NOS 230 Final
Active Directory metadata describes the actual Active Directory data, not the Active Directory database.
False
If your domain includes Windows Server 2003 or older DCs, it's using DFSR to replicate SYSVOL.
False
You run a PKI that has issued tens of thousands of certificates to hundreds of thousands of clients. You have found that the traffic created when clients download the CRL is becoming excessive. What can you do to reduce the traffic caused by clients downloading the CRL?
Use a Delta CRL
You have a network of Windows Server 2016 servers, and you wish to allow remote users the ability to access network applications from any device that supports a Web browser?
Web Application Proxy
A claims provider is the resource partner that accepts claims from the business partner to make authentication and authorization decisions.
false
CA Administrator approves requests for certificate enrollment and revocation.
false
If a certificate is not renewed before the validity period expires, the certificate can still be used until the renewal period ends.
false
Version 5 templates allow customization of most certificate settings and permit autoenrollment.
false
Users can request certificates that aren't configured for autoenrollment by using the Certificates snap-in.
true
How often does garbage collection run on a DC?
12 hours
In a new partnership with XYZ Company, ABC company wants to share documents securely using Web-based applications. All communication must be secure, and document usage must be controlled. Both companies run Windows Server 2016 domains but must remain in separate forests. What can you implement to facilitate this partnership?
AD Federation Services and AD Rights Management Services
Which feature was first introduced with Windows Server 2012 R2, and are new Active Directory containers to which authentication policies can be applied to restrict where high-privilege user accounts can be used in the domain?
Authentication Policy silos
Which of the following is created using a hash algorithm and can be used to verify the authenticity of a document?
Digital signature
What can you install on a Windows Server 2016 server that can scan documents and apply rights policy templates automatically based on resource properties?
FSRM
A site bridge is needed to connect two or more sites for replication.
False
By default, subnets are created in Active Directory Sites and Services
False
Which type of CA in the three-level hierarchy is sometimes referred to as a policy CA and issues certificates to issuing CAs?
Intermediate
Why might it be a good idea to configure multiple domains in a forest?
Need for differing account policies
Which of the following contains a list of users and specifies what the users can do with a rights-protected document?
Publishing license
What features should you configure if you want to limit access to resources by users in a trusted forest, regardless of permission settings on these resources?
Selective authentication
What type of certificate enrollment issues certificates that users can use to log on to a system by entering a PIN?
Smart card enrollment
Before you configure a forest trust, what should you configure to ensure you can contact the forest root of both forests from both forests?
Stub zones
A domain controller clone is a replica of an existing DC.
True
Before you can install a DC running a newer Windows Server version in an existing forest with a lower functional level, you must prepare existing DCs with the adprep.exe command-line program,
True
Before you can install an RODC, the forest functional level must be at least Windows Server 2003.
True
There's only one global catalog per forest.
True
Universal groups allow administrators to assign rights and permissions to forest-wide resources to users from any domain.
True
Which of the following is issued to users when they request access to a rights-protected document?
Use license
Which of the following is true about the domain functional level?
You can have different functional levels within the forest
Which command analyzes the overall health of Active Directory and performs replication security checks?
dcdiag
What feature allows non domain-joined devices to access claims-based resources securely?
device registration
Which of the following manages adding, removing, and renaming domains in the forest?
domain naming master
Which option will allow private keys to be locked away and then restored if the user's private key is lost?
key archival
A Web Application Proxy server needs two NICS installed to function correctly.
true
A delegated installation allows a domain administrator to create the RODC computer account in Active Directory, so a that a regular user can perform the installation at a later time.
true
An Active Directory snapshot is a replica of the Active Directory database at a specific moment.
true
Certificate autoenrollment is an option only on enterprise CAs.
true
Device registration is a feature that allows non domain-joined devices to access claims-based resources securely.
true
Multi-factor authentication means users must authenticate with more than one device.
true
Which option below is not one of the three main methods for cleaning up metadata?
wbsadmin.exe