NOS.230. Mid-Term

Ace your homework & exams now with Quizwiz!

By default, how many previous logons are cached locally to a computer?

10

A service ticket by default lasts for how long?

10 hours

Each Group Policy Object is assigned a globally unique identifier (GUID) of what length?

128 bits

How often is the password for a computer account changed by Active Directory?

30 days

Select the Account Lockout Policy item that determines how many failed logins can occur on an account before the account is locked.

Account lockout threshold

By default, what policies will be downloaded and processed by a Group Policy client?

Changed policies only

What Active Directory replication method makes use of remote differential compression (RDC)?

DFSR (Distributed File System Replication)

What policy is a GPO linked to the Domain Controllers OU and specifies the default policy settings for all domain controllers?

Default Domain Controller Policy

A contact is an Active Directory object that usually represents a person for informational and security purposes.

False

A managed service account (MSA) enables administrators to manage rights and permissions for services but with strict manual password management policies.

False

Administrative template files are in HTML format, using the .admx extension.

False

For security reasons, it's best to delete an account that will be inactive for an extended period.

False

Security Principals define which resources users can access and what level of access they have.

False

The Backup Operators group is a group in local computers only.

False

The directory partition holds configuration information that can affect the entire forest, such as details on how domain controllers should replicate with one another.

False

The recommended minimum number of Active Directory domain controllers in a domain environment is three.

False

What Windows servers are the only domain controllers that hold universal group membership information?

GC global catalog

Select the term used to describe forcing inheritance of settings on all child objects in the GPO's scope, even if a GPO with conflicting settings is linked to a container at a deeper level.

GPO enforement

What defines the objects that a Group Policy Object affects?

GPO scope

Select below the option that is not one of the three built-in service accounts.

Local Operator

What mode of the Resultant Set of Policy (RSoP) snap-in produces a database of policy results that you browse in a similar manner to using the Group Policy Management Editor?

Logging

What policy allows an administrator to control the membership of both domain groups and local groups on member computers?

Restricted Groups

Select the specific Windows folder that is a shared folder containing file-based information that is replicated to other domain controllers.

SYSVOL folder

Which type of ticket below is requested by an account when it wants to access a network resource, such as a shared folder?

Service ticket

Which PowerShell cmdlet below can be used to set permissions for a security principal to a GPO or to all GPOs?

Set-GPPermission

Which of the following statements is not true regarding the built-in Administrator account?

The Administrator account can be deleted

A batch file is a text file that is used to enter a command or series of commands normally typed at the command prompt.

True

A loopback policy can be used to change user policy settings based on the GPO within whose scope a computer object falls

True

A service account is a user account that Windows services use to log on to a computer or domain with a specific set of rights and permissions

True

Account policies are set in the Local Security Policy MMC on computers that aren't domain members.

True

Account policies set in GPOs linked to an OU containing computer accounts affect only local user accounts defined in the computer's SAM database.

True

GPOs set at the domain level should contain settings that you want to apply to all objects in the domain.

True

If you want to create a security template using a baseline of settings from an existing desktop computer or server, you can begin by opening secpol.msc.

True

Local GPOs are edited with the gpedit.msc tool.

True

Schema attributes define what type of information is stored in each object, such as first name, last name, and password for a user account object.

True

The Group Policy Results wizard will show administrators which policy settings apply only to a user, computer, or both.

True

The Knowledge Consistency Checker (KCC) runs on every DC to determine the replication topology.

True

The Restricted Groups policy, under Security Settings, Controls group membership for both domain groups and local SAM groups.

True

What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy or manually?

Unmanaged policy setting

When creating a new user, the "User cannot change password" option can't be used in conjunction with what other option?

User must change password at next logon

Which of the following uses queries to select a group of computers based on certain attributes, and then applies or doesn't apply policies based on the query's results?

WMI filtering

In order to use the Active Directory Recycle Bin, all DCs in the forest must be running at least what Windows Server operating system?

Windows Server 2008 R2

When you back up a GPO, the policy settings are backed up, but not the security filtering settings, delegation settings, and WMI filter links.

false

What Active Directory directory partition holds the DNS database?

not Application directory partition

Which of the following is not a security principal that can be assigned permissions?

not OU

An Active Directory object's security settings are composed of three components, what term is used to refer to these three components?

security descriptor

Which of the following uses permissions to restrict objects from accessing a GPO?

security filtering

When a client computer wants to connect to a service instance, what specific name type does it use to find the service?

service principal name

User accounts created in Active Directory are referred to as domain user accounts.

true

Select the term used to describe the process, within the context of Active Directory, that allows a person with higher security privileges to assign authority to a person of lesser security privileges to perform certain tasks.

delegation of control


Related study sets

This is Philosophy Chapters 1 & 2, Philosophy Final exam

View Set

Behavioral Science - Olfaction and Gustation

View Set

Operations management chapter 13

View Set

Level 1 Class 1 అ "a" and ఆ "aa" words(padamulu)

View Set