Exam 3 Review
C. Block inheritance
A white exclamation mark inside a blue circle indicates which of the following about a Group Policy? A. Loopback processing B. Security group filtering C. Block inheritance D. Enforced
C. Integrated threat intelligence
Defender for Cloud can actively monitor all hybrid network resources for potential security issues. Which of the following is an active monitoring technique? A. Detection algorithm tuning. B. Sending high-level alerts for common threats. C. Integrated threat intelligence D. Security team information sharing.
B. Windows Management Interface (WMI) filtering
Which service provides filtering based on hardware and software characteristics such as CPU, memory, disk space, registry data, or application data? A. Block inheritance B. Windows Management Interface (WMI) filtering C. Enforced inheritance D. Security Group filtering
B. Minimum password age
Which setting would you set to 0 to allow all users to reset their password immediately? A. Minimum password length B. Minimum password age C. Maximum password age D. Reset account lockout counter after
D. Dedicated policies & E. Aggregated policies
What are the two types of storage QoS policies? (Select two.) A. Minimum IOPS B. Parent Policy C. Maximum IOPS D. Dedicated policies E. Aggregated policies
D. RDMA-compatible NICs
What is a requirement for using SMB Direct? A. The SMB Direct Server Role B. Any version of SMB C. More than one CPU D. RDMA-compatible NICs
D. Metadata including the GPO version, when it was created, and how often the computer and user settings were modified.
What is stored in a GPO container? A. .admx files. B. Multiple files containing group policy settings. C. Administrative templates. D. Metadata including the GPO version, when it was created, and how often the computer and user settings were modified.
A. 24
How many old passwords can Windows remember? A. 24 B. 23 C. 26 D. 25
C. 1
How many storage devices are needed to implement a simple storage space? A. 2 B. 3 C. 1 D. 5
D. User account control
If a standard user tries to perform an administrative task, they will be prompted to enter administrative credentials. Which security option is responsible for this prompting? A. Secure desktop B. Interactive login C. Network security D. User account control
A. Explicit assignments are removed and permissions will be inherited from the new parent folder.
If you copy a file to a different folder on the same partition, which of the following are true? A. Explicit assignments are removed and permissions will be inherited from the new parent folder. B. Explicit assignments are removed but permissions from the original parent folder remain. C. Explicit assignments remain and override the permissions inherited from the new parent folder. D. Explicit assignments remain and permissions from the original parent folder remain.
D. Build-in policy definitions & E. Custom policy definitions
When assigning a policy, a required field specifies the policy definition. What are the two ways to assign a policy definition? (Select two.) A. Parameters B. Azure Data Services C. Kubermetes D. Build-in policy definitions E. Custom policy definitions
This policy does not remove the restricted group from other groups.--Members of Any user included in the list who is not currently a member of the restricted group becomes a member of the restricted group automatically when the policy is applied.--Members Any user not included in the Members list is removed from the restricted group. The exception is the administrator in the Administrators group.--Members You can use this option to define membership in a local group by adding a restricted group.--Members of The restricted group to be added to the local group must be a group defined in Active Directory.--Members of
Match the group name on the left with the correct descriptions on the right. --Members --Members of This policy does not remove the restricted group from other groups. Any user included in the list who is not currently a member of the restricted group becomes a member of the restricted group automatically when the policy is applied. Any user not included in the Members list is removed from the restricted group. The exception is the administrator in the Administrators group. You can use this option to define membership in a local group by adding a restricted group. The restricted group to be added to the local group must be a group defined in Active Directory.
A. Access a printer
Permissions give you the ability to do which of the following? A. Access a printer B. Shut down a server C. Backup a computer D. Log on to a computer
D. PowerShell session endpoints are defined. & E. An HTTP listener is defined on the remote machine.
Which of the following occurs when you execute the Enable_PSRemoting cmdlet? (Select two.) A. The security administrator can specify what cmdlets and permissions a user will have access to in PowerShell B. Needed credentials are provided and the authentication is refreshed. C. A cmdlet can be used along with a script block to pass credentials. D. PowerShell session endpoints are defined. E. An HTTP listener is defined on the remote machine.
C. Three-way mirror
Which of the following provides redundancy for the data if two storage devices fail at one time? A. Two-way mirror B. Parity C. Three-way mirror D. Simple
D. Add two hard disks. Convert both disks to dynamic. Create a new striped volume using both disks.
Srv7 currently has a single hard disk. The System volume takes up the entire hard disk. You need to create a new volume named Data for storing files used by applications running on the server. You want the new volume to optimize performance. Fault tolerance is not necessary for this volume. What should you do? A. Add two hard disks. Convert both disks to dynamic. Create a new spanned volume using both disks. B. Add two hard disks. Convert both disks to dynamic. Create a new mirrored volume using both disks. C. Add three hard disks. Convert all disks to dynamic. Create a new RAID 5 volume using all disks. D. Add two hard disks. Convert both disks to dynamic. Create a new striped volume using both disks.
D. Allow read & execute, list folder contents, and read
The C:\Shares\WidgetProject folder on your Windows server has been shared with network users. The server is a member of the westsim.com Active Directory domain. The westsim.com\Users group has been granted the following allow NTFS permissions: -Read & execute -List folder contents -Read In addition, the Everyone principal has been assigned the following allow share permissions: -Full control -Change -Read The ksanders user is a member of the westsim.com\Users group. She accesses data in the folder through the network share from her Windows workstation. What permissions does this user have to data in the folder? A. Allow read & change B. Allow full control C. Deny read D. Allow read & execute, list folder contents, and read E. Allow read
B. MBR
The GUID partition table, or GPT, was created as a replacement for which partitioning scheme? A. NTFS B. MBR C. ReFS D. FAT32
B. Interactive logon.
Under which security option category would you enable a prompt for users to change their password before it expires? A. Devices. B. Interactive logon. C. Accounts. D. Network security.
D. Hash
Which AppLocker rule condition uses the digital fingerprint of an application? A. Publisher B. Path C. Custom Value D. Hash
C. Administrators
Which group is assigned to the Allow log on locally right assigned to by default for workstations and member servers? A. Account Operators B. Server Operators C. Administrators D. Print Operators
B. Stores data in less physical space using sub-file variable-size chunking and compression.
Which of the following BEST describes data deduplication? A. Ensures that data chunks that are not needed are cleaned up so that space can be freed up. B. Stores data in less physical space using sub-file variable-size chunking and compression. C. Uses checksum validation and metadata consistency checking to identify and fix issues with data integrity. D. Allows you to configure block-level replication between either Windows servers or Windows clusters for disaster recovery.
C. Policies within a GPO that apply password policies for users and global groups.
Which of the following BEST describes granular password policies? A. Policies that prevent the use of dictionary words or any part of the user's username. B. Policies within a GPO that control passwords and user lockout properties for the entire domain. C. Policies within a GPO that apply password policies for users and global groups. D. Policies that control passwords and user lockout properties for the entire domain.
A. A client configuration that can be used to control membership for groups that require high security.
Which of the following best describes a restricted groups policy? A. A client configuration that can be used to control membership for groups that require high security. B. Defines one or more groups the restricted group will become a member of when the policy is applied. C. Policies within a GPO that control the recording of system events and other system changes. D. All users listed become members of the specified group on systems where the policy is in effect.
A. A type of replication that sends data over network links that have higher latency than on-site storage or networks that are in close proximity.
Which of the following best describes asynchronous replication? A. A type of replication that sends data over network links that have higher latency than on-site storage or networks that are in close proximity. B. A type of storage replication typically used on a low-latency network that allows applications running on a Windows server to write data to servers at the same location or a location with high-speed, reliable connections. C. A Windows Server technology introduced with Windows Server 2016 that allows you to configure block-level replication between either Windows servers or Windows clusters for disaster recovery. D. A physical disk that uses the Logical Disk Manager (LDM) database to store the volume types, sizes, locations, drive letters, and configurations.
D. The sum of all permissions from explicit assignment, group membership, and inheritance.
Which of the following best describes effective permissions? A. The sum of all permissions from explicit assignment, denied permissions and share permissions. B. The sum of all permissions from group membership, share permissions, and inheritance. C. The sum of all permissions from explicit assignment, denied permissions, and inheritance. D. The sum of all permissions from explicit assignment, group membership, and inheritance.
A. # D. !
Which of the following character types are allowed in a UPN? (Select two.) A. # B. $ C. % D. ! E. @
D. ACL
Which of the following is a list of security protections that applies to an object? A. NTFS B. ReFS C. ACE D. ACL
D. Install an SDK package into the application itself.
Which of the following is a method you can use to enable an application to be monitored by Azure Monitor Application Insights? A. Install the Azure Log Analytics Agent directly onto the application server. B. Install the Metrics Explorer package into the application itself. C. Install the Application Insights Agent into the application itself. D. Install an SDK package into the application itself.
C. My Password
Which of the following is a valid Azure AD password? A. A1!b2@C B. !@#$%^&* C. My Password D. MYP@SSWORD
D. Group Policy settings are applied to all objects below the container where the GPO is linked.
Which of the following is true about Group Policy inheritance? A. GPOs with a high number indicate a low precedence. B. GPOs with a low number indicate a high precedence. C. Group Policy settings are applied only to the object container where the GPO is linked. D. Group Policy settings are applied to all objects below the container where the GPO is linked.
D. Change Tracking and Inventory
Which of the following monitors Azure resources, including Azure virtual machines, on-premises machines, and cloud environments? A. Azure Automation State Configuration B. Desired State Configuration (DSC) C. Hybrid Runbook Worker Group D. Change Tracking and Inventory
A. Files Folders
Which preference would you use to regularly clean up temporary folders? A. Files Folders B. Folder Options C. Environment D. Scheduled Tasks
B. Windows Management Framework (WMF)
You are the administrator of a hybrid server environment. You have a Windows Server 2012 machine you are planning to use to install Windows Admin Center. Which of the following do you need to update before installation? A. Server Manager B. Windows Management Framework (WMF) C. Hyper-V D. System Center
A. Google Chrome & F. Microsoft Edge
Windows Admin Center Gateway server was recently installed, and you want to access the web portal. Which web browsers are supported? (Select two.) A. Google Chrome B. Apple Safari C. Opera D. Firefox E. DuckDuckGo F. Microsoft Edge
D. Install two hard disks, each on a different disk controller. Create a RAID 1 volume for the system volume.
You are getting ready to install a new Windows server as a domain controller. You would like to implement a storage solution for the new server so that the system volume remains available in the event of a single disk or disk controller failure. If possible, you would also like to improve disk access performance. What should you do? A. Install two hard disks, each on a different disk controller. Create a RAID 5 volume for the system volume. B. Install two hard disks on the same disk controller. Create a RAID 1 volume for the system volume. C. Install two hard disks on the same disk controller. Create a RAID 5 volume for the system volume. D. Install two hard disks, each on a different disk controller. Create a RAID 1 volume for the system volume.
C. On the Group Policy object's access control list, deny the apply Group Policy permission for members of the Domain Admins group.
You are the administrator for a network with a single Active Directory domain named widgets.local. The widgets.local domain has an organizational unit object for each major department in the company, including the Information Systems department. User objects are located in their respective departmental OUs. Users who are members of the Domain Admins group belong to the Information Systems department. However, not all employees in the Information Systems department are members of the Domain Admins group. To simplify employees' computing environment and prevent problems, you link a Group Policy object (GPO) to the widgets.local domain that disables the control panel for users. How can you prevent this Group Policy object from applying to members of the Domain Admins group? A. On the Group Policy object's access control list, deny the read permission for members of the Domain Admins group. B. Link the Group Policy object to each organizational unit rather than to the domain. C. On the Group Policy object's access control list, deny the apply Group Policy permission for members of the Domain Admins group. D. Configure the Information Systems OU to block policy inheritance. E. Link the Group Policy object to each organizational unit (except the Information Systems OU) rather than to the domain.
A. Select Audit Failure for the enabled audit policy.
You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its security database. How can you create a policy that meets these requirements? A. Select Audit Failure for the enabled audit policy. B. Select Audit Success for the enabled audit policy. C. Select Audit Failure for the Active Directory domain. D. Select Audit Success for the Active Directory domain.
C. Azure Monitor
You are using Azure Arc to monitor the health and performance of your network resources and gather and analyze log files. Which of the following Azure Arc tools are you using to perform these tasks? A. Azure Policy B. Microsoft Sentinel C. Azure Monitor D. Azure Automation
C. Modify the NTFS permissions on the folder.
You have a folder on your Windows server that you would like to share with members of your development team. Users should be able to view and edit any file in the shared folder. You share the folder and give everyone full control permission to the shared folder. Users connect to the shared folder and report that they can open the files, but they cannot modify any of the files. What should you do? A. Install Samba on your server and then configure permissions using Samba. B. Create new user accounts for each user and assign the necessary folder permissions. C. Modify the NTFS permissions on the folder. D. Create a group and make all user accounts members of the group. Grant Full control share permissions to the group.
C. Configure the User Account Control: Behavior of the elevation prompt for standard users setting in Group Policy to prompt for credentials.
You manage 20 Windows workstations in your domain network. You want to prevent the sales team members from making system changes. Whenever a change is initiated, you want to allow only those who can enter administrator credentials to be able to make the change. What should you do? A. Configure the User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode setting in Group Policy to elevate without prompting. B. Configure the User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode setting in Group Policy to prompt for credentials. C. Configure the User Account Control: Behavior of the elevation prompt for standard users setting in Group Policy to prompt for credentials. D. Configure the User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode setting in Group Policy to prompt for consent.
A. Configure User Account Control (UAC) settings.
You manage several Windows workstations in your domain. You want to configure a GPO that will make them prompt for additional credentials whenever a sensitive action is taken. What should you do? A. Configure User Account Control (UAC) settings. B. Configure User Rights Assignment settings. C. Configure Windows Firewall with Advanced Security settings. D. Configure Restricted Groups settings.
B. Assign Allow read & execute, List folder contents, and Read to the Accounting group. Assign Allow write to Mary.
You need to control access to the D:\Reports folder as follows: -Members of the Accounting group should be able to open and view all files, but not modify them. -Mary needs to be able to modify existing files in the folder and add new files to the folder, but should not be able to delete or rename files. Mary is a member if the Accounting group. You want to assign NTFS permissions taking the least amount of actions possible. What should you do? A. Remove Mary from the Accounting group. Assign Allow read & execute, List folder contents, and Read to the Accounting group. Assign Allow write to Mary. B. Assign Allow read & execute, List folder contents, and Read to the Accounting group. Assign Allow write to Mary. C. Remove Mary from the Accounting group. Assign allow Read & execute, List folder contents, and Read to the Accounting group. Assign Allow modify to Mary. D. Assign Allow read & execute, List folder contents, and Read to the Accounting group. Assign Allow modify to Mary.
A. Object access
You suspect that sensitive information has been leaked. Which audit logs could you review to track who opened a file containing the sensitive data? A. Object access B. Account logon C. System events D. Logon and logoff
click Corp & Doman Controllers
You've just deployed a new Active Directory domain, as shown in the figure below. You now need to deploy Group Policy objects (GPOs) to apply configuration settings and enforce security policies. Click the container(s) to which a GPO can be applied.