Final study

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

How often does garbage collection run on a DC?

12 hours

By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely?

180 days

Which of the following is the company whose users are accessing resources from another company?

Account partner

Which type of cryptography procides the most security?

Asymmetric cryptography

In which LDAP-compatible database are claims values stored

Attribute store

Which feature was first introduced with Windows Server 2012 R2, and are new Active Directory containers to which authentication policies can be applied to restrict where high-privilege user accounts can be used in the domain?

Authentication Policy silos

What is the last step, just before you review the relying party trust information, in the Add Relving Party Trust Wizard?

Configure an access control policy

What is created automatically by the KCC and allows the configuration of replication between sites?

Connection object

What assigned value represents the bandwidth of the connection between sites?

Cost

Which of the following is created using a hash algorithm and can be used to verify the authenticity of a document

Digital signature

Select below the FSMO role that is a forest-wide FSMO role:

Domain naming master

What can you install on a Windows Server 2016 server that can scan documents and apply rights policy templates automatically based on resource properties?

FSRM

A claims provider is the resource partner that accepts claims from the business partner to make authentication and authorization decisions.

False

A site bridge is needed to connect two or more sites for replication

False

A tree can cost of a single domain or a parent domain and child domains, which cannot have child domains of their own

False

Active Directory metadata describes the actual Active Directory data, not the Active Directory database.

False

Applications that are not claims-aware can't be used in an AD FS deployment

False

By default, subnets are created in Active Directory Sites and Services

False

CA Administrator approves requests for certificate enrollment and revocation

False

Group conversion facilitates migrating user accounts from one domain to another

False

If a certificate is not renewed before the validity period expires, the certificate can still be used and the renewal period ends.

False

If your domain includes Windows Server 2003 or older DCs, it's using DFSR to replicate SYSVOL

False

Intrasite replication takes place between DCs in two or more sites

False

Primary authentication is not required for all users who access applications that use AD FS

False

The intermediate CA is the most critical and is the server typically configured for offline operation

False

The logical components of Active Directory are forests, domains, and sites

False

Version 5 templates allow custimization of most certificate setttings and permit autoenrollment

False

With AD FS preauthentication, client requests for the application are sent via a proxy server to the application server.

False

With separate domains, stricter resource control and administrative permissions are more difficult.

False

What is the first domain installed as a forest called?

Forest root

Which of the following is responsible for assigning a bridgehead server to handle replication for each directory partition?

Inter-Site Topology Generator

Which type of CA in the three-level hierarchy is sometimes referred to as a policy CA and issues certificates to issuing CAs?

Intermediate

For intrasite replication, what component builds a replication topology for DCs a site and establishes replication partners?

KCC

You want to configure automatic key archival to ease the burden of managing backup of private keys. What role must you assign to at least one trusted user in the organization?

KRA

You have a member of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your device?

NDES roles Service

Why might it be a good idea to configure multiple domains in a forest

Need for differing account policies

By default, replication between DCs when no changes have occurred is scheduled to happen how often?

Once per hour

Which of the following contains a list of users and specifies what the users can do with a rights protected document?

Publushing license

What is the name of a domain controller on which changes can't be written?

Read only domain controller

What feature should you enable to prevent the sIDHistory attribute from being used to falsely gain administrative privileges in a trusting forest?

SID filtering

A Web Application Proxy server needs two NICS installed to function correctly.

True

A delegated installation allows a domain administrator to create the RODC computer account in Active Directory, so a that a regular user can perform the installation at a later time

True

A domain controller clone is a replica of an existing DC

True

A revocation configuration tells the CA what methods are available for clients to access CRLs.

True

AD FS is designed to work over the public Internet with a Web browser interface

True

Adding a subdomain is a common reason for expanding an Active Directory forest

True

An Active Directory snapshot is a replica of the Active Directory database at a specific moment

True

Authentication efficiency, replication efficiency, and application efficiency are the three main reasons for establishing multiple sites.

True

Before you can install a DC running a newer Windows Server version in an existing forest with a lower factional level, you must prepare existing DCs with the adprep.exe command-line program

True

Before you can install an RODC, the forest functional level must be at least Windows Server 2003

True

Certificate autoenrollment is an option only on enterprise CAs

True

Device registration is a feature that allows non domain-joined devices to access claims-based resources securely.

True

Intrasite replication occurs between bridgehead servers

True

Multi-factor authentication means users must authenticate with more than one device.

True

Remote Desktop Gateway applications are a convenient way for organizations to make applications available to users without having to install the application on every user's computer

True

The PowerShell cmdlet "Restore-CARoleService" restores the CA database and all private key data

True

The federated Web SSO with forest trust design is most often used in business-to-employee relationships.

True

The repadmin /repliacate command causes replication of a specified partition from one DC to another

True

Universal groups allow administrators to assign rights and permissions to forest-wide resources to users from any domain.

True

Users can request certificates that aren't configured for autoenrollment by using the Certificates snap-in.

True

When a full backup or system state backup is performed on a CA server, the certificate store is backed up along with other data

True

Which command analyzes the overall health of Active Directory and perfomas replication security checks?

dcdiag

What feature allows non domain-joined devices to access claims based resources securely?

device registration

Which of the following manages adding, removing, and renaming domains in the forest?

domain naming master

Which option will allow private keys to be locked away and then restored if the user's private key is lost?

key archival

What tool can a user use to request certificates that are not configured for autoenrollment?

Certificates snap-in

What folder contains group policy templates, logon logoff scripts, and DeS synchronization data?

SYSVOL

What features should you configure if you want to limit access to resources by users in a traited forest, regardless of permission settings on these resources?

Selective authentication

Which of the following is a self signed certificate and identifies the AD RMS cluster?

Server licensor certificate

What type of key is used in symmetric cryptography, must be known by both parties, and is used for both encryption and decryption?

Shared secret

What type of certificate enrollment issues certificates that users can use to log on to a system by entering a PIN?

Smart card enrollment

Before you configure a forest trust, what should you configure to ensure you can contact the forest root of both forests from both forests?

Stub Zones

During garbage collection, what setting controls how long deleted objects remain within the database before such objects are completely removed?

Tombstone lifetime

You run a PKI that has issued tens of thousands of certificates to hundreds of thousands of clients. You have found that the traffic created when clients download the CRL is becoming excessive. What can you do to reduce the traffic caused by clients downloading the CRL?

Use a Delta CRL

Which of the following is issued to users when they request access to a rights protected document?

Use license

You have a network of Windows Server 2016 servers, and you wish to allow remote users the ability to access network applications from any device that supports a Web browser?

Web Application Proxy

Which of the following is the international standard that defines a PKI and certificate formats?

X.509

Which of the following is true about the domain functional level?

You can have different functional levels within the forest

What are conditions that determine what attributes are required in a claims and how claims are processed by the federation server?

claim rules

Which option below is not one of the three main methods for cleaning up metadata?

wbsadmin.exe


Kaugnay na mga set ng pag-aaral

Crusades and Culture in the Middle Ages: Lesson 1

View Set

Chapter 13: The Age of Dissent and Division

View Set

Introduction to Geospatial Technologies, Final

View Set

Lec 14&15 Cardiac Cycle/Pumping Action of the Heart

View Set

CH 20: Conditions Occurring During Pregnancy

View Set

Economic Policy, Bureaucracy, and Iron Triangles

View Set