CIS221 Deploying & Managing Windows
When a CA public/private key pair expires, a system administrator must generate a new CA public/private key pair the same day to ensure a smooth transition.
False
Yosef has configured Windows Server 2019 as an enterprise CA and deployed a GPO to enroll all the users for certificates. He chooses the setting that will enroll the users when they boot their computers. When he checks whether all users and computers have been enrolled, he finds that five users were not enrolled for the certificate. Yosef was able to manually enroll those users for certificates. Which of the following permissions to the certificate template is most likely to be missing for the five users who did not get enrolled?
Autoenroll
XM GraFix, a graphics design company, has bought new design software. Mason, the system administrator, wants to install the software on all the computers in the design department. However, not all the designers need the software. Using the GPO, Mason uses a deployment method that allows the users to install the program from the network when they need it. Which of the following methods of deployment has Mason most likely used in the given scenario?
Published the software under Software Settings in the User Configuration
Sasha is configuring Windows Server 2019 as an enterprise CA. She installs the Active Directory Certificate Services server role and is prompted to choose the role services that she wishes to install. Which of the following role services should Sasha select to ensure that routers are allowed to obtain certificates?
The Network Device Enrollment Service role service
Which of the following settings in Windows defender should be enabled to prevent malware and network attacks from accessing high-security processes in systems that support core isolation?
The memory integrity setting
Amina, who works for a pharmaceutical company, configures and issues the Smartcard Logon certificate template with schema version 2. While most of the users get auto-enrolled, some of the users fail to obtain the certificate. Identify the most likely reason auto-enrollment failed for these users.
Their operating system is Windows 2000 ???
While configuring Windows Server 2019 as a WSUS server, which of the following role services would you select to store information about updates in the Windows Internal Database?
WID connectivity
Which of the following is true of Group Policy Objects (GPOs)?
They are not strictly enforced ???
What is the level of encryption of the public/private key pair that is contained in the domain-server-CA in Microsoft Server 2019?
2048-bit encryption
Amber is a hacker who steals information when people enter their personal details on specific websites. She intercepts the public key as it is sent from the Web server to the Web browser and substitutes her own public key in its place. This enables her to intercept the communication and decrypt the symmetric encryption key using her private key. Which type of hacking attack is Amber perpetrating?
A man-in-the-middle attack
Fatima is configuring a Windows Server 2019 system as a RADIUS server for use with 802.1X Wireless. She has configured the Network Policy and Access Services server role. What is the next step Fatima should take once the server role has been configured?
Activate the server in Active Directory
By default, where are updates synchronized from in WSUS?
Microsoft Update servers on the Internet
Alonso, a system administrator, has configured and deployed a new GPO at the domain level in his organization. However, when he checks after a few hours, two of the OUs in the Active Directory do not reflect the change. What is the most likely reason the new GPO configuration did not apply to the two OUs?
The Block Inheritance setting prevented the OUs from applying the GPOs. ???
To prevent man-in-the-middle attacks, Janet, a network administrator, configures a GPO such that all the traffic sent toward a specific database server is encrypted using IPSec. While most of her colleagues are able to successfully connect to the database via the IPSec authentication process, the connection is not successful for some computers. What do you see to be the problem here?
The computers did not have an IPSec certificate. ???
The new system administrator of XYZ company realizes that whenever updates are available for Windows, WSUS redirects computers to the Microsoft Update servers on the Internet to obtain updates instead of storing the update information on the WID. Which of the following is a likely reason for this issue?
While installing WSUS, the option Store updates in the following location was deselected.