NOS.230. Mid-Term
By default, how many previous logons are cached locally to a computer?
10
A service ticket by default lasts for how long?
10 hours
Each Group Policy Object is assigned a globally unique identifier (GUID) of what length?
128 bits
How often is the password for a computer account changed by Active Directory?
30 days
Select the Account Lockout Policy item that determines how many failed logins can occur on an account before the account is locked.
Account lockout threshold
By default, what policies will be downloaded and processed by a Group Policy client?
Changed policies only
What Active Directory replication method makes use of remote differential compression (RDC)?
DFSR (Distributed File System Replication)
What policy is a GPO linked to the Domain Controllers OU and specifies the default policy settings for all domain controllers?
Default Domain Controller Policy
A contact is an Active Directory object that usually represents a person for informational and security purposes.
False
A managed service account (MSA) enables administrators to manage rights and permissions for services but with strict manual password management policies.
False
Administrative template files are in HTML format, using the .admx extension.
False
For security reasons, it's best to delete an account that will be inactive for an extended period.
False
Security Principals define which resources users can access and what level of access they have.
False
The Backup Operators group is a group in local computers only.
False
The directory partition holds configuration information that can affect the entire forest, such as details on how domain controllers should replicate with one another.
False
The recommended minimum number of Active Directory domain controllers in a domain environment is three.
False
What Windows servers are the only domain controllers that hold universal group membership information?
GC global catalog
Select the term used to describe forcing inheritance of settings on all child objects in the GPO's scope, even if a GPO with conflicting settings is linked to a container at a deeper level.
GPO enforement
What defines the objects that a Group Policy Object affects?
GPO scope
Select below the option that is not one of the three built-in service accounts.
Local Operator
What mode of the Resultant Set of Policy (RSoP) snap-in produces a database of policy results that you browse in a similar manner to using the Group Policy Management Editor?
Logging
What policy allows an administrator to control the membership of both domain groups and local groups on member computers?
Restricted Groups
Select the specific Windows folder that is a shared folder containing file-based information that is replicated to other domain controllers.
SYSVOL folder
Which type of ticket below is requested by an account when it wants to access a network resource, such as a shared folder?
Service ticket
Which PowerShell cmdlet below can be used to set permissions for a security principal to a GPO or to all GPOs?
Set-GPPermission
Which of the following statements is not true regarding the built-in Administrator account?
The Administrator account can be deleted
A batch file is a text file that is used to enter a command or series of commands normally typed at the command prompt.
True
A loopback policy can be used to change user policy settings based on the GPO within whose scope a computer object falls
True
A service account is a user account that Windows services use to log on to a computer or domain with a specific set of rights and permissions
True
Account policies are set in the Local Security Policy MMC on computers that aren't domain members.
True
Account policies set in GPOs linked to an OU containing computer accounts affect only local user accounts defined in the computer's SAM database.
True
GPOs set at the domain level should contain settings that you want to apply to all objects in the domain.
True
If you want to create a security template using a baseline of settings from an existing desktop computer or server, you can begin by opening secpol.msc.
True
Local GPOs are edited with the gpedit.msc tool.
True
Schema attributes define what type of information is stored in each object, such as first name, last name, and password for a user account object.
True
The Group Policy Results wizard will show administrators which policy settings apply only to a user, computer, or both.
True
The Knowledge Consistency Checker (KCC) runs on every DC to determine the replication topology.
True
The Restricted Groups policy, under Security Settings, Controls group membership for both domain groups and local SAM groups.
True
What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy or manually?
Unmanaged policy setting
When creating a new user, the "User cannot change password" option can't be used in conjunction with what other option?
User must change password at next logon
Which of the following uses queries to select a group of computers based on certain attributes, and then applies or doesn't apply policies based on the query's results?
WMI filtering
In order to use the Active Directory Recycle Bin, all DCs in the forest must be running at least what Windows Server operating system?
Windows Server 2008 R2
When you back up a GPO, the policy settings are backed up, but not the security filtering settings, delegation settings, and WMI filter links.
false
What Active Directory directory partition holds the DNS database?
not Application directory partition
Which of the following is not a security principal that can be assigned permissions?
not OU
An Active Directory object's security settings are composed of three components, what term is used to refer to these three components?
security descriptor
Which of the following uses permissions to restrict objects from accessing a GPO?
security filtering
When a client computer wants to connect to a service instance, what specific name type does it use to find the service?
service principal name
User accounts created in Active Directory are referred to as domain user accounts.
true
Select the term used to describe the process, within the context of Active Directory, that allows a person with higher security privileges to assign authority to a person of lesser security privileges to perform certain tasks.
delegation of control