236 Final Exam
Q#5: Which type of file is a database package containing information and data for the installation of an application?
.MSI
Q#6: Which type of certificate extension has no private key attached?
.cer
Q#8: What file extension opens the services utility?
.msc
Q#1: The maximum number of Organizational Units (OUs) that can exist inside another OU is?
1
Q#9: Which site link cost will be most likely used?
1
Q#3: As of Windows Server version ___________, it is possible to stop and restart the AD DS service without restarting the computer.
2012
Q#9: What is the highest functional level for a domain?
2016
Q#9: What is the default replication interval between sites?
3 hrs
Q#5: How many filter options are there?
4
Q#8: Managed service accounts require this to be configured by PowerShell:
64 bit OS
Q#1: User passwords can contain no less than ___ characters, by default.
8
Q#1: What is a collection of domain trees that share a common Active Directory database?
A Forest
Q#3: A Service Principal Name is ______________.
A unique identifier given to a service
Q#2: What is a Boolean value?
A value that is on or off
Q#8: What tool is needed to associate the MAS with a service?
ADSI Edit (Active Directory Service Interfaces)
Q#7: What FS organization type holds user information?
Account
Q#6: What must first be installed prior to installing AD Certificate Services?
Active Directory
Q#8: This is the commandlet to associate a service with an account:
Add-ADComputerServiceAccount
Q#4: Local Policies can be applied to which editions of the Windows Operating System?
All editions
Q#4: Administrative Templates are applied to what?
Applications
Q#7: How is RMS installed on a server?
As a feature
Q#3: Which configuration is the default for most services?
Automatic
Q#1: Active Directory uses which technology to encrypt user data?
Bitlocker
Q#4: To prohibit a policy from being overridden by another higher tier policy is called ____________.
Blocking Inheritance
Q#9: What servers replicate with each other in a multi mast multi location org?
Bridgehead
Q#7: What component has information about the users?
Claims
Q#5: Security templates check for compliance by doing this:
Comparing configs
Q#4: WMI filters narrow the scope of a policies functionality down to the __________ level.
Computer
Q#1: What must be present when creating a new Schema?
Default Schema information
Q#8: If a service won't start, you should check to see if this service is ________ on/for another service
Dependent
Q#6: Which CA component handles certificate enrollment to non PCs?
Device Enrollment Service
Q#1: The information stored in an object is referred to as ___________.
Directory Data
Q#6: To create a copy of a certificate template, you right click and choose this:
Duplicate
Q#5: Which configured property filter activates the setting?
Enabled
Q#6: Which type of certificate is designed for an email server?
End entity
Q#2: Under which tab in a User properties would be used to run a program when the user logs in?
Environment
Q#1: Forests can contain other Forests.
False
Q#1: Multiple Domain Controllers can exist on a network, but the first DC is the primary domain controller.
False
Q#2: The Create Template command can be found in the Active Directory Users and Computers tool under the Object menu.
False
Q#2: Utilities in the command line use flags to add special commands and variables, which are the same for every utility.
False
Q#3: A Child Domain is a sub-domain of the Primary and shares OUs, Groups and Users with the Primary.
False
Q#3: A Group Policy Object is split into the Site, Domain and Organizational Units.
False
Q#6: You cannot esxport a certificate with the private key
False
Q#4: Policy Object are processed in what order?
First to last
Q#5: Where do you enable a property filter?
Group Policy
Q#4: The content of a Group Policy Object is stored in the Group Policy Template and the __________.
Group Policy Container
Q#4: In what tool would you create and link a non-logical GPO?
Group Policy Management Center
Q#7: AD Federation services are for _____ facing applications
Internet
Q#1: Adding a computer to the AD DS database is done by:
Joining the computer to a domain
Q#8: Without _______, the encryption and decryption of the auto-generated password given to the MSA will not function.
KDS (Key Distribution Service)
Q#9: What is used for authentication between trusts?
Kerberos v5
Q#1: Active Directory uses which communication protocol to exchange its database content?
LDAP (Lightweight Directory Access Protocol)
Q#2: Which of these tools allows you to create schemas from the command line?
LDIFDE (LDAP Data Interchange Format Directory Exchange)
Q#2: Which of these utilities allows you to add Schemas?
LDIFDE (LDAP Data Interchange Format Directory Exchange)
Q#9: Which item does the sync algorithm not check?
Last attempt
Q#9: Who will win in a sync collision?
Last writer
Q#2: Using the get-aduser utility, which attribute would you search to find out if an account is inactive?
LastLogontimestamp
Q#3: A Service Account typically runs with limited access known as what?
Least Privilege
Q#7: Clients need this in order to use protected content in RMS
License
Q#4: Before a Policy can become active, it must first be ___________.
Linked
Q#2: Which takes precedence, local policies or Active Directory policies?
Local Policies
Q#3: On which tab of the service properties is the configuration to load the service with a non-default user account?
Log On
Q#7: Iith RMS, this is used to identify trusted devices
Machine certificate
Q#5: Policy settings that are overseen by the Group Policy Client are known as?
Managed
Q#5: What type of filter is overseen by the client?
Managed
Q#3: Which kind of trust would you configure if you had multiple forests?
Manually Generated Trust
Q#3: Which encryption method is used as both a backup service for Kerberos and a backward compatible encryption method for older Windows versions?
NTLM (New Technology LAN Manager)
Q#4: Group Policy Templates can be viewed by ___________.
Navigating to the appropriate file system folder
Q#2: There are two utilities built into PowerShell to access and add information to Active Directory, which are:
New-ADUser Get-ADUser
Q#8: What type of authentication is required for a service to be created?
None
Q#3: Restoring the AD database from a snapshot is:
Not Recommended
Q#6: Which CA component handles certificate renewal?
Online Responder
Q#1: Containers that exist within a domain that allow for organization and grouping of common resources are referred to as:
Organizational Units (OU)
Q#4: The ADMX portion of an Administrative Template contains what kind of information?
Policy settings
Q#2: Which of these applications does not interact directly with AD DS?
PowerShell
Q#1: A domain requires at least one _________ in order to replicate its information.
Primary Domain Controller
Q#8: Which is not a startup type for a service?
Restart
Q#7: Windows Identity Foundation is installed from:
SDK (Software Development Kit)
Q#8: What uniquely identifies services in a domain?
SPN (Service Principal Name)
Q#3: Do not defragment your AD Database if it is stored on a _____________.
SSD (Solid State Drive)
Q#5: Which sort of templates help to check for GPO compliance between devices?
Security Templates
Q#6: Which type of certificate is one you can create using a PowerShell commandlet?
Self-signed
Q#3: The highest current functional level of an AD DS installation is _______________.
Server 2016
Q#7: If high availability is needed, you should create this:
Server farm
Q#7: What part of RMS stores the public key for encryption?
Server licensor certificate
Q#7: What type of group is needed to install RMS?
Service
Q#3: Multi-Forest Domains differ from Child Domains in that they...
Share no information
Q#9: What do you need to associate with an AD site?
Subnet
Q#6: What role should the second CA server have?
Subordinate
Q#3: Backing up the Active Directory Database can be done using Windows Server Backup by performing a _____________ Backup.
System State
Q#1: What classifies object attributes and constrains their formatting?
The Schema
Q#1: The Trusted Platform Module is available in Windows Server 2019, provided:
The hardware supports it
Q#2: Why is there no tool provided by Microsoft for automated account creation?
There are too many custom factors for each organization
Q#2: Template objects are considered security risks because:
They typically have weak passwords
Q#3: What is the function of the Bridgehead Server?
To allow intersite replication
Q#2: Other than employee separation, what is a good reason to disable an account?
To halt malicious activity
Q#9: If one domain trust another and any other domain that is trusted, then this is called what?
Transitive
Q#2: The Print Management Tool is able to update printer drivers over the network.
True
Q#4: You may apply a Starter GPO as a functional Policy Object.
True
Q#6: CA Certificates are non-transferrable
True
Q#9: Forests do not replicate with other forests
True
Q#6: What must pass an application to the web browser?
Trust Anchor
Q#9: What do DCs use to make sure they are in sync?
Update sequence numbers
Q#2: Access is granted to test.doc at the Group level, but denied at the OU and User level. Which level takes precedence?
User
Q#5: Choose this group policy setting for software installations:
User and computer
Q#5: What types of scripts can be run using Group Policy?
VB (Visual Basic) Java
Q#8: What works like a standalone service account?
Virtual service accounts
Q#7: What component only works if you have a DMZ?
Web application proxy
Q#5: Creating a Firewall GPO changes the firewall settings for ___________.
Windows Defender
Q#1: Which of the following operating systems can join a domain?
Windows Server 2008 Windows 10 Professional
Q#8: These two are types of managed service accounts:
sMSA (standalone Managed Service Account) gMSA (group Managed Service Account)
