Chapter 10
What UAC mode allows for a program to prompt for permissions and extensive access when required, while otherwise keeping administrator accounts in a standard user mode?
Administrator Approval Mode
What encryption standard is utilized with Kerberos on Windows Server 2016 and Windows 10?
Advanced Encryption Standard (AES)
What is the smallest Active Directory container or object with which a GPO can be linked?
An organizational unit
What type of an attack is the account lockout feature specifically designed to prevent?
Brute force attack
What password security option ensures that a user must choose new passwords when a password change is required?
Enforce password history
Why should event auditing policies be used sparingly?
Event auditing can fill the Security event log and consume considerable resources.
TRUE OF FLASE: A computer that is not equipped with a TPM chip cannot use the BitLocker Drive Encryption feature.
FALSE
What statement regarding the use of Group Policies is accurate?
Group policy cannot be set for non-OU folder containers.
What does the "Enforce user logon restrictions" option do when configuring Kerberos?
It turns on Kerberos security.
What version of Kerberos is utilized by Windows Server 2016?
Kerberos v5
When considering GPO precedence between local GPO, default domain GPO, domain controller GPO, site GPO and OU GPOs, what GPOs are applied first?
Local GPO's
What Kerberos account policy can be configured to encourage users to sign out after a certain amount of time?
Maximum lifetime for user ticket
What would be the reason to utilize the Windows NT LAN Manager version 2 (NTLMv2) over Kerberos?
NTLMv2 provides compatibility with all versions of Windows, including legacy systems.
What Group Policy option can be used to force off users who have not logged off after hours, using logon hour controls?
Network security: Force logoff when logon hours expire
When using Rights Management Services security, documents are encrypted using an AES key and what other additional key?
RSA
TRUE OF FLASE: BitLocker Drive Encryption prevents an attacker from bypassing access control list file and folder protections on a stolen hard drive.
TRUE
TRUE OF FLASE: Group Policies can be used to prevent a user from being able to access the Control Panel or specific Control Panel options.
TRUE
The sc query windefend command can be used to determine the status of Windows Defender
TRUE
What happens when a Group Policy setting is defined in User Configuration and in Computer configuration?
The Computer configuration items take precedence over the User configuration items.
If a computer is not equipped with a TPM chip, how can a computer make use of BitLocker Drive Encryption?
The computer will require a USB flash drive that contains a personal identification number used to start the computer and secure the drive.
How long is a permanent ticket, or service ticket, good for?
The ticket is good for the duration of the logon session.
When configuring Windows Firewall exceptions, what is NOT one of the items that can be added as an exception?
Users
What authentication standard is utilized for Windows Server 2016 if Active Directory is not installed?
Windows NT LAN Manager version 2
What security feature created by Microsoft enables the ability to define security rights for documents, spreadsheets, e-mail, and other types of files created by applications, going beyond what is possible with ACLs and the Windows Firewall?
Windows Rights Assignment Service
You are utilizing BitLocker Drive Encryption, and are attempting to update Windows Server 2016. What must be done so that the update will be successful?
You must disable BitLocker Drive Encryption and then re-enable it after the update.
What command provides the account using it with a new encryption key, meaning that previous keys associated with other accounts are no longer valid?
cipher /k
What flag used in conjunction with cipher will invoke the recovery agent key so that a server administrator can set up a recovery policy?
cipher /r
enter
enter