NOS-230: Units 6-9
On a Windows Server 2016, what is the default CRL publication interval?
1 week
How often does garbage collection run on a DC?
12 hours
In a new partnership with XYZ Company, ABC company wants to share documents securely using Web-based applications. All communication must be secure, and document usage must be controlled. Both companies run Windows Server 2016 domains but must remain in separate forests. What can you implement to facilitate this partnership?
AD Federation Services and AD Rights Management Services
Your company deals with highly confidential information, some of which is transmitted via email among employees. Some documents have been forwarded via email, making the documents more difficult to track. You want to be able to prevent employees from forwarding certain emails. What should you deploy?
AD RMS
What tool can a user use to request certificates that are not configured for autoenrollment?
Certificates snap-in
What is created automatically by the KCC and allows the configuration of replication between sites?
Connection object
What feature allows non domain-joined devices to access claims-based resources securely?
Device registration
A tree can consist of a single domain or a parent domain and child domains, which cannot have child domains of their own.
False
Active Directory metadata describes the actual Active Directory data, not the Active Directory database.
False
Applications that are not claims-aware can't be used in an AD FS deployment.
False
Intrasite replication occurs between bridgehead servers.
False
Online Responder used to issue certificates to network devices, such as routers and switches.
False
Primary authentication is not required for all users who access applications that use AD FS.
False
The federated Web SSO with forest trust design is most often used in business-to-employee relationships.
False
The intermediate CA is the most critical and is the server typically configured for offline operation.
False
The logical components of Active Directory are forests, domains, and sites.
False
Version 5 templates allow customization of most certificate settings and permit autoenrollment.
False
With AD FS preauthentication, client requests for the application are sent via a proxy server to the application server.
False
Which of the following is responsible for assigning a bridgehead server to handle replication for each directory partition?
Inter-Site Topology Generator
Which type of CA in the three-level hierarchy is sometimes referred to as a policy CA and issues certificates to issuing CAs?
Intermediate
You have a number of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your devices?
NDES role service
Why might it be a good idea to configure multiple domains in a forest?
Need for differing account policies
What features should you configure if you want to limit access to resources by users in a trusted forest, regardless of permission settings on these resources?
Selective authentication
Which of the following is a self-signed certificate and identifies the AD RMS cluster?
Server licensor certificate
What type of certificate enrollment issues certificates that users can use to log on to a system by entering a PIN?
Smart card enrollment
A delegated installation allows a domain administrator to create the RODC computer account in Active Directory, so a that a regular user can perform the installation at a later time.
True
A domain controller clone is a replica of an existing DC.
True
Authentication efficiency, replication efficiency, and application efficiency are the three main reasons for establishing multiple sites.
True
Before you can install a DC running a newer Windows Server version in an existing forest with a lower functional level, you must prepare existing DCs with the adprep.exe command-line program,
True
Multi-factor authentication means users must authenticate with more than one device.
True
The repadmin /replicate command causes replication of a specified partition from one DC to another.
True
Universal groups allow administrators to assign rights and permissions to forest-wide resources to users from any domain.
True
Which of the following manages adding, removing, and renaming domains in the forest?
domain naming master
Which option below is not one of the three main methods for cleaning up metadata?
wbsadmin.exe
Which type of cryptography provides the most security?
Asymmetric cryptography
CA Administrator approves requests for certificate enrollment and revocation.
False
If your domain includes Windows Server 2003 or older DCs, it's using DFSR to replicate SYSVOL.
False
Intrasite replication takes place between DCs in two or more sites.
False
Remote Desktop Gateway applications are a convenient way for organizations to make applications available to users without having to install the application on every user's computer.
True
What assigned value represents the bandwidth of the connection between sites?
cost