NOS 230 Final
True
A Web Application Proxy server needs two NICS installed to function correctly.
False
A claims provider is the resource partner that accepts claims from the business partner to make authentication and authorization decisions.
True
A domain controller clone is a replica of an existing DC.
True
A revocation configuration tells the CA what methods are available for clients to access CRLs.
False
A tree can consist of a single domain or a parent domain and child domains, which cannot have child domains of their own.
True
Adding a subdomain is a common reason for expanding an Active Directory forest.
True
An Active Directory snapshot is a replica of the Active Directory database at a specific moment.
False
Applications that are not claims-aware can't be used in an AD FS deployment.
True
Authentication efficiency, replication efficiency, and application efficiency are the three main reasons for establishing multiple sites.
True
Before you can install a DC running a newer Windows Server version in an existing forest with a lower functional level, you must prepare existing DCs with the adprep.exe command-line program,
180 days
By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely?
True
Certificate autoenrollment is an option only on enterprise CAs.
True
Device registration is a feature that allows non domain-joined devices to access claims-based resources securely.
KCC
For intrasite replication, what component builds a replication topology for DCs in a site and establishes replication partners?
12 hours
How often does garbage collection run on a DC?
False
If a certificate is not renewed before the validity period expires, the certificate can still be used until the renewal period ends.
False
Intrasite replication takes place between DCs in two or more sites.
1 week
On a Windows Server 2016, what is the default CRL publication interval?
True
Remote Desktop Gateway applications are a convenient way for organizations to make applications available to users without having to install the application on every user's computer.
Domain naming master
Select below the FSMO role that is a forest-wide FSMO role:
True
The PowerShell cmdlet "Restore-CARoleService" restores the CA database and all private key data.
False
The federated Web SSO with forest trust design is most often used in business-to-employee relationships.
False
The intermediate CA is the most critical and is the server typically configured for offline operation.
True
The repadmin /replicate command causes replication of a specified partition from one DC to another.
Filtered attribute sets
To increase security of data stored on an RODC, what can be configured to specify domain objects that aren't replicated to RODCs?
False
Version 5 templates allow customization of most certificate settings and permit autoenrollment.
device registration
What feature allows non domain-joined devices to access claims-based resources securely?
SID filtering
What feature should you enable to prevent the sIDHistory attribute from being used to falsely gain administrative privileges in a trusting forest?
SYSVOL
What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data?
Smart card enrollment
What type of certificate enrollment issues certificates that users can use to log on to a system by entering a PIN?
Authentication Policy silos
Which feature was first introduced with Windows Server 2012 R2, and are new Active Directory containers to which authentication policies can be applied to restrict where high-privilege user accounts can be used in the domain?
Publishing license
Which of the following contains a list of users and specifies what the users can do with a rights-protected document?
Server licensor certificate
Which of the following is a self-signed certificate and identifies the AD RMS cluster?
Digital signature
Which of the following is created using a hash algorithm and can be used to verify the authenticity of a document?
Use license
Which of the following is issued to users when they request access to a rights-protected document?
domain naming master
Which of the following manages adding, removing, and renaming domains in the forest?
wbsadmin.exe
Which option below is not one of the three main methods for cleaning up metadata?
Need for differing account policies
Why might it be a good idea to configure multiple domains in a forest?
False
With separate domains, stricter resource control and administrative permissions are more difficult.
NDES role service
You have a number of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your devices?
