GPO Test 2
CA Web Proxy
A server configured for Web enrollment is referred to as which of the following?
Modify a certificate template
After you install AD CS, you want to begin issuing certificates for the encrypting file system. What should you do first?
Once per hour
By default, replication between DCs when no changes have occurred is scheduled to happen how often?
False
By default, subnets are created in Active Directory Sites and Services
False
CA Administrator approves requests for certificate enrollment and revocation.
Get-ADDCCloningExcludedApplicationList
What PowerShell cmdlet will allow an administrator to check for software that is incompatible with the cloning process?
Need for differing account policies
Why might it be a good idea to configure multiple domains in a forest?
Need for different schemas
Why might you need to configure multiple forests?
False
Windows 10 - Update 1809 is a great and problem free addition to the evolution of the operating system.
DFSR
All your domain controllers are running Windows Server 2016 in a new forest. What should you check if GPT replication is not occurring correctly?
True
An Active Directory snapshot is a replica of the Active Directory database at a specific moment.
PDC emulator
An administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated?
True
Before you can install a DC running a newer Windows Server version in an existing forest with a lower functional level, you must prepare existing DCs with the adprep.exe command-line program,
stub zones
Before you configure a forest trust, what should you configure to ensure you can contact the forest root of both forests from both forests?
180 days
By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely?
True
GPO that apply to users settings will be overwritten by upstream policies that have loop back mode enabled and the setting of "replace" enabled.
They should be put on the CRL
If an employee leaves a company, what should happen to any certificates held by that employee that was issued by the company's PKI?
DEFAULTIPSITELINK
Once Active Directory has been installed, a default site link is created. What is the name of this site link?
Domain naming master
Select below the FSMO role that is a forest-wide FSMO role:
Domain naming master
Select the FSMO role that is required to be online to facilitate the addition or removal of a domain controller:
True
The default Security Filtering for a GPO includes only Authenticated users.
False
The intermediate CA is the most critical and is the server typically configured for offline operation.
False
The logical components of Active Directory only include forests, domains, and sites.
True
There's only one global catalog per forest.
UserB sends UserA UserB's public key
Two users, UserA and UserB, are engaging in secure communication using only asymmetrical encryption. UserA needs to send a secure message to UserB. What occurs first?
Distributed File System Replication
What Active Directory replication method is more efficient and reliable?
subordinate CAs
What CAs interact with clients to field certificate requests and maintain the CRL?
nslookup
What Command Line application do you use primarily to troubleshoot DNS issues?
Domainwide Forestwide
What are the two flexible single master operation (FSMO) roles? (Choose all that apply.)
edb.log
What holds the log of Active Directory transactions or changes?
DNS
What is the most likely cause of GPO not working properly?
Certificates snap-in
What tool can a user use to request certificates that are not configured for autoenrollment?
multimaster
What type of replication scheme does Active Directory use to synchronize copies of most information in the Active Directory database?
True
When a full backup or system state backup is performed on a CA server, the certificate store is backed up along with other data.
Infrastructure master
Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those objects in other domains?
Create conditional forwarders Create stub zones
Which of the following are common ways to configure DNS for a forest trust? (Choose all that apply.)
Create a revocation configuration Configure enrollment options
Which of the following are typical tasks involved in configuring a certification authority? (Choose all that apply.)
Issuing enterprise CA Intermediate stand-alone CA
Which of the following is a type of CA in the CA three-level hierarchy? (Choose all that apply.)
Configure the CA to support the online responder Configure revocation for the OR
Which of the following tasks must be completed to configure an online responder? (Choose all that apply.)
wbsadmin.exe
Which option below is not one of the three main methods for cleaning up metadata?
DHCP
Which server role below cannot be installed on a domain controller that will be cloned?
Asymmetric cryptography
Which type of cryptography provides the most security?
False
You can hotwire group policy to work without DNS.
Create a shortcut trust
You have a forest with three trees and twelve domains. Users are complaining that access to resources in other domains is slow. You suspect the delay is caused by authentication referrals. What can you do to mitigate the problem?
NDES role service
You have a number of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your devices?
November 1, 2017
You were issued a certificate on March 1st 2015 for your secure Web server. The validity period is three years and the renewal period is four months. What is the earliest date you can renew this certificate?
Create a two-way forest trust
Your company has purchased another company that also uses Windows Server 2016 and Active Directory. Both companies need to be able to access each other's forest resources. How can you achieve this goal with the least administrative effort?
Site link bridges
Your network is configured in a hub-and-spoke topology. You want to control the flow of replication traffic between sites, specifically reducing the traffic across network links between hub sites to reach satellite sites. What should you configure?
False
A site bridge is needed to connect two or more sites for replication.
False
A tree can consist of a single domain or a parent domain and child domains, which cannot have child domains of their own.
True
A domain controller clone is a replica of an existing DC.
