study guide 4-6 window server 2019
Get-PrintJob
obtains a list of the documents located in the print queue
Get-PrinterDriver
provides a list of printers installed on a computer
-able to configure 3 permissions that apply to HPLaserJet_6MP printer apply to HPLaserJet_6MP printer:-print-manage this printer (equivalent to manage printers permission)-manage docs
security tab
print jobs that exceed print device storage need to be divided into
smaller parts and sent to a print device sequentially.
can be configured to limit the space that users can consume within the file system
user quotas
Deploy with Group Policy window
where you can select an existing Group Policy and whether to add the shared printer to user or computer objects that receive the group policy.
Tabs within the printer properties
• Sharing • Ports • Advanced • Security • Device Settings
Azure AD allows you to define two different types of groups (2)
- Security groups (manage member and computer access to shared resources for a group of users)- Office 365 groups (lets you give people outside of your organization access to the group)
Which of the following commands issued at the fsmo maintenance prompt wouldsuccessfully seize the role of an Operations Master Holder? (Select all that apply) a. seize schema master b. seize global master c. seize PDC d. seize domain control
A c
Group Policy Object (GPO)
A list of settings that administrators use to configure user and computer operating environments remotely through Active Directory.
Group Policy Object (GPO)
A set of rules that allow an administrator granular control over the configuration of objects in Active Directory (AD), including user accounts, operating systems, applications, and other AD objects.
Group Policy Object (GPO)
A set of user and computer configuration settings that are applied to multiple objects within an Active Directory domain.
What is the key benefit to using ADAC or the active directory users and computers console?
ADAC allows you to modify the properties of multiple users or multiple computers at once
What Active Directory directory partition holds the DNS database?
Application directory partition
The Azure AD directory includes the tenant's users, groups, and apps and is used to perform Identity & Access management functions for tenant resources.
Azure AD directory
Which of the following tools can be used to encrypt a folder?
Cipher.exe
Which Active Directory partitions are replicated to all domain controllers in the Active Directory forest? (Choose all that apply.)
Configuration Partition Schema partition
You want to ensure that all users in the Development OU have a common set of network communication security settings applied.Which action should you take?
Create a GPO computer policy for the computers in the Development OU.
You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain. But you want users in the Administrators OU to have a different set of Internet options.What should you do?
Create a GPO user policy for the Administrators OU.
What switch parameter is applicable with cipher.exe to remove the encryption on a protected file?
D
For servers within an AD domain, DFS can automatically replicate data between multiple namespace targets.
DFS Replication
Which of these groups is not related to security and cannot have permissions assigned to it? Universal groups Global groups Domain local groups Distribution groups
Distribution groups
This keeps track of all the domains in the forest. If it failed, then it would be impossible to create or to remove any domains within the forest.
Domain Naming Master
Which FSMO role adds new domains to and removes existing domains from the forest.
Domain Naming Master
Group Policy Object (GPO)
Enables network administrators to define multiple rights and permissions to entire sets of users all at one time.
With universal group membership caching, how often is the cached information on group membership refreshed?
Every 8 hours
What does FSMO stand for?
Flexible Single Master Operation
NTFS permissions: Full Control Write Read Read and Execute List folder contents Modify Change
Full Control Write Read Read and Execute List folder contents Modify
Share permissions: Full Control Write Read Read and Execute List folder contents Modify Change
Full Control, Read, Change
When a PostScript-formatted document is sent to a non-PostScript printer, if you do not have ____ enabled, the printer might print tens or hundreds of pages with a single control code on each page.
Hold mismatched documents
Which of the FSMO roles ideally should not be on a Global Catalog server?
Infrastructure Master
The printer memory is usually automatically detected in bidirectional printers, but if it is not, you can specify the amount of memory in the Printer Memory option under ____.
Installable Options
print server
Installs print management tool
The active directory database can contain an unlimited number of objects ands can be accesses quickly using
Lightweight Directory Access Protocol (LDAP)
Group Policy Objects (GPO) are applied in which of the following orders?
Local group policy, GPO linked to site, GPO linked to domain, GPO linked to Organizational Unit highest to lowest.
In the ____ data type, the print processor checks the print file for a form feed as the last character set, before appending a form feed at the end.
NOT RAW (FF appended)
Try not to deny any ______________. Instead, move the file/folder to a different location and assign the permissions to that new location.
NTFS permissions
Which of the following features must you install on a Windows print client in order to print to a shared printer using SMB?
None of the above
How many infrastructure master roles are there for each AD partition?
One for each.
You are ready to upgrade to a domain functional level of Windows Server 2012 R2. Which of the following methods is the most recommended?
Perform a clean install of a new domain controller and retirement of old domain controllers.
A ____ is one that has special firmware or cartridges to print using a page-description language (PDL).
PostScript printer
In the ____ data type, the FF is a form-feed code placed at the end of the print file.
RAW (FF appended)
FSMO roles cant be placed on a ____
RODC
Which NTFS permission allows you to navigate through restricted folders to reach other files and folders?
Read + execute
An additional domain controller for a domain that hosts read-only partitions of the Active Directory database?
Read-Only Domain Controller
results in a much larger file within the spool folder compared to the original is called
Rendering
The following table describes additional functions or roles that domain controllers can have.
Replica domain controller Global Catalog Operations Master Roles
Windows client operating systems have the ability to add locally attached or network-attached printers, as well as share them to other computers on the network using
SMB
print job is sent from the print client to the print server across the network using the correct protocol SMB, IPP, or LPD
SMB, IPP, or LPD
must specify the print server that is sharing the printer, as well as the name of the
Shared printer
The process of converting a document to EMF or XPS format and storing it within a spool folder is called
Spooling or queuing
This method starts by granting Allow permissions and then grant Deny permissions
Subtractive Method
you can configure the times that a printer is available to users, the printer priority, the printer driver, and spooling
The advanced tab
An organization can have more than one Azure AD directory. (true/false)
True
NTFS user quotas are not enabled on each filesystem by default
True
To configure, you first must have defined two or more folder targets. You need to decide which server is to be the primary group member (should be the server containing shared folders and files that are most current)
Using DFS Replication
What is the minimum domain functional level to support read-only domain controllers?
Windows Server 2008
What is the minimum domain functional level to support compound authentication and Kerberos armoring?
Windows Server 2012
rendering process merely adds any printer-specific features to the
XPS-formatted document
Where are you most likely to see a Read-Only Domain Controller (RODC)? a. In a small network instead of in an enterprise b. In an enterprise network c. In a remote site d. In the place of a standard domain controller
c
By default, linking a GPO to a container causes all the users and computers in that container to receive the GPO settings. How can you modify the default permission assignments so that only certain users and computers receive the permissions and, consequently, the settings in the GPO?
d. You apply security filtering in the Group Policy Management console.
specifying a value within the Location text box allows users to search for the printer by
location or keyword
What are the three types of users in Azure AD ?
* cloud identities (cloud only users) * syncronized users * guest users
Active Directory administration snap-ins consist of four different MMC consoles:
-Active Directory Users and Computers-Active Directory Sites and Services -Active Directory Domains and Trusts-Active Directory Schema -Active Directory Users and Computers-Active Directory Sites and Services -Active Directory Domains and Trusts-Active Directory Schema
Which of the following statements about permissions are true? a. ACLs are composed of ACEs. b. All permissions are stored as part of the protected resource. c. Basic permissions are composed of advanced permissions. d. All of the above.
-All of the above.
Installing additional domain controllers in an existing domain is important for the following reasons:
-Doing so adds fault tolerance and load balancing to the domain. In other words, additional domain controllers help share the load and improve performance.-Users logging on to the domain can connect to any available domain controller for authentication.-Users at a remote location can connect to a domain controller at their site rather than making a slow connection across a WAN link.-If a domain controller should become unavailable because of a network or hardware failure, users can still log on to the domain.
File encryption
-Files remain encrypted and inaccessible even when the drive is moved to another computer or if another operating system is used. This is because the encryption keys needed to decrypt the file do not exist on these other systems.-Encryption cannot be used together with compression (you can use either, but not both).
Give a brief description of the NTFS/ReFS folder and file permission types seen below:
1) Full control - users can read, add, executer, modify files, change permissions and attributes, take ownership. 2) Modify - users can read, add, delete, execute, and modify files; cannot change permissions or take ownership. 3) Implies the capabilities of both List folder contents and Read 4) Can list files in folder or switch to subfolder, though, cannot view file contents 5) Can view file contents as well as file and folder attributes and permissions 6) Write - Can create files, write to files, append data to files, create folders, and modify folder and file attributes; cannot delete files
To configure a printer pool, you enabled printer pooling on the ports tab under printer properties. You have five print devices ready for the printer pool. Of the five, four are in one room. Of the four, three use the same print driver. Of those three, two print devices are identical. How many print devices are in your printer pool?
3
Which of the following are types of user accounts in Windows Server 2016? (Choosetwo answers) a. local and domain b. domain and group c. authenticated and unauthorized d. shared and unique
A
Which of the following is the PowerShell cmdlet that installs a domain controller to thedomain "adatum.com"? a. Install-AddsForest -DomainName "adatum.com" b. Install-AddsDomainController -DomainName "adatum.com" c. Install-AddsDomain -DomainName "adatum.com" d. Install-WindowsFeature -DomainName "adatum.com"
A
Which of the following is the PowerShell cmdlet used to create user objects? a. New-ADUser b. CSVDE.exe c. LFIFDE.exe d. Dsadd.exe
A
You do not place the infrastructure master on a global catalog server unless whichof the following exists? a. You have a single domain .b. You have Windows NT 4.0 systems to support. c. You have multiple schemas .d. Your AD DS is Windows 2008 or higher.
A
Why must an RODC be able to connect to at least one Windows Server 2008 orhigher domain controller? (Choose all that apply) a. To replicate the domain partition b. To replicate the global catalog partition c. So that the Password Replication Policy (PRP) applied to the RODC can beconfigured and enforced d. So that the SYSVOL folder can be replicated using Distributed File System
A C
You are promoting a Windows Server 2016 computer to an Active Directory domain controller for test purposes. The new domain controller will be added to an existing domain. While you are using the Active Directory Installation Wizard, you receive an error message that prevents the server from being promoted. Which of the following might be the cause of the problem? (Choose all that apply.) A. The system does not contain an NTFS partition on which the Sysvol directory can be created. B. You do not have a Windows Server 2016 DNS server on the network. C. The TCP/IP configuration on the new server is incorrect. D. The domain has reached its maximum number of domain controllers.
A. The system does not contain an NTFS partition on which the Sysvol directory can be created. C. The TCP/IP configuration on the new server is incorrect.
What utility do you use to update the domain functional level?
Active Directory Domains and Trusts
Which of the following is the global catalog? a. The schema that lists what objects and attributes exist in the AD DS forest b. An index of all AD DS objects in a forest c. A list of all domain controllers currently available d. A matrix of all domains, sites, and domain controllers
B
Which NTFS permission allows you to take ownership of a folder on an NTFS volume?
Full control
To simplify the addition of printers on client computers within your organization, you can use Group Policy
Group Policy to automatically add SMB shared printers to computers that are joined to the domain, provided that the appropriate printer drivers for the computers are installed on the print server
Faustino is the system administrator at an organization that has offices in multiple locations. The domain controllers in each location are within location-specific sites to improve Active Directory replication. Faustino notices performance issues in the Active Directory replication across sites. Which of the following measures can Faustino use to improve the performance?
He change the bridgehead server to one with a faster network interface.
Which statement is true regarding application of GPO settings?
If a setting is defined in the Local Group Policy on the computer and not defined in the GPO linked to the OU, the setting is applied.
Custom filters let you design a filter to
Include, exclude, or modify data
What is the use of the New-ADReplicationSite Windows PowerShell cmdlet?
It can be used to create a new site object.
You wish to configure a Windows Server 2019 print server using the Print Management tool to share printers using SMB and LPD. What components must you select when installing the Print and Document Service server role? (Choose all that apply.)
Print Server & LPD Service
network-attached print devices within organizations are configured to only accept print jobs from a
Print server
If an administrator creates a domain tree in an Active Directory forest, and then creates a separate and different domain tree, what is the relationship between the two domain trees?
Same security entity as one Active Directory forest, bidirectional trust between domain trees
Of the default groups created when Active Directory is installed, what are the types of those groups? Distribution groups Security groups Domain groups All the above
Security groups
Which of the following is NOT a group scope? Universal groups Global groups Domain local groups Security groups
Security groups
In what way are security groups different from distribution groups?
Security groups can be used to provide access to resources, while distribution groups are only used for email communication.
You can allow groups and users the ability to view or configure the print server, manage print jobs or printer settings for printers on the print server, as well as submit print jobs to printers on the print server.
Security tab
protocol used to print documents to shared printers hosted on Windows print servers. As with SMB shared folders, you can use a UNC to connect to a SMB shared printer using either
Server name or ip address
Which of the following is NOT a problem with using shared accounts on a system? Shared account users might not know about password changes. Shared accounts are sometimes used as service accounts. Shared account users can become less security conscious. It is difficult to determine who might have breached a system.
Shared accounts are sometimes used as service accounts.
The ____ tab is used to enable or disable a printer for sharing as well as to specify the name of the share.
Sharing
To prevent print jobs being interrupted by a one-page print job on the print device
Start printing after last page is spooled; this ensures that pages of a print job are sent to the print device only after all pages within the print job have finished spooling. T
Which service is a faster replacement for the Windows Indexing Service that is available on Windows Server 2019? Common Internet File System The Windows Search Service Windows Run A discretionary access control list
The Windows Search Service
Allow permissions are cumulative. Deny permissions override Allow permissions.Explicit permissions take precedence over inherited permissions
The combination of Allow permissions and Deny permissions for each security principal
Nora is a data scientist and works with programs that routinely acquire a lot of data. After data analysis, she stores the raw data for future use. However, she does not want the Windows Search Service to include the data files every time she performs a search function. Which of the following attributes should Nora deactivate to exclude the data files from searches?
The index attribute
To remove Active Directory from a domain controller, what action must you take before demoting the domain controller?
To remove Active Directory from a domain controller, you must open Server Manager, click the Manage menu, and then select Remove Roles and Features and uncheck the Active Directory Domain Services role. You then have the option to demote the domain controller.
You can connect a Windows AD server to Azure AD to extend your directory into Azure. (true/false)
True
A system administrator wants to give NTFS folder permission to a project manager so that the manager can add or remove the read-only, hidden, archive, index, compress, and encrypt attributes. Which of the following permissions should the administrator give to the project manager?
Write extended attributes
Which of the following occurs when you encrypt a file using EFS within a domain environment? (Choose all that apply.)
b. A copy of the symmetric encryption key is stored within the file metadata and asymmetrically encrypted with your public keyc. A symmetric encryption key is generated and used to encrypt the file contents d. A copy of the symmetric encryption key is stored within the file metadata and asymmetrically encrypted with recovery agent's public key
Printers Not Ready custom filter
cannot complete the print process and provides the status of the printer within the Queue Status column
To provide security for folders and files on these filesystems, you should understand how to.
configure permissions and ownership
Active Directory Partitions
domain, configuration, and schema
After you specify the location of an SMB, IPP, or LPD shared printer within the Add Printer wizard and click Next, the printer driver will be
downloaded from the hidden PRINT$ share on the print server
By default, the owner of a resource, the local Administrator user account (within a workgroup), and members of the Domain Admins group (within a domain) can change
folder and file ownership
Printing to a Shared Printer While network-attached print devices are common within organizations today, they have limited storage for print jobs and are not designed to
handle simultaneous print jobs from large numbers of computers.
Which of the following formats can be used to print to a shared printer using IPP?
http://servername/printers/sharedprintername/.printer
Get-PrintConfiguration
obtains a printer's configuration information
log on events are caused by
passive screening
Inheritance of permissions
permissions assigned to a parent folder are applied down to subfolders and files unless it is blocked (blocking permissions is NOT recommended)
A(n) ____ is like a stack of print jobs, with the first job submitted at the top of the stack and the last job submitted at the bottom, and all of the jobs waiting to be sent from the spooler to the printer.
print queue
Custom filters
quickly check the status of printers, in order to identify any problems
when changes are made to Active Directory, those changes usually take place on a single domain controller. Those changes then have to be
replicated out to other domain controllers.
net stop spooler and net start spooler MS-DOS commands
restart the Print Spooler service.
What are the objects that only exist on the forest root domain?
schema master role, domain naming master role; enterprise admin group, schema admins
In the Windows environment, a ____ is a group of DLLs, information files, and programs that processes print jobs for printing.
spooler
the printer driver for the print device is not available on the print server for your operating system, the Add Printer wizard will prompt you
• Modify the default printer name • Share the printer to other computers • Print a test page