Test 2
Which command can you execute to create a container from the microsoft/iis container image that runs in the background and automatically maps port 80 in the container to a port above 32767 on the underlying operating system? a. docker run -d -P microsoft/iis b. docker run -d -p *:80 microsoft/iis c. docker exec -it -P microsoft/iis d. docker exec -it -p *:80 microsoft/iis
a. docker run -d -P microsoft/iis The docker run command is used to create a new container from a container image. The -d option to the docker run command runs the container in the background until stopped manually, and the -P option to the docker run command automatically maps port 80 in the container to a port above 32767 on the underlying operating system.
Which of the following performance counters can be used to identify jabbering hardware? a. Pages/sec b. % Interrrupt Time c. Committed Bytes d. Bytes Total/sec
b. % Interrrupt Time The % Interrupt Time counter in the Processor performance object can be used to identify a large number of interrupts, which is often the result of jabbering hardware.
Reliability Monitor displays a system stability index value for each day based on the values of specific performance counters. a. True b. False
b. False Reliability Monitor displays a system stability index value for each day based on the number and type of events in event logs.
Which of the following Windows Defender features can be used to limit the files, folders and processes that ransomware can modify? a. Core isolation b. Memory integrity c. Controlled folder access d. Secure boot
c. Controlled folder access Controlled folder access can be used to prevent ransomware from modifying files, folders, and memory on your system.
Which of the following steps is not a common troubleshooting procedure? a. Test possible solutions b. Isolate the problem c. Delegate responsibility d. Collect information
c. Delegate responsibility Collecting information, isolating the problem, and testing possible solutions are all common troubleshooting procedures, whereas delegating responsibility is not.
Websites on a Web server provide the front end for most Web apps. a. True b. False
A. True Most Web apps are accessed using a website on a Web server.
The Windows Subsystem for Linux (WSL) allows you to execute Web apps in a virtual machine on Windows Server 2019. a. True b. False
B. False The Windows Subsystem for Linux (WSL) allows you to execute Web apps directly on the Windows Server 2019 kernel.
The docker command is also called the Docker daemon. a. True b. False
B. False The docker command is also called the Docker client. The Docker daemon is the service that provides for container functionality.
Which of the following is not considered a remote access technology? a. DirectAccess b. L2TP c. PPPoE d. Remote Desktop
C. PPPoE PPPoE is a last mile technology. DirectAccess, L2TP VPNs, and Remote Desktop are technologies that can be used to obtain remote access.
Which of the following VPN authentication methods is considered the most secure? a. EAP b. CHAP c. MS-CHAPv2 d. PAP
a. EAP Extensible Authentication Protocol (EAP) is considered the most secure protocol, followed in order by MS-CHAPv2, CHAP, and PAP.
On which part of the maintenance cycle do server administrators spend the most time? a. Monitoring b. Proactive maintenance c. Reactive maintenance d. Documentation
a. Monitoring Monitoring is the part of the maintenance cycle on which server administrators spend the most time.
Which task should you perform in Task Manager before stopping a problematic process for a program that was created by your organization? a. Right-click the process and click Create dump file b. Right-click the process and click Search online c. Right-click the process and click Analyze wait chain d. Right-click the process and click UAC virtualization
a. Right-click the process and click Create dump file Before stopping a problematic process in Task Manager for a program created by your organization, you should save the memory contents of the process to a dump file that the software developers in your organization can use to identify and fix the problem in future versions of the program.
Resource Monitor allows you to identify the storage devices and files that a single process is accessing. a. True b. False
a. True You can select an individual process in the CPU section of Resource Monitor and access the Disks section to view the files that it is using on each storage device.
A baseline is a set of performance information for a system during normal times of operation. a. True b. False
a. True Baselines provide performance information during normal periods of operation. They are compared to performance information obtained during times of poor performance to identify potential causes of degraded performance.
Which section of a GPO contains the most security-related settings for the Windows operating system? a. User Configuration, Windows Settings b. Computer Configuration, Windows Settings c. User Configuration, Administrative Templates d. Computer Configuration, Administrative Templates
b. Computer Configuration, Windows Settings The most security settings for the Windows operating system are stored under Computer Configuration, Windows Settings, Security Settings.
What can you configure in the Windows Defender Firewall with Advanced Security tool to automatically protect network traffic between computers using IPSec? a. Firewall profiles b. Connection security rules c. IPSec rules d. Security Associations
b. Connection security rules Connection security rules can be configured to protect traffic using IPSec.
Which of the following commands can be used to start the Apache Web server in a Linux container or WSL Linux distribution on a Windows Server 2019 system? a. httpstart b. apachectl start c. apt-get start apache d. apt-get start http
b. apachectl start The apachectl start command can start the Apache Web server. The apt-get command is used to install software, and httpstart is an invalid command.
Which term refers to the process whereby a user or computer obtains a certificate from a CA? a. PKI b. enrollment c. revocation d. hashing
b. enrollment Computers and users enroll for a certificate from a CA.
To which of the following groups should you assign NTFS/ReFS permissions for Web app content in order to provide anonymous user access? a. IUSRS b. .NET_USRS c. IIS_IUSRS d. WWWUSRS
c. IIS_IUSRS IIS_IUSRS is used to provide access to website and Web app content, whereas IUSRS can be used to provide access to website content. The other groups do not exist.
At minimum, which Remote Desktop Services role services must you install to provide session-based desktop deployment across multiple remote access servers? (Choose all that apply.) a. Remote Desktop Session Host b. Remote Desktop Connection Broker c. Remote Desktop Licensing d. Remote Desktop Virtualization Host
A, B, and C. Session-based desktop deployment requires the Remote Desktop Session Host role. Because multiple servers will host this role service, the Remote Desktop Connection Broker is required to distribute requests across multiple servers. You must also install the Remote Desktop Licensing role service within 120 days. The Remote Desktop Virtualization Host is only used to provide virtual machine-based desktop deployment.
You have created a new Group Policy Object (GPO). To which of the following objects can this GPO be linked? (Choose all that apply.) a. OU b. Group c. Site d. Domain
A, C, and D. GPOs can only be linked to site, domain, and OU objects.
Which of the following statements regarding the functionality of WSUS are true? (Choose all that apply.) a. WSUS prevents Microsoft Update traffic from saturating the bandwidth on an organization's Internet connection. b. Group Policy is used to direct domain computers to a WSUS server for updates. c. Updates can be manually or automatically approved for distribution on a WSUS server. d. A WSUS server can be configured to remove updates from computers that have installed them.
All of the Above By bringing updates into the organization network, Microsoft Update traffic will not saturate the Internet connection. Computers are redirected to WSUS servers using Group Policy settings and can obtain updates that were approved manually or automatically, or be configured to remove updates that were previously installed.
What can you create in Event Viewer to display specific types of events from one or more event logs? a. Event filter b. Custom view c. Data collector set d. Event alert
b. Custom view You can create custom views in Event Viewer to display events from multiple event logs that match specified criteria.
What can you configure on a router to protect traffic destined for another network in the organization as it passes over the Internet? a. Port forwarding b. Demand-dial interface c. Reverse proxy d. DirectAccess
b. Demand-dial interface Demand-dial interfaces are created on routers to create VPNs to other networks across the Internet. Port forwarding and reverse proxy allow inbound traffic to be forwarded to a server in the DMZ, while DirectAccess provides remote access for client computers only.
Which of the following options on the Advanced Boot Options menu can be used to start a system that failed to boot previously due to incorrect settings in the Windows Registry, or a recently added device driver? a. Safe Mode b. Debugging Module c. Disable Driver Signature Enforcement d. Last Known Good Configuration (advanced)
d. Last Known Good Configuration (advanced) The Last Known Good Configuration (advanced) option allows you to start a system that failed to boot previously due to incorrect settings in the Windows Registry, or a recently added device driver.
As a server administrator, which of the following actions can you perform on a Remote Desktop connection to provide interactive user support for the user of the session? a. Send Message b. Disconnect c. Duplicate d. Shadow
d. Shadow You can right-click a session and choose Shadow to access the session using a duplication connection to provide user support. Send Message will only send a message to a session, Disconnect will disconnect the user from the session, and Duplicate is not a valid action.
Which of the following commands can be used to display containers that are no longer running? a. docker ps b. docker list c. docker images d. docker ps -a
d. docker ps -a The docker ps -a command lists running and stopped containers. The docker ps command only displays running containers, the docker images command displays container images on the local system, and docker list is an invalid command.
Which of the following actions can be performed to solve a performance problem? (Choose all that apply.) a. Stop and disable unnecessary services b. Move applications to other systems c. Add additional hardware d. Upgrade hardware devices with bus mastering versions
All of the Above Performance problems can be solved by adding hardware or reducing the processes running on a system (including stopping services or moving applications to other system). Using bus mastering hardware devices can free processor time to improve performance, because bus mastering devices perform tasks that would otherwise be performed by the system processor.
Searching an event description or event ID online can generate a list of possible causes and associated solutions for a problem. a. True b. False
a. True The event description will list information that you can search online in order to obtain a list of possible causes and solutions.
Firewall profiles contain a series of firewall rules that apply to a computer when it is connected to a particular type of network (public, private, domain). a. True b. False
a. True There are three firewall profiles (domain, private, public) that represent the different networks that a computer can be connected to. Firewall rules are stored in different firewall profiles and automatically applied when the computer is connected to the associated network types.
You can import administrative template files into a GPO to allow Group Policy to configure third-party software settings. a. True b. False
a. True Third-party software vendors provide administrative template files that can be imported into a GPO in order to configure third-party software settings.
You must enroll each WAP for a certificate based on the RAS and IAS Server certificate template before they can be configured for 802.1X Wireless. a. True b. False
b. False Only the RADIUS server must be enrolled for a certificate based on the RAS and IAS Server certificate template.
Performance baselines are typically created only after installing a new Windows Server 2019 system. a. True b. False
b. False Any time you add software or hardware to a system, you should take a new baseline for that system.
Which of the following cloud delivery models uses containers exclusively to run Web apps? a. SaaS b. PaaS c. IaaS d. XaaS
b. PaaS Platform as a Service (PaaS) is the cloud delivery model that runs containerized Web apps on an underlying operating system platform. SaaS does not specifically require containers or virtual machines, while IaaS uses virtual machines to run Web apps. XaaS is a blanket term for multiple PaaS, SaaS, and IaaS delivery models.
Which of the following is not included in a certificate? a. Public key b. Private key c. Digital signature d. CRL location
b. Private key Private keys are not included in a certificate and distributed to other computers; they are kept on the local computer or in the Active Directory user account only.
Which of the following must you configure to ensure that a particular group of remote access servers grants Remote Desktop access only to members of the Accounting group? a. RemoteAccess b. RemoteApp c. Collection d. Connection Broker
c. Collection A collection is a group of remote access servers that can serve Remote Desktop sessions to members of a specific user group.
In a continuous deployment scenario, which software creates a container or virtual machine on a cloud server to test the functionality of a new Web app version? a. Orchestration b. Code repository c. Workflow d. Build automation
d. Build automation Build automation software is used to automate the creation of containers and virtual machines. Orchestration software coordinates the steps in the continuous deployment process, including the retrieval of Web apps from a code repository. Workflow is not a valid software type.
Which of the following components represents a specific hardware device or software component that can be monitored? a. Performance object b. Performance alert c. Performance counter d. Instance
d. Instance Instances represent the software and hardware components that are monitored. Performance objects are the areas of the system that can be monitored and consist of performance counters that monitor a specific type of event. Performance alerts are data collector sets that monitor performance counters when a threshold is reached.
Which of the following network topologies should you choose if your DirectAccess remote access server is connected directly to the demarc, as well as to the DMZ? a. Edge b. Connection Broker c. Behind an edge device (with two network adapters) d. Behind an edge device (with a single network adapter)
a. Edge If the DirectAccess server is connected directly to the demarc, it sits at the edge of the network; as a result, you should choose the Edge network topology. Behind an edge device options are used if the DirectAccess server is behind another edge device (e.g., NAT router). Connection Broker is a Remote Desktop role service only.
You wish to configure a GPO that allows users in your organization to install a package using the Programs and Features section of Control Panel. Which software deployment method should you choose when configuring the Software Settings section of a GPO? a. Publish the software in the User Configuration b. Assign the software in the User Configuration c. Publish the software in the Computer Configuration d. Assign the software in the Computer Configuration
a. Publish the software in the User Configuration Software that is published to users is provided for optional installation in the Programs and Features section of Control Panel. Software that is assigned to users is made available on demand, while software that is assigned to computers is installed automatically.
Group Policy settings apply to which of the following objects? (Choose all that apply.) a. Users b. Computers c. Groups d. OUs
A and B. Group Policy settings only apply to user or computer accounts in a site, domain, or OU.
Which two tools are commonly used to create performance baselines? (Choose two answers.) a. Performance Monitor b. Task Manager c. Data Collector Sets d. Event Viewer
A and C. Because both Performance Monitor and Data Collector Sets can monitor performance counters and save their results to a report or file, they are commonly used to create performance baselines.
What must you configure in IIS Manager to allow users to access a help desk ticketing system Web app using the URL https://www.sample.com/helpdesk? (Choose all that apply.) a. A helpdesk virtual directory b. Request filtering c. An HTTPS protocol binding d. The WebSocket protocol
A and C. You must ensure that the HTTPS protocol is bound to the Default Web Site using an HTTPS encryption certificate, as well as create a virtual directory called helpdesk to provide access using the https://www.sample.com/helpdesk URL. Request filtering is used to provide rules that restrict access to website content, whereas WebSocket is used by Web apps to communicate to other Web apps and clients.
Which of the following VPN protocols uses IPSec to encrypt network traffic? (Choose all that apply.) a. IKEv2 b. PPTP c. SSTP d. L2TP
A and D. IKEv2 and L2TP use IPSec for data encryption. PPTP uses MPPE for encryption, and SSTP uses SSL/TLS.
Which of the following can be easily identified on the Processes tab of Task Manager? (Choose all that apply.) a. Rogue processes b. The number of bytes a process is sending to and from the network c. The files that a process is using d. Memory leaks
A and D. The Processes tab of Task Manger contains a CPU and Memory column that can be used to identify rogue processes (high CPU usage) and memory leaks (high/growing memory usage).
Which of the following Linux distributions are supported for use with WSL? (Choose all that apply.) a. Fedora b. Ubuntu c. OpenSUSE Leap d. Debian GNU/Linux
A, B, C, and D. All of the listed Linux distributions are supported by WSL, as well as Kali Linux and SUSE Linux Enterprise Server.
What features does RADIUS provide for remote access connections? a. Centralized logging b. Remote access policies c. Centralized authentication d. Centralized encryption
A, B, and C. RADIUS provides centralized logging and authentication, as well as the ability to control remote access using remote access policies. Encryption is only provided by the remote access server.
Which certificate template permissions must you grant to a user or computer before they are auto-enrolled for a certificate using Group Policy? (Choose all that apply.) a. Read b. Write c. Enroll d. Autoenroll
A, C, and D, Users or computers must have Read, Enroll, and Autoenroll permissions on a certificate template before a Group Policy will auto-enroll them for a certificate based on the template.
Which of the following can be included in a data collector set? (Choose all that apply.) a. Performance counter b. Dump files c. Event trace provider d. Windows Registry key
A, C, and D. Data collector sets can collect data from performance counters, event trace providers, and the Windows Registry.
Your organization develops a containerized Linux Web app that is run on a public cloud provider. To minimize cloud costs, a continuous deployment process is not used. Instead, Web app developers must add new versions of their Linux Web app to a container and test its functionality locally before running it on the public cloud provider. What could you configure on an existing Windows Server 2019 system to allow the Web app developers in your organization to test new versions of their containerized Linux Web app? (Choose all that apply.) a. Hyper-V b. IIS c. Docker EE d. LCOW
A, C, and D. LCOW can be used to run Linux containers on a Windows Server 2019 system. However, LCOW also requires that Docker EE and Hyper-V be installed. IIS is not required to run Linux containers.
Remote access servers can be configured as RADIUS clients. a. True b. False
A. True A RADIUS client is a remote access server or network device (switch or WAP) that forwards authentication and logging to a RADIUS server.
Many organizations store system documentation in help desk ticketing software. a. True b. False
A. True By storing system documentation in help desk ticketing software, it is readily available to the help desk support staff and server administrators who must access it to resolve problems.
Group Policy preferences can be used to configure Windows features, but are only interpreted by Windows 7, Windows Server 2008, and later computers by default. a. True b. False
A. True Group Policy preferences provides for the configuration of specific Windows features (e.g., drive maps), but only Windows 7 and Windows Server 2008 were designed to interpret them. Windows XP, Vista, and Server 2003 must install the Group Policy Preference Client Side Extensions package to interpret them.
DirectAccess uses HTTPS to authenticate remote access users, and IPSec to create an encrypted tunnel for network traffic between the remote access client and server. a. True b. False
A. True HTTPS is used for DirectAccess authentication, whereas IPSec provides a VPN-like tunnel for remote access traffic.
Each Linux container run on Windows Server 2019 using LCOW is automatically run as a Hyper-V container that executes on a Linux kernel provided by the LinuxKit component of Docker EE. a. True b. False
A. True LCOW uses the Linux kernel provided by LinuxKit and must use Hyper-V containers to allow each container to run on a unique copy of this Linux kernel.
Nano Server containers must be run as a Hyper-V container on Windows Server 2019. a. True b. False
A. True On Windows Server 2019, you must ensure that containers based on Nano Server are run as Hyper-V containers.
The user permission necessary for VPN remote access can be granted in the properties of a user account or remote access policy. a. True b. False
A. True You must be allowed dial-in permission in a user account or granted access permission in a remote access policy (if the user account is configured with the Control access through NPS Network Policy option) in order to connect to a VPN on a remote access server.
You have configured a remote access server in your DMZ for IKEv2 VPN access. Which ports on your NAT router must you configure for port forwarding to this remote access server? (Choose all that apply.) a. TCP port 1723 b. TCP port 1701 c. UDP port 500 d. UDP port 4500
B, C, and D. IKEv2 requires 1701/TCP, 500/UDP, and 4500/UDP (because NAT is used). 1723/TCP is used for PPTP.
The Linux Containers on the Windows (LCOW) feature of Windows Server 2019 allows you to run Linux containers only if Docker EE was obtained using the DockerMsftProvider Windows PowerShell module. a. True b. False
B. False LCOW allows you to run Linux containers only if Docker EE was obtained using the DockerProvider Windows PowerShell module.
Block storage is a cheaper alternative to object storage on public cloud providers. a. True b. False
B. False Object storage is often a cheaper alternative to block storage on a cloud provider, because you are only charged for the space that each object consumes.
Organizations that allow Remote Desktop sessions from remote access clients that are not licensed by the organization should choose a Per Device licensing mode when configuring Remote Desktop Services. a. True b. False
B. False Per User should be chosen to allow Remote Desktop connections from unlicensed remote access clients. Per Device licensing requires that each computer that connects using Remote Desktop is licensed.
There are no GPOs created in an Active Directory domain by default. a. True b. False
B. False The Default Domain Policy and Default Domain Controllers Policy GPOs are created by default in each domain.
The Remote Access role service in Windows Server 2019 provides for DirectAccess and VPN remote access, as well as RADIUS. a. True b. False
B. False The Remote Access role contains the DirectAccess and VPN (RAS) role service, but you need to install the Network Policy and Access Services role service to provide for RADIUS.
The Remote Desktop Licensing role service cannot be installed on the same computer as the Remote Desktop Session Host service. a. True b. False
B. False You can install all of the role services on the same computer. However, you normally choose either the Remote Desktop Session Host or Remote Desktop Virtualization Host on a remote access server as they provide different approaches to remote access and must be configured separately.
After a container is running, you cannot configure its contents until the container is stopped. a. True b. False
B. False You can use the docker exec command to connect to a running container and configure it as you would any other running operating system.
DirectAccess supports Windows 7 and later remote access clients by default. a. True b. False
B. False You must manually allow Windows 7 remote access clients after installing DirectAccess by clicking Edit under the Remote Access Server component (Figure 9-41).
Split tunneling is used to ensure that all network traffic generated by a remote access client passes through a VPN to a remote access server. a. True b. False
B. False Split tunneling allows traffic not destined for the DMZ to be sent to the default gateway on the remote access client.
Group Policy can be configured to auto-enroll certificates for users and computers based on the permissions in a certificate template on an enterprise CA. a. True b. False
a. True Group Policy can auto-enroll users and computers for certificates from an enterprise CA based on the permissions on a certificate template.
To reduce the amount of storage that is consumed by updates on a WSUS server, you should configure the WSUS server to only synchronize updates for products that are deployed in your organization. a. True b. False
a. True Specifying a smaller number of products in the synchronization configuration will download fewer updates from Microsoft Update. If additional products are deployed in the organization, you can easily modify the configuration to include them.
Each server role and feature that is added to a Windows Server 2019 system also adds additional performance objects and counters. a. True b. False
a. True To allow for monitoring, Microsoft adds the associated performance objects and counters to the system for each server role and feature that is added.
You are tasked with deploying a private cloud in your organization that needs to host both Windows and Linux Web apps using a SaaS delivery model on a single Windows Server 2019 system. What technology should you configure on the Windows Server 2019 system? a. WSL b. LCOW c. Hyper-V d. Docker EE
a. WSL The Windows Subsystem for Linux can be used to run Linux Web apps alongside Windows Web apps on the same Windows Server 2019 system. Because a SaaS delivery model is required, containers and virtual machines are not necessary. As a result, LCOW, Hyper-V, and Docker EE are not necessary.
Committed memory refers to the memory that is used by the Windows kernel and device drivers. a. True b. False
b. False Committed memory is the amount of virtual memory in the paging file that applications have requested.
Only schema version 1 certificate templates can be configured for auto-enrollment. a. True b. False
b. False Only schema version 2 (and later) certificate templates can be configured for auto-enrollment.
There are five event levels available in an event log: Information, Warning, Error, Audit Success, and Audit Failure. a. True b. False
b. False There are six event levels available in event logs: Information, Warning, Error, Critical, Audit Success, and Audit Failure.
Which of the following Remote Desktop Services role services uses HTTPS to provide encryption for all RDP packets? a. Remote Desktop Connection Broker b. Remote Desktop Gateway c. Remote Desktop Session Host d. Remote Desktop Virtualization Host
b. Remote Desktop Gateway The Remote Desktop Gateway encloses all RDP packets in HTTPS packets between the remote access client and server. The Remote Desktop Connection Broker provides access to multiple remote access servers, while Remote Desktop Session Host and Remote Desktop Virtualization Host provide Remote Desktop access using RDP.
What section of a remote access policy contains characteristics that must be met for remote access, such as Session Timeout? a. Conditions b. Criteria c. Constraints d. Settings
c. Constraints Constraints identify remote access characteristics that must be met. Conditions identify criteria that determine whether a remote access policy is applied, and Settings provide configuration settings for the remote access client. Criteria does not exist.
In an 802.1X Wireless configuration, which component generates the encryption keys used for WPA? a. WAP b. Wireless client c. RADIUS server d. Domain controller
c. RADIUS server After authenticating a wireless client, the RADIUS generates a unique WPA encryption key for use by the WAP and wireless client.
Which docker command displays container images available on Docker Hub? a. docker images b. docker container images c. docker search d. docker pull
c. docker search The docker search keyword command will display container images available for download on Docker Hub. The docker images command displays downloaded container images on the local system, whereas the docker pull command can download an image. The docker container images command is invalid.
Which of the following port numbers is used to obtain updates from a WSUS server using HTTPS? a. 80 b. 443 c. 8530 d. 8531
d. 8531 To obtain updates from a WSUS server using HTTPS, you must use port 8531.
Which of the following IIS configuration features is used to specify the default webpage or Web app file that a client views? a. Directory Browsing b. Handler Mappings c. Request Filtering d. Default Document
d. Default Document Default Document specifies the default webpage or Web app file that a client views. Directory Browsing specifies information displayed when listing a folder's contents, Handler Mappings specifies the Web app modules that are used to process files in a website folder, and Request Filtering allows you to configure rules that restrict access to website content.