final for server 1

Ace your homework & exams now with Quizwiz!

Modify a certificate template

After you install AD CS, you want to begin issuing certificates for the encrypting file system. What should you do first?

DFSR

All your domain controllers are running Windows Server 2016 in a new forest. What should you check if GPT replication is not occurring correctly?

Schema master

An administrator has attempted to change the forest functional level, but the attempt failed due to the failure of an FSMO role. Which FSMO role should be

Once per hour

By default, replication between DCs when no changes have occurred is scheduled to happen how often?

Changed policies only

By default, what policies will be downloaded and processed by a Group Policy client?

KCC

For intrasite replication, what component builds a replication topology for DCs in a site and establishes replication partners?

wbadmin start systemstaterecovery

How can an administrator initiate a system state recovery using the command line?

Through subnets added to the site

How is a computer's designated site determined, such that the computer is given a domain controller to request services from within the same site?

12 hours

How often does garbage collection run on a DC?

1 week

On a Windows Server 2016, what is the default CRL publication interval?

DEFAULTIPSITELINK

Once Active Directory has been installed, a default site link is created. What is the name of this site link?

GPO enforcement

Select the term used to describe forcing inheritance of settings on all child objects in the GPO's scope, even if a GPO with conflicting settings is linked to a container at a deeper level.

PDC emulator

The RID master FSMO role is ideally placed on the same server as what other role?

/sync

The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon?

Folder redirection

The option to turn off background processing is not available for which type of policy below?

Computer Configuration\Policies\Administrative Templates\System\Group Policy

To find a full list of policies and preferences that can have background processing disabled, where should you look?

dcdiag

Which command analyzes the overall health of Active Directory and performs replication security checks?

wbsadmin.exe

Which option below is not one of the three main methods for cleaning up metadata?

key archival

Which option will allow private keys to be locked away and then restored if the user's private key is lost?

ntds.dit

Within the NTDS folder, which file stores the main Active Directory database?

Move the computer object of the domain controller in Active Directory Sites and Services to SiteA.

You have a network with three sites named SiteA, SiteB, and SiteC that are assigned the subnets 10.1.0.0/16, 10.2.0.0/16, and 10.3.0.0/16, respectively. You change the IP address of a domain controller in SiteB to 10.1.100.250/16. What should you do now?

NDES role service

You have a number of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your devices?

Site link bridges

Your network is configured in a hub-and-spoke topology. You want to control the flow of replication traffic between sites, specifically reducing the traffic across network links between hub sites to reach satellite sites. What should you configure?

CA Web proxy

A server configured for Web enrollment is referred to as which of the following?

500 Kbps

A slow link, by default, is a network connection that's less than which of the following?

Perform Group Policy Modeling analyses

Select below the policy permission that grants a user or group the ability to use the GPO Modeling Wizard on a target container.

staged installation

Select the RODC installation type where the domain administrator creates the RODC computer account in Active Directory, and then a regular user can perform the installation at a later time.

Import-GPO

Select the command that is used to import settings from a backed-up GPO to an existing GPO.

Distributed File System Replication

What Active Directory replication method is more efficient and reliable?

subordinate CAs

What CAs interact with clients to field certificate requests and maintain the CRL?

Infrastructure master

What DC is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?

The last policy applied takes precedence

What GPO policy will take precedence over all other GPO policies when they are being applied?

. Connection object

What is created automatically by the KCC and allows the configuration of replication between sites?

All users and computers physically located at the site

When a GPO is linked to a site object, what will be affected?

X.509

Which of the following is the international standard that defines a PKI and certificate formats?

Nonrepudiation

Which service provided by a PKI ensures that a party in a communication can't dispute the validity of the transaction?

Policy events

Which tab in the Group Policy Results window shows all events in Event Viewer that are generated by group policies, and can be used to view the relevant information on a remote computer?

Every 8 hours

With universal group membership caching, how often is the cached information on group membership refreshed?

November 1, 2017

You were issued a certificate on March 1st 2015 for your secure Web server. The validity period is three years and the renewal period is four months. What is the earliest date you can renew this certificate?

New-GPLink

hat PowerShell cmdlet will link a GPO to a site, domain or OU?

Site link bridge

Which component of a site makes a site link transitive?

Authentication Policy silos

Which feature was first introduced with Windows Server 2012 R2, and are new Active Directory containers to which authentication policies can be applied to restrict where high-privilege user accounts can be used in the domain?

Digital signature

Which of the following is created using a hash algorithm and can be used to verify the authenticity of a document?

Inter-Site Topology Generator

Which of the following is responsible for assigning a bridgehead server to handle replication for each directory partition?

You can have different functional levels within the forest

Which of the following is true about the domain functional level?

security filtering

Which of the following uses permissions to restrict objects from accessing a GPO?

. Software installation policies

Which policy below requires synchronous processing to ensure a consistent computing environment?

Asymmetric cryptography

Which type of cryptography provides the most security?

. Online stand-alone CA

You have a network that consists of Windows 8.1 and Windows 10 computers as well as some Mac OS and Linux computers. You need to install a PKI using Windows Server 2016 that will be able to issue certificates to all your client computers. What should you install?

Use a Delta CRL

You run a PKI that has issued tens of thousands of certificates to hundreds of thousands of clients. You have found that the traffic created when clients download the CRL is becoming excessive. What can you do to reduce the traffic caused by clients downloading the CRL?

KRA

You want to configure automatic key archival to ease the burden of managing backup of private keys. What role must you assign to at least one trusted user in the organization?

PDC emulator

An administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated?

Get-ADForest

An administrator needs to know which servers carry forest-wide roles. What PowerShell cmdlet can be used to display this information?

Group Policy Inheritance

Select the specific tab within the Group Policy Management Console that will allow you to view which policies affect a domain or OU and where the policies are inherited from.

Get-ADDCCloningExcludedApplicationList

What PowerShell cmdlet will allow an administrator to check for software that is incompatible with the cloning process?

cost

What assigned value represents the bandwidth of the connection between sites? Selected Answer:

dcgpofix

What command below can be used to reset the default GPOs to their original settings?

GPO scope

What defines which objects are affected by settings in a GPO?

The option can specify whether computer or user policy settings should be updated

What does the /target option do when used with the gpupdate command?

SYSVOL

What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data?

Forest root

What is the first domain installed in a forest called?

Read only domain controller

What is the name of a domain controller on which changes can't be written?

15 seconds after any change occurs, with a 3-second delay between partners

What is the schedule for non-urgent intrasite replication?

Read

What permission is given to the Enterprise Domain Controllers universal group on all GPOs by default, and grants permission to view settings and back up a GPO?

Group Policy Modeling

What tool can be used to determine what policy settings would apply to a computer or user account if it were moved to a different container?

Shared secret

What type of key is used in symmetric cryptography, must be known by both parties, and is used for both encryption and decryption?

Infrastructure master

Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those objects in other domains?

Set-GPPermission

Which PowerShell cmdlet below can be used to set permissions for a security principal to a GPO or to all GPOs?

repadmin /showrepl

Which command shows you detailed information about replication status, including information on each partition?


Related study sets

Module 13B Fractures- Study Module

View Set

intro to HUMAN PHYSIOLOGY AND PATHOPHYSIOLOGY

View Set

Chapter 7: The Logic of Sampling

View Set

Study guide for Microeconomics 2

View Set

Ch. 6 - Stress Management (KIN 123)

View Set

Network Security (Security+ Exam), SY0-401:1 TS Quiz Network Security, N10-006 - Transcender Exam, N+ Exam A, Chpt 4 4.1-4.3

View Set

Frogs and toads scientific names

View Set