final for server 1
Modify a certificate template
After you install AD CS, you want to begin issuing certificates for the encrypting file system. What should you do first?
DFSR
All your domain controllers are running Windows Server 2016 in a new forest. What should you check if GPT replication is not occurring correctly?
Schema master
An administrator has attempted to change the forest functional level, but the attempt failed due to the failure of an FSMO role. Which FSMO role should be
Once per hour
By default, replication between DCs when no changes have occurred is scheduled to happen how often?
Changed policies only
By default, what policies will be downloaded and processed by a Group Policy client?
KCC
For intrasite replication, what component builds a replication topology for DCs in a site and establishes replication partners?
wbadmin start systemstaterecovery
How can an administrator initiate a system state recovery using the command line?
Through subnets added to the site
How is a computer's designated site determined, such that the computer is given a domain controller to request services from within the same site?
12 hours
How often does garbage collection run on a DC?
1 week
On a Windows Server 2016, what is the default CRL publication interval?
DEFAULTIPSITELINK
Once Active Directory has been installed, a default site link is created. What is the name of this site link?
GPO enforcement
Select the term used to describe forcing inheritance of settings on all child objects in the GPO's scope, even if a GPO with conflicting settings is linked to a container at a deeper level.
PDC emulator
The RID master FSMO role is ideally placed on the same server as what other role?
/sync
The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon?
Folder redirection
The option to turn off background processing is not available for which type of policy below?
Computer Configuration\Policies\Administrative Templates\System\Group Policy
To find a full list of policies and preferences that can have background processing disabled, where should you look?
dcdiag
Which command analyzes the overall health of Active Directory and performs replication security checks?
wbsadmin.exe
Which option below is not one of the three main methods for cleaning up metadata?
key archival
Which option will allow private keys to be locked away and then restored if the user's private key is lost?
ntds.dit
Within the NTDS folder, which file stores the main Active Directory database?
Move the computer object of the domain controller in Active Directory Sites and Services to SiteA.
You have a network with three sites named SiteA, SiteB, and SiteC that are assigned the subnets 10.1.0.0/16, 10.2.0.0/16, and 10.3.0.0/16, respectively. You change the IP address of a domain controller in SiteB to 10.1.100.250/16. What should you do now?
NDES role service
You have a number of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your devices?
Site link bridges
Your network is configured in a hub-and-spoke topology. You want to control the flow of replication traffic between sites, specifically reducing the traffic across network links between hub sites to reach satellite sites. What should you configure?
CA Web proxy
A server configured for Web enrollment is referred to as which of the following?
500 Kbps
A slow link, by default, is a network connection that's less than which of the following?
Perform Group Policy Modeling analyses
Select below the policy permission that grants a user or group the ability to use the GPO Modeling Wizard on a target container.
staged installation
Select the RODC installation type where the domain administrator creates the RODC computer account in Active Directory, and then a regular user can perform the installation at a later time.
Import-GPO
Select the command that is used to import settings from a backed-up GPO to an existing GPO.
Distributed File System Replication
What Active Directory replication method is more efficient and reliable?
subordinate CAs
What CAs interact with clients to field certificate requests and maintain the CRL?
Infrastructure master
What DC is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?
The last policy applied takes precedence
What GPO policy will take precedence over all other GPO policies when they are being applied?
. Connection object
What is created automatically by the KCC and allows the configuration of replication between sites?
All users and computers physically located at the site
When a GPO is linked to a site object, what will be affected?
X.509
Which of the following is the international standard that defines a PKI and certificate formats?
Nonrepudiation
Which service provided by a PKI ensures that a party in a communication can't dispute the validity of the transaction?
Policy events
Which tab in the Group Policy Results window shows all events in Event Viewer that are generated by group policies, and can be used to view the relevant information on a remote computer?
Every 8 hours
With universal group membership caching, how often is the cached information on group membership refreshed?
November 1, 2017
You were issued a certificate on March 1st 2015 for your secure Web server. The validity period is three years and the renewal period is four months. What is the earliest date you can renew this certificate?
New-GPLink
hat PowerShell cmdlet will link a GPO to a site, domain or OU?
Site link bridge
Which component of a site makes a site link transitive?
Authentication Policy silos
Which feature was first introduced with Windows Server 2012 R2, and are new Active Directory containers to which authentication policies can be applied to restrict where high-privilege user accounts can be used in the domain?
Digital signature
Which of the following is created using a hash algorithm and can be used to verify the authenticity of a document?
Inter-Site Topology Generator
Which of the following is responsible for assigning a bridgehead server to handle replication for each directory partition?
You can have different functional levels within the forest
Which of the following is true about the domain functional level?
security filtering
Which of the following uses permissions to restrict objects from accessing a GPO?
. Software installation policies
Which policy below requires synchronous processing to ensure a consistent computing environment?
Asymmetric cryptography
Which type of cryptography provides the most security?
. Online stand-alone CA
You have a network that consists of Windows 8.1 and Windows 10 computers as well as some Mac OS and Linux computers. You need to install a PKI using Windows Server 2016 that will be able to issue certificates to all your client computers. What should you install?
Use a Delta CRL
You run a PKI that has issued tens of thousands of certificates to hundreds of thousands of clients. You have found that the traffic created when clients download the CRL is becoming excessive. What can you do to reduce the traffic caused by clients downloading the CRL?
KRA
You want to configure automatic key archival to ease the burden of managing backup of private keys. What role must you assign to at least one trusted user in the organization?
PDC emulator
An administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated?
Get-ADForest
An administrator needs to know which servers carry forest-wide roles. What PowerShell cmdlet can be used to display this information?
Group Policy Inheritance
Select the specific tab within the Group Policy Management Console that will allow you to view which policies affect a domain or OU and where the policies are inherited from.
Get-ADDCCloningExcludedApplicationList
What PowerShell cmdlet will allow an administrator to check for software that is incompatible with the cloning process?
cost
What assigned value represents the bandwidth of the connection between sites? Selected Answer:
dcgpofix
What command below can be used to reset the default GPOs to their original settings?
GPO scope
What defines which objects are affected by settings in a GPO?
The option can specify whether computer or user policy settings should be updated
What does the /target option do when used with the gpupdate command?
SYSVOL
What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data?
Forest root
What is the first domain installed in a forest called?
Read only domain controller
What is the name of a domain controller on which changes can't be written?
15 seconds after any change occurs, with a 3-second delay between partners
What is the schedule for non-urgent intrasite replication?
Read
What permission is given to the Enterprise Domain Controllers universal group on all GPOs by default, and grants permission to view settings and back up a GPO?
Group Policy Modeling
What tool can be used to determine what policy settings would apply to a computer or user account if it were moved to a different container?
Shared secret
What type of key is used in symmetric cryptography, must be known by both parties, and is used for both encryption and decryption?
Infrastructure master
Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those objects in other domains?
Set-GPPermission
Which PowerShell cmdlet below can be used to set permissions for a security principal to a GPO or to all GPOs?
repadmin /showrepl
Which command shows you detailed information about replication status, including information on each partition?
