Microsoft Final

Ace your homework & exams now with Quizwiz!

Which of the following is associated with an Active Directory tree? (Choose all that apply.) a.A common naming structure b.One or more domains c.Parent and child domains d.A container object

a.A common naming structure b.One or more domains c.Parent and child domains

A partition stored on a domain controller in the HQ site isn't being replicated to other sites, but all other partitions on domain controllers in the HQ site are being replicated. The problem partition is stored on multiple domain controllers in HQ. What should you investigate as the source of the problem? a.A manually configured bridgehead server b.A failed Global Catalog c.A manually configured KCC d.A failed site link bridge

a.A manually configured bridgehead server

What tool can a user use to request certificates that are not configured for autoenrollment? a.Certificates snap-in b.Registration snap-in c.Certificate Manager d.Active Directory Services snap-in

a.Certificates snap-in

Which of the following tasks must be completed to configure an online responder? (Choose all that apply.) a.Configure the CA to support the online responder b.Add a user to the OR-Users group c.Configure a KRA d.Configure revocation for the OR

a.Configure the CA to support the online responder d.Configure revocation for the OR

Which of the following are common ways to configure DNS for a forest trust? (Choose all that apply.) a.Create stub zones b.Create primary standard zones c.Create conditional forwarders d.Create primary AD-integrated zones

a.Create stub zones c.Create conditional forwarders

Select below the FSMO role that is a forest-wide FSMO role: a.Domain naming master b.Infrastructure master c.RID master d.PDC Emulator

a.Domain naming master

With universal group membership caching, how often is the cached information on group membership refreshed? a.Every 8 days b.Every 8 hours c.Every 2 days d.Every 2 hours

a.Every 8 hours

What are the expiration policy options you can specify for content in a rights policy template? (Choose all that apply.) a.Expires on the following date b.Expires when the certificate expires c.Expires when the account is locked out d.Never expires

a.Expires on the following date d.Never expires

What are the two flexible single master operation (FSMO) roles? (Choose all that apply.) a.Forestwide b.Domainwide c.Systemwide d.Objectwide

a.Forestwide b.Domainwide

Which of the following are intersite transport protocols? (Choose all that apply.) a.IP b.SMTP c.POP d.UDP

a.IP b.SMTP

What DC is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains? a.Infrastructure master b.PDC emulator c.schema master d.RID Master

a.Infrastructure master

Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those objects in other domains? a.Infrastructure master b.RID master c.PDC emulator d.Schema master

a.Infrastructure master

Which of the following is the first step to allow third-party devices to perform device registration to access domain resources from the Internet? a.Install a certificate from a third-party CA b.Add DNS records for the AD FS server c.Select the data source d.Configure multi-factor authentication

a.Install a certificate from a third-party CA

Which of the following is responsible for assigning a bridgehead server to handle replication for each directory partition? a.Inter-Site Topology Generator b.Knowledge Consistency Checker c.Infrastructure Master d.Domain Naming Master

a.Inter-Site Topology Generator

Which of the following is a type of AD RMS exclusion policy? (Choose all that apply.) a.Lockbox Version Exclusion b.Application Exclusion c.Machine Exclusion d.Address Exclusion

a.Lockbox Version Exclusion b.Application Exclusion

After you install AD CS, you want to begin issuing certificates for the encrypting file system. What should you do first? a.Modify a certificate template b.Configure enrollment options c.Configure the online responder d.Install the EFS role service

a.Modify a certificate template

Why might you need to configure multiple forests? a.Need for different schemas b.Single administrator c.Need for a single global catalog d.Easier access to all domain resources

a.Need for different schemas

What is the name of a domain controller on which changes can't be written? a.Read only domain controller b.Access only domain controller c.Secured domain controller d.No write domain controller

a.Read only domain controller

What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data? a.SYSVOL b.Root c.NTDS d.System

a.SYSVOL

What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data? a.SYSVOL b.System c.NTDS d.Root

a.SYSVOL

Which component of a site makes a site link transitive? a.Site link bridge b.SMTP c.Bridgehead server d.Connection object

a.Site link bridge

You have successfully configured AD RMS and have thoroughly tested all configuration options and policies. The process took several hours to complete, and you need to be sure you can easily re-create the configuration in the event of a disaster. What are the three tasks you should undertake? (Choose all that apply.) a.Store the cluster key password in a safe place b.Export the trusted user domain configuration database c.Back up the AD RMS databases d.Export the trusted publishing domain file

a.Store the cluster key password in a safe place c.Back up the AD RMS databases d.Export the trusted publishing domain file

Before you configure a forest trust, what should you configure to ensure you can contact the forest root of both forests from both forests? a.Stub zones b.Selective authentication c.Routing d.Firewall rules

a.Stub zones

You have installed AD RMS on your network, and you must specify who can access AD RMS content and from which AD RMS clusters content may be published. What should you configure? (Choose all that apply.) a.TUD b.SCP c.TPD d.RAC

a.TUD c.TPD

How is a computer's designated site determined, such that the computer is given a domain controller to request services from within the same site? a.Through subnets added to the site b.Through GPOs c.Through NPS policies d.Through computer OU information

a.Through subnets added to the site

You run a PKI that has issued tens of thousands of certificates to hundreds of thousands of clients. You have found that the traffic created when clients download the CRL is becoming excessive. What can you do to reduce the traffic caused by clients downloading the CRL? a.Use a Delta CRL b.Configure Web enrollment c.Shorten the renewal period d.Install NDES

a.Use a Delta CRL

What specific versions of certificate templates are supported by Windows Server 2016? (Choose all that apply.) a.Version 4 templates b.Version 5 templates c.Version 2 templates d.Version 3 templates

a.Version 4 templates c.Version 2 templates d.Version 3 templates

You have a network of Windows Server 2016 servers, and you wish to allow remote users the ability to access network applications from any device that supports a Web browser? a.Web Application Proxy b.IIS Proxy Serve rc.Federation Service Proxy d.Web Agents

a.Web Application Proxy

When configuring a claims provider trust, what are the claims configured on? a.attribute store b.use license c.publishing license d.Web Application Proxy

a.attribute store

What CAs interact with clients to field certificate requests and maintain the CRL? a.subordinate CAs b.intermediate CAs c.policy CAs d.root CAs

a.subordinate CAs

On a Windows Server 2016, what is the default CRL publication interval? a.1 day b.1 week c.1 month d.1 year

b.1 week

How often does garbage collection run on a DC? a.18 hours b.12 hours c.6 hours d.2 hours

b.12 hours

In which LDAP-compatible database are claims values stored? a.ADMX central store b.Attribute store c.Claims provider d.AD Directory Service

b.Attribute store

Which services are provided by a PKI? (Choose all that apply.) a.Replication b.Authentication c.Intrusion Detection d.Integrity

b.Authentication d.Integrity

If you configure the issuance requirements for a certificate issued from a template so that more than one signature is required before a certificate can be issued, which of the following is true? a.The certificate is added to the CRL b.Auto-enrollment is disabled c.Certificate enrollment is automatic d.Certificate enrollment is disabled

b.Auto-enrollment is disabled

Which of the following is not a required PKI component but identifies the CA and describes the security practices in place for maintaining CA integrity? a.Authority Information Access b.Certificate Practice Statement c.Root CA d.Online Responder

b.Certificate Practice Statement

You have just installed two new Linux servers to handle a new application. You want to integrate user authentication between Linux and your existing Windows Server 2012 R2 domain controllers. What can you do? a.Create a transitive trust b.Create a realm trust c.Create an external trust d.Create a forest trust

b.Create a realm trust

Which of the following are common ways to configure DNS for a forest trust? (Choose all that apply.) a.Create primary standard zones b.Create conditional forwarders c.Create stub zones d.Create primary AD-integrated zones

b.Create conditional forwarders c.Create stub zones

All your domain controllers are running Windows Server 2016 in a new forest. What should you check if GPT replication is not occurring correctly? a.FRS b.DFSR c.AD Replication d.GPC replication

b.DFSR

Which of the following is created using a hash algorithm and can be used to verify the authenticity of a document? a.Certificate authority b.Digital signature c.Ciphertext d.Public Key Infrastructure

b.Digital signature

Which of the following is a new AD FS feature found in Windows Server 2016? (Choose all that apply.) a.Multi-factor authentication b.Enhanced device registration c.Support for LDAP d.Microsoft Passport support

b.Enhanced device registration d.Microsoft Passport support

Which AD DS design should you use if you want your design to support business-to-business relationships where the account federation server validates credentials and no Active Directory trust is created? a.Web SSO b.Federated Web SSO c.Federated Web SSO with forest trust d.AD RMS Federated trust

b.Federated Web SSO

What type of algorithm is used to sign the CA certificate? a.Plaintext b.Hash c.CSP d.Ciphertext

b.Hash

In an AD RMS cluster, which of the following is true about the AD RMS service connection point? (Choose all that apply.) a.Once defined, you cannot change it b.It is stored in Active Directory c.It is defined during installation of the root cluster d.By default, non domain member clients can access it

b.It is stored in Active Directory c.It is defined during installation of the root cluster

You have several marketing documents that are published through AD RMS. However, you have three new marketing employees that require additional training before they should be able to access these documents. These employees should have all other rights and permissions as members of the Marketing group. What should you do to prevent these users from accessing these rights-protected documents? a.Create a revocation policy in AD RMS b.Create a new group, add the users to the group and configure Deny permissions c.Configure a user exclusion policy in AD RMS d.Configure a rights policy template in AD RMS

c.Configure a user exclusion policy in AD RMS

Your company has purchased another company that also uses Windows Server 2016 and Active Directory. Both companies need to be able to access each other's forest resources. How can you achieve this goal with the least administrative effort? a.Configure selective authentication b.Share the global catalog for both companies c.Create a two-way forest trust d.Configure an external trust

c.Create a two-way forest trust

Once Active Directory has been installed, a default site link is created. What is the name of this site link? a.FIRSTSITE b.IPSITECONTAINER c.DEFAULTIPSITELINK d.ADSITEHOLDER

c.DEFAULTIPSITELINK

What Active Directory replication method is more efficient and reliable? a.AD File System Replication b.File Replication Service c.Distributed File System Replication d.SYSVOL Replication

c.Distributed File System Replication

What Active Directory replication method is more efficient and reliable? a.File Replication Service b.SYSVOL Replication c.Distributed File System Replication d.AD File System Replication

c.Distributed File System Replication

Select the FSMO role that is required to be online to facilitate the addition or removal of a domain controller: a.Schema master b.RID master c.Domain naming master d.PDC emulator

c.Domain naming master

What PowerShell cmdlet will allow an administrator to check for software that is incompatible with the cloning process? a.Get-ADDCCloneConfigFile b.Show-ADDCCloningConfigFile c.Get-ADDCCloningExcludedApplicationList d.New-ADDCCloningExcludedList

c.Get-ADDCCloningExcludedApplicationList

For intrasite replication, what component builds a replication topology for DCs in a site and establishes replication partners? a.Kerberos b.PDC c.KCC d.Site link

c.KCC

You have a number of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your devices? a.Online Responder b.OCSP c.NDES role service d.Smart Card reader

c.NDES role service

An administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated? a.Infrastructure master b.Schema master c.PDC emulator d.RID master

c.PDC emulator

Which of the following contains a list of users and specifies what the users can do with a rights-protected document? a.Rights account certificate b.Use license c.Publishing license d.Client licensor certificate

c.Publishing license

What are valid reasons to create site link bridges manually? (Choose all that apply.) a.When you can't use the IP inter-site transport protocol b.To increase the transitivity of site links c.Reduce confusion of the KCC d.Control traffic through firewalls

c.Reduce confusion of the KCC d.Control traffic through firewalls

What is used to identify all objects in a domain? a.RID b.PDC c.SID d.DIR

c.SID

An administrator has attempted to change the forest functional level, but the attempt failed due to the failure of an FSMO role. Which FSMO role should be investigated? a.Infrastructure master b.RID master c.Schema master d.PDC emulator

c.Schema master

What type of certificate enrollment issues certificates that users can use to log on to a system by entering a PIN? a.Autoenrollment b.Web enrollment c.Smart card enrollment d.Certificates MMC

c.Smart card enrollment

Two users, UserA and UserB, are engaging in secure communication using only asymmetrical encryption. UserA needs to send a secure message to UserB. What occurs first? a.UserB sends a shared secret to UserA b.UserA sends a secret key to UserB c.UserB sends UserA UserB's public key d.UserA sends UserB UserA's private key

c.UserB sends UserA UserB's public key

What are are conditions that determine what attributes are required in a claim and how claims are processed by the federation server? a.claim certificates b.claim attributes c.claim rules d.claim trust

c.claim rules

Which command analyzes the overall health of Active Directory and performs replication security checks? a.net show b.repadmin c.dcdiag d.Get-ADReplication

c.dcdiag

Which option below is not one of the three main methods for cleaning up metadata? a.Active Directory Sites and Services b.ntdsutil.exe c.wbsadmin.exe d.Active Directory Users and Computers

c.wbsadmin.exe

By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely? a.120 days b.160 days c.60 days d.180 days

d.180 days

Which feature was first introduced with Windows Server 2012 R2, and are new Active Directory containers to which authentication policies can be applied to restrict where high-privilege user accounts can be used in the domain? a.AES support b.DFS replication c.Automatic SPN management d.Authentication Policy silos

d.Authentication Policy silos

Which of the following best describes an attribute of a certificate that identifies where the CRL for a CA can be retrieved? a.CRL enrollment b.Attribute distribution c.CRL recovery d.CRL distribution point

d.CRL distribution point

What is created automatically by the KCC and allows the configuration of replication between sites? a.Site link bridge b.Bridgehead server c.Site link d.Connection object

d.Connection object

You have a forest with three trees and twelve domains. Users are complaining that access to resources in other domains is slow. You suspect the delay is caused by authentication referrals. What can you do to mitigate the problem? a.Create a forest trust b.Create an external trust c.Create a transitive trust d.Create a shortcut trust

d.Create a shortcut trust

Your company has purchased another company that also uses Windows Server 2016 and Active Directory. Both companies need to be able to access each other's forest resources. How can you achieve this goal with the least administrative effort? a.Share the global catalog for both companies b.Configure selective authentication c.Configure an external trust d.Create a two-way forest trust

d.Create a two-way forest trust

Which server role below cannot be installed on a domain controller that will be cloned? a.WSUS b.RADIUS c.DNS d.DHCP

d.DHCP

To increase security of data stored on an RODC, what can be configured to specify domain objects that aren't replicated to RODCs? a.Online defragmentation settings b.Bridgehead server c.Site-to-site relationships d.Filtered attribute sets

d.Filtered attribute sets

Which type of CA in the three-level hierarchy is sometimes referred to as a policy CA and issues certificates to issuing CAs? a.Root b.Enterprise c.Offline d.Intermediate

d.Intermediate

You want to configure automatic key archival to ease the burden of managing backup of private keys. What role must you assign to at least one trusted user in the organization? a.CPS b.CDP c.OR d.KRA

d.KRA

You were issued a certificate on March 1st 2015 for your secure Web server. The validity period is three years and the renewal period is four months. What is the earliest date you can renew this certificate? a.July 1, 2018 b.November 1, 2018 c.June 1, 2017 d.November 1, 2017

d.November 1, 2017

An administrator has attempted to change the forest functional level, but the attempt failed due to the failure of an FSMO role. Which FSMO role should be investigated? a.Infrastructure master b.RID master c.PDC emulator d.Schema master

d.Schema master

Which of the following is a self-signed certificate and identifies the AD RMS cluster? a.Machine certificate b.Client licensor certificate c.Rights account certificate d.Server licensor certificate

d.Server licensor certificate

Which of the following is a self-signed certificate and identifies the AD RMS cluster? a.Machine certificate b.Rights account certificate c.Client licensor certificate d.Server licensor certificate

d.Server licensor certificate

During garbage collection, what setting controls how long deleted objects remain within the database before such objects are completely removed? a.Object expiry date b.Remove by date c.Purge lifetime d.Tombstone lifetime

d.Tombstone lifetime

Which of the following is issued to users when they request access to a rights-protected document? a.Client licensor certificate b.A new claim c.Publishing license d.Use license

d.Use license

You have a network of Windows Server 2016 servers, and you wish to allow remote users the ability to access network applications from any device that supports a Web browser? a.Web Agents b.IIS Proxy Server c.Federation Service Proxy d.Web Application Proxy

d.Web Application Proxy

Which of the following is the international standard that defines a PKI and certificate formats? a.LDAP b.1394 c.802.3 d.X.509

d.X.509

What holds the log of Active Directory transactions or changes? a.edb.chk b.ntds.log c.aed.dit d.edb.log

d.edb.log

What type of replication scheme does Active Directory use to synchronize copies of most information in the Active Directory database? a.single master b.domain-wide c.flexible single master d.multimaster

d.multimaster

Which option below is not one of the three main methods for cleaning up metadata? a.Active Directory Users and Computers b.ntdsutil.exe c.Active Directory Sites and Services d.wbsadmin.exe

d.wbsadmin.exe

Which of the following is true about using IP in site links? (Choose all that apply.) a.It is synchronous b.It can't be used to replicate domain directory partitions c.RPC runs over IP d.It is asynchronous

a. It is synchronous c. RPC runs over IP

You have a network with three sites named SiteA, SiteB, and SiteC that are assigned the subnets 10.1.0.0/16, 10.2.0.0/16, and 10.3.0.0/16, respectively. You change the IP address of a domain controller in SiteB to 10.1.100.250/16. What should you do now? a.Right-click the computer object and click Check Replication Topology. b.Move the computer object of the domain controller in Active Directory Sites and Services to SiteA. c.Move the computer object in Active Directory Users and Computers to a new OU. d.Add the 10.1.0.0/16 subnet to SiteB and then force the replication topology to be recalculated.

b.Move the computer object of the domain controller in Active Directory Sites and Services to SiteA.

Why might it be a good idea to configure multiple domains in a forest? a.You need multiple schemas b.Need for differing account policies c.Access to Universal groups d.Easier access to resources

b.Need for differing account policies

By default, replication between DCs when no changes have occurred is scheduled to happen how often? a.Once per day b.Once per hour c.Once per week d.Never

b.Once per hour

What feature should you enable to prevent the sIDHistory attribute from being used to falsely gain administrative privileges in a trusting forest? a.Selective authentication b.SID filtering c.Fine-grained password policies d.Trust transitivity

b.SID filtering

What type of key is used in symmetric cryptography, must be known by both parties, and is used for both encryption and decryption? a.Public key b.Shared secret c.Ciphertext d.Private key

b.Shared secret

How is a computer's designated site determined, such that the computer is given a domain controller to request services from within the same site? a.Through GPOs b.Through subnets added to the site c.Through NPS policies d.Through computer OU information

b.Through subnets added to the site

When configuring a claims provider trust, what are the claims configured on? a.publishing license b.attribute store c.use license d.Web Application Proxy

b.attribute store

What assigned value represents the bandwidth of the connection between sites? a.metric b.cost c.log d.site

b.cost

Which of the following manages adding, removing, and renaming domains in the forest? a.operations master b.domain naming master c.schema master d.forest master

b.domain naming master

Which option will allow private keys to be locked away and then restored if the user's private key is lost? a.key restore b.key archival c.private key cloning d.key recovery

b.key archival

Within the NTDS folder, which file stores the main Active Directory database? a.edb.chk b.ntds.dit c.edbres00001.jrs d.ed.dit

b.ntds.dit

Select the RODC installation type where the domain administrator creates the RODC computer account in Active Directory, and then a regular user can perform the installation at a later time. a.selected installation b.staged installation c.deferred installation d.default RODC installation

b.staged installation

In a new partnership with XYZ Company, ABC company wants to share documents securely using Web-based applications. All communication must be secure, and document usage must be controlled. Both companies run Windows Server 2016 domains but must remain in separate forests. What can you implement to facilitate this partnership? a.Two-way transitive realm trusts b.Network Device Enrollment Services c.AD Federation Services and AD Rights Management Services d.AD Certificate Services and AD Lightweight Directory Services

c.AD Federation Services and AD Rights Management Services

Your company deals with highly confidential information, some of which is transmitted via email among employees. Some documents have been forwarded via email, making the documents more difficult to track. You want to be able to prevent employees from forwarding certain emails. What should you deploy? a.EFS b.AD CS c.AD RMS d.Web SSO

c.AD RMS

Which of the following usually includes the user's logon name, group memberships, and other user attributes in an AD FS-enabled network? a.Trust b.Resource c.Claim d.Classification

c.Claim


Related study sets

Child Care With Alteration in Intracranial Regulation/Neurologic Disorder

View Set

U2: La familia (avanzada-advanced)

View Set

Health Promotion and Maintenance 2

View Set

Legal and Ethical Issues -- test bank

View Set

Cardiovascular System: The Heart

View Set

Chapter 9: Early Childhood: Cognitive Development

View Set