CIS 222

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which server role below cannot be installed on a domain controller that will be cloned?

DHCP

Applications that are not claims-aware can't be used in an AD FS deployment.

False

By default, subnets are created in Active Directory Sites and Services.

False

If a certificate is not renewed before the validity period expires, the certificate can still be used until the renewal period ends.

False

Intrasite replication takes place between DCs in two or more sites.

False

The federated Web SSO with forest trust design is most often used in business-to-employee relationships.

False

The logical components of Active Directory are forests, domains, and sites

False

With separate domains, stricter resource control and administrative permissions are more difficult.

False

Which AD DS design should you use if you want your design to support business-to-business relationships where the account federation server validates credentials and no Active Directory trust is created?

Federated Web SSO

To increase security of data stored on an RODC, what can be configured to specify domain objects that aren't replicated to RODCs?

Filtered attribute sets

What is the first domain installed in a forest called?

Forest Root

What type of algorithm is used to sign the CA certificate?

Hash

For intrasite replication, what component builds a replication topology for DCs in a site and establishes replication partners?

KCC

If an employee leaves a company, what should happen to any certificates held by that employee that was issued by the company's PKI?

They Should be put on the CRL

Your company has purchased another company that also uses Windows Server 2016 and Active Directory. Both companies need to be able to access each other's forest resources. How can you achieve this goal with the least administrative effort?

Create a two way forest trust

Why might you need to configure multiple forests?

Need for different schemas

Which service provided by a PKI ensures that a party in a communication can't dispute the validity of the transaction?

Nonrepudiation

You were issued a certificate on March 1st 2015 for your secure Web server. The validity period is three years and the renewal period is four months. What is the earliest date you can renew this certificate?

November 1, 2017

Which of the following is associated with an Active Directory tree? (Choose all that apply.)

One or more domains A Common naming structure Parent and Child domains

You have a network that consists of Windows 8.1 and Windows 10 computers as well as some Mac OS and Linux computers. You need to install a PKI using Windows Server 2016 that will be able to issue certificates to all your client computers. What should you install?

Online Standalone CA

The RID master FSMO role is ideally placed on the same server as what other role?

PDC Emulator

What is the name of a domain controller in which changes cant be written

Read Only Domain Controller

Which of the following is a self-signed certificate and identifies the AD RMS cluster?

Server Licencor Certificate

How is a computer's designated site determined, such that the computer is given a domain controller to request services from within the same site?

Through Subnets added to the site

Which of the following is true about the domain functional level?

You can have different functional levels within the forest

Which option below is not one of the three main methods for cleaning up metadata?

wbsadmin.exe

Which of the following is the first step to allow third-party devices to perform device registration to access domain resources from the Internet?

Install a certificate from a third party CA

Which of the following are requirements to raise the forest functional level to Windows Server 2016? (Choose all that apply.)

Member of enterprise admins group The Schema FSMO role must be available

After you install AD CS, you want to begin issuing certificates for the encrypting file system. What should you do first?

Modify a certificate template

You have a number of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your devices?

NDES role service

Which of the following is NOT a feature of AD RMS?

Workplace Join

Your company deals with highly confidential information, some of which is transmitted via email among employees. Some documents have been forwarded via email, making the documents more difficult to track. You want to be able to prevent employees from forwarding certain emails. What should you deploy?

AD RMS

Which type of cryptography provides the most security?

Asymmetric Cryptography

In which LDAP-compatible database are claims values stored?

Attribute Store

Which feature was first introduced with Windows Server 2012 R2, and are new Active Directory containers to which authentication policies can be applied to restrict where high-privilege user accounts can be used in the domain?

Authentication policy silos

You have several marketing documents that are published through AD RMS. However, you have three new marketing employees that require additional training before they should be able to access these documents. These employees should have all other rights and permissions as members of the Marketing group. What should you do to prevent these users from accessing these rights-protected documents?

Configure a user exclusion policy in AD RMS

Once Active Directory has been installed, a default site link is created. What is the name of this site link?

DEFAULTIPSITELINK

You need to allow your network technician to view the RMS logs and reports, but no additional permissions should be granted to this technician. What can you do?

Delegate the AD RMS

With universal group membership caching, how often is the cached information on group membership refreshed?

Every 8 Hours

A tree can consist of a single domain or a parent domain and child domains, which cannot have child domains of their own.

FALSE

A claims provider is the resource partner that accepts claims from the business partner to make authentication and authorization decisions.

False

A domain controller clone is a replica of an existing DC.

True

A revocation configuration tells the CA what methods are available for clients to access CRLs.

True

Adding a subdomain is a common reason for expanding an Active Directory forest.

True

Before you can install an RODC, the forest functional level must be at least Windows Server 2003.

True

Users can request certificates that aren't configured for autoenrollment by using the Certificates snap-in.

True

Which of the following is issued to users when they request access to a rights-protected document?

Use License

What is issued by the root cluster and contains a computer's public key when an AD RMS application is used?

machine certificate

AD FS is designed to work over the public Internet with a Web browser interface.

true

Certificate autoenrollment is an option only on enterprise CAs.

true


Ensembles d'études connexes

Personal Fitness and Wellness Final

View Set

art appreciation midterm chapters 6 and 7

View Set

Cognitive Psychology Final Exam Review

View Set