GPO Test 2

Ace your homework & exams now with Quizwiz!

CA Web Proxy

A server configured for Web enrollment is referred to as which of the following?

Modify a certificate template

After you install AD CS, you want to begin issuing certificates for the encrypting file system. What should you do first?

Once per hour

By default, replication between DCs when no changes have occurred is scheduled to happen how often?

False

By default, subnets are created in Active Directory Sites and Services

False

CA Administrator approves requests for certificate enrollment and revocation.

Get-ADDCCloningExcludedApplicationList

What PowerShell cmdlet will allow an administrator to check for software that is incompatible with the cloning process?

Need for differing account policies

Why might it be a good idea to configure multiple domains in a forest?

Need for different schemas

Why might you need to configure multiple forests?

False

Windows 10 - Update 1809 is a great and problem free addition to the evolution of the operating system.

DFSR

All your domain controllers are running Windows Server 2016 in a new forest. What should you check if GPT replication is not occurring correctly?

True

An Active Directory snapshot is a replica of the Active Directory database at a specific moment.

PDC emulator

An administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated?

True

Before you can install a DC running a newer Windows Server version in an existing forest with a lower functional level, you must prepare existing DCs with the adprep.exe command-line program,

stub zones

Before you configure a forest trust, what should you configure to ensure you can contact the forest root of both forests from both forests?

180 days

By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely?

True

GPO that apply to users settings will be overwritten by upstream policies that have loop back mode enabled and the setting of "replace" enabled.

They should be put on the CRL

If an employee leaves a company, what should happen to any certificates held by that employee that was issued by the company's PKI?

DEFAULTIPSITELINK

Once Active Directory has been installed, a default site link is created. What is the name of this site link?

Domain naming master

Select below the FSMO role that is a forest-wide FSMO role:

Domain naming master

Select the FSMO role that is required to be online to facilitate the addition or removal of a domain controller:

True

The default Security Filtering for a GPO includes only Authenticated users.

False

The intermediate CA is the most critical and is the server typically configured for offline operation.

False

The logical components of Active Directory only include forests, domains, and sites.

True

There's only one global catalog per forest.

UserB sends UserA UserB's public key

Two users, UserA and UserB, are engaging in secure communication using only asymmetrical encryption. UserA needs to send a secure message to UserB. What occurs first?

Distributed File System Replication

What Active Directory replication method is more efficient and reliable?

subordinate CAs

What CAs interact with clients to field certificate requests and maintain the CRL?

nslookup

What Command Line application do you use primarily to troubleshoot DNS issues?

Domainwide Forestwide

What are the two flexible single master operation (FSMO) roles? (Choose all that apply.)

edb.log

What holds the log of Active Directory transactions or changes?

DNS

What is the most likely cause of GPO not working properly?

Certificates snap-in

What tool can a user use to request certificates that are not configured for autoenrollment?

multimaster

What type of replication scheme does Active Directory use to synchronize copies of most information in the Active Directory database?

True

When a full backup or system state backup is performed on a CA server, the certificate store is backed up along with other data.

Infrastructure master

Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those objects in other domains?

Create conditional forwarders Create stub zones

Which of the following are common ways to configure DNS for a forest trust? (Choose all that apply.)

Create a revocation configuration Configure enrollment options

Which of the following are typical tasks involved in configuring a certification authority? (Choose all that apply.)

Issuing enterprise CA Intermediate stand-alone CA

Which of the following is a type of CA in the CA three-level hierarchy? (Choose all that apply.)

Configure the CA to support the online responder Configure revocation for the OR

Which of the following tasks must be completed to configure an online responder? (Choose all that apply.)

wbsadmin.exe

Which option below is not one of the three main methods for cleaning up metadata?

DHCP

Which server role below cannot be installed on a domain controller that will be cloned?

Asymmetric cryptography

Which type of cryptography provides the most security?

False

You can hotwire group policy to work without DNS.

Create a shortcut trust

You have a forest with three trees and twelve domains. Users are complaining that access to resources in other domains is slow. You suspect the delay is caused by authentication referrals. What can you do to mitigate the problem?

NDES role service

You have a number of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your devices?

November 1, 2017

You were issued a certificate on March 1st 2015 for your secure Web server. The validity period is three years and the renewal period is four months. What is the earliest date you can renew this certificate?

Create a two-way forest trust

Your company has purchased another company that also uses Windows Server 2016 and Active Directory. Both companies need to be able to access each other's forest resources. How can you achieve this goal with the least administrative effort?

Site link bridges

Your network is configured in a hub-and-spoke topology. You want to control the flow of replication traffic between sites, specifically reducing the traffic across network links between hub sites to reach satellite sites. What should you configure?

False

A site bridge is needed to connect two or more sites for replication.

False

A tree can consist of a single domain or a parent domain and child domains, which cannot have child domains of their own.

True

A domain controller clone is a replica of an existing DC.


Related study sets

2.7 One to one functions and their inverses

View Set

Chapter 23: Nursing Care of the Newborn with Special Needs - ML5

View Set

Abeka Science 9th Grade, Chapter 12

View Set

Medical-Surgical: Immune and Infectious Quiz

View Set

SYSTEMS ANALYSIS & DESIGN Chapter 9

View Set

Peds Final Exam Practice Questions

View Set

Ch 14 Accounts Payable and Other Liabilities

View Set