Nos 230 Module 11
What is the level of encryption of the public/private key pair that is contained in the domain-server-CA in Microsoft Server 2019?
2048-bit encryption
Denali wants to store information about all Windows updates on a specific Microsoft SQL Server for security reasons. Which of the following wizards can Denali use to set up SQL Server Connectivity to store update information?
The Add Roles and Features Wizard
Alonso, a system administrator, has configured and deployed a new GPO at the domain level in his organization. However, when he checks after a few hours, two of the OUs in the Active Directory do not reflect the change. What is the most likely reason the new GPO configuration did not apply to the two OUs?
The Block Inheritance setting prevented the OUs from applying the GPOs.
Sasha is configuring Windows Server 2019 as an enterprise CA. She installs the Active Directory Certificate Services server role and is prompted to choose the role services that she wishes to install. Which of the following role services should Sasha select to ensure that routers are allowed to obtain certificates?
The Network Device Enrollment Service role service
To prevent man-in-the-middle attacks, Janet, a network administrator, configures a GPO such that all the traffic sent toward a specific database server is encrypted using IPSec. While most of her colleagues are able to successfully connect to the database via the IPSec authentication process, the connection is not successful for some computers. What do you see to be the problem here?
The computers did not have an IPSec certificate.
Having heard the data theft suffered by a competing company by a man-in-the-middle attack, Finn asks Talia, his server administrator, to implement measures to prevent such attacks in his company. Which of the following should Talia do to ensure that Finn's company is protected from such attacks?
Hire the services of a third-party Certification Authority
Yosef has configured Windows Server 2019 as an enterprise CA and deployed a GPO to enroll all the users for certificates. He chooses the setting that will enroll the users when they boot their computers. When he checks whether all users and computers have been enrolled, he finds that five users were not enrolled for the certificate. Yosef was able to manually enroll those users for certificates.Which of the following permissions to the certificate template is most likely to be missing for the five users who did not get enrolled?
Autoenroll
David, a system administrator, has created specific GPOs for every department in his organization based on the permissions required by the various departments. However, he needs to apply the Default Domain Policy for some managers but not for the rest of the users. How can David ensure that the Default Domain Policy is applied only to specific managers' accounts?
By removing the Authenticated Users group from the Security Filtering section and adding the managers' accounts
Fatima is configuring a Windows Server 2019 system as a RADIUS server for use with 802.1X Wireless. She has configured the Network Policy and Access Services server role. What is the next step Fatima should take once the server role has been configured?
Activate the server in Active Directory
If a newly created firewall allows connection to a program only if the connection is authenticated by IPSec, which of the following options was most likely selected in the Action pane in the New Inbound Rule Wizard at the time of creating the rule?
Allow the connection if it is secure
Ramona, the chief technical officer of an engineering company, needs to install software on 32-bit computers using GPO. The system network consists of over 500 computers and has a mix of 32-bit and 64-bit computers. How can Ramona ensure that the software is installed only on the 32-bit computers?
By using a WMI filter
If multiple GPOs are linked to the same site, domain, or OU, they will be applied in a random order.
False
WPA3 is immune to wireless cracking tools because it uses a Wi-Fi password in a different way than WPA2 does.
False
When a CA public/private key pair expires, a system administrator must generate a new CA public/private key pair the same day to ensure a smooth transition.
False
By default, where are updates synchronized from in WSUS?
Microsoft Update servers on the Internet
XM GraFix, a graphics design company, has bought new design software. Mason, the system administrator, wants to install the software on all the computers in the design department. However, not all the designers need the software. Using the GPO, Mason uses a deployment method that allows the users to install the program from the network when they need it. Which of the following methods of deployment has Mason most likely used in the given scenario?
Published the software under Software Settings in the User Configuration
Chynna wants to create two different firewall rules that are applicable depending on whether a computer is connected to a corporate domain or a home network. Which of the following panes in the New Inbound Rule Wizard should Chynna select to specify the conditions that should be met before the rules can be applied?
The Profile pane
Which of the following settings in Windows defender should be enabled to prevent malware and network attacks from accessing high-security processes in systems that support core isolation?
The memory integrity setting
Giselle, a systems administrator, creates a file redirection GPO, in the User Configuration section that automatically saves files created by her colleagues to a shared network device instead of the local drives in their computers. However, the computers do not receive the configuration specified in the GPO. She runs the gpupdate /force command in the Command Prompt window of one of her colleagues' computer. Despite her effort, the computer does not receive the GPO, and she decides to rectify the issue the next day. To her surprise, she sees that the computer has been configured as per the GPO. What do you see as the issue with the GPO configuration?
The settings can only be applied at the next login.
Amina, who works for a pharmaceutical company, configures and issues the Smartcard Logon certificate template with schema version 2. While most of the users get auto-enrolled, some of the users fail to obtain the certificate. Identify the most likely reason auto-enrollment failed for these users.
Their operating system is Windows 2000.
Which of the following is true of Group Policy Objects (GPOs)?
They do not apply to Active Directory groups.
A 257-bit encryption key is twice as difficult to guess compared to a 256-bit encryption key.
True
Navin wants to reduce the chances of a data breach and monitor and control the traffic on his company's website. Instead of using a NAT router, he sets up an external server that acts as a filter between the organization's website and end users. Which of the following options must Navin select and configure when configuring WSUS?
Use a proxy server when synchronizing
The new system administrator of XYZ company realizes that whenever updates are available for Windows, WSUS redirects computers to the Microsoft Update servers on the Internet to obtain updates instead of storing the update information on the WID. Which of the following is a likely reason for this issue?
While installing WSUS, the option Store updates in the following location was deselected.
Stephen sets up manual enrollment for a user certificate from an enterprise CA. However, as he completes the process, he realizes that he has accidently set up the enrollment for a computer certificate rather than a user certificate. Which of the following commands did Stephen most likely type in the Command Prompt window?
certlm.msc