ITSY-2400 Chapter 1, ITSY-2400 Chapter 2, ITSY-2400 Chapter 3, ITSY-2400 Chapter 4, ITSY-2400 Chapter 5, ITSY-2400 Chapter 6
Which Windows kernel mode component allows user mode programs to interact with the operating system? A.Executive B.Microkernel C.Hardware Abstraction Layer (HAL) D.Kernel mode drivers
.Executive
Which of the following is true about operating systems? A.Operating system kernels provide core services, calling external programs to provide many more operating system services. B.Operating systems do not support information exchange between programs. C.Operating systems contain just the kernel. D.Few programs require input and produce output.
.Operating system kernels provide core services, calling external programs to provide many more operating system services.
An organization's Group Policy definition should satisfy which of the following? A.Local network B.Domain environment C.Security policy D.Arbitrary controls
.Security policy
Gordon is preparing a presentation on operating system components and how they interact with the hardware. Memory allocation and CPU scheduling are especially important to the device driver developers in the audience. Which operating system component will Gordon focus on in the presentation? A.Program/process management B.Communication C.File system [x] D.Error detection and alerts
A
Henry is the security architect of a research and development organization. Resources are available to users and groups depending on the users' security clearance. All resources are labeled with a specific classification. Henry is told that each user must hold a clearance at or above the classification level of the resource to access it. Given these factors and requirements, what access control model would be most appropriate? A.Discretionary access control (DAC) B.Role-based access control (RBAC) [x] C.Mandatory access control (MAC) D.Multifactor authentication
A
Maria is a security analyst. She discovered a compromised system. After investigating the operating system, Maria surmised a hacker had complete control of the system. Which of the following ways might the attacker have gained control? A.By exploiting a vulnerable device driver B.By changing permissions to files and resources [x] C.By creating a new user account D.By disabling security monitoring
A
What is the difference between a virus and a worm? A. A virus is a program that attaches itself to or copies itself into another program. A worm is a self-contained program that replicates and sends copies of itself to other computers across a network. B. A virus is a self-contained program that replicates and sends copies of itself to other computers across a network. A worm is a program that attaches itself to or copies itself into another program. C. A virus is malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised. A worm is a program that either hides or masquerades as a useful or benign program. D. A virus is a program that either hides or masquerades as a useful or benign program. A worm is malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
A
Whenever Windows encounters an access control entry (ACE) conflict, which of the following is true? A.Deny always supersedes Allow. B.Deny always supersedes Full Control. C.Full Control always supersedes Deny D.Allow always supersedes Deny.
A
Which of the following Windows object permissions provides no restrictions on access to objects by users or groups? A.Full Control B.Write C.Modify D.Read
A
Which of the following describes a collection of features used to describe user and data attributes? A.Dynamic Access Control (DAC) B.Rights Management Services (RMS) C.Effective permissions D.Security Access Token (SAT)
A
Which of the following is used to uniquely identify objects such as computers, web browsers, and database records? A.Globally unique identifier (GUID) B.Class identifier (CLSID) C.Universally unique identifier (UUID) D.System identifier (SID)
A
Which of the following was designed to exploit a buffer overflow vulnerability? A.Worm B.Ransomware C.Trojan horses D.Virus
A
Which term describes what a user can do to an object on a computer? A.Permissions B.Authentication C.Access control D.Rights
A
Which of the following best defines the advantage of Active Directory? A.Active Directory allows users and groups to be defined once at a central location and shared among multiple computers. B.Active Directory requires users and groups to be defined on each individual computer on the network. C.Active Directory requires multiple security identifiers (SIDs) for individual users and groups. D.Active Directory allows users and groups access to a single domain server across multiple domains.
Active Directory allows users and groups to be defined once at a central location and shared among multiple computers.
Nancy leads a team of systems administrators who request to use service accounts that can be shared across systems. The team specifically wants to be able to manage account passwords automatically at the domain level. What is the minimum Microsoft Windows Server version which allows this capability? A.Windows Server 2019 B.Windows Server 2012 C.Windows Server 2016 D.Windows Server 2008 R2
B
The Common Criteria for Information Technology Security Evaluation replaced what previous international standard? A.Operation Blue Book B.Orange Book C.LUA Guide D.Catalog for the Principle of Least Privilege
B
Victor is responsible for configuring the antivirus policy. He set antivirus scanning to run continuously in real time, although as a medium priority process. The antivirus application will perform a quick scan every day at 1 P.M. and perform a full scan every Sunday. What was the main idea behind Victor's choice of scan and timing? A. Victor seeks to minimize the impact on employees' computers. B. Victor knows the periods when viruses and malware are most active. C. Victor understands early afternoon is the least productive time for employees. D. Victor wants to follow the scan time with operating system patching.
B
What is the process of providing credentials that claim a specific identity, such as a username, when requesting access to resources on a computer system? A.Authentication [x] B.Identification C.User ID D.Classification
B
Which Microsoft Windows access control method is used to systematically nest individual user accounts in groups to make securing objects more general, and involves Accounts, Global groups, Universal groups, Local groups, and Permissions? A.PLUGA B.AGULP C.APGUL D.PALUG
B
Which of the following anti-malware software component intercepts and scans incoming information for malware in real time? A.Vault B.Shield C.Scanner D.Signature database
B
Which of the following is a fast and scalable protocol that allows for secure exchange of information and has been in use since Windows 2000? A.Dynamic Access Control (DAC) B.Kerberos C.Auditing D.Effective permissions
B
Which of the following is a legacy command-line tool used to display or modify access control lists (ACLs) for files and folders, and was first introduced with Windows 2000? A.Icacls.exe B.Cacls.exe C.Robocopy.exe D.ACL.exe
B
Which of the following refers to the total collection of possible vulnerabilities that could provide unauthorized access to computer resources? A.Exploits B.Attack surface C.Security holes [x] D.Vulnerability matrix
B
Which of the following represents an example of the best compromise between a highly aggressive and restrictive malware prevention strategy and one that would allow malware to easily infect a network? A.Multiple anti-malware software shields B.Remove administrator rights from all normal users C.Restrictive download policy D.Frequent media scans
B
Which of the following stores all user and computer Kerberos master keys? A.User account control (UAC) B.Key distribution center (KDC) C.Access control entry (ACE) D.Dynamic access control (DAC)
B
Wilber is asked to find a new approach to detecting viruses and malware. On some occasions, computers in the organization have failed to identify malware infections. Even when a few employees complained their machines were behaving oddly, the antivirus software did not detect the infection. Wilber already changed signature updates to occur daily. What would you suggest Wilber do to improve detection? A.Set up antivirus scanning on the firewall. B.Change from signature-based to heuristic-based software. C.Raise the priority of real-time scanning. D.Keep systems patched.
B
An organization's Finance Director is convinced special malware is responsible for targeting and infecting the finance department files. Xander, a security analyst, confirms the files are corrupted. Xander is aware the Director possesses privileged access but not the security knowledge to understand what really happened. What does Xander believe happened? A.The Director is personally responsible for hacking the files B.Malware infected the Director's machine and escalated its privileges C.No actual malware exists D.Malware infected the Director's machine and used his privileges
B [X]
In some circumstances, especially in the case of certain rootkits, the only way to completely clean a computer is to perform which of the following extreme actions? A. Destroy the computer's hard drive, replace it with a completely new hard drive, and reinstall the operating system and software applications from backups. B. Reformat the disks and perform a full operating system install. C. Install a new operating system, such as Linux, over the corrupted Windows operating system. D. Disconnect the infected computer from the network.
B. Reformat the disks and perform a full operating system install.
Security on a Windows computer can be bypassed by an intruder using a bootable DVD or USB to boot to another operating system. Besides restricting physical access to the computer, which of the following security methods could be used to prevent such an intrusion? A.Access control lists (ACL) B.Encryption C.Validation D.Authentication
B.Encryption
Internet Protocol Security (IPSec) is a secure network protocol suite used to provide encryption for which type of traffic? A.Internet Protocol version 6 (IPv6) B.Internet Protocol version 4 (IPv4) C.Hypertext Transfer Protocol Secure (HTTPS) D.Transmission Control Protocol (TCP)
B.Internet Protocol version 4 (IPv4)
Scott, a security architect, has decided to adopt public key infrastructure (PKI) for a more formal approach to securely handling keys in his medium-sized organization. Scott's system will initiate a connection to a target system. During the formal PKI process, which of the following allows Scott's system to get the target's public key? A.Private key of trusted entity B.Public key of a trusted entity C.Public key of a registration authority D.Private key of trusted target
B.Public key of a trusted entity
If you lose the ability to access the BitLocker primary encryption key, you will need the recovery key to decrypt the volume. Of the following, which is recommended in order to access the recovery key? A.Save the recovery key to a file in the volume being encrypted. B.Save the recovery key to a USB flash drive. C.Never save the recovery key as this presents a security risk .D.Store the recovery key on the motherboard's BIOS chip.
B.Save the recovery key to a USB flash drive.
One method of bypassing security on a Windows PC is to use a bootable USB or DVD to boot the computer to a different operating system such as Linux. However, that won't be enough to bypass Windows access controls. Of the following, which also must be accomplished to allow an intruder access to Windows data using such a method? A.The booted operating system has to be configured to emulate a Windows operating system. B.The booted operating system has to be configured with drivers and software designed to access NTFS. C.The booted operating system has to be configured to read encrypted files. D.The booted operating system has to be configured to have both decryption keys for Windows files.
B.The booted operating system has to be configured with drivers and software designed to access NTFS.
Decrypting data on a Windows system requires access to both sets of encryption keys. Which of the following is the most likely outcome if both sets are damaged or lost? A.You must use the cross-platform encryption product Veracrypt to decrypt the data. B.The data cannot be decrypted. C.You must boot the Windows computers to another operating system using a bootable DVD or USB and then decrypt the data. D.You must use the cross-platform encryption product Truecrypt to decrypt the data.
B.The data cannot be decrypted.
Which of the following encrypts entire volumes and normally uses a computer's Trusted Platform Module (TPM) hardware to store encryption keys? A.Encrypting File System (EFS) B.BitLocker C.Transport Layer Security (TLS) D.Secure Hash Algorithm (SHA)
BitLocker
Which of the following best describes BitLocker Drive Encryption selectivity? A.BitLocker can only be turned on or off for a volume. B.BitLocker can selectively encrypt files and folders. C.BitLocker can only be turned on or off for a hard drive. D.BitLocker can selectively encrypt folders but not individual files.
BitLocker can only be turned on or off for a volume.
Of the following, which can be defined in Active Directory? A.Both Local Group Policy settings and Group Policies B.Group Policies only C.Local Group Policy settings only D.Neither Local Group Policy settings nor Group Policies
Both Local Group Policy settings and Group Policies
A zero-day attack occurs under which of the following conditions? A.When the malware's actions have been noticed and the vulnerability has been discovered B.When the malware has been written for a UNIX-based system and is found on a Windows computer C.When the malware and the vulnerability have been identified but no fix is available yet D.When the malware's actions have been noticed and identified as an attack
C
By default, which of the following does Windows use to allow computers to share resources with each other on a network? A.Active Directory [x] B.Security identifier C.Database list D.Workgroup
C
Starting with Windows 7 and Windows Server 2007 R2, User Account Control can be configured with which comfort levels? A.On or Off B.Enable or Disable C.Never Notify to Always Notify D.Default to Custom
C
Tanya is an incident handler. She is responsible for identifying, analyzing, and responding to security attacks. An employee complains their machine runs slowly. Tanya is not able to identify any malware, but she does notice the employee is an avid fan of Bitcoin. What questions should Tanya ask the employee? A.Is it possible the local drive is full? B.Do you have too many applications running concurrently? C.Are you running cryptomining software on the machine? D.Is the machine performing an antivirus scan?
C
Which security feature in Windows Server 2019 provides the ability for auditors and forensic investigators to discover who accessed sensitive data? A.File Classification Infrastructure (FCI) B.Rights Management Services (RMS) C.Dynamic Access Control (DAC) D.User Account Control (UAC)
C
Which form of malware scan looks for malware only in files likely to contain such malicious software, such as .exe files? A.Quick scan B.Drive scan C.Full scan D.Scheduled scan
C Full or Quick Scan [X]
Cryptojacking is most related to which of the following types of malware? A.Rootkits B.Spyware C.Trojan horses D.Ransomware
C [X]
Kevin is using security policy to detail what tasks the organization's users can perform on their computers. Choose the best statement that applies to what Kevin is defining. A.Kevin is defining user rights. B.Kevin is defining what a user can do to any object. C.Kevin is generating the access control list (ACL) per user D.Kevin is generating the access control entry (ACE) per user.
C [X] A
Which default Active Directory security group in Windows Server 2012, 2016, and 2019 can create and modify most types of accounts and can log in locally to domain controllers? A.Account operators B.Remote desktop users C.Backup operators D.IIS_IUSRS
C [X] A
Two organizations need to exchange large amounts of data. They require encryption to ensure data is exchanged securely, and they want no chance of data being intercepted. However, neither organization can absolutely verify their identity to start the exchange. In this scenario, can you predict what would happen if encryption starts by using asymmetric encryption to exchange a symmetric key? A.Data transfer starts securely and is exchanged most quickly B.Data transfer starts insecurely, but is exchanged most quickly C.Data transfer starts insecurely and is exchanged relatively slowly D.Data transfer starts securely, but is exchanged relatively slowly
C.Data transfer starts insecurely and is exchanged relatively slowly [x] D [x]
Which of the following is used to deliver a trusted public key that can be used with assurance it belongs to the stated owner? A.Cipher B.Secure Socket Tunneling Protocol (SSTP) C.Digital certificate D.Internet Protocol (IP)
C.Digital certificate
Pierre seeks to encrypt business-critical areas of the file server. Most important to him is the assurance that no trace of plaintext files can be identified after the encryption process. What encryption method and tool should Pierre use? A.Encrypting File System (EFS) file encryption B.BitLocker Drive Encryption C.Encrypting File System (EFS) folder encryption D.BitLocker To Go
C.Encrypting File System (EFS) folder encryption
Transport Layer Security (TLS) provides a secure channel for what protocol? A.Transmission Control Protocol (TCP) B.Hypertext Transfer Protocol (HTTP) C.Hypertext Transfer Protocol Secure (HTTPS) D.Internet Protocol (IP)
C.Hypertext Transfer Protocol Secure (HTTPS
Of the following, which is true of a virtual private network (VPN)? A.The most common VPN protocol is HTTPS. B.It is generally limited to transporting data for a single application. C.It may transport data from many different applications. D.A server must initiate a VPN connection.
C.It may transport data from many different applications.
Which of the following does Windows provide to protect data in transit? A.Multifactor authentication B.Encrypting File System (EFS) C.Public key infrastructure D.BitLocker
C.Public key infrastructure
When setting up a connection, the formal public key infrastructure (PKI) process requires the user to request a certificate from a trusted entity. Of the following, to which is the request submitted? A.Security certificate B.Certificate authority (CA) C.Registration authority (RA) D.Digital certificate
C.Registration authority (RA)
When you first open the Local Group Policy Editor, you see Computer Configuration and which of the following? A.Windows Configuration B.Security Configuration C.User Configuration D.Administrator Configuration
C.User Configuration
Of the following, which is the latest technology announced by the Wi-Fi Alliance to secure wireless communication? A.WPA2 B.WPA C.WPA3 D.WEP
C.WPA3
Maria, a Windows administrator, has a new Group Policy to apply to computers in her organization. Using Windows Server 2012, she will use Group Policy Object (GPO) caching. Given Maria's decision, what group of computers will last apply the GPO? A.Computers online, after approximately 90 to 120 minutes B.Computers offline, at start time C.Computers online, after approximately 10 minutes D.Computers offline, at a regular interval after start time
Computers offline, at a regular interval after start time
Mumford, the systems administrator, is aware that newer versions of Windows Server have extended capabilities to help keep data secure. Currently, with Microsoft Windows Server 2008 R2, his environment uses the feature called File Classification Infrastructure (FCI) to define classification properties for files. Mumford is now wanting to upgrade the environment to Microsoft Windows Server 2016. What additional feature would be available as a result of this upgrade? A.Enforcing file expiration policies based on classification B.Automating classification of files based on location C.More capability to respond to actions that result in file access denial D.Capability to tag special types of data, such as Social Security numbers
D
Various contractors working at the organization all have access to a general projects folder. Unfortunately, Oscar is concerned that contractors hired for one project might be viewing project files of other contractors. What should be Oscar's next step? A.Calculate Microsoft Windows access permissions per project B.Use the Integrity Control Access Control List (icacls.exe) CLI tool to track access C.Use the Control Access Control List (cacls.exe) CLI tool to track access D.Use expression-based security audit policy to track contractors' access
D
Which access control method is defined primarily at the user or subject level? A.Role-based access control (RBAC) [x] B.Mandatory access control (MAC) C.Rule-based access control (RuBAC) D.Discretionary access control (DAC)
D
Which form of malware is most likely to work with other forms of malware? A.Spyware B.Trojan horse C.Ransomware D.Rootkit
D
Which form of malware scanning compares the observed behavior of a program with stored malware behavior? A.Comparative scanning B.Signature recognition C.Protection shielding D.Heuristics
D
Which of the following describes the best balance between providing necessary access for authorized subjects and denying unnecessary access? A.The principle of all privilege B.The principle of most privilege C.The principle of no privilege D.The principle of least privilege
D
Which of the following has the largest number of potential victims? A.Rootkit attack B.Spyware attack C.Trojan horse attack D.Zero-day attack
D
Which of the following is an algorithm that uses the same key to encrypt and decrypt data? A.CipherB.Security certificateC.Asymmetric algorithmD.Symmetric algorithm
D
Which of the following is an example of an aggressive malware prevention strategy? A.Updating signature databases and software daily B.Blocking outbound network connections that are not required for your applications C.Installing antivirus and anti-spyware software on all computers D.Limiting web browser functionality
D
Which of the following is the best resource to consult when developing a malware eradication plan? A.Anti-malware webinars B.White papers C.Google D.Your anti-malware software's support resources
D
Which of the following is used to represent a software application or hardware component? A.Least privilege user account (LUA) B.Globally unique identifier (GUID) C.Universally unique identifier (UUID D.Class identifier (CLSID)
D
Which of the following looks like a useful program but is malicious, and is designed to trick users into running it? A.Spyware B.Ransomware C.Rootkit D.Trojan horse
D
Working in the Finance office, Ursula has noticed several pop-up messages from her desktop's anti-malware application. Finding them annoying, Ursula shuts off the application, intending to restart it at the end of the workday. What is likely to happen as a result? A.Any suspected malware would be quarantined B.The pop-ups would continue C.Any suspected malware would stay resident but remain as a suspended application D.Any suspected malware would continue as intended and possibly spread
D
Lorraine is prompted for her credentials when logging on to a computer. Lorraine intends to open her email. Which of the following is required to happen before the email application will open? A.Lorraine must be prompted to use the smart card token. B.Lorraine's security identifier (SID) is attached to the email process. C.Lorraine's security identifier (SID) is stored in the Security Access Token (SAT). D.Lorraine must load the Security Access Token (SAT).
D [X] A [X]
Of the following, why is it recommended that when using Encrypting File System (EFS), that folder encryption be used rather than file-level encryption? A.Data is stored on the disk in plaintext, but once encrypted, the plaintext file remains on the disk. B.EFS is incapable of encrypting data at the file level. C.Data is encrypted before being stored on the disk but backed up in a plaintext file. D.Data is stored on the disk in plaintext, but once encrypted, plaintext traces are left behind.
D.Data is stored on the disk in plaintext, but once encrypted, plaintext traces are left behind.
Quincy, a Human Resources employee, has been using Encrypting File System (EFS) for local files on his desktop. Quincy asked the security administrator to remotely change the EFS password. The security administrator refused. Quincy located a bootable utility online and successfully performed the password change himself. What was the result? A.The password changed with no adverse effects B.The administrator has local access to the files but not remote access C.The password did not change D.No one has access to the file
D.No one has access to the file
Robin has been asked to secure network traffic between two application servers. Unfortunately, the network administrator is on vacation and is not available to make any changes to the firewall between the servers. There are three applications running between the servers. Currently, Transmission Control Protocol (TCP) ports 443 and 1723 are known to be open. What is the best solution? A.Wired Equivalent Privacy (WEP) B.Transport Layer Security (TLS) C.VPN using Layer 2 Tunneling Protocol (L2TP) D.VPN using Secure Socket Tunneling Protocol (SSTP)
D.VPN using Secure Socket Tunneling Protocol (SSTP)
Which of the following is NOT a common form of malware? A.Virus B.Worm C.Darwin D.Rootkit
D[X]
Which of the following is the Windows Server 2019 edition designed for large-scale deployment on servers that support extensive virtualization? A.Datacenter B.Standard C.Essentials D.Foundation
Datacenter
There are a wide variety of resources available for best practices use when designing and implementing Group Policy across a domain. Of the following, which resource helps identify Group Policy configuration errors or dependency issues that may prevent settings from functioning as expected? A.Group Policy Best Practices Analyzer B.AD Group Policy Editor C.Group Policy Settings Reference D.Local Group Policy Editor
Group Policy Best Practices Analyzer
Microsoft provides two main tools to be used when auditing Group Policy. Which of the following tools must be downloaded because it is not included in Windows by default? A.Registry Editor B.Local Group Policy Editor C.The Resultant Set of Policy tool D.Group Policy Inventory tool
Group Policy Inventory tool
Which of the following is true? A.Group Policy Settings take effect only when you reboot the computer. B.Group Policy Settings apply many settings to the current session. C.Group Policy Settings and boot and logon scripts perform identical functions in exactly the same manner. D.Group Policy Settings take effect only when you log off and then log back on to the computer.
Group Policy Settings apply many settings to the current session.
Albert is the Windows security team lead responsible for Group Policy conformance with the company's security policy. What value does Microsoft's Group Policy Settings Reference provide Albert to perform his responsibility? A.Identify Group Policy Object (GPO) settings that already exist in the default Windows templates B.Identify security policy elements that do not exist in default Windows templates C.Compare existing Group Policy Objects (GPOs) with the security policy D.Create new Group Policy Objects (GPOs) for each of the remaining goals in the security policy
Identify Group Policy Object (GPO) settings that already exist in the default Windows templates
Jeff is tasked with defining the attack surface of his organization's SQL server. What activity would result in Jeff establishing the server's attack surface? A.Monitoring all activity and continuously responding to events B.Mitigating or eliminating all vulnerabilities C.Identifying the server's vulnerabilities D.Establishing a security baseline
Identifying the server's vulnerabilities
Alice works in the corporate legal office. She is reviewing sections of the Microsoft End-User License Agreement (EULA). She is specifically looking to answer what costs can be recovered as a result of a Windows fault or incident. What section answers Alice's concerns? A.Limited Warranty B.Additional Notices - Networks, Data, and Internet Usage C.Updates D.Exclusions from Limited Warranty
Limited Warranty
Irina creates a new local object on her administrator system and then looks up the object's security identifier (SID). She creates the same object on another machine, expecting the object's SID to be equivalent. However, she sees a different SID. Irina confirmed the objects' names are exactly alike. Why does Irina see different SIDs for the same object? A.The first machine was Irina's own administrator system. B.Irina logged on to a local terminal. C.Local objects on multiple systems have different SIDs. D.Only the first object's SID was replaced with Irina's SID.
Local objects on multiple systems have different SIDs.
Which of the following allows only memory-resident components to run at kernel or maximum privilege mode? A.Hardware mode B.User mode C.Microkernel mode D.Supervisor mode
Microkernel mode
Which of the following provides the strongest method of authentication? A.Multifactor authentication B.Password C.Single-factor authentication D.Username or user ID
Multifactor authentication
Which of the following provides the most secure method for protecting computer resources from its total collection of vulnerabilities? A.Multilayered defense B.Single-layered defense C.A firewall D.Antivirus software
Multilayered defense
Which of the following refers to the resource to which a subject requests access? A.Component B.Kernel C.Entity D.Object
Object
Yasmin, a Windows administrator, has a new Group Policy to apply to laptops in her organization. By default, Windows checks for new or updated Group Policy Objects (GPOs) at a random interval between 90 to 120 minutes. Using Windows Server 2012, she will use Remote Group Policy Update. Given Yasmin's actions, when will the online laptops receive the GPO? A.Online laptops will apply the GPO between 60 to 90 minutes. B.The GPO applies only to laptops currently offline, when they restart. C.All laptops will apply the GPO when they restart. D.Online laptops will apply the GPO within 10 minutes.
Online laptops will apply the GPO within 10 minutes
Active Directory Group Policy Objects (GPOs) are created on a domain controller using the Group Policy Management Console (GPMC). Of the following, from where can you access the GPMC? A.On any Windows Server 2012 or later B.Only on Windows Server 2019 C.On all Windows Servers except domain controllers D.Only on the domain controller
Only on the domain controller
For a Group Policy Object (GPO) to become active, it must be linked to at least one computer, domain, or which of the following? A.Local account B.Registry C.Distribution server D.Organizational unit (OU)
Organizational unit (OU)
Windows applies multiple Group Policy Objects (GPOs) in a specific order, lower to higher. Of the following, which is the highest GPO in the order? A.Domain GPOs B.Site GPOs defined in Active Directory C.Local GPOs D.Organizational unit GPOs
Organizational unit GPOs
Which type of attack generally starts with a message that contains a link or image to click, or a file to open? A.Packet sniffing B.Phishing C.Denial of service D.Injection
Phishing
Charlize is ready to deploy a fairly significant Group Policy Object (GPO). She is hesitant however, because of the organization's complicated environment and significance of the GPO. Charlize is aware of three tools: Group Policy Inventory (gpinventory), Resultant Set of Policy (RSOP), and Group Policy Management Console (GPMC). What can Charlize run to view the actual effect of the GPO before deploying the change? A.RSOP run in planning mode B.RSOP run in logging mode C.Results menu in go inventory D.Security filter in GPMC
RSOP run in planning mode
If you must install and enable a service, such as the Internet Information Services (IIS) web server, you will have to employ measures to protect your system from IIS vulnerabilities. Which of the following are the two recommended methods to mitigate a risk? A.Apply the latest security patches and enable multilevel authentication. B.Disable and then uninstall the vulnerable service. C.Monitor the operation of the computer system and install antivirus software. D.Remove vulnerabilities and stop attacks from exploiting vulnerabilities.
Remove vulnerabilities and stop attacks from exploiting vulnerabilities.
Windows applies Group Policy Objects (GPOs) to all computers and users in an organizational unit (OU) container by default. Which tool can be used to change that behavior? A.Local Group Policy Editor B.Registry Editor C.Active Directory Group Policy Editor D.Security filters
Security filters
For Group Policy settings stored in the Windows Registry, which of the following should be used to modify the Group Policy Object (GPO) data? A.Use the Registry Editor. Use the Local Group Policy editor only as a last resort. B.Use the Local Group Policy Editor Registry Editor. Use the Registry Editor only as a last resort. C.Always use the Registry Editor. D.Always use the Local Group Policy Editor.
Use the Local Group Policy Editor Registry Editor. Use the Registry Editor only as a last resort.
All nonkernel mode programs, including application programs, run under which mode? A.Supervisor B.Kernel C.Hardware D.User
User
In the Windows operating system, processes generally run in which mode? A.User mode or supervisor mode B.Kernel mode C.User mode D.Supervisor mode
User mode or supervisor mode
Which of the following is a Windows Server feature that forces Group Policy updates on all selected computers? A.Remote Group Policy Update B.Active Directory Group Policy Update C.Windows Group Policy Update D.Local Group Policy Update
Windows Group Policy Update (wrong answer)
