ITN 200 Mod 11
What is the level of encryption of the public/private key pair that is contained in the domain-server-CA in Microsoft Server 2019?\
2048-bit encryption
Having heard the data theft suffered by a competing company by a man-in-the-middle attack, Finn asks Talia, his server administrator, to implement measures to prevent such attacks in his company. Which of the following should Talia do to ensure that Finn's company is protected from such attacks?
Hire the services of a third-party Certification Authority
By default, where are updates synchronized from in WSUS?
Microsoft Update servers on the Internet
What are the advantages of implementing a Windows Server Update Services (WSUS) server in an organization?
Save bandwidth, control features, manage hundreds of computers.
What are the four main features provided by Windows Defender that can be configured? Give a brief description of each feature.
Scanning, Access controls, Security, Notifications.
List the sequence of events that takes place to ensure that data is encrypted during the transfer when someone accesses a website.
Start it as plain text, use key, then cyphertext
Denali wants to store information about all Windows updates on a specific Microsoft SQL Server for security reasons. Which of the following wizards can Denali use to set up SQL Server Connectivity to store update information?
The Add Roles and Features Wizard
Alonso, a system administrator, has configured and deployed a new GPO at the domain level in his organization. However, when he checks after a few hours, two of the OUs in the Active Directory do not reflect the change. What is the most likely reason the new GPO configuration did not apply to the two OUs?
The Block Inheritance setting prevented the OUs from applying the GPOs.
Sasha is configuring Windows Server 2019 as an enterprise CA. She installs the Active Directory Certificate Services server role and is prompted to choose the role services that she wishes to install. Which of the following role services should Sasha select to ensure that routers are allowed to obtain certificates?
The Network Device Enrollment Service role service
To prevent man-in-the-middle attacks, Janet, a network administrator, configures a GPO such that all the traffic sent toward a specific database server is encrypted using IPSec. While most of her colleagues are able to successfully connect to the database via the IPSec authentication process, the connection is not successful for some computers. What do you see to be the problem here?
The computers did not have an IPSec certificate.
Anthony is a server administrator and has been asked to configure and issue the Root Certification Authority certificate to all the users in his organization. The default template is a schema version 1 template, but Anthony wants users to be auto-enrolled. Briefly outline the steps Anthony can follow to create a new template to ensure that users are auto-enrolled.
Go to tools
Yosef has configured Windows Server 2019 as an enterprise CA and deployed a GPO to enroll all the users for certificates. He chooses the setting that will enroll the users when they boot their computers. When he checks whether all users and computers have been enrolled, he finds that five users were not enrolled for the certificate. Yosef was able to manually enroll those users for certificates.Which of the following permissions to the certificate template is most likely to be missing for the five users who did not get enrolled?
Autoenroll
David, a system administrator, has created specific GPOs for every department in his organization based on the permissions required by the various departments. However, he needs to apply the Default Domain Policy for some managers but not for the rest of the users. How can David ensure that the Default Domain Policy is applied only to specific managers' accounts?
By removing the Authenticated Users group from the Security Filtering section and adding the managers' accounts
Amber is a hacker who steals information when people enter their personal details on specific websites. She intercepts the public key as it is sent from the Web server to the Web browser and substitutes her own public key in its place. This enables her to intercept the communication and decrypt the symmetric encryption key using her private key. Which type of hacking attack is Amber perpetrating?
A man-in-the-middle attack
Fatima is configuring a Windows Server 2019 system as a RADIUS server for use with 802.1X Wireless. She has configured the Network Policy and Access Services server role. What is the next step Fatima should take once the server role has been configured?
Activate the server in Active Directory
If a newly created firewall allows connection to a program only if the connection is authenticated by IPSec, which of the following options was most likely selected in the Action pane in the New Inbound Rule Wizard at the time of creating the rule?
Allow the connection if it is secure
Ramona, the chief technical officer of an engineering company, needs to install software on 32-bit computers using GPO. The system network consists of over 500 computers and has a mix of 32-bit and 64-bit computers. How can Ramona ensure that the software is installed only on the 32-bit computers?
By using a WMI filter
What are the situations in which a GPO does not apply to a user or computer account?
Certain settings have not been applied.
If multiple GPOs are linked to the same site, domain, or OU, they will be applied in a random order.
False
WPA3 is immune to wireless cracking tools because it uses a Wi-Fi password in a different way than WPA2 does.
False
When a CA public/private key pair expires, a system administrator must generate a new CA public/private key pair the same day to ensure a smooth transition.
False
What is Group Policy, and why is it used?
It lets network admins implement certain configs for the computers and users.
Lisa, the system administrator of a bank, is going on a sabbatical for 12 weeks. Before leaving, she must prepare a knowledge transfer document to assist her colleague who will oversee her responsibilities in her absence. The document must include a report of the properties and settings of the GPOs. List the steps that Lisa needs to follow to obtain this report.
Open the GPM Console -> Go to Group Policy Results -> Group Wizard -> Export to
XM GraFix, a graphics design company, has bought new design software. Mason, the system administrator, wants to install the software on all the computers in the design department. However, not all the designers need the software. Using the GPO, Mason uses a deployment method that allows the users to install the program from the network when they need it. Which of the following methods of deployment has Mason most likely used in the given scenario?
Published the software under Software Settings in the User Configuration
List and briefly describe the folders in the Certification Authority tool that are used to manage and configure most CA functionalities.
Root and Subordinate.
Chynna wants to create two different firewall rules that are applicable depending on whether a computer is connected to a corporate domain or a home network. Which of the following panes in the New Inbound Rule Wizard should Chynna select to specify the conditions that should be met before the rules can be applied?
The Profile pane
Which of the following settings in Windows defender should be enabled to prevent malware and network attacks from accessing high-security processes in systems that support core isolation?
The memory integrity setting
Giselle, a systems administrator, creates a file redirection GPO, in the User Configuration section that automatically saves files created by her colleagues to a shared network device instead of the local drives in their computers. However, the computers do not receive the configuration specified in the GPO. She runs the gpupdate /force command in the Command Prompt window of one of her colleagues' computer. Despite her effort, the computer does not receive the GPO, and she decides to rectify the issue the next day. To her surprise, she sees that the computer has been configured as per the GPO. What do you see as the issue with the GPO configuration?
The settings can only be applied at the next login.
Amina, who works for a pharmaceutical company, configures and issues the Smartcard Logon certificate template with schema version 2. While most of the users get auto-enrolled, some of the users fail to obtain the certificate. Identify the most likely reason auto-enrollment failed for these users.
Their operating system is Windows 2000.
What is a starter GPO, and how is it created?
They are read-only GPOs that have specific settings for specific scenarios.
Which of the following is true of Group Policy Objects (GPOs)?
They do not apply to Active Directory groups.
Aster has created new firewall rules in Windows Defender. One of the new rules appears to cause an error. Aster thinks that the rule itself is the issue. Describe the steps she should follow to eliminate the rule as the cause of issue.
Troubleshoot by analyzing the rules and seeing if there are any errors
A 257-bit encryption key is twice as difficult to guess compared to a 256-bit encryption key.
True
Navin wants to reduce the chances of a data breach and monitor and control the traffic on his company's website. Instead of using a NAT router, he sets up an external server that acts as a filter between the organization's website and end users. Which of the following options must Navin select and configure when configuring WSUS?
Use a proxy server when synchronizing
While configuring Windows Server 2019 as a WSUS server, which of the following role services would you select to store information about updates in the Windows Internal Database?
WID connectivity
The new system administrator of XYZ company realizes that whenever updates are available for Windows, WSUS redirects computers to the Microsoft Update servers on the Internet to obtain updates instead of storing the update information on the WID. Which of the following is a likely reason for this issue?
While installing WSUS, the option Store updates in the following location was deselected.
Stephen sets up manual enrollment for a user certificate from an enterprise CA. However, as he completes the process, he realizes that he has accidently set up the enrollment for a computer certificate rather than a user certificate. Which of the following commands did Stephen most likely type in the Command Prompt window?
certlm.msc
