Network Admin Final Exam
In which LDAP-compatible database are claims values stored?
Attribute store
If you configure the issuance requirements for a certificate issued from a template so that more than one signature is required before a certificate can be issued, which of the following is true?
Autoenrollment is disabled
A server configured for Web enrollment is referred to as which of the following?
CA Web proxy
What tool can a user use to request certificates that are not configured for autoenrollment?
Certificates snap-in
What is the last step, just before you review the relying party trust information, in the Add Relying Party Trust Wizard?
Configure an access control policy
What is created automatically by the KCC and allows the configuration of replication between sites?
Connection object
What are valid reasons to create site link bridges manually? (Choose all that apply.)
Control traffic through firewalls Reduce confusion of the KCC
Once Active Directory has been installed, a default site link is created. What is the name of this site link?
DEFAULTIPSITELINK
All your domain controllers are running Windows Server 2016 in a new forest. What should you check if GPT replication is not occurring correctly?
DFSR
What Active Directory replication method is more efficient and reliable?
Distributed File System Replication
What can you install on a Windows Server 2016 server that can scan documents and apply rights policy templates automatically based on resource properties?
FSRM
An administrator needs to know which servers carry forest-wide roles. What PowerShell cmdlet can be used to display this information?
Get-ADForest
What type of algorithm is used to sign the CA certificate?
Hash
What DC is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?
Infrastructure master
In an AD RMS cluster, which of the following is true about the AD RMS service connection point? (Choose all that apply.)
It is defined during installation of the root cluster It is stored in Active Directory
For intrasite replication, what component builds a replication topology for DCs in a site and establishes replication partners?
KCC
What is issued by the root cluster and contains a computer's public key when an AD RMS application is used?
Machine Certificate
After you install AD CS, you want to begin issuing certificates for the encrypting file system. What should you do first?
Modify a certificate template
An administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated?
PDC emulator
The RID master FSMO role is ideally placed on the same server as what other role?
PDC emulator
What feature should you enable to prevent the sIDHistory attribute from being used to falsely gain administrative privileges in a trusting forest?
SID filtering
An administrator has attempted to change the forest functional level, but the attempt failed due to the failure of an FSMO role. Which FSMO role should be investigated?
Schema master
What features should you configure if you want to limit access to resources by users in a trusted forest, regardless of permission settings on these resources?
Selective authentication
What PowerShell cmdlet can be used to begin transferring your existing Windows Server 2012 R2 server to a secondary server when upgrading AD FS.
Set-AdfsSyncProperties
What can you do if you notice that a DC failed to register its service records?
Stop and start the Netlogon service.
Before you configure a forest trust, what should you configure to ensure you can contact the forest root of both forests from both forests?
Stub zones
If an employee leaves a company, what should happen to any certificates held by that employee that was issued by the company's PKI?
They should be put on the CRL
How is a computer's designated site determined, such that the computer is given a domain controller to request services from within the same site?
Through subnets added to the site
During garbage collection, what setting controls how long deleted objects remain within the database before such objects are completely removed?
Tombstone lifetime
Two users, UserA and UserB, are engaging in secure communication using only asymmetrical encryption. UserA needs to send a secure message to UserB. What occurs first?
UserB sends UserA UserB's public key
What specific versions of certificate templates are supported by Windows Server 2016? (Choose all that apply.)
Version 2,3,4 templates
What are are conditions that determine what attributes are required in a claim and how claims are processed by the federation server?
claim rules
What feature allows non domain-joined devices to access claims-based resources securely?
device registration
What are the expiration policy options you can specify for content in a rights policy template? (Choose all that apply.)
never expires and expires on the following date
What CAs interact with clients to field certificate requests and maintain the CRL?
subordinate CAs
How can an administrator initiate a system state recovery using the command line?
wbadmin start systemstaterecovery
On a Windows Server 2016, what is the default CRL publication interval?
1 week
How often does garbage collection run on a DC?
12 hours
In a new partnership with XYZ Company, ABC company wants to share documents securely using Web-based applications. All communication must be secure, and document usage must be controlled. Both companies run Windows Server 2016 domains but must remain in separate forests. What can you implement to facilitate this partnership?
AD Federation Services and AD Rights Management Services
A partition stored on a domain controller in the HQ site isn't being replicated to other sites, but all other partitions on domain controllers in the HQ site are being replicated. The problem partition is stored on multiple domain controllers in HQ. What should you investigate as the source of the problem?
A manually configured bridgehead server