70-411 - Week 4 Final Exam
What is the default setting for password history? 6 10 16 24
24 Response Feedback: The enforce password history setting defines the number of unique, new passwords that must be associated with a user account before an old password can be reused. The default setting is 24 previous passwords.
By default, which of the following represents the maximum amount of time by which a computer's internal clock can be inaccurate yet still be able to use Kerberos authentication? 30 seconds 1 minute 5 minutes 8 minutes
5 minutes Response Feedback: In Windows Server 2012 R2, the maximum tolerance for computer clock synchronization determines the maximum time difference (in minutes) that the Kerberos V5 protocol tolerates between the time on the client clock and the time on the domain controller that provides Kerberos authentication. The default is 5 minutes.
What is the default timeout value for GPOs to process on system startup? 60 seconds 120 seconds 300 seconds 600 seconds
600 seconds Response Feedback: Computer configuration settings are applied synchronously (one by one) during computer startup before the user sees the Logon dialog box. If any startup scripts are configured through GPOs, they are processed synchronously and have a default timeout of 600 seconds (10 minutes) to complete.
When reading events in the Event Viewer, you need to recognize the designated levels or classifications. What is the definition for the Information level? An issue has occurred that can impact service or result in a more serious problem if action is not taken. A failure has occurred from which the application or component that triggered the event cannot automatically recover. A problem has occurred that might impact functionality that is external to the application or component that triggered the event. A change in an application or component has occurred (such as an operation has successfully completed, a resource has been created, or a service started).
A change in an application or component has occurred (such as an operation has successfully completed, a resource has been created, or a service started). Response Feedback: The Information level indicates that a change in an application or component has occurred (such as an operation has successfully completed, a resource has been created, or a service started).
By default, to which computer group are computers assigned in WSUS? All Computers All Clients All Systems Default
All Computers Response Feedback: By default, each computer is always assigned to the All Computers group.
Normally, preferences are refreshed at the same interval as Group Policy settings. If this option is selected, this option will be applied only once on logon or startup. Stop processing items in this extension if an error occurs. Run in logged-on user's security context. Apply once and do not reapply. Use item-level targeting.
Apply once and do not reapply. Response Feedback: Normally, preferences are refreshed at the same interval as Group Policy settings. If the Apply once and do not reapply option is selected, this option will be applied only once on logon or startup.
Windows Installer cannot install .exe files. To distribute a software package that installs with an .exe file, what must you do to it? Convert it to a ZIP file Convert it to an MSI file Convert it to an MSP file Convert it to an MST file
Convert it to an MSI file Response Feedback: Windows Installer cannot install .exe files. To distribute a software package that installs with an .exe file, you must convert the .exe file to an .msi file by using a third-party utility.
What is the most efficient way to deploy VPN (virtual private network) configurations to hundreds of users? Create and distribute a document that explains all the settings. Create and distribute an executable file that contains all the settings. Configure all the client systems manually. Have the users bring in their systems individually for configuration.
Create and distribute an executable file that contains all the settings. Response Feedback: Configuring multiple clients to connect to a remote server can require a lot of work and you can easily make an error. To help simplify administration of the VPN client into an easy-to-install executable, you can use the RAS Connection Manager Administration Kit (CMAK), which can also be installed as a feature in Windows Server 2012. After an executable file is created that includes all the VPN settings, the executable file is deployed on the client computers.
To give someone permission to manage a particular GPO, you use the __________ tab of the individual GPO. Permissions Security Delegate Settings
Delegate Response Feedback: To give someone permission to manage a particular GPO, you use the Delegate tab of the individual GPO.
Network Access Policy is part of which larger scope NPS policy? Connection request Network Health Realm
Health Response Feedback: Health policies establish one or more system health validators (SHVs) and other settings that enable you to define client computer configuration requirements for computers capable of Network Access Policy (NAP) that attempt to connect to your network. Health policies are used only with NAP.
What function does the CSVDE tool perform? It decrypts and encrypts Active Directory information. It exports/imports Active Directory information. It exports/imports data from Event Viewer. It extracts Event Viewer information into CSV files.
It exports/imports Active Directory information. Response Feedback: The CSVDE command-line tool exports or imports Active Directory Domain Services (AD DS) objects to or from a comma-delimited text file (also known as a comma-separated value text file or .csv file).
Why would you use multicasting for WDS? It supports IPv6 and DHCPv6. It decreases deployment time. It requires less space on the client system. It minimizes network traffic.
It minimizes network traffic. Response Feedback: Multicast allows you to use one set of packets to install operating systems on multiple computers simultaneously. As a result, you minimize network traffic.
In which order are Group Policy objects (GPOs) processed? Local group policy, Site, Domain, User OU, Domain, Site, Local group policy Local security policy, Site, Domain, OU Local group policy, Site, Domain, OU
Local group policy, site, Domain, OU Response Feedback: GPOs are processed in the following order: Local group policy, Site, Domain, and OU.
Why would auditing include logon and logoff times? These are simply default audit types for accounts. Logon and logoff times can help track user's work hours. Logon and logoff times can help pinpoint who was logged on during a failure. Logon and logoff events can track system usage for capacity planning.
Logon and logoff times can help pinpoint who was logged on during a failure. Response Feedback: During critical troubleshooting episodes, knowing who, if anyone, was logged on to a system is valuable. If a user or administrator caused the outage, it's easier to remedy by reversing what was done that to continue with standard trial-and-error exercises.
Which of the following is the format for a virtual account used with Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? domainname\servicename computername\servicename NT Service\servicename NT Service\servicename$
NT Service\servicename Response Feedback: A virtual account is an account that emulates a Network Service account that has the name NT Service\servicename. The virtual account has simplified service administration, including automatic password management, and simplified SPN management.
The default connection request policy uses NPS as what kind of server? DNS Active Domain controller RRAS RADIUS
RADIUS Response Feedback: The default connection request policy uses NPS as a RADIUS server. If you do not want the NPS server to act as a RADIUS server and process connection requests locally, you can delete the default connection request policy.
Which Windows extension allows you to copy registry settings and apply them to other computers' create, replace, or delete registry settings? Applications Environment Files Registry
Registry Response Feedback: The Registry Extension copies registry settings and applies them to the create, replace, or delete registry settings of other computers.
What utility do you use to configure DirectAccess? DNS Console Active Directory Console Remote Access Management Console DirectAccess Console
Remote Access Management Console Response Feedback: To configure DirectAccess itself, you use the Remote Access Management console, which enables you to configure DirectAccess using a visual step-by-step wizard or wizards.
The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /remove /user:username command. Delete the per-user audit policy for all users, reset or disable the system audit policy for all subcategories, and then set the audit policies settings to disable. Remove the per-user audit policy for a single user's account. Remove the per-user audit policy for all users. Show an authoritative report on what audit settings are being applied
Remove the per-user audit policy for a single user's account. Response Feedback: To remove the per-user audit policy for the jsmith account, perform the following command: auditpol.exe /remove /user:jsmith.
What types of tasks can you add to events? Start a program, send an instant message, and display a message. Send a beep to the computer speakers, send an instant message, and display a message. Send an email, send an instant message, and display a message. Send an email, start a program, and display a message.
Send an email, start a program, and display a message. Response Feedback: When adding a task to an event, you add the task action on the Action page by choosing to start a program, send an e-mail, or display a message.
What are MST files used for? They deploy customized software installation files They are template files for software packages They are custom patch files They specialize in software installation test files
They deploy customized software installation files Response Feedback: MSI Transform files are used to deploy customized MSI files.
What is the proper procedure for removing a domain controller from Active Directory? Shut down the domain controller and manually remove it from AD. Use dcdemo to demote the domain controller. Uninstall Active Directory Domain Services. Enter the DSRM and delete Active Directory.
Uninstall Active Directory Domain Services. Response Feedback: To retire a domain controller, the proper method to demote a domain controller is to remove AD DS. However, if the demotion fails or the server itself fails where you cannot recover the system, you need to clean up the metadata, which means you must manually remove the domain controller from Active Directory.
Beginning with which server version can you safely deploy domain controllers in a virtual machine? Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012
Windows Server 2012 Response Feedback: Starting with Windows Server 2012, you can safely virtualize a domain controller and rapidly deploy virtual domain controllers through cloning.
Which node allows you to configure settings such as Name Resolution Policy, Security Settings, and Policy-Based QoS nodes? Software Settings Windows Settings Computer Configuration User Configuration
Windows Settings Response Feedback: The Windows Settings node allows you to configure Windows settings, including Name Resolution Policy, Scripts (Startup/Shutdown), Security Settings, and Policy-Based QoS (Quality of Service) nodes.
Why would you set up a monitor-only NAP policy on your network? You don't want to force updates, which may include reboots, on client computers. You are testing your NAP rollout before implementation. You want to track compliance but not enforce it. You are afraid that enforcement would violate privacy.
You are testing your NAP rollout before implementation. Response Feedback: Typically, you use a monitor-only policy when you first implement NAP so that you can test the implementation to verify which computers are blocked and which are granted access to the production network by viewing the security logs in the Event Viewer on the NAP server.
You can use FSRM to create several different types of storage reports that show the state of server volumes and anyone who exceeds the quotas or uses files that aren't allowed. What does a Least Recently Accessed Files storage report show? a list of files sorted by selected file groups defined with FSRM a list of files that have not been accessed for a specified number of days a list of quotas that exceed a specified percentage of the storage limit a list of files that are the same size and have the same last modified date
a list of files that have not been accessed for a specified number of days Response Feedback: The Least Recently Accessed Files storage report lists files that have not been accessed for a specified number of days.
Round-robin DNS is a term that refers to what kind of distribution mechanism for DNS responses to queries? limited time to live balanced cached priority weighted
balanced Response Feedback: Round robin is a DNS balancing mechanism that distributes network load among multiple servers by rotating resource records retrieved from a DNS server.
What process grants permissions to other users to manage group policies? Group Policy Container (GPC) Group Policy Template (GPT) migration table delegation
delegation Response Feedback: In Active Directory, domain administrators are automatically granted permissions for performing Group Policy Management tasks. If you need to give other users permissions to manage group policies, you grant those permissions through delegation.
Which domain users are automatically granted permissions to perform Group Policy Management tasks? local administrators power users domain administrators domain users
domain administrators Response Feedback: In Active Directory, domain administrators are automatically granted permissions for performing Group Policy Management tasks.
What is the secpol.msc utility used for? editing group policies editing local security policies editing global security policies editing domain-level policies
editing local security policies Response Feedback: The easiest method to access the account policies is to execute secpol.msc from a command prompt to open the Local Security Policy.
This setting defines the number of unique, new passwords that must be associated with a user account before an old password can be reused. enforce password history maximum password age minimum password length complexity requirements
enforce password history Response Feedback: The enforce password history setting defines the number of unique, new passwords that must be associated with a user account before an old password can be reused.
What is the key difference between preferences and policy settings? deployment enforcement staging refresh interval
enforcement Response Feedback: The key difference between preferences and policy settings is enforcement.
Some exemptions might be required for certain groups to store otherwise restricted file types. What type of exemption can you set up on folders? file save exemption file type exemption file screen exception folder screen exception
file screen exception Response Feedback: To allow files that other file screens are blocking, you can create a file screen exception, which is a special type of file screen that overrides any file screening that would otherwise apply to a folder and all its subfolders in a designated exception path.
By default, replication groups use what type of topology to replicate to all members of the group? bidirectional full mesh collective mesh full replicant
full mesh Response Feedback: By default, replication groups use a full mesh topology, which means that all members replicate to all other members.
A specific, individual computer or other network device in a domain is known as what? server entity top-level system host
host Response Feedback: A host is a specific computer or other network device in a domain. For example, computer1.sales.contoso.com is the host called computer1 in the sales subdomain of the contoso.com domain.
Where is the Central Store located? in the SYSVOL directory Microsoft Online TechNet on a domain controller public share
in the SYSVOL directory Response Feedback: The Central Store is a folder structure created in the SYSVOL directory on the domain controllers in each domain in your organization.
The downward flow of group policies is known as what feature of GPOs? cumulative processing inherent processing inheritance control
inheritance Response Feedback: By default, a Group Policy uses inheritance, in which settings are inherited from the container above. In other words, group policy settings flow down into the lower containers and objects.
To verify a NAP client's configuration, which command would you run? netsh nap show state netsh nap client show state netsh nps nap show state netsh nps nap agent state
netsh nap client show state Response Feedback: To verify a client's configuration, you can run the following command: netsh nap client show state
What is the first thing to check when troubleshooting VPN problems? network connectivity usernames and passwords DNS lookups firewall settings
network connectivity Response Feedback: With network connectivity problems, you need to make sure that you are connected to the network and that name resolution works properly. If your VPN connection is to operate over the Internet, make sure that you have Internet access.
How do you mount a Windows image using Dism.exe so that you can update it? read-only staged offline MountDir
offline Response Feedback: You can use the Deployment Image Servicing and Management (Dism.exe) command-line tool to add, remove, update, or list a Windows image's features, packages, drivers, or international settings. With Dism.exe, you can mount an image offline and then add, remove, update, or list the features, packages, drivers, or international settings stored on that image.
How many PDC Emulators are required, if needed, in a domain? one two three four
one Response Feedback: A domain requires just one Primary Domain Controller Emulator.
How many WMI filters can be configured for a GPO? one two four eight
one Response Feedback: Only one WMI filter can be configured per GPO. After a WMI filter is created, it can be linked to multiple GPOs.
By default, zone transfers are disabled. You can choose one of three different zone transfer methods. Which of the following describes the Only to the following servers method? restricts zone transfers to those servers specified in the accompanied list retrieves only resource records that have changed within a zone restricts zone transfers to secondary DNS servers as defined with NS resource records allows a data transfer to any server that asks for a zone transfer (least secure)
restricts zone transfers to those servers specified in the accompanied list Response Feedback: The Only to the following servers method restricts zone transfers to those servers specified in the accompanied list.
Kerberos security and authentication are based on what type of technology? secure transmission secret key challenge-response legacy code
secret key Response Feedback: With Kerberos, security and authentication are based on secret-key technology. Every host on the network has its own secret key.
On what type of computer is BitLocker not commonly used? laptops desktops netbooks servers
servers Response Feedback: BitLocker is not commonly used on servers, but may become more common in the future as BitLocker has been improved to work on failover cluster volumes and SANs. Instead, most organizations use physical security for servers (such as locked server room and/or server rack that can be accessed only by a handful of people) to prevent the computer and drives from being stolen.
If you decide to use this method for authentication, you will need certificates that include the Client Authentication purpose. PAP CHAP MS-CHAPv2 smart card
smart card Response Feedback: If you decide to use smart cards for authentication, you need certificates that include the Smart Card Logon purpose and the Client Authentication purpose.
When you're about to reset domain policy and domain controllers policy back to default with the dcgpofix.exe command, what final warning are you given before you accept the change? that you're about to reset policies to their defaults that all User Rights Assignments will be replaced that all security for the domain will be overwritten that you're about to restore all security to the default
that all User Rights Assignments will be replaced Response Feedback: The dcgpofix.exe command says that it will replace all User Rights Assignments.
When an access client contacts a VPN server or wireless access point, a connection request is sent to what system? the NPS server the 802.1X switch an authorization relay an access client
the NPS server Response Feedback: When an access client accesses a virtual private network (VPN) server or wireless access point, a connection request is sent to the NPS server.
Which component allows you to create multiple Registry preference items based on registry settings that you select? the Registry Scope the Registry Extension the Registry Configurator the Registry Wizard
the Registry Wizard Response Feedback: The last option under the Registry is the Registry Wizard, which allows you to create multiple Registry preference items based on registry settings that you select on a computer.
If your WSUS servers are having trouble communicating with Microsoft Update, what should you check? system cabling Microsoft Update site availability bandwidth between you and Microsoft your company firewalls
your company firewalls Response Feedback: The WSUS server or servers will need to communicate with Microsoft Update. Therefore, if you are having problems communicating with Microsoft Update, you might need to check your organization's firewalls.
