Final study
How often does garbage collection run on a DC?
12 hours
By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely?
180 days
Which of the following is the company whose users are accessing resources from another company?
Account partner
Which type of cryptography procides the most security?
Asymmetric cryptography
In which LDAP-compatible database are claims values stored
Attribute store
Which feature was first introduced with Windows Server 2012 R2, and are new Active Directory containers to which authentication policies can be applied to restrict where high-privilege user accounts can be used in the domain?
Authentication Policy silos
What is the last step, just before you review the relying party trust information, in the Add Relving Party Trust Wizard?
Configure an access control policy
What is created automatically by the KCC and allows the configuration of replication between sites?
Connection object
What assigned value represents the bandwidth of the connection between sites?
Cost
Which of the following is created using a hash algorithm and can be used to verify the authenticity of a document
Digital signature
Select below the FSMO role that is a forest-wide FSMO role:
Domain naming master
What can you install on a Windows Server 2016 server that can scan documents and apply rights policy templates automatically based on resource properties?
FSRM
A claims provider is the resource partner that accepts claims from the business partner to make authentication and authorization decisions.
False
A site bridge is needed to connect two or more sites for replication
False
A tree can cost of a single domain or a parent domain and child domains, which cannot have child domains of their own
False
Active Directory metadata describes the actual Active Directory data, not the Active Directory database.
False
Applications that are not claims-aware can't be used in an AD FS deployment
False
By default, subnets are created in Active Directory Sites and Services
False
CA Administrator approves requests for certificate enrollment and revocation
False
Group conversion facilitates migrating user accounts from one domain to another
False
If a certificate is not renewed before the validity period expires, the certificate can still be used and the renewal period ends.
False
If your domain includes Windows Server 2003 or older DCs, it's using DFSR to replicate SYSVOL
False
Intrasite replication takes place between DCs in two or more sites
False
Primary authentication is not required for all users who access applications that use AD FS
False
The intermediate CA is the most critical and is the server typically configured for offline operation
False
The logical components of Active Directory are forests, domains, and sites
False
Version 5 templates allow custimization of most certificate setttings and permit autoenrollment
False
With AD FS preauthentication, client requests for the application are sent via a proxy server to the application server.
False
With separate domains, stricter resource control and administrative permissions are more difficult.
False
What is the first domain installed as a forest called?
Forest root
Which of the following is responsible for assigning a bridgehead server to handle replication for each directory partition?
Inter-Site Topology Generator
Which type of CA in the three-level hierarchy is sometimes referred to as a policy CA and issues certificates to issuing CAs?
Intermediate
For intrasite replication, what component builds a replication topology for DCs a site and establishes replication partners?
KCC
You want to configure automatic key archival to ease the burden of managing backup of private keys. What role must you assign to at least one trusted user in the organization?
KRA
You have a member of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your device?
NDES roles Service
Why might it be a good idea to configure multiple domains in a forest
Need for differing account policies
By default, replication between DCs when no changes have occurred is scheduled to happen how often?
Once per hour
Which of the following contains a list of users and specifies what the users can do with a rights protected document?
Publushing license
What is the name of a domain controller on which changes can't be written?
Read only domain controller
What feature should you enable to prevent the sIDHistory attribute from being used to falsely gain administrative privileges in a trusting forest?
SID filtering
A Web Application Proxy server needs two NICS installed to function correctly.
True
A delegated installation allows a domain administrator to create the RODC computer account in Active Directory, so a that a regular user can perform the installation at a later time
True
A domain controller clone is a replica of an existing DC
True
A revocation configuration tells the CA what methods are available for clients to access CRLs.
True
AD FS is designed to work over the public Internet with a Web browser interface
True
Adding a subdomain is a common reason for expanding an Active Directory forest
True
An Active Directory snapshot is a replica of the Active Directory database at a specific moment
True
Authentication efficiency, replication efficiency, and application efficiency are the three main reasons for establishing multiple sites.
True
Before you can install a DC running a newer Windows Server version in an existing forest with a lower factional level, you must prepare existing DCs with the adprep.exe command-line program
True
Before you can install an RODC, the forest functional level must be at least Windows Server 2003
True
Certificate autoenrollment is an option only on enterprise CAs
True
Device registration is a feature that allows non domain-joined devices to access claims-based resources securely.
True
Intrasite replication occurs between bridgehead servers
True
Multi-factor authentication means users must authenticate with more than one device.
True
Remote Desktop Gateway applications are a convenient way for organizations to make applications available to users without having to install the application on every user's computer
True
The PowerShell cmdlet "Restore-CARoleService" restores the CA database and all private key data
True
The federated Web SSO with forest trust design is most often used in business-to-employee relationships.
True
The repadmin /repliacate command causes replication of a specified partition from one DC to another
True
Universal groups allow administrators to assign rights and permissions to forest-wide resources to users from any domain.
True
Users can request certificates that aren't configured for autoenrollment by using the Certificates snap-in.
True
When a full backup or system state backup is performed on a CA server, the certificate store is backed up along with other data
True
Which command analyzes the overall health of Active Directory and perfomas replication security checks?
dcdiag
What feature allows non domain-joined devices to access claims based resources securely?
device registration
Which of the following manages adding, removing, and renaming domains in the forest?
domain naming master
Which option will allow private keys to be locked away and then restored if the user's private key is lost?
key archival
What tool can a user use to request certificates that are not configured for autoenrollment?
Certificates snap-in
What folder contains group policy templates, logon logoff scripts, and DeS synchronization data?
SYSVOL
What features should you configure if you want to limit access to resources by users in a traited forest, regardless of permission settings on these resources?
Selective authentication
Which of the following is a self signed certificate and identifies the AD RMS cluster?
Server licensor certificate
What type of key is used in symmetric cryptography, must be known by both parties, and is used for both encryption and decryption?
Shared secret
What type of certificate enrollment issues certificates that users can use to log on to a system by entering a PIN?
Smart card enrollment
Before you configure a forest trust, what should you configure to ensure you can contact the forest root of both forests from both forests?
Stub Zones
During garbage collection, what setting controls how long deleted objects remain within the database before such objects are completely removed?
Tombstone lifetime
You run a PKI that has issued tens of thousands of certificates to hundreds of thousands of clients. You have found that the traffic created when clients download the CRL is becoming excessive. What can you do to reduce the traffic caused by clients downloading the CRL?
Use a Delta CRL
Which of the following is issued to users when they request access to a rights protected document?
Use license
You have a network of Windows Server 2016 servers, and you wish to allow remote users the ability to access network applications from any device that supports a Web browser?
Web Application Proxy
Which of the following is the international standard that defines a PKI and certificate formats?
X.509
Which of the following is true about the domain functional level?
You can have different functional levels within the forest
What are conditions that determine what attributes are required in a claims and how claims are processed by the federation server?
claim rules
Which option below is not one of the three main methods for cleaning up metadata?
wbsadmin.exe
