ITNW Internet/Intranet Server Final Review
In order to make use of AD FS, web browsers on client computers must have what enabled?
JScript and Cookies
Which of these is not a new GPO in Windows Vista and Server 2008?
Local Computers GPO
Windows Internet Name Service (WINS) is a legacy name service used to resolve....
NetBIOS names
Which of the following is not true in relation to enterprise CAs?
No certificate templates available
Which of the following is true of AD LDS?
No global catalog
What nodes or folders does a Starter GPO contain?
Only Administrative Templates folder in both Computer Configuration and User Configuration
You are the new administrator for Example.com domain. Last week, the original Windows Server 2003 domain controller that was used to create the Example.com forest went offline permanently. This was the last Windows Server 2003 server in the entire forest, and because all servers now run Windows Server 2008, you have decided that it would be a good time to raise the forest functional level to Windows Server 2008. However, your attempt to do so fails. What could be the issue?
The Schema master is down, preventing any schema changes.
Which of the following is not considered an urgent replication event (one that triggers change notifications immediately, without waiting the normal 15 seconds)
Full name change under user properties
What can you use to restrict GPO inheritance to specific objects in an OU?
GPO Filtering
You are troubleshooting a network issue a user is having. After having changed his network adapter to static addressing, he can no longer reach the internet. However, the machine resolves Internet names to IP addresses. Observe the adapter's configuration below, and determine the problem. IP Address: 172.31.20.103 Subnet: 255.255.255.0 DNS Server: 172.31.20.251 Gateway address: 172.31.19.254
Gateway is outside of the user's subnet
Which of the terms below best fits the following description? A GPO component that's an Active Directory object stored in the System\Policies folder. It stores GPO properties and status information but no actual policy settings.
Group Policy Container (GPC)
Which of the following statements is true regarding RODC replication?
The domain directory partition can be replicated only to an RODC from a Windows Server 2008 DC.
By setting up autoenrollment for EFS certificates, a user's EFS certificate is created...
The first time he or she logs on to the domain after autoenrollment is configured
If multiple default gateways are assigned to a computer (such as in a multihomed server), what determines which default gateway will be used?
The metric
What type of information does a resource record of type A contain?
Host
What is the certificate distribution point (CDP)?
Identifies where the CRL for a CA can be retrieved; can include URLS for HTTP, FILE, FTP, and LDAP locations
What role service would you install with Active Directory Rights Management Service in order to extend document protection outside the corporate network to federated business partners?
Identity Federation Support
What would you use to prevent GPOs linked to parent containers from affecting child containers?
Inheritance blocking
Which of the following is not one of Active Directory Migration Tool's three main types of migration?
Innerforest migration
You are the administrator of the Example.com domain. Your company has just begun development of a directory-enabled application. Because of the potentially volatile nature of an application in development, you want to install a service that will enable you to isolate the application while simultaneously providing an environment that mimics AD DS. What should you do?
Install AD LDS
What is the Microsoft recommendation for placement of global catalog servers?
Install a global catalog server in a site once it is larger than 500 accounts and the number of DCs is greater than 2
The SMTP protocol is used primarily for e-mail, but can also be used for...
Intersite replication
What option under the General tab in the Properties dialog box of a forest trust is only available for use between two Windows Server 2008 domains?
The other domain supports Kerberos AES Encryption
You work at Example.com, and are in charge of a fairly large forest and multidomain structure consisting of Windows Server 2003 domain controllers running at the Windows Server 2003 functional level. One of your interns finished installing the forest's first Windows Server 2008 server, and has placed it in a branch office to act as a read only domain controller. The intern has already run the adprep /forestprep command. Unfortunately, for some reason, the RODC Server can't be installed. What is most likely the issue, based on the information provided?
There must be at least one writeable DC running Windows Server 2008
You're taking an older server performing the PDC emulator master role out of service and will be replacing it with a new server configured as a domain controller. What should you do to ensure the smoothest transition?
Transfer the PDC master role to the new domain controller, and then shut down the old server
Before you can restore a CA database from a backup, the CA service must be stopped.
True
By default, every installed service and protocol is bound to every network connection.
True
Disabling network discovery in the Sharing and Discovery section of the Network and Sharing Center does not prevent you from accessing by UNC paths or being accessed by a UNC path.
True
Disks used for scheduled backup are reformatted, and existing volumes are deleted.
True
If you're raising both the forest and the domain functional levels, you must raise the domain functional level first to at least the level you're raising the forest functional level.
True
Settings in local GPOs that are inherited from domain GPOs can't be changed on the local computer; only settings that are undefined or not configured by domain GPOs can be edited locally.
True
Using a stub zone can result in faster recursive queries.
True
Which description best fits the CA Administrator role?
True
You can deploy Windows Server 2008 Read Only Domain Controllers (RODC) in a Windows Server 2003 forest.
True
Windows Server 2008 supports three versions of certificate templates. What version or versions of templates can be issued only from Windows Server 2008 enterprise CAs and can only be used on Windows Server 2008 and Vista clients?
Version 3
When might you use a forwarder?
When an internal DNS server receives queries to resolve domain names on the Internet
Why is the address 172.31.255.255 with a subnet mask of 255.255.255.0 invalid as a host ID?
Why is the address 172.31.255.255 with a subnet mask of 255.255.255.0 invalid as a host ID?
Which Windows OS below does not support Active Directory Federation Services?
Windows 2000 Server
A counter alert...
generates an event log entry when a counter falls below or exceeds a specified threshold
What command can be used to perform tasks similar to those in Group Policy Results Wizard and the Resultant Set of Policy snap-in?
gpresults
One of your interns has been asked to modify the permissions on a directory located on a Server Core server. Your intern asks you what command is used to do this. Which command do you tell him to use?
icacls
What is a major drawback to enabling the auditing of object access?
involves considerable overhead
Which of the following is not part of a State of Authority record?
maximum TTL
Which of the commands below can be used to test DNS queries with the default DNS server or a specific DNS server on a Windows computer?
nslookup
In Active Directory, an object that has been deleted but not removed is referred to as being...
tombstoned
Which command is useful for troubleshooting the routing topology of a complex network and finding the bottleneck between a computer and a destination network?
tracert
You are working on a computer running Windows Vista, and you want to test the overall DNS operation on a Server Core DNS server named LocalDNS in a room on the first floor of your building. Preferably, you would like to remain at your workstation. What command can you use to accomplish this?
winrs -r:LocalDNS dcdiag /test:DNS
Where must custom LDIF files be placed to be available for import?
%systemroot%\Adam
Which one of the following options, when added to dnscmd.exe, will allow you to create a new zone?
/ZoneAdd
GPC replication between domain controllers in the same site occurs at about what interval after a change has been made by default?
15 seconds
What subnet mask would correspond to a CIDR notation of /24?
255.255.255.0
Setting up and testing AD FS with the simplest design requires at least how many computers?
4
Under Password policies, what is the default maximum password age?
42 days
What is the default no-refresh interval set to on DNS record timestamps?
7 days
What is the IPv6 equivalent of IPv4's loop back address of 127.0.0.1?
::1
If an application is published through User Configuration's Software Settings, what happens?
A link to install the application is placed in Control Panel's Programs and Features (Vista / Server 2008) or Add / Remove programs (XP)
A router is...
A network device that forwards communication packets from one network to another
A normal recursive lookup process is initiated, starting with a root server
A normal recursive lookup process is initiated, starting with a root server
A web server that can host the claims-aware agent or the Windows token-based agent role service is called a...
ADFS-enabled Web server
Which MMC is used to transfer the domain naming master operations role?
Active Directory Domains and Trusts
Which MMC is used to transfer the RID master, PDC emulator master, and infrastructure master operations master roles?
Active Directory Users and Computers
You work for the large organization, Example.net, and are in charge of around 20 RODCs situated in various branch offices around the world. Lately, supervisors have been receiving more privileges and permissions to sensitive documents. It is for this reason that you would like to prevent credential caching from storing the passwords of members in the supervisors group on remote RODCs where security is an issue. You would like to keep administrative overhead at a minimum, and not affect users other than members of the supervisor group. What should you do?
Add the supervisor group as a member of the Denied RODC Password Replication Group
What information does a resource record of type MX contain?
Address of an e-mail server
If you make changes to an existing GPO that's already linked in Active Directory, how fast do the policy settings take effect?
As soon as the client downloads them
What IP address class does the address 128.0.31.50 belong to?
B
A colleague of yours is setting up backups for Windows Server 2008 servers on your network. However, because he is new to Windows Server 2008, he encounters an issue. Your colleague wants to schedule backups to the server's drive containing the C:\ partition. When he selects the "Show All Available Disks" button in the Backup Schedule Wizard, the drive containing C:\ is not listed. What is most likely the issue?
Drives that contain system files cannot be used for scheduled backups
As part of the documentation for the network you are in charge of, you want to take a baseline of the network with the focus on performance during peak usage hours. Some of the statistics you are interested in involve CPU utilization and network contention on Active Directory servers as well as disk utilization and page caching. You are particularly interested in AD authentication performance. When would be the ideal time to collect information for your baseline?
During the hours in which the most users will log in and begin opening and starting applications
How can you ensure that a GPO's settings are applied to all child objects, even if a GPO with conflicting settings is linked to a container at a deeper level?
Enforcing inheritance
By default, How often does garbage collection run, and how old must an object be for it to be removed?
Every 12 hours, object must be older than 180 days
Which of the terms below best fits the following description? A GPO component that's an Active Directory object stored in the System\Policies folder. It stores GPO properties and status information but no actual policy settings.
Every 15 minutes
A Group Policy Template is stored in Active directory.
False
A federation trust is a two-way trust by default.
False
A published application is installed automatically.
False
Computers assigned different network IDs can communicate without needing a router to deliver the packets between networks.
False
Glue A records will also appear as an A record in the zone database.
False
If a certificate isn't configured for autoenrollment, a user may be able to request the certificate by using the Certificates snap-in, so long as they are accessing a standalone CA.
False
In the Windows Server 2008 domain functional level, FRS is used to replicate the contents of the Sysvol share.
False
The account lockout threshold contains a value between 0 and 1,000 that determines how many times a user's password can be entered incorrectly before the user's password must be reset by an administrator.
False
Which AD FS role service would you install in a perimeter network outside the corporate firewall to field authentication requests from browser clients?
Federation Service Proxy
Which of the following features is not present in Windows Server 2003 domain functional level?
Fine-grained password policies
If a certificate has a validity period of 1 year and a renewal period of 1 month, when must a certificate that was issued on December 12th, 2009 be renewed?
Between November 12, 2010 and December 12, 2010
The Intersite Topology Generator (ISTG) is responsible for assigning one of these for each directory partition in the site:
Bridgehead server
Which of the following is not a common way to configure DNS for a forest trust?
Caching DNS
The acronym CIDR stands for what?
Classless InterDomain Routing
You have recently set up a new domain controller and DNS server responsible for a large network. Almost immediately, you notice that every time a user attempts to make use of a resource on a server in your partner organization's domain, Example.net, DNS requests end up performing a recursive query. Rather than continue to allow DNS requests to be processed this way, you would like to make use of a DNS server in Example.net's domain that you have access to via a LAN connection. What can you configure to have the DNS server in Example.net's domain receive DNS queries from your network, but only ones that are related to Example.net's domain?
Conditional Forwarder
You make use of a third party virtualization program on a server that is also an Active Directory domain controller. The virtualization program is hosting a web server on the server, but the web server is usually accessed more in the afternoon than in the morning. Due to the increased resource usage caused by early morning users logging in to the domain, you want to find a way to manage CPU utilization. What should you do?
Configure a custom Windows System Resource Manager policy for the third party virtualization program, and set its resource allocation to be lowered during morning hours only
Which description best fits the CA Administrator role?
Configures and maintains CA servers, and can assign all other CA roles and renew the CA certificate
What does round robin do?
Creates a load sharing / balancing mechanism for servers that have identical services, such as two servers that host the same website
What answer below is the term used to describe a list of certificates revoked since the last base, or complete, CRL was published?
Delta CRL
In order to perform a nonauthoritative restore, you must restart the domain controller in what mode?
Directory Services Restore Mode
Fine-grained password policies are created by defining a....
Password Settings Object
In AD FS terminology, a company that supplies goods would be considered a
Resource partner
Select the answer below that is not a service a public key infrastructure provides to a network:
Secure tunneling
One of the following is not an example of a well known company that has universally trusted public CAs:
Secure4u
The Network Device Enrollment Service (NDES) allows network devices, such as routers and switches, to obtain certificates by using a special Cisco proprietary protocol known as...
Simple Certificate Enrollment Protocol (SCEP)
For several hours now, your IT staff has been trying to troubleshoot an issue on AppSrv1. AppSrv1 uses an application that requires it to access an SQL database on a server named DBSrv1 but recent changes in the network topology have outdated previous DNS entries. Initially, the problem is believed related to the DNS database, but after using nslookup, you find that the DNS entry is correct. AppSrv1 can reach the DBSrv1 server manually by IP address, but when using a name, it resolves to the wrong machine. What is most likely the issue?
Someone added a static entry for DBSrv1 in the hosts text file, which is now outdated
With forwarders and/or conditional forwarders configured, the DNS server attempts to resolve DNS queries in this order: 1. From traditional forwarders (if configured) 2. From conditional forwarders (if configured and the domain name matches) 3. From locally stored zone resource records 4. From the DNS cache 5. Recursively by using root hints (only if no traditional forwarder is configured) This list has been slightly rearranged. What entry number should be switched in order to make this list accurate?
Switch #3 with #4
Increased network usage has inspired your staff to install a new DNS server. After much consideration, you have decided to also make the new server a domain controller as well. One of your interns is curious as to what benefit this would provide to DNS over simply making the DNS server a member server.
The AD-integrated domain DNS zones will be created automatically.
One of the answers below is not a valid scripting language supported by Scripts (Startup/Shutdown) subnode. Select the invalid answer.
bash scripts
Which of the below commands must be entered to allow remote administration of the IPSec Management snap-in?
cscript \windows\system32\scregedit.wsf /im 1
