CIST 2412 - Final Exam
What security improvement allows you to begin the installation of an RODC from a secure central location before completing it at the remote site where the RODC will be housed? a. Staged installation b. two-part installation c. Part I installation d. Multi-part installation
Staged installation
Which audit category includes events such as server startup and shutdown, time changes, and clearing the security log within the Windows Event Viewer? a.Process tracking b.Privileged use c.System Events d.Policy management
System Events
What term describes the length of time for which a DNS record is valid, after which it needs to be re-registered? a. Protocol b. Priority c. Weight d. Time-to-Live
Time-to-Live
Which of the following items is a valid leaf object in Active Directory? a. Domain b. User c. Application partition d. OU
User
What language is used to write WMI queries? a.SQL b.T-SQL c.VBScript d.WQL
WQL
Each object's SID consists of two components: the domain portion and the ________. a.remote identifier b.globally unique identifier c. relative identifier d.global identifier
relative identifier
You are logging onto an Active Directory child domain from a workstation running Windows Vista Business. By default, where will this workstation look to synchronize its clock with the domain? a. The PDC Emulator for the child domain b. The PDC Emulator for the forest root domain. c. An external clock d. The domain controller that authenticates the workstation
the domain controller that authenticates the workstation
As part of your efforts to deploy all new applications using Group Policy, you discover that several of the applications you wish to deploy do not include the necessary installer files. What can you use to deploy these applications? a.Software restriction policies b. .msi files c. .mdb files d. .zap files
.zap files
You are the administrator of an Active Directory forest that contains a forest root domain with three child domains. How many of each FSMO does this forest contain? a.1 Domain Naming Master, 1 Schema Master, 3 PDC Emulators, 3 Infrastructure Masters, 3 RID Masters b.3 Domain Naming Masters, 3 Schema Masters, 3 PDC Emulators, 3 Infrastructure Masters, 3 RID Masters c.1 Domain Naming Master, 1 Schema Master, 4 PDC Emulators, 4 Infrastructure Masters, 4 RID Masters d.1 Domain Naming Master, 1 Schema Master, 1 PDC Emulator, 1 Infrastructure Master, 1 RID Master
1 Domain Naming Master, 1 Schema Master, 4 PDC Emulators, 4 Infrastructure Masters, 4 RID Masters
The RID Master FSMO distributes RIDs to domain controllers in increments of ____. a.100 b.250 c.500 d.1,000
500
Which file extension identifies Administrative templates in Windows Server 2008? a.ADM b.ADMX c.INF d.POL
ADMX
Which audit event type is triggered when user or group accounts are created, deleted, renamed, enabled, or disabled? a.Account logon events b.Account management events c.Privileged use events d.Policy management events
Account management events
What is the recommended method for moving Active Directory objects from one domain to another? a. Movetree.exe b. Dsmove c.Active Directory Migration Tool (ADMT) d.Drag-and-drop
Active Directory Migration Tool (ADMT)
What Windows Server 2008 feature allows you to configure a user or group as the local administrator of an RODC without delegating any rights to the user or group within Active Directory? a.Flexible Single Master Operations (FSMO) roles b.Admin Role Separation c. Staged Installations d.Active Directory Lightweight Domain Services (AD LDS)
Admin Role Separation
Which special identity group controls anonymous access to resources in Windows Server 2008? a.Everyone b.Network c.Interactive d.Anonymous Logon
Anonymous Logon
Monitoring a system such as Active Directory for the success and/or failure of specific user actions is called a.auditing b.inspecting c.scanning d.sniffing
Auditing
What is the single location within the SYSVOL share where ADMX files can be stored? a.Central Store b.Group Policy Container (GPC) c.Group Policy Template (GPT) d.Folder Redirection Store
Central Store
Which of the following rules will allow or disallow a script or a Windows Installer file to run on the basis of how the file has been signed? a.Path rule b.Hash rule c.Network zone rule d.Certificate rule
Certificate rule
What mechanism is used by an Active Directory domain controller to indicate that it has unreplicated changes to communicate to its replication partners? a. Preferred bridgehead servers b. Change notification c. Site link bridges d. Intersite replication
Change notification
Which database contains information used by Windows Management Instrumentation? a.Resultant Set of Policy (RSoP) b.SYSVOL c.Common Information Management Object Model (CIMOM) d.Group Policy Container (GPC)
Common Information Management Object Model (CIMOM)
Which interface allows you to grant limited permissions within Active Directory to individual users or groups to adhere to a principle of least privilege in administering Active Directory? a.Delegation of Authority Wizard b.Delegation of Control Wizard c.Control Wizard d.Authority Wizard
Delegation of Control Wizard
You are planning an Active Directory implementation for a company that currently has sales, accounting, and marketing departments. All department heads want to manage their own users and resources in Active Directory. What feature will permit you to set up Active Directory to allow each manager to manage his or her own container but not any other containers? a. Delegation of control b. Read- Only Domain Controller c. Multimaster replication d. SRV records
Delegation of control
Which password-cracking attack functions by attempting every possible combination of alphanumeric characters until it finds a match? a.Trojan horse b.Dictionary attack c.Rootkit d.Boot virus
Dictionary Attack
Which of the following Default Security Levels in Software Restriction Policies will disallow any executable from running that has not been explicitly enabled by the Active Directory administrator? a.Basic User b.Restricted c.Disallowed d.Power User
Disallowed
Which feature allows you to control how much space a user can take on a particular hard drive volume, configurable via Group Policy? a.Disk quotas b.Folder redirection c.Offline files d.Object access auditing
Disk Quotas
The Schema Master FSMO for your forest will be taken offline for a few hours so that your hardware vendor can replace the motherboard of the server. To allow your clients to continue to log in, what is the minimum that you need to do? a.Transfer the Schema Master FSMO to another domain controller before taking it offline. b.Seize the Schema Master FSMO to another domain controller before taking it offline. c.Do nothing. Your clients will still be able to log in while the Schema Master is offline. d.Disable the domain controller's computer account from Active Directory Users and Computers before taking it offline.
Do nothing. Your clients will still be able to log in while the Schema Master is offline.
Which group scope can contain users and groups from any domain within an Active Directory forest, but can be used only to secure resources located within the same domain as the group itself? a.Domain group b.Global group c.Domain local group d.Universal group
Domain Local Group
Which account type is configured on an Active Directory domain controller and can be used to grant access to resources on any domain-joined computer? a.Domain local account b.Global account c.Domain account d.Local account
Domain account
What is the first domain installed in a new Active Directory forest called? a. Forest root domain b. Parent root domain c. Domain tree root d. Domain root
Domain tree root
To prevent users from re-using a certain number of network passwords, what can you configure as part of a domain-wide policy or as part of a Fine-Grained Password Policy? a.Minimum password length b.Minimum password age c.Maximum password age d.Enforce password history
Enforce password history
Although all writeable domain controllers use multimaster replication, there are certain sensitive operations that can only be controlled by one DC at a time. What is this functionality known as? a. Flexible Single Master Operations (FSMO) roles b. Flexible Multiple Master Operations (FMMO) roles c. Flexible Single Operations Master (FSOM) roles d. Flexible Multiple Operations Master (FMOM) roles
Flexible Single Master Operations (FSMO) roles
Which GPO setting automates the process of presenting user files from a network folder rather than an individual user's desktop, thus making them accessible from anywhere on the network? a.Roaming profiles b.Roaming documents c.Folder redirection d.Document redirection
Folder redirection
Which of the following is the security boundary within Active Directory? a. Forest b. Domain c. Domain tree root d. Domain root
Forest
What is the Active Directory component that contains a reference to all objects within Active Directory called? a. Main database b. Central catalog c. Global database d. Global catalog
Global catalog
Which utility is used to edit the settings contained in an individual Active Directory Group Policy Object? a.Group Policy Management Editor b.Group Policy Management Console c.GPResult d.Resultant Set of Policy
Group Policy Management Editor
Which GPMC component provides information analogous to Planning Mode in the Resultant Set of Policy MMC snap-in? a.Group Policy Modeling b.Group Policy Results c.Group Policy Management Editor d.Group Policy Object Editor
Group Policy Modeling
Which node within the Group Policy Management Console provides the effective policy settings applied to a particular user/computer combination? a.Group Policy Modeling b.Group Policy Results c.Group Policy Management Editor d.Group Policy Object Editor
Group Policy Results
Which folder stores policy settings, such as security settings and script files? a.Group Policy Container (GPC) b.Group Policy Object (GPO) c.SYSVOL d.Group Policy Template (GPT)
Group Policy Template (GPT)
What defines the types of objects that can belong to a particular group and the types of resources that group can be used to secure? a.Group scope b.Group security c.Special Identity group d.Security group
Group Scope
What technique is used to configure one security group as a member of another security group? a.Group security b.Group nesting c.Group overloading d.Group scope
Group nesting
Which of the following describes the mathematical equation that creates a digital "fingerprint" of a particular file? a.Hash rule b.Hash algorithm c.Software restriction policy d.Path rule
Hash algorithm
You have assigned several applications using GPOs. Users have complained that there is a delay when they double-click on the application icon, which you know is the result of the application being installed in the background. What option can you use to pre-install assigned applications when users log on or power on their computers? a.Uninstall when the application falls out of scope b.Install This Application At Logon c.Advanced Installation Mode d.Path rule
Install This Application at Logon
Which input file format allows you to create, modify, and delete objects within Active Directory? a.LDAP Data Interchange Format (LDIF) b.Comma Separated Value (CSV) c.Tab-delimited Text (TXT) d.Microsoft Excel (XLS)
LDAP Data Interchange Format (LDIF)
What is the process of applying a Group Policy Object to a particular container, such as a site, domain, or an organizational unit? a.Linking b.Inheriting c.Configuring d.Applying
Linking
Which Resultant Set of Policy mode queries existing GPOs linked to sites, domains, and OUs to report on currently-applied GPO settings? a.Planning mode b.Logging mode c.Extant mode d.Event Viewer mode
Logging Mode
To determine which users are accessing resources on a particular member server in an Active Directory domain, which event type would you audit? a.Account logon event b.Policy change event c.Account management event d.Logon event
Logon Event
What does each class or attribute that you add to the Active Directory schema need to have? a. Protocol b. Object Identifier c. Priority d. Port
Object Identifier
Which Group Policy feature allows users to access user files when the user is disconnected from the corporate network? a.Folder redirection b.Disk quotas c.Offline files d.Object access auditing
Offline files
RODCs do not participate in which of the following? a. Replication b. Cross-forest trusts c. Outbound replication d. External trusts
Outbound replication
10.With a username, what is needed to access network resources in a default Active Directory environment? a.Password b.Access Token c.Smart card d.PIN
Password
What type of object will you create to enable multiple password policies within a Windows Server 2008 domain? a.msDS-MinimumPasswordLength b.msDS-MultiplePasswordPolicies c.PasswordSettingsObject (PSO) d.msDS-PasswordObject
PasswordSettingsObject (PSO)
What is a numeric or alphanumeric character sequence that you enter with a smart card to access a server or other Active Directory resource? a.Personal Identification Number (PIN) b.Password Identification Number (PIN) c.Smart card password d.Smart card identifier
Personal Identification Number (PIN)
Which Resultant Set of Policy mode can be used to obtain Group Policy Modeling information? a.Logging mode b.Planning mode c.Event Viewer mode d.Design mode
Planning Mode
What mechanism within DNS is used to set up load balancing between multiple servers that are advertising the same SRV records? a. Protocol b. Domain name c. Port d. Priority
Priority
You wish to deploy several software applications using Group Policy, such that the applications can be manually installed by the users from the Add/Remove Programs applet in their local Control Panel. Which installation option should you select? a.Assign b.Disallowed c.Publish d.Unrestricted
Publish
When creating a site link, you can configure it to use which of the following protocols? a. TCP/IP or RPC over IP b. RPC over IP or SMTP c. SMTP or TCP/IP d. SMTP or CIDR
RPC over IP or SMTP
Which configuration item has a default value of 90 minutes for workstations and member servers, with a random offset of 0 to 30 minutes to optimize network performance? a.Refresh time b.Refresh interval c.Clock skew d.Clock interval
Refresh interval
You are the administrator for a network that has several sites. There is a site link from the main headquarters to each remote site for file transfer and replication purposes. You have been asked to create five new users on the network, and several of the users need immediate access to network applications. When asked by your manager how long replication of these new accounts will take, what is your response? a. Replication occurs every 180 minutes by default. b. Replication occurs at 15-minute intervals. c. Replication occurs as soon as the account is added. d. Replication occurs only between 12:00 AM and 6:00 AM.
Replication occurs every 180 minutes by default
Given the scenario in question 4, how long would it take for other DCs within the headquarters site to replicate the accounts belonging to the new users? a. Replication occurs every 180 minutes by default. b. Replication occurs at 15-minute intervals. c. Replication occurs within 45 seconds of the account being added. d. Replication occurs only between 12:00 AM and 6:00 AM.
Replication occurs within 45 seconds of the account being added
Which Windows Server 2008 feature enables you to perform certain Active Directory maintenance functions without needing to reboot the domain controller? a. Directory Services Restore Mode b. Safe Mode c. Safe Mode with Networking d. Restartable Active Directory
Restartable Active Directory
Which of the following is not one of the Default Security Levels that can be used with a software restriction policy? a.Basic User b.Unrestricted c.Restricted d.Disallowed
Restricted
What is a GUI-based query engine that looks at a configured GPO in a forest and then reports its findings? a.Resultant Set of Policy (RSoP) b.Gpresult c.Gpupdate d.Group Policy Management Editor
Resultant Set of Policy (RSoP)
What is a new GUI option in Windows Server 2008 and Windows Vista that allows you to launch a specific application using elevated privileges? a.Delegation of Control Wizard b.Active Directory Administrative Credentials c.Run as Administrator d.Delegation of Privilege Wizard
Run as Administrator
Which program allows you to use the Secondary Logon service to launch individual programs and utilities using administrative privileges? a. Runas b. Wscript c. Cscript d. Secwiz
Runas
What is required by DNS for Active Directory to function? a. Dynamic update support b. DHCP forwarding support c. SRV records support d. Active Directory integration
SRV records support
Which service enables you to use the runas command-line utility? a.Secondary Service b.Secondary Logon c.Runas Service d.Alternate Credentials Service
Secondary Logon
Which group type allows you to assign permissions to resources, as well as receive messages via Active Directory-enabled email applications such as Microsoft Exchange? a.Distribution group b.Exchange group c.Permissions group d.Security group
Security group
Which technique allows you to specify individual users or groups within a container who should or should not receive the settings configured in a particular GPO? a.Block Policy Inheritance b.Security group filtering c.Linking d.No Override
Security group filtering
What is a new installation option in Windows Server 2008 that features a minimal installation footprint designed to run specific infrastructure services? a. RODC b. FSMO c. Server Core d. Web Server Edition
Server Core
What is the new unified tool, introduced by Windows Server 2008, for managing numerous aspects of a 2008 server? a. Computer Management b. Server Manager c. Active Directory Users & Computers d. Active Directory Domains & Trusts
Server Manager
Company XYZ is a national company with locations in Detroit, Minneapolis, Phoenix, and Dallas. There are two connections between Detroit and Minneapolis. The first is a T-1 link and the second is a 128-Kbps link. When setting up the site links for replication, what should you do to ensure that the 128-Kbps link is used only if the T-1 is unavailable? a. Set a cost of 1 for the T-1 and a cost of 5 for the 128-Kbps link. b. Set a cost of 5 for the T-1 and 1 for the 128-Kbps link. c. Leave the costs at their default value of 100. d. Change the schedule manually to disallow replication on the 128-Kbps link until it is needed.
Set a cost of 1 for the T-1 and a cost of 5 for the 128 -Kbps link
What is a new feature in Windows Server 2008 that allows you to configure a GPO "pattern" that you can use to create additional GPOs beginning with the same settings in the pattern? a.Group Policy Container (GPC) b.Group Policy Template (GPT) c.Starter GPO d.Central Store
Starter GPO
What is a password that has sufficient length and complexity that it is difficult for a hacker or other malicious user to hack? a.Long password b.Smart card password c.Strong password d.Personal identification password
Strong Password
To optimize client authentication and location of resources, which kind of object should each Active Directory site contain? a. Site links b. Costs c. Connection objects d. Subnets
Subnets
Which type of GPO processing requires that each GPO must be read and applied completely before the next policy can be processed? a.Synchronous processing b.Asynchronous processing c.Multisynchronous processing d.Unisynchronous processing
Synchronous processing
Which of the following is used to develop information systems software through a structured process that includes analysis, design, implementation, and maintenance? a.Hash algorithm b.System Development Life Cycle c.Software Restriction Policy d.Group Policy Object
System Development Life Cycle
To which port does the _gc SRV record listen? a.TCP 445 b.UDP 137 c.TCP 3268 d.UDP 445
TCP 3268
You have a Group Policy Object used to install a particular software application. Because this is a resource-intensive application, you want the software to be installed only on computers that have at least 1GB of RAM. What feature can you use to restrict the application of this GPO to computers that meet this criterion? a.Security group filtering b.WQL filtering c.WMI filtering d.CIMOM filtering
WMI filtering
When would you disable automatic site-link bridging within Active Directory Sites and Services? a. When you need to configure intersite replication b. When you wish to configure different costs for your site links c. When your physical network is not fully routed d. When you wish to control the hours during which intersite replication will occur
When your physical network is not fully routed
Which feature, new to Windows Server 2008, allows you to install workstation operating systems and software in an enterprise environment? a.Remote Installation Service (RIS) b.Folder redirection c.Windows Deployment Services (WDS) d.Offline file storage
Windows Deployment Services (WDS)
What provides a common framework that can be used to query servers and workstations for information about specific hardware or software, such as RAM, hard drive space, running services, and installed software? a.Common Information Management Object Model (CIMOM) b.Resultant Set of Policy (RSoP) c.Windows Management Instrumentation (WMI) d.Group Policy Objects
Windows Management Instrumentation (WMI)
What can be used to run script files using VBScript or JScript from the Windows desktop or from a command prompt? a.Visual Basic b.Windows Scripting Host (WSH) c.Visual Basic Express d.Windows Scripting Engine
Windows Scripting Host (WSH)
Which of the following domain controllers can be joined to a forest that is currently set at the Windows Server 2008 forest functional level? a. Windows 2000 b. Windows Server 2003 c. Windows Server 2008 d. Windows NT 4.0
Windows Server 2008
You are a member of the Domain Admins group of a child domain on an Active Directory network. You have an application that requires you to configure an application directory partition, but you find that you are unable to do so. What could be preventing you from creating an application directory partition in your domain? a.You must be a member of the Enterprise Admins group to create an application directory partition. b.You must be a member of the Schema Admins group to create an application directory partition. c.You must be a member of the Forest Admins group to create an application directory partition. d.You must be a member of the DNS Admins group to create an application directory partition.
You must be a member of the Enterprise Admins group to create an application directory partition.
Which file type is used by Windows Installer? a. .inf b. .bat c. .msf d. .msi file
.msi file
The KCC is responsible for calculating intrasite replication partners. During this process, what is the maximum number of hops that the KCC will allow between domain controllers? a. 2 b. 3 c. 4 d. 5
3
You can view and manage the PDC Emulator FSMO role holder using which utility? a. Active Directory Users and Computers b. Active Directory Schema c. Active Directory Sites and Services d. Active Directory Domains and Trusts
Active Directory Users and Computers
The Administrator and Guest user accounts are examples of a.Special identity user account b.Administrative user account c.Built-in user account d.Domain user account
Built-in user account
Which naming context contains forest-wide data about the physical topology of an Active Directory forest? a. Schema b. ForestDNSZones c. Configuration d. Domain DNS Zones
Configuration
Which of the following naming contexts are replicated across an entire Active Directory forest? a. Configuration and Schema b. Schema and DomainDNSZones c. Configuration and ForestDNSZones d. Schema and ForestDNSZones
Configuration and Schema
Which command-line utility can be used to move an Active Directory object from one container to another? a. Dsget b. Dsrm c. Dsmove d. Admt
Dsmove
Which tool can be used to obtain effective Group Policy information from the command line? a. Gpupdate b.Secedit c.Netsh d.Gpresult
Gpresult
Which of the following rule types apply only to Windows Installer packages? a.Hash rules b.Certificate rules c.Internet zone rules d.Path rules
Internet zone rules
Replication that occurs between sites is called ____________ replication. a. Local b. Remote c. Intersite d. Intrasite
Intersite
Which utility allows you to create, remove, and maintain Active Directory trust relationships from the command-line? a. Repadmin b. Nslookup c. Netdom d. Shstar
Netdom
Which of the following is a container object within Active Directory? a. Folder b. Group c. User d. OU
OU
Which of the following roles is a forest-wide FSMO role? a.PDC Emulator b.Infrastructure Master c.Schema Master d.Global catalog
Schema Master
If the user named Amy is located in the sales OU of the central.cohowinery.com domain, what is the correct syntax for referencing this user in a command line utility? a. amy.cohowinery.com b. cn=amy, ou= sales, dc=cohowinery, dc=com c.cn=amy,ou=sales,dc=central,dc=cohowinery,dc=com d.dc=com,dn=cohowinery,ou=sales,cn=amy
cn=amy,ou=sales,dc=central,dc=cohowinery,dc=com
Which command-line tool can be used to create various object types within Active Directory? a. dsget b. dsquery c. dsadd d. dsmove
dsadd
A PasswordSettingsObject (PSO) within Active Directory is also known as which type of object? a.msDS-PasswordSettingsPrecedence b.msDS-PasswordSettings c.msDS-PasswordComplexityEnabled d.msDS-MinimumPasswordLength
msDS-PasswordSettings
