windows server 7, 8, 10
Unlock all answers in this set
Unlock answersquestion
How often is the password for a computer account changed by Active Directory?
answer
30 days
question
Which special identity group specifically includes any user account (except the Guest) logged into a computer or domain with a valid username and password?
answer
Authenticated Users
question
Which of the following statements is not true regarding the built-in Administrator account?
answer
The Administrator account can't be renamed, but it can be deleted.
question
How can an administrator make a user template account easily recognizable?
answer
add a special character to the beginning of the template account name
question
Information within an OU can be hidden using permissions, and administration of an OU can be delegated to a non-administrative account.
answer
true
question
What special identity group is used when a user accesses an FTP server that doesn't require user account logon?
answer
Anonymous logon
question
What are the two different ways that responsibility for an OU can be delegated to a non-administrator user?
answer
delegation of control wizard or AD users and computers
question
The default location for computer accounts that are created automatically after joining the domain can be changed using which command?
answer
redircmp
question
How can the output of a command be redirected to a file instead of being displayed on screen?
answer
Type the > character followed by the file name at the end of the command
question
How can an administrator enable or disable accounts using the command line?
answer
Use the dsmod user command
question
What is a downlevel user logon name used for?
answer
Logging into older Windows OSs or using older Windows applications
question
Select below the built-in group that facilitates anonymous access to web resources by Internet Information Services
answer
IIS_IUSRS
question
Which of the following statements is true regarding the built-in Guest account?
answer
The Guest account should be renamed if it will be used
question
A valid comma separated value file that can be imported using csvde must have what option below on the first line?
answer
A header record
question
How does piping work on the command line?
answer
it's a way to send information to another command so it is easier to read
question
An explicit "allow" permission will override an inherited "deny" permission.
answer
true
question
What different types of objects can be members of a distribution group?
answer
regular user accounts and contacts
question
When creating a new user, the "User cannot change password" option can't be used in conjunction with what other option?
answer
User must change password at next logon
question
The _____________ cmdlet within PowerShell can be used to rename an object in Active Directory.
answer
Rename-ADObject
question
If a user is created without a password and the domain's password policy requires a non-blank password, what is the result?
answer
the user account is disabled
question
A local account is stored in the __________________ database on the local computer.
answer
Security Accounts Manager (SAM)
question
The _____________ determines the reach of a group's application in a domain or forest: which security principals in a forest can be group members and to which forest resources a group can be assigned rights or permissions.
answer
group scope
question
Select the special character below that can't be used within a username: ! # . ?
answer
?
question
How are Active Directory objects added to special identity groups?
answer
membership in these groups is controlled dynamically by Windows, can't be viewed or changed manually, and depends on how an account accesses the OS
question
What components make up an object's distinguished name (DN)?
answer
common name; common name; organizational unit; domain component
question
What is the potential security risk of utilizing a naming standard for user accounts?
answer
attackers can guess usernames easily and gain unauthorized access to the network
question
A group type that's the main Active Directory object administrators use to manage network resource access and grant rights to users.
answer
security groups
question
An Active Directory object that usually represents a person for informational purposes only, much like an address book entry.
answer
contact
question
Sending the output of one command as input to another command
answer
piping
question
A group scope that can contain users from any domain in the forest and be assigned permission to resources in any domain in the forest
answer
universal group
question
A group scope that's the main security principal recommended for assigning rights and permissions to domain resources
answer
domain local group
question
A group type used when you want to group users together, mainly for sending e-mails to several people at once with an Active Directory integrated e-mail application, such as Mcirsoft Exchange.
answer
distribution group
question
A group created in the local SAM database on a member server or workstation or a stand-alone computer
answer
local group
question
A userr account that's copied to create users with common attributes
answer
user template
question
A group scope used mainly to group users from the same domain who have similar access and rights requirements.
answer
global group
question
The process of a user with higher security privileges assigning authority to perform certain tasks to a user with lesser security privileges.
answer
delegation of control
question
When creating a new user, the "User must change password at next logon" option is enabled by default.
answer
true
question
Which statement is true regarding the use of the Logon Hours option under a user's account? The Logon Hours forces a user to log off during "Logon denied" periods Logon Hours can't be changed during weekends The Logon Hours can't be used to disconnect a user that has already logged in Logon hours can be set for specific days of the month, as well as holidays
answer
The Logon Hours can't be used to disconnect a user that has already logged in
question
Using ______________, a computer joining the domain doesn't have to be connected to the network when the join occurs.
answer
offline domain join
question
When a user leaves a company, why is it preferable to disable the user rather than delete the user?
answer
so that all the user's files are still accessible and all group memberships are maintained
question
What is the most typically used group type conversion?
answer
Distribution group -> security group
question
After a template account has been created, what can be done to ensure that the template account does not pose a security risk?
answer
The account should be disabled
question
A user's profile is stored in what directory on a local computer by default?
answer
C:Users
question
By default, the Windows password policy requires a minimum password of what length?
answer
7 characters
question
How can an administrator force the use of a specific version of an application using a GPO?
answer
WMI filters
question
Local GPOs can affect all computers within a local domain.
answer
false
question
Settings in the Administrative Templates section of the User Configuration node affect what area of the registry?
answer
HKEY_CURRENT_USER
question
The Microsoft best practice recommendation is to modify the two default GPOs in a domain for making password policy changes.
answer
false
question
The __________ command can be used to perform many of the same functions as the Security Configuration and Analysis snap-in, and can be used in conjunction with batch files and scripts to automate work with security templates.
answer
Secedit.exe
question
The _____________ policies determine what happens on a computer when a user attempts to perform an action that requires elevation.
answer
User Account Control
question
These XML format text files define policies in the Administrative Templates folder ina GPO.
answer
administrative template files
question
A GPO component that's an Active Directory object stored in the SystemPolicies folder.
answer
group policy container (GPC)
question
A GPO template that can be used as a baseline for creating new GPOs, much like user account templates.
answer
starter GPO
question
A type of group policy setting whereby the setting on the user or computer account reverts to its original state when the object is no longer in the scope of the GPO containing the setting.
answer
managed policy setting
question
A GPO filtering method that uses Windows Management Instrumentation (WMI), a Windows technology for gathering management information about computers.
answer
wmi filtering
question
A GPO component that's stored as a set of files in the SYSVOL share.
answer
group policy template (GPT)
question
A Windows feature for configuring each network connection on your computer with on of three settings, called profiles: Domain Profile, Private Profile, and Public profile.
answer
network location awareness
question
A process that occurs when a user attempts to perform an action requiring administrative rights and is prompted to enter credentials
answer
elevation
question
Group Policy Objects stored in Active Directory on domain controllers. They can be linked to a site, a domain, or an OU and affect users and computers whose accounts are stored in these containers.
answer
domain GPOs
question
What does a blue exclamation point next to a domain mean within the GPMC utility?
answer
inheritance is blocked
question
In the New Connection Security Rule Wizard, what option can be used to set up a rule that requires authentication between two computers, between IP subnets, or between a specific computer and a group of computers in a subnet?
answer
server-to-server
question
In the New Connection Security Rule Wizard, which connection security rule restricts connections based on authentication criteria, such as domain membership or health status?
answer
isolation
question
Security templates make use of the _________ file extension.
answer
.inf
question
How can an administrator remove all audit policy subcategories so that auditing is controlled only by Group Policy?
answer
auditpol /clear
question
What is the difference between a managed policy setting and an unmanaged policy setting?
answer
a managed policy setting is applied to a user or computer when the object is in the scope of the GPO containing the setting. An unmanaged policy setting is persistent, meaning it remains even after the computer or user object falls out of the GPO's scope until it is changed by another policy or manually.
question
When utilizing roaming profiles, what should be done to minimize logon/logoff delays and reduce bandwidth used by uploading / downloading profile data?
answer
use folder redirection
question
What Active Directory replication method makes use of remote differential compression (RDC)?
answer
Distributed File System Replication (DFSR)
question
By default, how many previous logons are cached locally to a computer?
answer
10
question
A Group Policy Container (GPC) stores GPO properties and status information, but no actual policy settings.
answer
true
question
When creating a custom Applocker rule, how does the file hash option work?
answer
it creates a rule for an unsigned application
question
What folder is selected by default for scanning when using the Automatically Generate Rules option in creating AppLocker policies?
answer
C:Program Files
question
What are the two different types of GPO filtering?
answer
Security filtering and WMI filtering
question
If a GPO's link status is "disabled", what affect does this have on the GPO?
answer
it disables the policy for the users in the domain who are in the scope of the GPO
question
GPOs linked to a site object can facilitate IP address based policy settings.
answer
true
question
Under the Computer Configuration of a GPO, what folder within the "Windows Settings" folder contains policies that can be used to manage network bandwidth use?
answer
Policy-based QoS
question
How are Group Policy Objects linked to Active Directory?
answer
through AD containers
question
The ____________ file contains version information that is used to determine when a GPO has been modified, and is used during replication to determine if a local copy of a GPO is up to date.
answer
GPT.INI
question
When applying GPOs in order, what policies take precedence?
answer
1. local policies 2. site-linked GPOs 3. Domain-linked GPOs 4. OU-linked GPOs
question
Where can all ADMX and ADML files be found on a Windows Server 2008 or Vista and later computer?
answer
%systemroot%PolicyDefinitions
question
Using a "Deny Read" permission on a GPO enables the creation of an exception to normal GPO processing.
answer
true
question
After running the Security Configuration and Analysis snap-in with a template, what does an "X" in a red circle on a template policy indicate?
answer
The template policy and current computer policy do not match
question
Which of the following is not one of the four different ways an application can be designated as an exception to a Software Restriction Policy? Hash Certificate Developer Network zone
answer
developer
question
If the Windows Firewall is enabled, how are rules applied when multiple network connections are available?
answer
Network Location Awareness
question
Selecting the "Allow the connection if it is secure" option when creating a Windows firewall rule relies on what encryption protocol by default?
answer
IPSec
question
Each Group Policy Object is assigned a globally unique identifier (GUID) of what length?
answer
128 bits
question
The folders containing Group Policy Templates (GPTs) can be found under what folder on a domain controller?
answer
%systemroot%SYSVOLsysvoldomainPolicies
question
What tool within Windows Server 2012/R2 must be used in order to change the default auditing settings?
answer
auditpol.exe
question
Select the PowerShell cmdlet that can be used to create a new Active Directory integrated primary zone: Install-DNSPrimaryZone Add-DnsServerPrimaryZone Add-ADPrimaryZone Install-IADPzone
answer
Add-DnsServerPrimaryZone
question
When data within a zone changes, what information in the SOA record changes to reflect that the zone information should be replicated?
answer
serial number
question
What command option for the dnscmd command lists all zones on the server?
answer
/enumzones
question
DNS recursion is enabled on Windows DNS servers by default.
answer
true
question
A ____________ contains PTR records that map IP addresses to names and is named after the IP network address of the computers whose records it contains.
answer
Reverse Lookup Zone
question
DNS servers maintain a database of information that contains zones.
answer
true
question
A DNS server with no zones. Its sole job is to field DNS queries, do recursive lookups to root servers, or send requests to forwarders, and then cache the results.
answer
cachine-only DNS server
question
A primary or stub zone with the DNS database stored in an Active Directory partition rather than a text file.
answer
Active Directory-integrated zone
question
A DNS server that holds a complete copy of a zone's resource records (typically a primary or secondary zone)
answer
authoritative server
question
A DNS zone containing a read/write master copy of all resource records for the zone; this zone is authoritative for the zone.
answer
primary zone
question
An operation that copies all or part of a zone from one DNS server to another and occurs as the result of a secondary server requesting the transfer from another server.
answer
zone transfer
question
An A record used to resolve the name in an NS record to its IP address.
answer
glue A record
question
A response to an iterative query in which the address of another name server is returned to the requester
answer
referral
question
A DNS server to which other DNS servers send requests they can't resolve themselves.
answer
forwarder
question
A DNS zone containing a read-only copy of all resource records for the zone.
answer
secondary zone
question
A DNS zone containing a read-only copy of only the zone's SOA and NS records and the necessary A records to resolve NS records.
answer
stub zone
question
___________ load balancing using DNS works by creating two A records with the same hostname, but different IP addresses, which point any queries for the hostname to multiple hosts running the same service.
answer
round robin
question
What DNS record type is used for an IPv6 host record?
answer
AAAA
question
How can a master server be configured to make a secondary server request zone transfers immediately after a zone change?
answer
DNS notify
question
Which Windows command line utility below can be used to check for resource records on a server, verify delegations, verify resource records needed for AD replication, and perform e-mail connectivity tests?
answer
dnslint
question
The use of WINS forward lookup is enabled by default.
answer
false
question
What does a NS record specify?
answer
they specify FQDNs and IP addresses of authoritative server for zone
question
The responsible person section of an SOA record contains what information?
answer
The e-mail address of the responsible person
question
Why might an organization want a single DNS server to make all external queries?
answer
because network security can be enhanced by limiting exposure to the internet. Because a single server is making all the queries to internet domains, overall DNS performance can be enhanced because the server builds an extensive cache of internet names
question
An internal DNS server with a forward lookup zone named "." is configured as a ___________.
answer
root server
question
Although the hosts file is no longer used for localhost name resolution, what else can the hosts file be used for?
answer
as a sort of web filter
question
The default setting for a secondary zone's refresh interval is how many minutes?
answer
15 minutes
question
A valid reverse lookup zone consists of the network ID's octets in reverse order, with what at the end of the name?
answer
in-addr.arpa
question
What is a conditional forwarder used for?
answer
they are used to resolve IP addresses to the FQDN for DNS servers that are authoritative.
question
What type of DNS record is used to contain an alias for another record, allowing for the use of different names for the same host?
answer
CNAME record
question
Who is responsible for the management of the Internet root servers?
answer
Internet Assigned Numbers Authority (IANA)
question
How should an administrator test the functionality of DNS operation on a domain controller, as well as troubleshoot issues with DNS forwarders, delegation, dynamic updates, and record registration?
answer
Using dcdiag /test:dns
question
What RFC defines the DNS resource record types?
answer
RFC 1183
question
Of the three different zone types, what type of zone contains a read/write master copy of all resource records for the zone?
answer
primary zone
question
A zone that is not integrated into Active Directory is referred to as a standard zone, and the zone data is stored in a text file.
answer
true
question
In a zone's Properties dialog box, what option is unavailable under Dynamic updates for only standard zones?
answer
The Secure only option
question
Which of the following options can an administrator enable to improve DNS security?
answer
Do not allow dynamic updates
question
What is the difference between static and dynamic DNS records?
answer
What is the difference between static and dynamic DNS records?
question
When DNS forwarders or conditional forwarders are configured, what order will a Windows DNS server use to attempt to resolve DNS queries?
answer
When DNS forwarders or conditional forwarders are configured, what order will a Windows DNS server use to attempt to resolve DNS queries?
question
Computers can utilize _____________ to register or update their own DNS records, or DHCP can update DNS on behalf of the clients when the clients lease a new IP address.
answer
dynamic DNS (DDNS)
question
The MX record type is used to designate mail exchangers, or mail servers for e-mail.
answer
true
question
The hosts file is contained within what directory in Windows?
answer
%systemroot%System32driversetc
question
Permission inheritance can be configured such that permissions are only inherited by specific types of child object types.
answer
...