Quiz 1-9

Ace your homework & exams now with Quizwiz!

ADMX and ADML files are placed under what directory within Windows?

%systemroot%\PolicyDefinitions

The folders containing Group Policy Templates (GPTs) can be found under what folder on a domain controller?

%systemroot%\SYSVOL\sysvol\domain\Policies

An administrative template file using what file extension provides a language specific user interface in the Group Policy Management Editor?

.adml

A transform file utilizes what file name extension?

.mst

On a Windows Server 2016, what is the default CRL publication interval?

1 week

An authenticated user can add up to how many computer accounts to the domain, by default?

10

By default, how many previous logons are cached locally to a computer?

10

How often does garbage collection run on a DC?

12 hours

Each Group Policy Object is assigned a globally unique identifier (GUID) of what length?

128 bits

What is the schedule for non-urgent intrasite replication?

15 seconds after any change occurs, with a 3-second delay between partners

By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely?

180 days

How often is the password for a computer account changed by Active Directory?

30 days

The Default Domain Policy sets the maximum password age to what value?

42 days

By default, the maximum tolerance for computer clock synchronization is set to what value?

5 minutes

How often are Group Policy Objects updated on domain controllers?

5 minutes

A slow link, by default, is a network connection that's less than which of the following?

500 Kbps

By default, what is the maximum period during which a TGT can be renewed?

7 days

A partition stored on a domain controller in the HQ site isn't being replicated to other sites, but all other partitions on domain controllers in the HQ site are being replicated. The problem partition is stored on multiple domain controllers in HQ. What should you investigate as the source of the problem?

A manually configured bridgehead server

In a new partnership with XYZ Company, ABC company wants to share documents securely using Web-based applications. All communication must be secure, and document usage must be controlled. Both companies run Windows Server 2016 domains but must remain in separate forests. What can you implement to facilitate this partnership?

AD Federation Services and AD Rights Management Services

Your company deals with highly confidential information, some of which is transmitted via email among employees. Some documents have been forwarded via email, making the documents more difficult to track. You want to be able to prevent employees from forwarding certain emails. What should you deploy?

AD RMS

Which of the following is used to map attributes from the claims provider to claims attributes acceptable to the relying party?

Acceptance transform rules

Select the Account Lockout Policy item that determines how many failed logins can occur on an account before the account is locked.

Account lockout threshold

Which of the following is the company whose users are accessing resources from another company?

Account partner

What feature, once activated, can not be disabled without reinstalling all domain controllers within a forest?

Active Directory Recycle Bin

What PowerShell cmdlet below will install the Active Directory Domain Services role?

Add-WindowsFeature AD-Domain-Services

What folder under Policies within the Computer Configuration Node of a GPO contains the Control Panel, Network, Printers, System, and Windows Component folders?

Administrative Templates

When a GPO is linked to a site object, what will be affected?

All users and computers physically located at the site

What policy setting can be used to force synchronous processing?

Always wait for the network at computer startup and logon

What Active Directory directory partition holds the DNS database?

Application directory partition

Which type of cryptography provides the most security?

Asymmetric cryptography

In which LDAP-compatible database are claims values stored?

Attribute store

The standard DACL for a package object assigns read permissions to what group by default?

Authenticated Users

Which feature was first introduced with Windows Server 2012 R2, and are new Active Directory containers to which authentication policies can be applied to restrict where high-privilege user accounts can be used in the domain?

Authentication Policy silos

What option under the folder redirection settings redirects everyone's folder to the same location?

Basic

How can an administrator test an MSA to ensure that it can access the domain with its current credentials, or can be installed on a member computer?

By using the Test-ADServiceAccount cmdlet

A server configured for Web enrollment is referred to as which of the following?

CA Web proxy

Which of the following best describes an attribute of a certificate that identifies where the CRL for a CA can be retrieved?

CRL distribution point

What tool can a user use to request certificates that are not configured for autoenrollment?

Certificates snap-in

By default, what policies will be downloaded and processed by a Group Policy client?

Changed policies only

To find a full list of policies and preferences that can have background processing disabled, where should you look?

Computer Configuration\Policies\Administrative Templates\System\Group Policy

You have several marketing documents that are published through AD RMS. However, you have three new marketing employees that require additional training before they should be able to access these documents. These employees should have all other rights and permissions as members of the Marketing group. What should you do to prevent these users from accessing these rights-protected documents?

Configure a user exclusion policy in AD RMS

What is the last step, just before you review the relying party trust information, in the Add Relying Party Trust Wizard?

Configure an access control policy

What is created automatically by the KCC and allows the configuration of replication between sites?

Connection object

You have a forest with three trees and twelve domains. Users are complaining that access to resources in other domains is slow. You suspect the delay is caused by authentication referrals. What can you do to mitigate the problem?

Create a shortcut trust

Your company has purchased another company that also uses Windows Server 2016 and Active Directory. Both companies need to be able to access each other's forest resources. How can you achieve this goal with the least administrative effort?

Create a two-way forest trust

All your domain controllers are running Windows Server 2016 in a new forest. What should you check if GPT replication is not occurring correctly?

DFSR

You need to allow your network technician to view the RMS logs and reports, but no additional permissions should be granted to this technician. What can you do?

Delegate the AD RMS Auditor role

Which of the following is created using a hash algorithm and can be used to verify the authenticity of a document?

Digital signature

An administrator has discovered that several critical parts of Active Directory have been deleted. What boot mode can be used to perform restoration?

Directory Services Restore Mode (DSRM)

What Active Directory replication method is more efficient and reliable?

Distributed File System Replication

What Active Directory replication method makes use of remote differential compression (RDC)?

Distributed File System Replication (DFSR)

What is the most typically used group type conversion?

Distribution group -> security group

Select the true statement regarding the conversion of group scope:

Domain local groups can be converted to universal, the domain local group must not contain other domain local groups

Select below the FSMO role that is a forest-wide FSMO role:

Domain naming master

Select the FSMO role that is required to be online to facilitate the addition or removal of a domain controller:

Domain naming master

What can you install on a Windows Server 2016 server that can scan documents and apply rights policy templates automatically based on resource properties?

FSRM

Which AD DS design should you use if you want your design to support business-to-business relationships where the account federation server validates credentials and no Active Directory trust is created?

Federated Web SSO

If a domain consists of DCs that are running versions of Windows Server earlier than Windows Server 2008, what replication method is used?

File Replication Service (FRS)

To increase security of data stored on an RODC, what can be configured to specify domain objects that aren't replicated to RODCs?

Filtered attribute sets

The option to turn off background processing is not available for which type of policy below?

Folder redirection

What is the first domain installed in a forest called?

Forest root

Select the term used to describe forcing inheritance of settings on all child objects in the GPO's scope, even if a GPO with conflicting settings is linked to a container at a deeper level.

GPO enforcement

What defines which objects are affected by settings in a GPO?

GPO scope

What PowerShell cmdlet will allow an administrator to check for software that is incompatible with the cloning process?

Get-ADDCCloningExcludedApplicationList

An administrator needs to know which servers carry forest-wide roles. What PowerShell cmdlet can be used to display this information?

Get-ADForest

Select the specific tab within the Group Policy Management Console that will allow you to view which policies affect a domain or OU and where the policies are inherited from.

Group Policy Inheritance

What tool can be used to determine what policy settings would apply to a computer or user account if it were moved to a different container?

Group Policy Modeling

Settings in the Computer Configuration node of Administrative Templates will impact which registry key below?

HKEY_LOCAL_MACHINE

Settings under the User Configuration node affect what Registry key?

HKEY_LOCAL_USER

Select the built-in group that facilitates anonymous access to web resources by Internet Information Services

IIS_IUSRS

Select the command that is used to import settings from a backed-up GPO to an existing GPO.

Import-GPO

Select the operations master role responsible for ensuring that changes made to object names in one domain are updated in references to the object in other domains.

Infrastructure master

What DC is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?

Infrastructure master

Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those objects in other domains?

Infrastructure master

Which of the following is the first step to allow third-party devices to perform device registration to access domain resources from the Internet?

Install a certificate from a third-party CA

Which of the following is responsible for assigning a bridgehead server to handle replication for each directory partition?

Inter-Site Topology Generator

Which type of CA in the three-level hierarchy is sometimes referred to as a policy CA and issues certificates to issuing CAs?

Intermediate

What command can be used to cause a group policy refresh remotely on Windows Vista and later clients?

Invoke-GPUpdate

What enables you to target specific users or computers based on criteria?

Item-level targeting

For intrasite replication, what component builds a replication topology for DCs in a site and establishes replication partners?

KCC

You want to configure automatic key archival to ease the burden of managing backup of private keys. What role must you assign to at least one trusted user in the organization?

KRA

What specific authentication protocol used in a Windows domain environment to authenticate logons and grant accounts access to domain resources?

Kerberos

What component of Kerberos is responsible for storing keys for encrypting and decrypting data in the authentication process?

Key Distribution Center

Select the GPO state where the GPO is in the Group Policy Objects folder but hasn't been linked to any container objects.

Link status: unlinked

What mode of the Resultant Set of Policy (RSoP) snap-in produces a database of policy results that you browse in a similar manner to using the Group Policy Management Editor?

Logging

What is a downlevel user logon name used for?

Logging into older Windows OSs or using older Windows applications

What is issued by the root cluster and contains a computer's public key when an AD RMS application is used?

Machine certificate

What setting specifies how long a service ticket can be used before a new ticket must be requested to access the resource for which the ticket was granted?

Maximum lifetime for service ticket

After you install AD CS, you want to begin issuing certificates for the encrypting file system. What should you do first?

Modify a certificate template

You have a network with three sites named SiteA, SiteB, and SiteC that are assigned the subnets 10.1.0.0/16, 10.2.0.0/16, and 10.3.0.0/16, respectively. You change the IP address of a domain controller in SiteB to 10.1.100.250/16. What should you do now?

Move the computer object of the domain controller in Active Directory Sites and Services to SiteA.

You have a number of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your devices?

NDES role service

Why might you need to configure multiple forests?

Need for different schemas

Why might it be a good idea to configure multiple domains in a forest?

Need for differing account policies

What PowerShell cmdlet will link a GPO to a site, domain or OU?

New-GPLink

Which service provided by a PKI ensures that a party in a communication can't dispute the validity of the transaction?

Nonrepudiation

You were issued a certificate on March 1st 2015 for your secure Web server. The validity period is three years and the renewal period is four months. What is the earliest date you can renew this certificate?

November 1, 2017

What is the primary container object for organizing and managing resources in a domain?

OUs

By default, replication between DCs when no changes have occurred is scheduled to happen how often?

Once per hour

Which statement is true regarding the global catalog?

Only one global catalog exists per forest

Select the operations master role that is responsible for providing backward compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers.

PDC emulator master

Select below the policy permission that grants a user or group the ability to use the GPO Modeling Wizard on a target container.

Perform Group Policy Modeling analyses

What configuration tool must be used to create and manage MSAs?

PowerShell

Which of the following contains a list of users and specifies what the users can do with a rights-protected document?

Publishing license

What is the name of a domain controller on which changes can't be written?

Read only domain controller

Which of the following hosts resources that are made available to the account partner?

Relying party

Which of the following is created on the AD FS server that acts as the claims provider in an AD FS deployment?

Relying party trust

What is used to identify all objects in a domain?

SID

What feature should you enable to prevent the sIDHistory attribute from being used to falsely gain administrative privileges in a trusting forest?

SID filtering

What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data?

SYSVOL

If a central store for policy definition files has been created, where should the PolicyDefinitions folder reside?

SYSVOL folder

Select the specific Windows folder that is a shared folder containing file-based information that is replicated to other domain controllers.

SYSVOL folder

An administrator has attempted to change the forest functional level, but the attempt failed due to the failure of an FSMO role. Which FSMO role should be investigated?

Schema master

Which of the following choices is one of the two forest-wide FSMO roles?

Schema master

What specific database stores local user accounts on local computers, and allows users to sign in to and access resources only on the computer where the account resides?

Security Accounts Manager

Which type of ticket below is requested by an account when it wants to access a network resource, such as a shared folder?

Service ticket

Which of the following choices is not one of the three user account types defined in Windows Server 2016?

Service user account

What PowerShell cmdlet can be used to begin transferring your existing Windows Server 2012 R2 server to a secondary server when upgrading AD FS.

Set-AdfsSyncProperties

Which PowerShell cmdlet below can be used to set permissions for a security principal to a GPO or to all GPOs?

Set-GPPermission

What type of key is used in symmetric cryptography, must be known by both parties, and is used for both encryption and decryption?

Shared secret

Which component of a site makes a site link transitive?

Site link bridge

Your network is configured in a hub-and-spoke topology. You want to control the flow of replication traffic between sites, specifically reducing the traffic across network links between hub sites to reach satellite sites. What should you configure?

Site link bridges

If the slow link detection policy is set at 0, what does this indicate?

Slow link detection is disabled

What type of certificate enrollment issues certificates that users can use to log on to a system by entering a PIN?

Smart card enrollment

What can you do if you notice that a DC failed to register its service records?

Stop and start the Netlogon service.

Before you configure a forest trust, what should you configure to ensure you can contact the forest root of both forests from both forests?

Stub zones

What Security Settings policy manages the startup mode and security settings of services on target computers?

System Services

Which of the following statements is true regarding the built-in Guest account?

The Guest account should be renamed if it will be used

Using default settings, if a computer's clock differs more than 5 minutes than a Kerberos message's timestamp, what happens?

The Kerberos message is considered invalid

Which statement is true regarding the use of the Logon Hours option under a user's account?

The Logon Hours can't be used to disconnect a user that is already logged in

After a template account has been created, what can be done to ensure that the template account does not pose a security risk?

The account should be disabled

What GPO policy will take precedence over all other GPO policies when they are being applied?

The last policy applied takes precedence

What does the /target option do when used with the gpupdate command?

The option can specify whether computer or user policy settings should be updated

If using virtual accounts to access the network, how are permissions added to a network resource to allow the virtual account access?

The resource must have proper permissions set for ComputerName$, where ComputerName is the name of the computer attempting to access the resource.

Under what circumstances would a multi-domain structure not be an ideal choice?

The structure should facilitate easier access to resources

Approximately 42 days after a service was configured to use a normal user account, the service has stopped working and refuses to run. An administrator has verified that the account still exists on the domain. Assuming default domain policy settings, what could be the issue?

The user account password expired

If an employee leaves a company, what should happen to any certificates held by that employee that was issued by the company's PKI?

They should be put on the CRL

How is a computer's designated site determined, such that the computer is given a domain controller to request services from within the same site?

Through subnets added to the site

How can the output of a command be redirected to a file instead of being displayed on the computer's screen?

Type the > character followed by the file name

What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy or manually?

Unmanaged policy setting

You run a PKI that has issued tens of thousands of certificates to hundreds of thousands of clients. You have found that the traffic created when clients download the CRL is becoming excessive. What can you do to reduce the traffic caused by clients downloading the CRL?

Use a Delta CRL

Which of the following is issued to users when they request access to a rights-protected document?

Use license

How can an administrator enable or disable accounts using the command line?

Use the dsmod user command

Two users, UserA and UserB, are engaging in secure communication using only asymmetrical encryption. UserA needs to send a secure message to UserB. What occurs first?

UserB sends UserA UserB's public key

You have a network of Windows Server 2016 servers, and you wish to allow remote users the ability to access network applications from any device that supports a Web browser?

Web Application Proxy

What folder within the Computer Configuration node contains settings related to Event Viewer, File Explorer, Windows PowerShell, and Windows Update?

Windows Components

In order to use the Active Directory Recycle Bin, all DCs in the forest must be running at least what Windows Server operating system?

Windows Server 2008 R2

Which of the following is NOT a feature of AD RMS?

Workplace Join

Which of the following is the international standard that defines a PKI and certificate formats?

X.509

What type of application can be installed automatically when the user logs on to a computer in the domain?

assigned

How can an administrator remove all audit policy subcategories so that auditing is controlled only by Group Policy?

auditpol /clear

What tool within Windows Server 2016 must be used in order to change the default auditing settings?

auditpol.exe

What option limits the delegation to specific services running on specific computers?

constrained delegation

What type of task can be defined to allow you fine-grained control over the management tasks a user can perform in an OU?

custom

Select the term used to describe the process, within the context of Active Directory, that allows a person with higher security privileges to assign authority to a person of lesser security privileges to perform certain tasks.

delegation of control

What feature allows non domain-joined devices to access claims-based resources securely?

device registration

Which of the following is the primary identifying and administrative unit in Active Directory?

domain

Which of the following manages adding, removing, and renaming domains in the forest?

domain naming master

What holds the log of Active Directory transactions or changes?

edb.log

What Windows servers are the only domain controllers that hold universal group membership information?

global catalog

In order to force a computer to immediately download and apply all group policies, what command should be run?

gpupdate /force

What type of account provides the same functions as managed service accounts but can be managed across multiple servers as in a server farm or a load-balancing arrangement?

group managed service account

Which of the following is not a security principal that can be assigned permissions?

groups

What type of Active Directory replication takes place between domain controllers in the same site?

intrasite

Which option will allow private keys to be locked away and then restored if the user's private key is lost?

key archival

What type of replication scheme does Active Directory use to synchronize copies of most information in the Active Directory database?

multimaster

What process makes one group a member of another group?

nesting

What Active Directory object enables an administrator to configure password settings for users or groups that are different from those defined in a GPO linked to the domain?

password settings object

The default location for computer accounts that are created automatically after joining the domain can be changed using which command?

redircmp.exe

Which command shows you detailed information about replication status, including information on each partition?

repadmin /showrepl

An Active Directory object's security settings are composed of three components, what term is used to refer to these three components?

security descriptor

When you first create a group, what is the default setting that is applied?

security group with global scope

When a client computer wants to connect to a service instance, what specific name type does it use to find the service?

service principal name

Which of the following defines Active Directory objects and their attributes and can be changed by an administrator or an application to best suit the organization's needs?

single schema

Select the RODC installation type where the domain administrator creates the RODC computer account in Active Directory, and then a regular user can perform the installation at a later time.

staged installation

What CAs interact with clients to field certificate requests and maintain the CRL?

subordinate CAs

Select the term that is a record of the time a message is sent and is used in Kerberos to determine a message's validity and prevent replay attacks.

timestamp

In Active Directory, what defines how security principals from one domain can access network resources in another domain?

trust relationship

Which of the following is a user account that is copied to create users with common attributes?

user template

How can an administrator initiate a system state recovery using the command line?

wbadmin start systemstaterecovery


Related study sets

Informative Essay Vocabulary Terms

View Set

BIO141: MasteringBio - Chapter 5

View Set

Chapter 11 video quizzes and reading quiz

View Set

NAEMT All Hazards Disaster Response - BIF

View Set

English 2 Honors 1st semester final

View Set

Lab #11: Spinal Cord, Spinal Nerves and Cranial Nerves

View Set