Test 2
What permission is given to the Enterprise Domain Controllers universal group on all GPOs by default, and grants permission to view settings and back up a GPO?
**Edit Settings
How often are computer and user policies applied after a user has logged into a computer?
**Every 60 minutes
Select the specific tab within the Group Policy Management Console that will allow you to view which policies affect a domain or OU and where the policies are inherited from.
**Group Policy Details
Settings under the User Configuration node affect what Registry key?
**HKEY_CURRENT_USER
What PowerShell cmdlet will link a GPO to a site, domain or OU?
**Restore-GPLink
What tool can be used to determine what policy settings would apply to a computer or user account if it were moved to a different container?
Group Policy Modeling
What is the default location of ADMX files?
%systemroot%\PolicyDefinitions
If the slow link detection policy is set at 0, what does this indicate?
**All links are considered slow links
By default, what policies will be downloaded and processed by a Group Policy client?
**No polices are downloaded and processed by default
Which of the following uses permissions to restrict objects from accessing a GPO?
**WMI filtering
Which policy below requires synchronous processing to ensure a consistent computing environment?
**Wired network policies
What holds the log of Active Directory transactions or changes?
**aed.dit **ntds.log
If you make changes to an existing GPO that's already linked in Active Directory, how fast the policy settings take effect?
As soon as the client downloads them
A Group Policy Template is stored in Active Directory.
FALSE
Group policy caching improves system startup speed because the cache is used during asynchronous background processing, which occurs when the system boots.
False
On a slow link, policies involving folder redirection are always processed.
False
The Backup Operators group is a group in local computers only.
False
By default, what policies will be downloaded and processed by a Group Policy client?
Changed polices only
How can a master server be configured to make a secondary server request zone transfers immediately after a zone change?
DNS notify
What policy is a GPO linked to the Domain Controllers OU and specifies the default policy settings for all domain controllers?
Default Domain Controllers Policy
d. Active Directory Services Repair (ADSR)
Directory Services Restore Mode (DSRM)
What Active Directory replication method makes use of remote differential compression (RDC)?
Distributed File System Replication (DFSR)
d. Advanced System Replication (ASR)
Distributed File System Replication (DFSR)
Select the FSMO role that is required to be online to facilitate the addition or removal of a domain controller:
Domain naming master
Select below the GPO permission that provides the ability to change existing settings, import settings, and enable or disable a GPO, but is not granted to any user by default.
Edit Settings
d. Configured
Enable Action Filters
GPOs set at the domain level should contain settings that you want to apply to all objects in the domain.
False
What defines which objects are affected by setting in a GPO?
GPO scope
An administrator needs to know which servers carry forest-wide roles. What PowerShell cmdlet can be used to display this information?
Get-ADForest
d. Show-ADServiceAccount
Get-ADServiceAccount
What tool can be used to determine what policy settings would apply to a computer or user account if it were moved to a different container ?
Group Policy Modeling
Settings in the Administrative Templates section of the User Configuration node affect what area of the registry?
HKEY_CURRENT_USER
Settings in the Administrative Templates section of the User Configuration node affect what area of the registry?
HKEY_CURRENT_USER
The setting in Administrative Templates under User Configuration affect what section og the computer's registry?
HKEY_CURRENT_USER
Settings in the Computer Configuration node of Administrative Templates affect which registry key below?
HKEY_LOCAL_MACHINE
d. Users
IIS_IUSRS
Selecting the "Allow the connection if it is secure" option when creating a Windows firewall rule relies on what encryption protocol by default?
IPSec
Select below the command that is used to import setting from a backed-up GPO to an existing GPO:
Import-GPO
Select the command that is used to import settings from a backed-up GPO to an existing GPO.
Import-GPO
Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those objects in other domains?
Infrastructure master
d. Group Policy Object Editor
NOT Group Policy Management Editor
d. Groups
OUs
An Administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated?
PDC Emulator
d. Service Accounts console
PowerShell
d. Ticket Granting Ticket (TGT)
Service ticket
d. Service user account
Service user account
Which policy below requires synchronous processing to ensure a consistent computing environment?
Software installation policies
Command scripts are just a series of commands saved in a file with a .bat extension.
T
After running the Security Configuration and Analysis snap-in with a template, what does a checkmark in a green circle mean?
The Template Policy and current computer policy are the same
Group Policy updates can be forced using GPMC. What requirements exist for an administrator to be able to do this?
The computer accounts must be in a non-default created OU
What GPO policy will take precedence over all other GPO policies when they are being applied ?
The last policy applied takes precedence
What does the /target option do when used with the gpupdate command?
The option can specify whether computer or user policy settings should be updated
If a software package is assigned to a group of targeted computers via the Computer Configuration node, what happens?
The package installation is mandatory and begins the next time the computer starts
d. The structure should facilitate easier access to resources
The structure should facilitate easier access to resources
d. The service startup was changed to manual.
The user account password expired
Command scripts are just a series of commands saved in file with a .bat extension.
True
There are two types of GPO filtering: security filtering and _____ filtering.
WMI
Which of the following uses queries to select a group of computers based on certain attributes, and then applies or doesn't apply policies based on the query's results?
WMI filtering
How can an administrator force the use of a specific version of an application using a GPO?
WMI filters
ADMX and ADML files are placed under what directory within Windows?
%systemroot%\PolicyDefinitions
What folder within the Computer Configuration node contains settings related to Event Viewer, File Explorer, Windows PowerShell, and Windows Update?
**Control Panel
What enables you to target specific users or computers based on criteria?
**User-Group targeting
d. .adlang
.adml
A transform file utilizes what file name extension?
.mst
d. Foreign Security Principals
Administrators
The standard DACL for package object assigns read permissions to what group by default?
Authenticated Users
d. Targeted
Basic
How can an administrator make a user template account easily recognizable?
add a special character to the beginning of the template account name
What tool within Windows Server 2016 must be used in order to change the default auditing settings?
auditpol.exe
What does a blue exclamation point next to a domain mean within the GPMC utility?
inheritance is blocked
How does piping work on the command line?
it's a way to send information to another command so it is easier to read
How are Active Directory objects added to special identity groups?
membership in these groups is controlled dynamically by Windows, can't be viewed or changed manually, and depends on how an account accesses the OS
The default location for computer accounts that are created automatically after joining the domain can be changed using which command?
redircmp
d. djoin OU
redircmp.exe
A response to an iterative query in which the address of another name server is returned to the requester
referral
What different types of objects can be members of a distribution group?
regular user accounts and contacts
d. script
script
When data within a zone changes, what information in the SOA record changes to reflect that the zone information should be replicated?
serial number
d. modifyspn
setspn
An explicit "allow" permission will override an inherited "deny" permission.
true
The MX record type is used to designate mail exchangers, or mail servers for e-mail.
true
Install-IADPzone
Add-DnsServerPrimaryZone
How should an administrator test the functionality of DNS operation on a domain controller, as well as troubleshoot issues with DNS forwarders, delegation, dynamic updates, and record registration?
Using dcdiag /test:dns
d. %systemroot%\Policies
%systemroot%\PolicyDefinitions
The folders containing Group Policy Templates (GPTs) can be found under what folder on a domain controller?
%systemroot%\SYSVOL\sysvol\domain\Policies
Permission inheritance can be configured such that permissions are only inherited by specific types of child object types.
...
An administrative template file using what file extension provides a language specific user interface in the Group Policy Management Editor?
.adml
An administrative template file using what file extension provides a language-specific user interface in the Group Policy management editor?
.adml
Security templates make use of the _________ file extension.
.inf
A transform file utilizes what file name extension ?
.mst
You can customize MSI file installation by using a transform file, which uses the _____ extension.
.mst
d. .mst
.mst
What command option for the dnscmd command lists all zones on the server?
/enumzones
The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon ?
/sync
The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon?
/sync
When applying GPOs in order, what policies take precedence?
1. local policies 2. site-linked GPOs 3. Domain-linked GPOs 4. OU-linked GPOs
By default, how many pervious logons are cached locally to a computer ?
10
By default, how many previous logons are cached locally to a computer?
10
By default, how many previous logons are cached locally to a computer?
10
d. 5
10
d. 7
10
how often does garbage collection run on a DC?
12 hours
Each Group Policy Object is assigned a globally unique identifier (GUID) of what length?
128 bits
Each Group Policy Object is assigned a globally unique identifier (GUID) of what length?
128 bits
The default setting for a secondary zone's refresh interval is how many minutes?
15 minutes
GPC replication between domain controllers in the same site occurs at about what interval after a change has been made by default?
15 seconds
How often is the password for a computer account changed by Active Directory?
30 days
d. 15 days
30 days
Under password policies, what is the default maximum passward sag?
42 days
d. 42 days
42 days
d. 70 minutes
5 minutes
A slow link, by default, is a network connection that's less than which of the following?
500 Kbps
A slow link, by default, is a network connection that's less than which of the following ?
500 kbps
A slow link, by default, is a network connection that's less than which of the following?
500 kbps
A slow link, by default, is a network connection that's less than:
500 kbps
The Windows 8 and Windows Server 2012 operating systems have an operating system version number of :
6.2
By Default what is the maximum period during which a TGT can be renewed?
7 Days
d. 4 characters
7 characters
d. 7 days
7 days
?
?
d. ?
?
If an application is published through User Configuration's Software Settings, what happens?
A link to install the application is placed in Control Panel's Programs and Features (Vista/Server 2008) or Add/Remove programs (XP)
What DNS record type is used for an IPv6 host record?
AAAA
d. Account lockout duration
Account lockout threshold
A primary or stub zone with the DNS database stored in an Active Directory partition rather than a text file.
Active Directory-integrated zone
d. Add-WindowsFeature AD-Services
Add-WindowsFeature AD-Domain-Services
XML format text files that define policies in the Administrative Templates folder in a GPO.
Administrative template files
What policy setting can be used to force synchronous processing?
Always wait for the network at computer startup and logon
d. Anonymous logon
Anonymous logon
What type of application can be installed automatically when the user logs on to a computer in the domain?
Assigned
The standard DACL for a package object assigns read permissions to what group by default?
Authenticated Users
d. Anonymous Logon
Authenticated Users
d. Domain Admins
Authenticated Users
When does Active Directory Online Defragmentation occur? (Written Answer.)
Automatically when A.D. removes deleted objects and frees space in the database, but doesn't compact the database. (Performs Garbage Collection.)
What option under the folder redirection settings redirects everyone's folder to the same location?
Basic
Which of the following are ways to change default GPO inheritance? (Choose all that apply.)
Blocking inheritance
What folder is selected by default for scanning when using the Automatically Generate Rules option in creating AppLocker policies?
C:\Program Files
d. C:\Documents and Settings
C:\Users\logonname
What type of DNS record is used to contain an alias for another record, allowing for the use of different names for the same host?
CNAME record
What policy setting can be used to force synchronous processing?
Change Group Policy processing to run asynchronously when a slow network connection is detected Always wait for the network at computer startup and logon
By default, what policies will be downloaded and processed by a Group Policy client?
Changed policies only
GPOs set at the domain level should contain settings that you want to apply to all objects in the domain.
Changed policies only
To find a full list of policies and preferences than can have background processing disabled, where should you look?
Computer Configuration\Policies\Administrative Templates\System\Group Policy
To find a full list of policies and preferences that can have background processing disabled, where should you look?
Computer Configuration\Policies\Administrative Templates\System\Group Policy
Under the Computer Configuration, which folder contains settings related to the Regional and Language Options, User Accounts, and Personalization options?
Control Panel
Under the Computer Configuration, which folder contains settings related to the Regional and Language Options, User Accounts, and Personalization options?
Control panel
What assigned value represents the bandwidth of the connection between sites?
Cost
Once Active Directory has been installed, a default site is created. What is the name for this site?
DEFAULTIPSITELINK
Once Active Directory has been installed, a default site link is created. What is the name of this site link?
DEFAULTIPSITELINK
Which server role below can't be installed on a server that will be cloned?
DHCP
d. Universal groups that are members of other universal groups can be converted to domain local groups
Domain local groups can be converted to universal, the domain local group must not contain other domain local groups
Select below the FSMO role that is a forest-wide FSMO role:
Domain naming master
Select below the FSMO role that is required to be online to facilitate the addition or removal of a domain controller:
Domain naming master
Select the GPO permission that provides the ability to change existing settings, import settings, and enable or disable a GPO, but is not granted to any user by default.
Edit Settings
Which of the following is not one of the criteria that can be used within a administrative templates filter ?
Enable Action Filters
How often are computer and user policies applied after a user has logged into a computer?
Every 90 Minutes
How often are computer and user policies applied after a user has logged into a computer?
Every 90 minutes
d. Every 60 minutes
Every 90 minutes
A site bridge is needed to connect two or more sites for replication.
F
Administrative template files are in HTML format, using the .admx extension.
F
Group policy caching improves system startup speed because the cache is used during asynchronous background processing, which occurs when the system boots.
F
The Backup Operators group is a group in local computers only.
F
The logical components of Active Directory are forests, domains, and sites.
F
A published application can be installed automatically.
False
By default, Subnets are created in Active Directory Sites and Services
False
GPOs set the domain level should contain settings that you want to apply to all object in the domain.
False
Intrasite replication occurs between bridgehead servers.
False
When a client wants to connect to a service, it finds the service based solely on the instance name.
False
The GPO policy defines which objects a GPO affects.
False; the GPO scope defines which objects a GPO affects
If a domain consists of DCs that are running verions of Windows Server earlier than Windows Server 2008, what replication method is used?
File Replication Service (FRS)
If a domain consists of DCs that are running versions of Windows Server earlier than Windows Server 2008, what replication method is used?
File Replication Service (FRS)
d. File Replication Service (FRS)
File Replication Service (FRS)
In order to increase security of data stored on an RODC, what can be configured to specify domain objects that aren't replicated to RODCs?
Filtered attribute sets
To increase security of data stored on an RODC, what can be configured to specify domain objects that aren't replicated to RODCs?
Filtered attribute sets
_____ is a feature that enables administrators to set policies that cause folders in a user's profile directory to be stored elsewhere, usually to a location on a server.
Folder Redirection
Which of these is something group policy templates and group policy containers have in common?
Folder Structure
The option to turn off background processing is not available for which type of policy below?
Folder redirection
What are the two Flexible Single Master Operation (FSMO) roles? (More than one answer.)
Forestwide and Domainwide
A method to alter the normal scope of a GPO and exclude certain objects from being affected by its settings
GPO Filtering
What can you use to restrict GPO inheritance to specific objects in an OU?
GPO Filtering
Select the term used to describe forcing inheritance of settings on all child objects in the GPO's scope, even if a GPO with conflicting settings is linked to a container at a deeper level.
GPO enforcement
Which of the following are ways to change default GPO inheritance? (Choose all that apply.)
GPO enforcement
What defines which objects are affected by settings in a GPO?
GPO scope
d. GPO template
GPO scope
The ____________ file contains version information that is used to determine when a GPO has been modified, and is used during replication to determine if a local copy of a GPO is up to date.
GPT.INI
What PowerShell Cmdlet will allow an administrator to check for software that is incompatible with the cloning process?
Get-ADDCCloningExcludedApplicationList
An administrator needs to know which servers carry forest wide roles. What Powershell Cmdlet can be used to display this information?
Get-ADForest
d. Global catalog partition
Global catalog partition
A GPO component that's an Active Directory object stored in the System\Policies folder.
Group Policy Container
Select the specific tab within the Group Policy Management Console that will allow you to view which policies affect a domain or OU and where the policies are inherited from.
Group Policy Inheritance
Settings in the Computer Configuration node of Administrative Templates will impact which registry key below?
HKEY_LOCAL_MACHINE
Settings under the User Configuration node affect what Registry key?
HKEY_LOCAL_USER
Settings under the the User Configuration node affect what Registry key?
HKEY_LOCAL_USER
d. HKEY_CURRENT_USER
HKEY_LOCAL_USER
When configuring Software Restriction policies, you can create exceptions to the default rule. One of the four ways of identifying an application as an exception to the default rule is by use of a _____, which is a digital fingerprint of the application file, based on the file attributes.
Hash
What DC is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?
Infrastructure master
Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those object in other domains?
Infrastructure master
What would you use to prevent GPOs linked to parent container from affecting child container?
Inheritance Blocking
What enables one to target specific users or computers based on criteria?
Item-Level Targeting
What enables you to target specific users or computers based on criteria?
Item-level Targeting
What enables you to target specific users or computers based on criteria?
Item-level targeting
d. Item-level targeting
Item-level targeting
d. TACACS
Kerberos
d. Kerberos Authentication Gateway
Key Distribution Center
What component of Kerberos is responsible for storing keys for encrypting and decrypting data in the authentication process?
Key Distribution Center (KDC)
Select the GPO state where the GPO is in the Group Policy Objects folder but hasn't been linked to any container objects.
Link status: unlinked
Select below the option that is not one of the three built-in service accounts.
Local Operator
In what order are Group Policy Objects applied?
Local policies, site-linked GPOs, domain-linked GPOs, OU-linked GPOs
What mode of the Resultant Set of Policy (RSoP) snap-in produces a database of policy results that you browse in a similar manner to using the Group Policy Management Editor?
Logging
d. Logging into servers that are marked as "Down" in Server Manager
Logging into older Windows OSs or using older Windows applications
What could you use to make user policy settings be based on the GPO within whose scope the computer object falls?
Loopback policy processing
A(n) _____ file is a collection of files packaged into a single file and contains the instructions Windows Installer needs to install the application correctly.
MSI
d. Maximum tolerance for computer
Maximum lifetime for service ticket
d. distribution group with global scope
NOT distribution group with global scope
d. instance name
NOT service protocol name
Within the Computer Configuration node, what folder can be used to change settings related to the Background Intelligent Transfer Service, DNS settings, and offline files configuration?
Network
If the Windows Firewall is enabled, how are rules applied when multiple network connections are available?
Network Location Awareness
What PowerShell cmdlet will link a GPO to a site, domain or OU?
New-GPLink
By default, replication between DCs when no changes have occurred is scheduled to happen how often?
Once per hour
What nodes or folders does a Starter GPO contain?
Only Administrative Templates folder in both Computer Configuration and User Configuration
d. The global catalog facilitates domain log ons between forests
Only one global catalog exists per forest
An administrator has received a call indicating that user logons are no longer being accepted within a single domain in the forest. What FSMO role should be investigated?
PDC emulator
The RID master FSMO role is ideally placed on the same server as what other role?
PDC emulator
d. Domain naming master
PDC emulator master
Fine-grained password policies are created by defining a...
Password Settings Object
Select below the policy permission that grants a user or group the ability to use the GPO Modeling Wizard on a target container.
Perform Group Policy Modeling Analyses
Select below the policy permission that grants a user or group the ability to use the GPO Modeling Wizard on a target container.
Perform Group Policy Modeling analyses
Select below the policy permission that grants a user or group the ability to use the GPO Modeling Wizard on a target container:
Perform Group Policy Modeling analyses
Which tab in the Group Policy Results window shows all events in Event Viewer that are generated by group policies, and can be used to view the relevant information on a remote computer?
Policy Events
Within the Security Configuration and Analysis snap-in, what does an exclamation point in a white circle indicate?
Policy doesn't exist on the computer
Within the Security Configuration and Analysis snap-in, what does an exclamation point in a white circle indicate?
Policy doesn't exist on the computer.
Which tab in the Group Policy Results window shows all events in Event Viewer that are generated by group policies, and can be used to view the relevant information on a remote computer?
Policy events
Which tab in the Group Policy Results window shows all log entries that are related to and generated by group policies, and can be used to view the relevant information on a remote computer?
Policy events
When creating a new rule type in the New Inbound (or Outbound) rule Wizard, what rule type can be used for built-in Windows services?
Predefined
What RFC defines the DNS resource record types?
RFC 1183
What permission is given to the Enterprise Domain Controllers universal group on all GPOs by default, and grants permission to view settings and back up a GPO ?
Read
What permission is given to the Enterprise Domain Controllers universal group on all GPOs by default, and grants permission to view settings and back up a GPO?
Read
What is the name for a domain controller on which changes can't be written?
Read only domain controller
What is the name of a domain controller on which changes can't be written?
Read only domain controller
What is the name of a DC on which changes can't be written?
Read-Only Domain Controller
The _____________ cmdlet within PowerShell can be used to rename an object in Active Directory.
Rename-ADObject
Timestamps within Kerberos are used to help guard against what type of attack?
Replay Attack
What policy allows an administrator to control the membership of both domain groups and local groups on member computers?
Restricted Groups
d. Restricted Groups
Restricted Groups
What policy allows an administrator to control the membership of both domain groups and local groups on member computers?
Restricted groups
A ____________ contains PTR records that map IP addresses to names and is named after the IP network address of the computers whose records it contains.
Reverse Lookup Zone
What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data?
SYSVOL
If a central store for policy definition files has been created, where should the PolicyDefinitions folder reside?
SYSVOL folder
d. SYSVOL folder
SYSVOL folder
d. System folder
SYSVOL folder
An administrator has attempted to change the forest functional level, but the attemps failed due to the failure of an FSMO role. Which FSMO role should be investigated?
Schema master
An administrator has attempted to change the forest functional level, but the attempt failed due to the failure of an FSMO role. Which FSMO role should be investigated?
Schema master
Which of the following is a series of commands saved in a text file to be repeated easily at any time ?
Script
Which of the following is a series of commands saved in a text file to be repeated easily at any time?
Script
The __________ command can be used to perform many of the same functions as the Security Configuration and Analysis snap-in, and can be used in conjunction with batch files and scripts to automate work with security templates.
Secedit.exe
d. Local Administrator Account
Security Accounts Manager
A local account is stored in the __________________ database on the local computer.
Security Accounts Manager (SAM)
Which of the following are text files with a .inf extension that contain information for defining policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO?
Security Templates
What are the two different types of GPO filtering?
Security filtering and WMI filtering
Which of the following are text files with a .inf extension that contain information for defining policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO?
Security templates
d. Policies templates
Security templates
When a client computer wants to connect to a service instance, what specific name type does it use to find the service?
Service Principal name
Which PowerShell cmdlet below can be used to set permissions for a security principal to a GPO or to all GPOs?
Set-GPPermission
Which Powershell cmdlet below can be used to set permissions for security principal to a GPO or to all GPOs?
Set-GPPermission
In the User Configuration node, where can policies that determine whether a user can publish DFS root folders in Active Directory?
Shared Folders
d. System
Shared Folders
If the slow link detection policy is set at 0, what does this indicate?
Slow link detection is disabled
If the slow link detection policy is set to 0, what does this indicate?
Slow link detection is disabled
Which policy below requires sychronous processing to ensure a consistent computing environment?
Software installation policies
In the Computer Configuration node, what folder contains policies than can be used to affect general computer system operation settings, such as disk quotas and group policy processing?
System
What Security Settings Policy Manages the startup mode and security settings of services on target computers?
System Services
What Security Settings Policy manages the startup mode and security settings of services on target computers?
System Services
What Security Settings policy manages the startup mode and security settings of services on target computers?
System Services
d. Security Services
System Services
A delegated installation allows a domain administrator to create the RODC computer account in Active Directory, so a that a regular user can perform the installation at a later time.
T
A loopback policy can be used to change user policy settings based on the GPO within whose scope a computer object falls.
T
A migration table is a list of security principals and UNC paths in a GPO that can be mapped to the security principals and UNC paths in the destination domain.
T
An Active Directory snapshot is a replica of the Active Directory database at a specific moment.
T
Authentication efficiency, replication efficiency, and application efficiency are the three main reasons for establishing multiple sites
T
GPO enforcement is configured on a GPO, not on an Active Directory container.
T
GPOs set at the domain level should contain settings that you want to apply to all objects in the domain.
T
If you want to create a security template using a baseline of settings from an existing desktop computer or server, you can begin by opening secpol.msc.
T
When working with policies in the Security Configuration and Analysis snap-in, what does an X in a red circle indicate?
Template Policy and Current Computer policy dont match
A policy setting within the Security Configuration and Analysis snap-in with a question mark in a white circle indicates which option below?
Template policy and current computer policy don't match
When working with policies in the Security Configuration and Analysis snap-in, what does an X in a red circle mean?
Template policy and current computer policy don't match
d. The message is considered valid, but an alert is generated for an administrator
The Kerberos message is considered invalid
d. The Logon Hours forces a user to log off during "Logon denied" periods
The Logon Hours can't be used to disconnect a user that is already logged in
d. The domain structure must provide easy management capabilities
The domain structure must be able to utilize different name identities
The responsible person section of an SOA record contains what information?
The e-mail address of the responsible person
What GPO policy will take precedence over all other GPO policies when they are being applied?
The last policy applied takes precedence
d. The resource must have proper permissions set for ComputerName$, where ComputerName is the name of the computer attempting to access the resource.
The resource must have proper permissions set for ComputerName$, where ComputerName is the name of the computer attempting to access the resource.
After running the Security Configuration and Analysis snap-in with a template, what does a check mark in a green circle mean?
The template policy and current computer policy are the same
d. The policy is available and current
The template policy and current computer policy are the same
After running the Security Configuration and Analysis snap-in with a template, what does an "X" in a red circle on a template policy indicate?
The template policy and current computer policy do not match
After running the Security Configuration and Analysis snap-in with a template, what does an "X" in a red circle on a template policy indicate?
The template policy and current computer policy do not match
Approximately 42 days after a service was configured to use a normal user account, the service has stopped working and refuses to run. An administrator has verified that the account still exists on the domain. Assuming default domain policy settings, what could be the issue
The user account password Expired
How is a Computer's Designated Site determined, such that the Computer is given a Domain Controller to request services from within the same site?
Through Subnets added to the site.
How is a computer's designated site determined, such that the computer is give a domain controller to request services from within the same site?
Through subnets added to the site
During garbage collection, what setting controls how long deleted objects remain within the database before such objects are completely removed?
Tombstone lifetime
A delegated installation allows a domain administrator to create the RODC computer account in Active Directory, so that a regular user can perform the installation at a later time
True
The Restricted Groups Policy, under security settings, controls group membership for both domain groups and local SAM groups
True
The Restricted Groups policy, under Security Settings, Controls group membership for both domain groups and local SAM groups
True
User Account Control policies determine what happens on a computer when a user attempts to perform an action that requires elevation.
True
You can configure a firewall with the Group Policy tool or on a client computer.
True
How can the output of a command be redirected to a file instead of being displayed on screen?
Type the > character followed by the file name at the end of the command
What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's change by another policy or manually?
Unmanaged policy setting
What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy manually?
Unmanaged policy setting
What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy or manually?
Unmanaged policy setting
d. Unmanaged policy setting
Unmanaged policy setting
What is the easiest way to make policies in a new new branch office similar to those already in place?
Use GPO migration by adding the domains with the policies you want to GMPC, and then copy and paste them.
d. Use the Disable-ADAccount cmdlet
Use the dsmod user command
The _____________ policies determine what happens on a computer when a user attempts to perform an action that requires elevation.
User Account Control
Which of the following uses queries to select a group of computers based on certain attributes, and then applies or doesn't apply policies based on the query's results?
WMI filerting
When DNS forwarders or conditional forwarders are configured, what order will a Windows DNS server use to attempt to resolve DNS queries?
When DNS forwarders or conditional forwarders are configured, what order will a Windows DNS server use to attempt to resolve DNS queries?
What folder within the Computer Configuration node contains settings related to Event Viewer, File Explorer, Windows PowerShell, and Windows Update?
Windows Components
d. Windows Server 2012 or higher
Windows Server 2008 R2 or higher
What subnode under Security Settings applies to wireless network policies?
Wireless Network (IEEE 802.11) Policies
What is the difference between a managed policy setting and an unmanaged policy setting?
a managed policy setting is applied to a user or computer when the object is in the scope of the GPO containing the setting. An unmanaged policy setting is persistent, meaning it remains even after the computer or user object falls out of the GPO's scope until it is changed by another policy or manually.
These XML format text files define policies in the Administrative Templates folder ina GPO.
administrative template files
Although the hosts file is no longer used for localhost name resolution, what else can the hosts file be used for?
as a sort of web filter
What type of application can be installed automatically when the user logs on to a computer in the domain?
assigned
What is the potential security risk of utilizing a naming standard for user accounts?
attackers can guess usernames easily and gain unauthorized access to the network
How can an administrator remove all audit policy subcategories so that auditing is controlled only by Group Policy?
auditpol /clear
d. auditpol /remove
auditpol /clear
What tool within Windows Server 2012/R2 must be used in order to change the default auditing settings?
auditpol.exe
What tool within Windows Server 2012/R2 must be used in order to change the default auditing settings?
auditpol.exe
A DNS server that holds a complete copy of a zone's resource records (typically a primary or secondary zone)
authoritative server
Which of the answers below is not a valid scripting language supported by Scripts (Startup/Shutdown) subnode.
bash scripts
Why might an organization want a single DNS server to make all external queries?
because network security can be enhanced by limiting exposure to the internet. Because a single server is making all the queries to internet domains, overall DNS performance can be enhanced because the server builds an extensive cache of internet names
A DNS server with no zones. Its sole job is to field DNS queries, do recursive lookups to root servers, or send requests to forwarders, and then cache the results.
cachine-only DNS server
What components make up an object's distinguished name (DN)?
common name; common name; organizational unit; domain component
An Active Directory object that usually represents a person for informational purposes only, much like an address book entry.
contact
d. automatic
custom
What command below can be used to reset the default GPOs to their original settings?
dcgpofix
The process of a user with higher security privileges assigning authority to perform certain tasks to a user with lesser security privileges.
delegation of control
d. delegation of control
delegation of control
What are the two different ways that responsibility for an OU can be delegated to a non-administrator user?
delegation of control wizard or AD users and computers
Network zone
developer
Which of the following is not one of the four different ways an application can be designated as an exception to a Software Restriction Policy?
developer
d. partition
directory service
A group type used when you want to group users together, mainly for sending e-mails to several people at once with an Active Directory integrated e-mail application, such as Mcirsoft Exchange.
distribution group
Group Policy Objects stored in Active Directory on domain controllers.
domain GPOs
Group Policy Objects stored in Active Directory on domain controllers. They can be linked to a site, a domain, or an OU and affect users and computers whose accounts are stored in these containers.
domain GPOs
A group scope that's the main security principal recommended for assigning rights and permissions to domain resources
domain local group
A process that occurs when a user attempts to perform an action requiring administrative rights and is prompted to enter credentials
elevation
How often does garbage collection run on a DC?
every 12 hours
Local GPOs can affect all computers within a local domain.
false
The Microsoft best practice recommendation is to modify the two default GPOs in a domain for making password policy changes.
false
The security configuration and analysis Snap-in can not be used to apply a security template to a computer/
false
The use of WINS forward lookup is enabled by default.
false
What are the two flexible single master operation (FSMO) roles? (Choose all that apply.)
forest wide, domain wide
A DNS server to which other DNS servers send requests they can't resolve themselves.
forwarder
d. database
global catalog
A group scope used mainly to group users from the same domain who have similar access and rights requirements.
global group
An A record used to resolve the name in an NS record to its IP address.
glue A record
What command can be used to perform tasks similar to those in Group Policy Results Wizard and the Resultant Set of Policy snap-in?
gpresults
d. gpupdate /refresh
gpupdate /force
d. application service account
group managed service account
A GPO component that's an Active Directory object stored in the System\Policies folder.
group policy container (GPC)
A GPO component that's stored as a set of files in the SYSVOL share.
group policy template (GPT)
The _____________ determines the reach of a group's application in a domain or forest: which security principals in a forest can be group members and to which forest resources a group can be assigned rights or permissions.
group scope
d. multimaster
intrasite
In the New Connection Security Rule Wizard, which connection security rule restricts connections based on authentication criteria, such as domain membership or health status?
isolation
When creating a custom Applocker rule, how does the file hash option work?
it creates a rule for an unsigned application
If a GPO's link status is "disabled", what affect does this have on the GPO?
it disables the policy for the users in the domain who are in the scope of the GPO
A Group Policy Object that's stored on local computers and can be edited by the Group Policy Object Editor snap-in.
local GPOs
A group created in the local SAM database on a member server or workstation or a stand-alone computer
local group
d. local, site, OU, domain
local, site, domain, OU
A type of group policy setting whereby the setting on the user or computer account reverts to its original state when the object is no longer in the scope of the GPO containing the setting.
managed policy setting
What type of replication scheme does Active Directory use to synchronize copies of most information in the Active Directory database?
multimaster
d. nesting
nesting
A Windows feature for configuring each network connection on your computer with on of three settings, called profiles: Domain Profile, Private Profile, and Public profile.
network location awareness
Within the NTDS folder, which file stores the main Active Directory database?
ntds.dit
Using ______________, a computer joining the domain doesn't have to be connected to the network when the join occurs.
offline domain join
d. linked password settings
password settings object
Sending the output of one command as input to another command
piping
A DNS zone containing a read/write master copy of all resource records for the zone; this zone is authoritative for the zone.
primary zone
Of the three different zone types, what type of zone contains a read/write master copy of all resource records for the zone?
primary zone
An internal DNS server with a forward lookup zone named "." is configured as a ___________.
root server
___________ load balancing using DNS works by creating two A records with the same hostname, but different IP addresses, which point any queries for the hostname to multiple hosts running the same service.
round robin
What command can be used to convert an XML policy file into a GPO?
scwcmd.exe
A DNS zone containing a read-only copy of all resource records for the zone.
secondary zone
Which of the following uses permissions to restrict objects from accessing a GPO?
security filtering
A group type that's the main Active Directory object administrators use to manage network resource access and grant rights to users.
security groups
Which of the following are text files with a .inf extension that contain information for defining policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO?
security templates
In the New Connection Security Rule Wizard, what option can be used to set up a rule that requires authentication between two computers, between IP subnets, or between a specific computer and a group of computers in a subnet?
server-to-server
OU-linked policies are applied last so they take precedence over which policies? (Choose all that apply.)
site
When a user leaves a company, why is it preferable to disable the user rather than delete the user?
so that all the user's files are still accessible and all group memberships are maintained
Select the RODC installation type where the domain administrator creates the RODC computer account in Active Directory, and then a regular user can perform the installation at a later time.
staged installation
A GPO template that can be used as a baseline for creating new GPOs, much like user account templates.
starter GPO
A DNS zone containing a read-only copy of only the zone's SOA and NS records and the necessary A records to resolve NS records.
stub zone
If a user is created without a password and the domain's password policy requires a non-blank password, what is the result?
the user account is disabled
What is a conditional forwarder used for?
they are used to resolve IP addresses to the FQDN for DNS servers that are authoritative.
What does a NS record specify?
they specify FQDNs and IP addresses of authoritative server for zone
How are Group Policy Objects linked to Active Directory?
through AD containers
d. session stamp
timestamp
A zone that is not integrated into Active Directory is referred to as a standard zone, and the zone data is stored in a text file.
true
DNS recursion is enabled on Windows DNS servers by default.
true
DNS servers maintain a database of information that contains zones.
true
GPOs linked to a site object can facilitate IP address based policy settings.
true
Information within an OU can be hidden using permissions, and administration of an OU can be delegated to a non-administrative account.
true
Using a "Deny Read" permission on a GPO enables the creation of an exception to normal GPO processing.
true
When creating a new user, the "User must change password at next logon" option is enabled by default.
true
A Group Policy Container (GPC) stores GPO properties and status information, but no actual policy settings.
true
d. schema
trust relationship
A group scope that can contain users from any domain in the forest and be assigned permission to resources in any domain in the forest
universal group
When utilizing roaming profiles, what should be done to minimize logon/logoff delays and reduce bandwidth used by uploading / downloading profile data?
use folder redirection
d. cloned user
user template
A userr account that's copied to create users with common attributes
user template
How can an administrator initiate a system state recovery using the command line?
wbadmin start systemstaterecovery
Which option below is not one of the three main methods for cleaning up metadata?
wbsadmin.exe
A GPO filtering method that uses Windows Management Instrumentation (WMI), a Windows technology for gathering management information about computers.
wmi filtering
An operation that copies all or part of a zone from one DNS server to another and occurs as the result of a secondary server requesting the transfer from another server.
zone transfer
The hosts file is contained within what directory in Windows?
%systemroot%\System32\drivers\etc
By default, the Windows password policy requires a minimum password of what length?
7 characters
A valid comma separated value file that can be imported using csvde must have what option below on the first line?
A header record
What special identity group is used when a user accesses an FTP server that doesn't require user account logon?
Anonymous logon
Which special identity group specifically includes any user account (except the Guest) logged into a computer or domain with a valid username and password?
Authenticated Users
A user's profile is stored in what directory on a local computer by default?
C:\Users
What Active Directory replication method makes use of remote differential compression (RDC)?
Distributed File System Replication (DFSR)
What is the most typically used group type conversion?
Distribution group -> security group
Which of the following options can an administrator enable to improve DNS security?
Do not allow dynamic updates
Select below the built-in group that facilitates anonymous access to web resources by Internet Information Services
IIS_IUSRS
Remote computers attempting to connect to the local computer are examples of what type of connection?
Inbound connections
Who is responsible for the management of the Internet root servers?
Internet Assigned Numbers Authority (IANA)
What is a downlevel user logon name used for?
Logging into older Windows OSs or using older Windows applications
Under the Computer Configuration of a GPO, what folder within the "Windows Settings" folder contains policies that can be used to manage network bandwidth use?
Policy-based QoS
Which of the following statements is not true regarding the built-in Administrator account?
The Administrator account can't be renamed, but it can be deleted.
Which of the following statements is true regarding the built-in Guest account?
The Guest account should be renamed if it will be used
Logon hours can be set for specific days of the month, as well as holidays
The Logon Hours can't be used to disconnect a user that has already logged in
In a zone's Properties dialog box, what option is unavailable under Dynamic updates for only standard zones?
The Secure only option
After a template account has been created, what can be done to ensure that the template account does not pose a security risk?
The account should be disabled
How can an administrator enable or disable accounts using the command line?
Use the dsmod user command
When creating a new user, the "User cannot change password" option can't be used in conjunction with what other option?
User must change password at next logon
What is the difference between static and dynamic DNS records?
What is the difference between static and dynamic DNS records?
How can an administrator remove all audit policy subcategories so that auditing is controlled only by Group Policy?
auditpol /clear
Which Windows command line utility below can be used to check for resource records on a server, verify delegations, verify resource records needed for AD replication, and perform e-mail connectivity tests?
dnslint
A valid reverse lookup zone consists of the network ID's octets in reverse order, with what at the end of the name?
in-addr.arpa
Where can all ADMX and ADML files be found on a Windows Server 2008 or Vista and later computer?
%systemroot%\PolicyDefinitions
The folders containing Group Policy Templates (GPTs) can be found under what folder on a domain controller?
%systemroot%\SYSVOL\sysvol\domain\Policies
What Active Directory replication method makes use of remote differential compression (RDC)?
**Advanced System Replication (ASR)
Which of the following are text files with a .inf extension that contain information for defining policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO?
**Configuration templates
If a domain consists of DCs that are running versions of Windows Server earlier than Windows Server 2008, what replication method is used?
**Distributed File System Replication (DFSR)
What command below can be used to reset the default GPOs to their original settings?
**dcrevertgpo **dcgporeset
What type of replication scheme does Active Directory use to synchronize copies of most information in the Active Directory database?
**domain-wide **flexible single master
When a GPO is linked to a site object, what will be affected?
All users and computers physically located at the site
Which server role below cannot be installed on a domain controller that will be cloned?
DHCP
Which of the following is not one of the criteria that can be used within an administrative templates filter?
Enable Action Filters
A GPO component that's an Active Directory object stored in the System\Policies folder. It stores GPO properties and status information but no actual policy settings.
Group Policy Container (GPC)
What is used to identify all objects in a domain?
SID
Because the GPC and GPT use different replication methods, they can become out of sync.
TRUE
A domain controller clone is a replica of an existing DC.
True
A loopback policy can be used to change user policy settings based on the GPO within whose scope a computer object falls.
True
A migration table is a list of security principals and UNC paths in a GPO that can be mapped to the security principals and UNC paths in the destination domain.
True
Authentication efficiency, replication efficiency, and application efficiency are the three main reasons for establishing multiple sites.
True
Before you can install an RODC, the forest functional level must be at least Windows Server 2003.
True
Local GPOs are edited with the gpedit.msc tool.
True
What Security Settings policy manages the startup mode and security settings of services on target computers?
**Security Services **Restricted Services
Under the Computer Configuration, which folder contains settings related to the Regional and Language Options, User Accounts, and Personalization options?
**System
If a central store for policy definition files has been created, where should the PolicyDefinitions folder reside?
**System32 folder
What are the two flexible single master operation (FSMO) roles? (Choose all that apply.)
**Systemwide **Objectwide
Within the Security Configuration and Analysis snap-in, what does an exclamation point in a white circle indicate?
**Template policy and local policy don't match **Template policy and computer policy are the same
What does the /target option do when used with the gpupdate command?
**The option can be used to specify a remote computer to force policy updates
How can an administrator remove all audit policy subcategories so that auditing is controlled only by Group Policy?
**auditpol /remove
Which of the following are ways to change default GPO inheritance? (Choose all that apply.)
**blocking enforcement **GPO enforcement
Which option below is not one of the three main methods for cleaning up metadata?
**ntdsutil.exe
What type of application can be installed automatically when the user logs on to a computer in the domain?
**published **selected
Which of the following manages adding, removing, and renaming domains in the forest?
**schema master
What tool within Windows Server 2016 must be used in order to change the default auditing settings?
**secpol.exe
Select the RODC installation type where the domain administrator creates the RODC computer account in Active Directory, and then a regular user can perform the installation at a later time.
**selected installation **deferred installation
By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely?
180 days
With universal group membership caching, how often is the cached information on group membership refreshed?
Every 8 hours
To find a full list of policies and preferences that can have background processing disabled, where should you look?
**Computer Configuration\Policies\Administrative Templates\Group Policy **User Configuration\Policies\Administrative Templates\System\Group Policy
Settings in the Computer Configuration node of Administrative Templates will impact which registry key below?
**HKEY_CURRENT_USER
What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy or manually?
**Managed policy setting
What option under the folder redirection settings redirects everyone's folder to the same location?
**Open
Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those objects in other domains?
**PDC emulator
What DC is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?
**RID Master **schema master
What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data?
**Root
Select the FSMO role that is required to be online to facilitate the addition or removal of a domain controller:
**Schema master
The option to turn off background processing is not available for which type of policy below?
**Scripts processing **Disk quota
The account lockout threshold contains a value between 0 and 1,000 that determines how many times a user's password can be entered incorrectly before the user's password must be reset by an administrator.
FALSE
A site bridge is needed to connect two or more sites for replication.
False
Active Directory metadata describes the actual Active Directory data, not the Active Directory database.
False
Administrative template files are in HTML format, using the .admx extension.
False
By default, subnets are created in Active Directory Sites and Services
False
When you back up a GPO, the policy settings are backed up, but not the security filtering settings, delegation settings, and WMI filter links.
False
An administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated?
PDC emulator
You can see a GPO's DACL in Active Directory Users and Computers in the System\Policies folder.
True
What PowerShell cmdlet will allow an administrator to check for software that is incompatible with the cloning process?
Get-ADDCCloningExcludedApplicationList
What command can be used to cause a group policy refresh remotely on Windows Vista and later clients?
Invoke-GPUpdate
What is a major drawback to enabling the auditing of object access?
Involves considerable overhead
Which of these is not a new GPO in Windows Vista and Server 2008?
Local Computers GPO
d. trusted delegation
constrained delegation
Which of the following manages adding, removing, and renaming domains in the forest?
domain naming master
d. dsmod
dsquery
Computers can utilize _____________ to register or update their own DNS records, or DHCP can update DNS on behalf of the clients when the clients lease a new IP address.
dynamic DNS (DDNS)
What holds the log of Active Directory transactions or changes?
edb.log
Settings in local GPOs that are inherited from domain GPOs can't be changed on the local computer; only settings that are undefined or not configured by domain GPOs can be edited locally.
TRUE
When working with policies in the Security Configuration and Analysis snap-in, what does an X in a red circle indicate?
Template policy and current computer policy don't match
How is a computer's designated site determined, such that the computer is given a domain controller to request services from within the same site?
Through subnets added to the site
Command scripts are just a series of commands saved in a file with a .bat extension.
True
GPO enforcement is configured on a GPO, not on an Active Directory container.
True
If you want to create a security template using a baseline of settings from an existing desktop computer or server, you can begin by opening secpol.msc.
True
The Group Policy Results wizard will show administrators which policy settings apply only to a user, computer, or both.
True
The folders containing Group Policy Templates (GPTs) can be found under what folder on a domain controller?
**%systemroot%\domain\Policies
An administrative template file using what file extension provides a language specific user interface in the Group Policy Management Editor?
**.admx
The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon?
**/full **/wait
By default, how many previous logons are cached locally to a computer?
**5
How often does garbage collection run on a DC?
**6 hours
Each Group Policy Object is assigned a globally unique identifier (GUID) of what length?
**64 bits **32 bits
To increase security of data stored on an RODC, what can be configured to specify domain objects that aren't replicated to RODCs?
**Bridgehead server
What policy setting can be used to force synchronous processing?
**Change Group Policy processing to run asynchronously when a slow network connection is detected
Which PowerShell cmdlet below can be used to set permissions for a security principal to a GPO or to all GPOs?
**Chmod-GPO
What policy allows an administrator to control the membership of both domain groups and local groups on member computers?
**Domain Groups
A published application is installed automatically.
FALSE
The Security Configuration and Analysis Snap-in can not be used to apply a security template to a computer.
False
A slow link, by default, is a network connection that's less than which of the following?
**500 Mbps
What assigned value represents the bandwidth of the connection between sites?
cost
Which of the following is a series of commands saved in a text file to be repeated easily at any time?
script
