CTS1168C CHPT-2:
Remote Desktop listens on which TCP port number?
3389 Correct. Remote Desktop listens on TCP port 3389.
Which of the following is a profile that cannot be modified?
A mandatory profile Correct. A mandatory profile cannot be modified.
Which profile is stored in a network location rather than on the local hard drive?
A roaming profile Correct. A roaming profile is stored in a network location rather than on the local hard drive.
Which of the following are required for individuals to sign in to Windows 10 and use resources on the computer?
A user account Correct. User accounts are required for individuals to sign in to Windows 10 and use resources on the computer.
You are the administrator for a printing company. After you configure the Password Must Meet Complexity Requirements policy, several users have problems when changing their passwords. Which of the following passwords meet the minimum complexity requirements? (Choose all that apply.)
Abcde! 1247445Np The password Abcde! meets complexity requirements because it is at least six characters long and contains an uppercase letter, lowercase letters, and a symbol. The password 1247445Np meets complexity requirements because it is at least six characters long and contains an uppercase letter, a lowercase letter, and numbers. Complex passwords must be at least six characters long and contain three of the four types of characters—uppercase letters, lowercase letters, numbers, and symbols.
You are the administrator of a large company. You believe that your network's security has been compromised. You do not want hackers to be able to repeatedly attempt user logon with different passwords. What Local Security Policy box should you define?
Account Lockout Policy Account Lockout Policy, a subset of Account Policies, is used to specify options that prevent a user from attempting multiple failed logon attempts. If the Account Lockout Threshold value is exceeded, the account will be locked. The account can be reset based on a specified amount of time or through administrator intervention.
Your network's security has been breached. You are trying to redefine security so that a user cannot repeatedly attempt user logon with different passwords. To accomplish this, which of the following items in the Local Security Policy box should you define?
Account Lockout Policy Account Lockout Policy, a subset of Account Policies, is used to specify options that prevent a user from attempting multiple failed logon attempts. If the Account Lockout Threshold value is exceeded, the account will be locked. The account can be reset based on a specified amount of time or through administrator intervention.
Odilon, an IT administrator, configures all computers with a VPN client to allow access to the remote access server while working from home. The VPN clients are configured to use the L2TP protocol with IPSec for authentication and data encryption. The authentication is based on the use of a pre-shared key.Which of the following is true of this scenario? All clients have the same password to access the remote access server. The pre-shared key does not need to be configured on the remote access server. The pre-shared key is more complicated to implement than certificates or Kerberos. This authentication method is more secure than using certificates or Kerberos.
All clients have the same password to access the remote access server. Correct. The pre-shared key is a password that needs to be configured on both the VPN client and the remote access server. A pre-shared key is a single password that is shared by all clients and the remote access server.
You have a Windows 10 computer that is located in an unsecured area. You want to track usage of the computer by recording user logon and logoff events. To do this, which of the following auditing policies must be enabled? Audit Account Logon Events Audit System Events Audit Account Management Audit Process Tracking
Audit Account Logon Events Audit Account Logon Events is used to track when a user logs on, logs off, or makes a network connection. You can configure auditing for success or failure, and audited events can be tracked through Event Viewer.
After too many sign-in attempts, one of your colleagues has been blocked from using her Windows 10 user account. As a systems administrator, you need to help resolve this issue.How will you help her sign in using the computer management administrative tool?
By deselecting the Account is locked out option Correct. User accounts will be automatically locked out after too many sign-in attempts. The account can be unlocked by deselecting the Account is locked out option in the properties window.
After too many sign-in attempts, one of your colleagues has been blocked from using her Windows 10 user account. As a systems administrator, you need to help resolve this issue.How will you help her sign in using the computer management administrative tool? By selecting the Password never expires option By deselecting the Account is locked out option By unchecking the Account is disabled option By selecting the User cannot change password option
By selecting the Account is locked Option Correct. User accounts will be automatically locked out after too many sign-in attempts. The account can be unlocked by deselecting the Account is locked out option in the properties window.
You decide to automate VPN deployment in your organization. You want to create an executable file that users can click on whenever they want to create a VPN connection.Which of the following deployment methods should you use? Connection Manager Administration Kit Windows PowerShell --0 Group Policy Preferences Windows Configuration Designer
Connection Manager Administration Kit Correct. Connection Manager Administration Kit (CMAK) is a feature that can be installed on Windows 10 or Windows Server. You use CMAK to create VPN connections that are packaged as an executable file. Users can run the executable file to create VPN connections on their computer.
Chao is using a VPN client to access work files via a remote access server. However, her VPN connection to access work files has also made Internet access slow.Which of the following is the best solution to optimizing the Internet connection? Disable VPN from being used as a default gateway. Change the VPN protocol from PEAP-MS-CHAP v2 to PAP. Use IPv4 instead of IPv6. Disable the VPN connection.
Disable VPN from being used as a default gateway. Correct. The setting Use default gateway on remote network is selected by default. This means that all Internet access goes through the VPN, which might make Internet access slow. The remote access server can be configured to provide static routes to the VPN clients for internal resources and then allow VPN clients to continue using their normal default gateway.
You are the network administrator of a medium-size company. Your company requires a fair degree of security, and you have been tasked with defining and implementing a security policy. You have configured password policies so that users must change their passwords every 30 days. Which password policy would you implement if you want to prevent users from reusing passwords they have used recently?
Enforce Password History The Enforce Password History policy allows the system to keep track of a user's password history for up to 24 passwords. This prevents a user from using the same password over and over again.
Which of the following actions will you perform on the Windows sign-in screen if your organization uses a virtual smart card for authentication? Perform a gesture on a picture shown on the screen. Enter a PIN on the sign-in screen. Swipe the card in the smart card reader.----0 Login using the Microsoft account.
Enter a PIN on the sign-in screen
You are the administrator for StormWind Studios. You want to configure some Local Group Policy Objects (LGPOs) on your Windows 10 machines. Which of the following is not configurable through a LGPO on Windows 10?
Folder redirection Windows 10 LGPOs allow you to configure all of the above except for folder redirection. Folder redirection needs to be done through a server based Group Policy Object (GPO).
You have recently hired Will as an assistant for network administration. You have not decided how much responsibility you want Will to have. In the meantime, you want Will to be able to restore files on Windows 10 computers in your network, but you do not want Will to be able to run the backups. What is the minimum assignment that will allow Will to complete this task?
Grant Will the user right Restore Files and Directories. The Restore Files and Directories user right allows a user to restore files and directories regardless of file and directory permissions. Assigning this user right is an alternative to making a user a member of the Backup Operators group.
For domain-joined computers, what is the simplest way to configure VPN connections automatically?
Group Policy Preferences Correct. For domain-joined computers, Group Policy Preferences is the simplest way to configure VPN connections automatically.
Guocheng, the IT administrator at Curio Technologies, is evaluating alternatives to using roaming profiles in the organization. He considers configuring folder redirection using Group Policy.Which of the following justifies Guocheng's decision?
He wants to store user profile information on a file server so that it is accessible from any computer. Correct. You can use folder redirection to store some profile information on a file server so that it is accessible from any computer. This is better than a roaming profile because the data is used directly from the network location and is not synchronized locally. You typically configure folder redirection by using Group Policy.
When a VPN connection loses connectivity due to a network interruption, which protocol can reconnect automatically once network connectivity is restored using a feature known as VPN Reconnect?
IKEv2 Correct. IKEv2 can reconnect automatically when network connectivity is restored.
Which of the following statements is not true of the Administrator account? It can be renamed. It is not visible on the sign-in screen.---0 It cannot be deleted. ---0 It is the most powerful local user account possible.---0
It can be renamed
Which VPN protocol uses IPSec to provide data encryption?
L2TP Correct. IPSec is used with L2TP to provide data encryption.
Which of the following tabs in the properties window of a user account can be used to add the user account to a group?
Member Of Correct. This tab can be used to add or remove the user from a group. It displays all the groups that the user is a member of.
Joshua, a systems administrator, is configuring new Windows 10 laptops. He is creating new local users on each laptop. He realizes that two users have the same name, Miguel. He uses the name Miguel for one user.Which of the following is a valid user name that he can create for the second user?
Miguel2 Correct. Miguel2 can be used as the user name as it is unique and does not contain invalid characters.
You are setting up a machine for a home user who does not know much about computers. You do not want to make the user a local administrator, but you do want to give this user the right to change Windows Updates manually. How can you configure this?
Modify the LGPO for Windows Update to allow the user to make changes manually. You do not want this user to have any administrator rights. To allow this user to change Windows Update manually, you must set this in an LGPO.
What is used to prevent users from connecting to Remote Desktop until the connection is authenticated?
Network Level Authentication Correct. When Network Level Authentication is enabled, Remote Desktop Connection obtains sign-in information from users before connecting to the remote computer, which prevents users from connecting until the connection is authenticated.
What is used to prevent users from connecting to Remote Desktop until the connection is authenticated? IPSec Authentication----0 Windows Firewall Network Level Authentication Remote Desktop Authentication
Network Level Authentication Correct. When Network Level Authentication is enabled, Remote Desktop Connection obtains sign-in information from users before connecting to the remote computer, which prevents users from connecting until the connection is authenticated.
You have been asked to create a new local user on Windows 10 by using Windows PowerShell. Which of the following PowerShell commands allow you to create a new local user on Windows 10? Add-WindowsUser New-LocalUser Add-LocalUser New-WindowsUser
New-LocalUser The New-LocalUser command allows you to create a new local user on a Windows 10 machine.
By installing which server role can Windows Server 2019 be configured as a remote access server?
Remote Access Correct. Windows Server 2019 can be configured as a remote access server by installing the Remote Access server role.
Which of the following allows a user to send an invitation to a remote user that invites them to remotely connect to the local computer?
Remote Assistance Correct. Remote Assistance allows users to create an invitation file that they send to a helper.
Which of the following cmdlets can be used to change the user account Lea to Leahona? Remove-LocalUser Rename-LocalUser Get-LocalUser Disable-LocalUser
Rename Local-User Correct. The Rename-LocalUser can be used to rename a user account. Type Rename-LocalUser Lea in PowerShell. Press Enter and then type the new user name.
Which of the following cmdlets can be used to change the user account Lea to Leahona?
Rename-LocalUser
One of your friends, Steve, wants to rename a local user account using the Computer Management Administrative Tool. He opens the properties window; however, he does not find any option to rename the user account.What should he do instead?
Right-click on the user account to rename it Correct. A user account can be renamed by right-clicking the user account and selecting Rename on the Computer Management Administrative Tool
One of your friends, Steve, wants to rename a local user account using the Computer Management Administrative Tool. He opens the properties window; however, he does not find any option to rename the user account.What should he do instead? Right-click on the user account to rename it Rename the user account on the Microsoft server Use the Rename-LocalUser cmdlet Type the new name in the Full name field----0
Right-click on the user account to rename it Correct. A user account can be renamed by right-clicking the user account and selecting Rename on the Computer Management Administrative Tool.
Which of the following is used to protect your computer from malware that may attempt to steal your password??
Secure sign-in Correct. Secure sign-in protects your computer from malware that might attempt to steal your password by imitating the Windows sign-in screen.
Nanxi wants to switch from using roaming profiles in the organization. After evaluating various alternatives, she decides to proceed with UE-V because it offers several advanced functionalities that are not offered by roaming profiles.Which of the following is an example of such functionality?
Synchronization is based on templates for fine-grained control of specific application settings. Correct. One of the advantages of UE-V over roaming profiles is that synchronization is based on templates for fine-grained control of specific application settings.
Which profile is used when new user profiles are created?
The default profile Correct. The default profile is used when new user profiles are created.
Abdul uses his Microsoft account to sign in to his desktop computer as well as his mobile device. He uses his mobile device to change his account's password. He signs out of his computer and tries signing in again. However, he is not able to.Why do you think he is not able to sign in? The SAM database was used to verify the password.---0 The computer was not connected to the Internet. The new password was the same as the old one. The cached credentials were affected because of the change.----0
The new password was the same as the old one.
Ming is automating VPN deployment in her organization. She decides to use Windows Configuration Designer to enable the VPN deployment. She deploys the VPN connectivity profiles to the client computers as provisioning packages.Which of the following is true of this scenario? This method cannot be used for computers that are not domain joined.----0 Users can click on the provisioning package to run it as an executable file. The provisioning packages need to be deployed via Microsoft Intune. Users need to know Windows PowerShell scripting to install the provisioning packages.
The provisioning packages need to be deployed via Microsoft Intune. Correct. You can use Windows Configuration Designer to create VPN connectivity profiles that are deployed to client computers as provisioning packages. Provisioning packages can be distributed to clients as a file that needs to be installed, via Microsoft Intune or via Microsoft Endpoint Configuration Manager.
Jared is configuring a VPN connection on his Windows 10 laptop. He opens the Settings window to configure the connection.What information should Jared include under the label VPN provider? The type of VPN such as PPTP or SSTP The software that creates and controls the VPN connection The name of the VPN connection The FQDN or IP address of the remote access server
The software that creates and controls the VPN connection. Correct. The VPN provider is the software that creates and controls the VPN connection. Windows 10 includes the Windows VPN provider, but other vendors can make providers available to support their specific type of VPN.
You are the network administrator for a Fortune 500 company. The Accounting department has recently purchased a custom application for running financial models. To run properly, the application requires that you make some changes to the computer policy. You decide to deploy the changes through a Local Group Policy setting. You suspect that the policy is not being applied properly because of a conflict somewhere with another Local Group Policy setting. What command should you run to see a list of how the group policies have been applied to the computer and the user? gpaudit gpinfo gporesult gpresult
gpresult The Group Policy Result Tool is accessed through the GPResult command-line utility. The gpresult command displays the resulting set of policies that were enforced on the computer and the specified user during the logon process.
