
EVERY 30 MINUTES
question
SERVER 2012 IPAM-2ND HIGHEST-LEVEL
answer
IP ADDRESS RANGE
question
MANAGEMENT CAPABILITIES-WINDOWS SERVER 2012 IPAM
answer
IPAM CANNOT MANAGE DNS SERVERS OTHER THAN THOSE RUNNING ON WINDOWS SERVERS 2008 AND ABOVE
question
DATA FOUND -GLOBAL CATALOG SERVER
answer
*A FULL COPY OF ALL ACTIVE DIRECTORY OBJECTS IN THE DIRECTORY FOR ITS HOST DOMAIN *A PARTIAL COPY OF ALL OBJECTS FOR ALL OTHER DOMAINS IN THE FOREST
question
ALLOW DESIGNATED-MANAGE-ACTIVE DIRECTORY SCHEMA OF THE FOREST
answer
SCHEMA ADMINS
question
IN PLACE UPGRADE OF A DOMAIN CONTROLLER TO WINDOWS SERVER 2012
answer
*THE DOMAIN CONTROLLER MUST BE RUNNING WINDOWS SERVER 2008 OR WINDOWS SERVER 2008 R2 *THE FOREST FUNCTIONAL LEVEL WILL NEED TO BE AT WINDOWS SERVER 2008 OR HIGHER
question
NEW FEATURE-KEY DISTRIBUTION CENTER (KDC)
answer
*RAISE THE DOMAIN FUNCTIONAL LEVEL TO WINDOWS SERVER 2012 *INSTALL AT LEAST ONE WINDOWS SERVER 2012 DOMAIN CONTROLLER
question
WINDOWS SERVER 2008-WHAT OS DOMAIN CONTROLLERS RUN-ON
answer
*WINDOWS SERVER 2008 *WINDOWS SERVER 2008 R2 * WINDOWS SERVER 2012
question
FIRST STEP YOU-INTRODUCE NEW SERVERS-WINDOWS SERVER 2012
answer
UPGRADE THE FOREST SCHEMA
question
CONFIGURE ADDITIONAL UPN SUFFIXES
answer
ACTIVE DIRECTORY DOMAINS AND TRUSTS
question
LOGICAL CONSTRUCT-ADATUM.CORP FOREST-NWTRADERS.CORP FOREST
answer
TRUE RELATIONSHIPS
question
CONTAINS-FOREST-WIDE ACTIVE DIRECTORY STRUCTURE
answer
CONFIGURATION PARTITION
question
CONTAINS DOMAIN DNS ZONES & FOREST DNS ZONES
answer
APPLICATION PARTITION
question
TRUE-GENERATED TRUSTS-ADDED FOREST
answer
*THE TRUTH IS TWO-WAY BETWEEN THE CHILD DOMAIN AND THE ROOT DOMAIN * THE TRUTH IS ALWAYS TRANSITIVE
question
ONE-WAY INCOMING -COMPLETE THE TRUST
answer
THE PARTNER WILL NEED TO CREATE A ONE-WAY OUTGOING TRUST IN THE EXTERNAL DOMAIN
question
YOURATTEMPTING-ONE WAY OUTGOING TRUST-EXTERNAL DOMAIN ARE ONLINE
answer
YOUR DOMAIN CONTROLLERS CANNOT RESOLVE THE INFORMATION FOR THE EXTERNAL DOMAIN IN DNS
question
COMMANDS CORRECTLY ILLUSTRATES-ADATUM.LOCAL DOMAIN-CONTOSO.LOCAL DOMAIN
answer
NETDOM TRUST ADATUM.LOCAL /DOMAIN:CONTOSO.LOCAL/ADD
question
CREATE A FOREST TRUST
answer
*BOTH DOMAINS INVOLVED IN THE TRUST MUST BE THE FOREST ROOT DOMAIN *BOTH DOMAINS INVOLVED IN THE TRUST MUST BE AT THE WINDOWS SERVER 2003 FOREST FUNCTIONAL LEVEL OR HIGHER
question
NOT A SCOPE-TRUST AUTHENTICATION
answer
SERVER AUTHENTICATION
question
DISABLING SID FILTERING
answer
/ENABLESIDHISTORY:NO
question
MANAGE ACTIVE DIRECTORY SITES
answer
ACTIVE DIRECTORY SITES AND SERVICES
question
"BRIDGE ALL SITE LINKS"
answer
REPLICATION TIME AND TRAFFIC BETWEEN SPOKES WILL INCREASE DUE TO NEEDING TO GO THROUGH THE HUB LOCATION
question
ACTIVE DIRECTORY -PHYSICAL ITEM OF AN ORGANIZATION
answer
GEOGRAPHIC LOCATIONS
question
NEED TO TAKE CARE
answer
SO YOU CAN OPTIMIZE REPLICATION TRAFFIC BETWEEN SITES BY USING THE HIGHEST QUALITY OR LOWEST COST, ROUTES
question
WAN "COSTLY"
answer
A DEMAND-DIAL ANALOG LINK
question
REPLICATION
answer
KNOWLEDGE CONSISTENCY CHECKER
question
USER CHANGES PASSWORD-NOTIFICATION SENT
answer
THE PDC EMULATOR
question
CANNOT CONTACT THE PDC EMULATOR
answer
THE CHANGE IS NON-URGENTLY REPLICATED
question
RODC-WINDOWS SERVER 2008
answer
*TO REPLICATE THE DOMAIN PARTITION *SO THAT THE PASSWORD REPLICATION POLICY(PRP) APPLIED T THE RODC CAN BE CONFIGURED AND ENFORCED
question
FILTERED ATTRIBUTE SET
answer
*THE SCHEMA MASTER MUST BE ON A DOMAIN CONTROLLER RUNNING WINDOWS SERVER 2008 OR WINDOWS SERVER 2012 *YOU MUST PERFORM THE CHANGE DIRECTLY ON THE SCHEMA MASTER
question
DELETION OF AN RODC
answer
*RESET ALL PASSWORDS FOR USER ACCOUNTS THAT WERE CACHED IN THIS READ-ONLY DOMAIN CONTROLLER *EXPORT THE LIST OF ACCOUNTS THAT WERE CACHED ON THE READ-ONLY DOMAIN CONTROLLER TO THIS FILE
question
MIGRATE TO DFSR SYSVOL REPLICATION
answer
WINDOWS SERVER 2008
question
SYSVOL REPLICATION MIGRATION-DFSR REPLICATION
answer
REDIRECTED (STATE 2)
question
SYSVOL REPLICATION MIGRATIO-ENTIRELY USING DFSR
answer
EMIMINATED (STATE 3)
question
SUPPORTED AS ATTRIBUTE ADFS
answer
ALL OF THE ABOVE
question
UTILIZE ADFS-OLDEST VERSION
answer
WINDOWS SERVER 2003 SP1
question
OPTIONS ARE AVAILABLE ADFS
answer
*SQL SERVER *WINDOWS INTERNAL DATABASE
question
POWERSHELL CMDLET-CONFIGURED FOR ADFS
answer
GET-ADFSATTRIBUTESTORE
question
DOWNLOAD FROM MICROSOFT.COM-WIF
answer
WINDOWS INDENTITY FOUNDATION SDK 4.0
question
TESTING ADFS CLAIMS BASED
answer
*ADD THE SELF-SIGNED CERTIFICATE TO YOUR COMPUTER'S TRUSTED ROOT CERTIFICATION AUTHORITIES STORE *ISSUE A VALID CERTIFICATE FROM YOUR INTERNAL CA
question
RELYING PARTY
answer
*MAP ATTRIBUTES *EDIT CLAIM RULES
question
VALID CONNECTION STRING FOR AD LDS
answer
IDAP://LOCALHOST:389/CN=ADFSUSERS,O=MICROSOFT,C=US
question
TRUSTED ENTITY
answer
CLAIM
question
FORWARDING PACKETS
answer
FEDERATION SERVER PROXY
question
ISSUES CLAIMS
answer
CLAIMS PROVIDER
question
WEB SERVICE THAT ACCEPTS CLAIMS
answer
RELYING PARTY
question
PKI RESPONSIBLE FOR VALIDTION IDENTITIES
answer
REGISTRATION AUTHORITY
question
ROOT CAs
answer
ONE
question
CA CERTIFICATE EXPIRE
answer
1/1/2019
question
FUNCTION AIA
answer
IT SPECIFIES WHERE TO FIND UP-TO-DATE CERTIFICATES FOR THE CA
question
ONLINE RESPONDER-CERTIFICATE REVOCATION LIST CRL
answer
THE ONLINE RESPONDER PROVIDES A VALIDATION RESPONSE FOR A SINGLE CERTIFICATE, WHEREAS THE CRL PROVIDES REVOCATION INFORMATION ABOUT ALL REVOKED CERTIFICATES
question
ONLINE RESPONDER-CHECK CERTIFICATE
answer
*WINDOWS 7 *WINDOWS 8
question
JUNIOR ADMINSTRATOR
answer
ISSUE AND MANAGE CERTIFICATES:ALLOW
question
TWO VALUES
answer
*CRLDELTAPERIOD=HOURS *CRLDELTAPERIODUNITS=4
question
ASYMMETRIC ENCRYPTION
answer
ASYMMETRIC ENCRYPTION DOES NOT REQUIRE A COMPLEX INFRASTRUCTURE TO MANAGE PRIVETE KEYS
question
PKI ROLE IN ADCS-VALIDATE CERTIFICATES
answer
ONLINE RESPONDER
question
PKI ROLE IN ADCS-OS USERS
answer
CA WEB ENROLLEMENT
question
ORG. ISSUES CERTIFICATES
answer
*PERSONAL *ACTIVE DIRECTORY USER OBJECT
question
USER CERTIFICATE
answer
*SECURE EMAIL *ENCRYPTING FILE SYSTEM *CLIENT AUTHENTICATION
question
AUTOENROLLEMENT
answer
*THE ISSUING CA MUST BE ENTERPRISE CA *GROUP POLICY MUST BE CONFIGURED TO SUPPORT AUTOENROLLMENT
question
MINIMUM CERTIFICATE
answer
VERSION 2
question
SECURITY PRECAUTION
answer
CONFIGURE THE ACL ON THE TEMPLATE WITH THE SPECIFIC SECURITY PRINCIPALS WHO WILL BE DESIGNATED KRAs
question
FIRST KRA CERTIFICATE
answer
*CONFIGURE KEY ARCHIVAL ON TEH CA PROPERTIES *ARCHIEVE THE KEYS FOR THE ISSUED KRA CERTIFICATE
question
RECOVER KEY-CA DATABASE
answer
THE CERTIFICATE SERIAL NUMBER
question
GOVERNMENT AGENCY
answer
VERSION 3
question
ROAMING CERTIFICATES
answer
HAVE THE USER ISSUE THE GPUPDATE/FORCE COMMAND
question
CONFIGURING CREDENTIAL ROAMING
answer
THE USER'S CERTIFICATES FOLLOW THE USER TO EACH COMPUTER HE OR SHE LOGS IN TO
question
BINARY FORMAT-TEXT BLOB
answer
DER-ENCODED BINARY X.509
question
PROTECT A MICROSOFT OFFICE
answer
THE EXTERNAL RECIPIENT WILLLL NOT BE ABLE TO OPEN THE FILE BECAUSE THEY CANNOT CONTACT THE ADRMS SERVER
question
ASCII-TEXT BLOB
answer
BASE64ENCODED X.509
question
ADRMS SERVER PUBLISHED
answer
SERVICE CONNECTION POINT
question
AD RMS ONTO A DOMAIN CONTROLLER
answer
THE AD RMS SERVICE ACCOUNT WILL BE A DOMAIN ADMINSTRATOR
question
AD RMS CONSOLE
answer
AD RMS TEMPLATE ADMINISTRATORS
question
KERBEROS AUTHENTICATION
answer
*SET THE INTERNET INFORMATION SERVICES(IIS)USE APPPOOLCREDENTIALS VARIABLE TO TRUE *SET THE SERVICE PRINCIPAL NAMES(SPN) VALUE FOR THE AD RMS SERVICE ACCOUNT
question
SCP CONFIGURATION
answer
*ADSI EDIT *LDP
question
WINDOWS MOBILE 6
answer
MOBILE DEVICE CERTIFICATION.ASMX
question
ENFORCE THE RIGHTS
answer
RIGHTS POLICY TEMPLATES
question
CONSUME THE DOCUMENT
answer
VIEW
question
ALLOW FOREIGN USERS
answer
FEDERATED IDENTITY SUPPORT
question
EXTRA LEVEL OF SECURITY
answer
ENCRYPTION
question
BEST REASON-RMS TEMPLATES
answer
THEY ALLOW YOU TO STANDARIZE THE IMPLEMENTATION OF AD RMS POLICIES ACROSS THE ORGANIZATION
question
AD RMS PROTECTED CONTENT
answer
CLIENT LICENSOR CERTIFICATE