Test 2

Ace your homework & exams now with Quizwiz!

What permission is given to the Enterprise Domain Controllers universal group on all GPOs by default, and grants permission to view settings and back up a GPO?

**Edit Settings

How often are computer and user policies applied after a user has logged into a computer?

**Every 60 minutes

Select the specific tab within the Group Policy Management Console that will allow you to view which policies affect a domain or OU and where the policies are inherited from.

**Group Policy Details

Settings under the User Configuration node affect what Registry key?

**HKEY_CURRENT_USER

What PowerShell cmdlet will link a GPO to a site, domain or OU?

**Restore-GPLink

What tool can be used to determine what policy settings would apply to a computer or user account if it were moved to a different container?

Group Policy Modeling

What is the default location of ADMX files?

%systemroot%\PolicyDefinitions

If the slow link detection policy is set at 0, what does this indicate?

**All links are considered slow links

By default, what policies will be downloaded and processed by a Group Policy client?

**No polices are downloaded and processed by default

Which of the following uses permissions to restrict objects from accessing a GPO?

**WMI filtering

Which policy below requires synchronous processing to ensure a consistent computing environment?

**Wired network policies

What holds the log of Active Directory transactions or changes?

**aed.dit **ntds.log

If you make changes to an existing GPO that's already linked in Active Directory, how fast the policy settings take effect?

As soon as the client downloads them

A Group Policy Template is stored in Active Directory.

FALSE

Group policy caching improves system startup speed because the cache is used during asynchronous background processing, which occurs when the system boots.

False

On a slow link, policies involving folder redirection are always processed.

False

The Backup Operators group is a group in local computers only.

False

By default, what policies will be downloaded and processed by a Group Policy client?

Changed polices only

How can a master server be configured to make a secondary server request zone transfers immediately after a zone change?

DNS notify

What policy is a GPO linked to the Domain Controllers OU and specifies the default policy settings for all domain controllers?

Default Domain Controllers Policy

d. Active Directory Services Repair (ADSR)

Directory Services Restore Mode (DSRM)

What Active Directory replication method makes use of remote differential compression (RDC)?

Distributed File System Replication (DFSR)

d. Advanced System Replication (ASR)

Distributed File System Replication (DFSR)

Select the FSMO role that is required to be online to facilitate the addition or removal of a domain controller:

Domain naming master

Select below the GPO permission that provides the ability to change existing settings, import settings, and enable or disable a GPO, but is not granted to any user by default.

Edit Settings

d. Configured

Enable Action Filters

GPOs set at the domain level should contain settings that you want to apply to all objects in the domain.

False

What defines which objects are affected by setting in a GPO?

GPO scope

An administrator needs to know which servers carry forest-wide roles. What PowerShell cmdlet can be used to display this information?

Get-ADForest

d. Show-ADServiceAccount

Get-ADServiceAccount

What tool can be used to determine what policy settings would apply to a computer or user account if it were moved to a different container ?

Group Policy Modeling

Settings in the Administrative Templates section of the User Configuration node affect what area of the registry?

HKEY_CURRENT_USER

Settings in the Administrative Templates section of the User Configuration node affect what area of the registry?​

HKEY_CURRENT_USER

The setting in Administrative Templates under User Configuration affect what section og the computer's registry?

HKEY_CURRENT_USER

Settings in the Computer Configuration node of Administrative Templates affect which registry key below?

HKEY_LOCAL_MACHINE

d. Users

IIS_IUSRS

Selecting the "Allow the connection if it is secure" option when creating a Windows firewall rule relies on what encryption protocol by default?

IPSec

Select below the command that is used to import setting from a backed-up GPO to an existing GPO:

Import-GPO

Select the command that is used to import settings from a backed-up GPO to an existing GPO.

Import-GPO

Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those objects in other domains?

Infrastructure master

d. Group Policy Object Editor

NOT Group Policy Management Editor

d. Groups

OUs

An Administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated?

PDC Emulator

d. Service Accounts console

PowerShell

d. Ticket Granting Ticket (TGT)

Service ticket

d. Service user account

Service user account

Which policy below requires synchronous processing to ensure a consistent computing environment?

Software installation policies

Command scripts are just a series of commands saved in a file with a .bat extension.

T

After running the Security Configuration and Analysis snap-in with a template, what does a checkmark in a green circle mean?

The Template Policy and current computer policy are the same

Group Policy updates can be forced using GPMC. What requirements exist for an administrator to be able to do this?

The computer accounts must be in a non-default created OU

What GPO policy will take precedence over all other GPO policies when they are being applied ?

The last policy applied takes precedence

What does the /target option do when used with the gpupdate command?

The option can specify whether computer or user policy settings should be updated

If a software package is assigned to a group of targeted computers via the Computer Configuration node, what happens?

The package installation is mandatory and begins the next time the computer starts

d. The structure should facilitate easier access to resources

The structure should facilitate easier access to resources

d. The service startup was changed to manual.

The user account password expired

Command scripts are just a series of commands saved in file with a .bat extension.

True

There are two types of GPO filtering: security filtering and _____ filtering.

WMI

Which of the following uses queries to select a group of computers based on certain attributes, and then applies or doesn't apply policies based on the query's results?

WMI filtering

​How can an administrator force the use of a specific version of an application using a GPO?

WMI filters

ADMX and ADML files are placed under what directory within Windows?

%systemroot%\PolicyDefinitions

What folder within the Computer Configuration node contains settings related to Event Viewer, File Explorer, Windows PowerShell, and Windows Update?

**Control Panel

What enables you to target specific users or computers based on criteria?

**User-Group targeting

d. .adlang

.adml

A transform file utilizes what file name extension?

.mst

d. Foreign Security Principals

Administrators

The standard DACL for package object assigns read permissions to what group by default?

Authenticated Users

d. Targeted

Basic

How can an administrator make a user template account easily recognizable?​

add a special character to the beginning of the template account name

What tool within Windows Server 2016 must be used in order to change the default auditing settings?

auditpol.exe

What does a blue exclamation point next to a domain mean within the GPMC utility?

inheritance is blocked

How does piping work on the command line?​

it's a way to send information to another command so it is easier to read

How are Active Directory objects added to special identity groups?​

membership in these groups is controlled dynamically by Windows, can't be viewed or changed manually, and depends on how an account accesses the OS

The default location for computer accounts that are created automatically after joining the domain can be changed using which command?​

redircmp

d. djoin OU

redircmp.exe

​A response to an iterative query in which the address of another name server is returned to the requester

referral

​What different types of objects can be members of a distribution group?

regular user accounts and contacts

d. script

script

When data within a zone changes, what information in the SOA record changes to reflect that the zone information should be replicated?​

serial number

d. modifyspn

setspn

​An explicit "allow" permission will override an inherited "deny" permission.

true

​The MX record type is used to designate mail exchangers, or mail servers for e-mail.

true

​Install-IADPzone

​Add-DnsServerPrimaryZone

How should an administrator test the functionality of DNS operation on a domain controller, as well as troubleshoot issues with DNS forwarders, delegation, dynamic updates, and record registration?​

​Using dcdiag /test:dns

d. %systemroot%\Policies

%systemroot%\PolicyDefinitions

The folders containing Group Policy Templates (GPTs) can be found under what folder on a domain controller?

%systemroot%\SYSVOL\sysvol\domain\Policies

Permission inheritance can be configured such that permissions are only inherited by specific types of child object types.

...

An administrative template file using what file extension provides a language specific user interface in the Group Policy Management Editor?

.adml

An administrative template file using what file extension provides a language-specific user interface in the Group Policy management editor?

.adml

Security templates make use of the _________ file extension.​

.inf

A transform file utilizes what file name extension ?

.mst

You can customize MSI file installation by using a transform file, which uses the _____ extension.

.mst

d. .mst

.mst

What command option for the dnscmd command lists all zones on the server?

/enumzones

The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon ?

/sync

The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon?

/sync

When applying GPOs in order, what policies take precedence?

1. local policies 2. site-linked GPOs 3. Domain-linked GPOs 4. OU-linked GPOs

By default, how many pervious logons are cached locally to a computer ?

10

By default, how many previous logons are cached locally to a computer?

10

By default, how many previous logons are cached locally to a computer?​

10

d. 5

10

d. 7

10

how often does garbage collection run on a DC?

12 hours

Each Group Policy Object is assigned a globally unique identifier (GUID) of what length?

128 bits

​Each Group Policy Object is assigned a globally unique identifier (GUID) of what length?

128 bits

The default setting for a ​secondary zone's refresh interval is how many minutes?

15 minutes

GPC replication between domain controllers in the same site occurs at about what interval after a change has been made by default?

15 seconds

How often is the password for a computer account changed by Active Directory?​

30 days

d. 15 days

30 days

Under password policies, what is the default maximum passward sag?

42 days

d. 42 days

42 days

d. 70 minutes

5 minutes

A slow link, by default, is a network connection that's less than which of the following?

500 Kbps

A slow link, by default, is a network connection that's less than which of the following ?

500 kbps

A slow link, by default, is a network connection that's less than which of the following?

500 kbps

A slow link, by default, is a network connection that's less than:

500 kbps

The Windows 8 and Windows Server 2012 operating systems have an operating system version number of :

6.2

By Default what is the maximum period during which a TGT can be renewed?

7 Days

d. 4 characters

7 characters

d. 7 days

7 days

?

?

d. ?

?

If an application is published through User Configuration's Software Settings, what happens?

A link to install the application is placed in Control Panel's Programs and Features (Vista/Server 2008) or Add/Remove programs (XP)

What DNS record type is used for an IPv6 host record?​

AAAA

d. Account lockout duration

Account lockout threshold

​A primary or stub zone with the DNS database stored in an Active Directory partition rather than a text file.

Active Directory-integrated zone

d. Add-WindowsFeature AD-Services

Add-WindowsFeature AD-Domain-Services

XML format text files that define policies in the Administrative Templates folder in a GPO.

Administrative template files

What policy setting can be used to force synchronous processing?

Always wait for the network at computer startup and logon

d. Anonymous logon

Anonymous logon

What type of application can be installed automatically when the user logs on to a computer in the domain?

Assigned

The standard DACL for a package object assigns read permissions to what group by default?

Authenticated Users

d. Anonymous Logon

Authenticated Users

d. Domain Admins

Authenticated Users

When does Active Directory Online Defragmentation occur? (Written Answer.)

Automatically when A.D. removes deleted objects and frees space in the database, but doesn't compact the database. (Performs Garbage Collection.)

What option under the folder redirection settings redirects everyone's folder to the same location?

Basic

Which of the following are ways to change default GPO inheritance? (Choose all that apply.)

Blocking inheritance

What folder is selected by default for scanning when using the Automatically Generate Rules option ​in creating AppLocker policies?

C:\Program Files

d. C:\Documents and Settings

C:\Users\logonname

What type of DNS record is used to contain an alias for another record, allowing for the use of different names for the same host?​

CNAME record

What policy setting can be used to force synchronous processing?

Change Group Policy processing to run asynchronously when a slow network connection is detected Always wait for the network at computer startup and logon

By default, what policies will be downloaded and processed by a Group Policy client?

Changed policies only

GPOs set at the domain level should contain settings that you want to apply to all objects in the domain.

Changed policies only

To find a full list of policies and preferences than can have background processing disabled, where should you look?

Computer Configuration\Policies\Administrative Templates\System\Group Policy

To find a full list of policies and preferences that can have background processing disabled, where should you look?

Computer Configuration\Policies\Administrative Templates\System\Group Policy

Under the Computer Configuration, which folder contains settings related to the Regional and Language Options, User Accounts, and Personalization options?

Control Panel

Under the Computer Configuration, which folder contains settings related to the Regional and Language Options, User Accounts, and Personalization options?

Control panel

What assigned value represents the bandwidth of the connection between sites?

Cost

Once Active Directory has been installed, a default site is created. What is the name for this site?

DEFAULTIPSITELINK

Once Active Directory has been installed, a default site link is created. What is the name of this site link?

DEFAULTIPSITELINK

Which server role below can't be installed on a server that will be cloned?

DHCP

d. Universal groups that are members of other universal groups can be converted to domain local groups

Domain local groups can be converted to universal, the domain local group must not contain other domain local groups

Select below the FSMO role that is a forest-wide FSMO role:

Domain naming master

Select below the FSMO role that is required to be online to facilitate the addition or removal of a domain controller:

Domain naming master

Select the GPO permission that provides the ability to change existing settings, import settings, and enable or disable a GPO, but is not granted to any user by default.

Edit Settings

Which of the following is not one of the criteria that can be used within a administrative templates filter ?

Enable Action Filters

How often are computer and user policies applied after a user has logged into a computer?

Every 90 Minutes

How often are computer and user policies applied after a user has logged into a computer?

Every 90 minutes

d. Every 60 minutes

Every 90 minutes

A site bridge is needed to connect two or more sites for replication.

F

Administrative template files are in HTML format, using the .admx extension.

F

Group policy caching improves system startup speed because the cache is used during asynchronous background processing, which occurs when the system boots.

F

The Backup Operators group is a group in local computers only.

F

The logical components of Active Directory are forests, domains, and sites.

F

A published application can be installed automatically.

False

By default, Subnets are created in Active Directory Sites and Services

False

GPOs set the domain level should contain settings that you want to apply to all object in the domain.

False

Intrasite replication occurs between bridgehead servers.

False

When a client wants to connect to a service, it finds the service based solely on the instance name.

False

The GPO policy defines which objects a GPO affects.

False; the GPO scope defines which objects a GPO affects

If a domain consists of DCs that are running verions of Windows Server earlier than Windows Server 2008, what replication method is used?

File Replication Service (FRS)

If a domain consists of DCs that are running versions of Windows Server earlier than Windows Server 2008, what replication method is used?

File Replication Service (FRS)

d. File Replication Service (FRS)

File Replication Service (FRS)

In order to increase security of data stored on an RODC, what can be configured to specify domain objects that aren't replicated to RODCs?

Filtered attribute sets

To increase security of data stored on an RODC, what can be configured to specify domain objects that aren't replicated to RODCs?

Filtered attribute sets

_____ is a feature that enables administrators to set policies that cause folders in a user's profile directory to be stored elsewhere, usually to a location on a server.

Folder Redirection

Which of these is something group policy templates and group policy containers have in common?

Folder Structure

The option to turn off background processing is not available for which type of policy below?

Folder redirection

What are the two Flexible Single Master Operation (FSMO) roles? (More than one answer.)

Forestwide and Domainwide

A method to alter the normal scope of a GPO and exclude certain objects from being affected by its settings

GPO Filtering

What can you use to restrict GPO inheritance to specific objects in an OU?

GPO Filtering

Select the term used to describe forcing inheritance of settings on all child objects in the GPO's scope, even if a GPO with conflicting settings is linked to a container at a deeper level.

GPO enforcement

Which of the following are ways to change default GPO inheritance? (Choose all that apply.)

GPO enforcement

What defines which objects are affected by settings in a GPO?

GPO scope

d. GPO template

GPO scope

The ____________ file contains version information that is used to determine when a GPO has been modified, and is used during replication to determine if a local copy of a GPO is up to date.​

GPT.INI

What PowerShell Cmdlet will allow an administrator to check for software that is incompatible with the cloning process?

Get-ADDCCloningExcludedApplicationList

An administrator needs to know which servers carry forest wide roles. What Powershell Cmdlet can be used to display this information?

Get-ADForest

d. Global catalog partition

Global catalog partition

A GPO component that's an Active Directory object stored in the System\Policies folder.

Group Policy Container

Select the specific tab within the Group Policy Management Console that will allow you to view which policies affect a domain or OU and where the policies are inherited from.

Group Policy Inheritance

Settings in the Computer Configuration node of Administrative Templates will impact which registry key below?

HKEY_LOCAL_MACHINE

Settings under the User Configuration node affect what Registry key?

HKEY_LOCAL_USER

Settings under the the User Configuration node affect what Registry key?

HKEY_LOCAL_USER

d. HKEY_CURRENT_USER

HKEY_LOCAL_USER

When configuring Software Restriction policies, you can create exceptions to the default rule. One of the four ways of identifying an application as an exception to the default rule is by use of a _____, which is a digital fingerprint of the application file, based on the file attributes.

Hash

What DC is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?

Infrastructure master

Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those object in other domains?

Infrastructure master

What would you use to prevent GPOs linked to parent container from affecting child container?

Inheritance Blocking

What enables one to target specific users or computers based on criteria?

Item-Level Targeting

What enables you to target specific users or computers based on criteria?

Item-level Targeting

What enables you to target specific users or computers based on criteria?

Item-level targeting

d. Item-level targeting

Item-level targeting

d. TACACS

Kerberos

d. Kerberos Authentication Gateway

Key Distribution Center

What component of Kerberos is responsible for storing keys for encrypting and decrypting data in the authentication process?

Key Distribution Center (KDC)

Select the GPO state where the GPO is in the Group Policy Objects folder but hasn't been linked to any container objects.

Link status: unlinked

Select below the option that is not one of the three built-in service accounts.

Local Operator

In what order are Group Policy Objects applied?​

Local policies, site-linked GPOs, domain-linked GPOs, OU-linked GPOs

What mode of the Resultant Set of Policy (RSoP) snap-in produces a database of policy results that you browse in a similar manner to using the Group Policy Management Editor?

Logging

d. Logging into servers that are marked as "Down" in Server Manager

Logging into older Windows OSs or using older Windows applications

What could you use to make user policy settings be based on the GPO within whose scope the computer object falls?

Loopback policy processing

A(n) _____ file is a collection of files packaged into a single file and contains the instructions Windows Installer needs to install the application correctly.

MSI

d. Maximum tolerance for computer

Maximum lifetime for service ticket

d. distribution group with global scope

NOT distribution group with global scope

d. instance name

NOT service protocol name

Within the Computer Configuration node, what folder can be used to change settings related to the Background Intelligent Transfer Service, DNS settings, and offline files configuration?

Network

If the Windows Firewall is enabled, how are rules applied when multiple network connections are available?​

Network Location Awareness

What PowerShell cmdlet will link a GPO to a site, domain or OU?

New-GPLink

By default, replication between DCs when no changes have occurred is scheduled to happen how often?

Once per hour

What nodes or folders does a Starter GPO contain?

Only Administrative Templates folder in both Computer Configuration and User Configuration

d. The global catalog facilitates domain log ons between forests

Only one global catalog exists per forest

An administrator has received a call indicating that user logons are no longer being accepted within a single domain in the forest. What FSMO role should be investigated?

PDC emulator

The RID master FSMO role is ideally placed on the same server as what other role?

PDC emulator

d. Domain naming master

PDC emulator master

Fine-grained password policies are created by defining a...

Password Settings Object

Select below the policy permission that grants a user or group the ability to use the GPO Modeling Wizard on a target container.

Perform Group Policy Modeling Analyses

Select below the policy permission that grants a user or group the ability to use the GPO Modeling Wizard on a target container.

Perform Group Policy Modeling analyses

Select below the policy permission that grants a user or group the ability to use the GPO Modeling Wizard on a target container:

Perform Group Policy Modeling analyses

Which tab in the Group Policy Results window shows all events in Event Viewer that are generated by group policies, and can be used to view the relevant information on a remote computer?

Policy Events

Within the Security Configuration and Analysis snap-in, what does an exclamation point in a white circle indicate?

Policy doesn't exist on the computer

Within the Security Configuration and Analysis snap-in, what does an exclamation point in a white circle indicate?

Policy doesn't exist on the computer.

Which tab in the Group Policy Results window shows all events in Event Viewer that are generated by group policies, and can be used to view the relevant information on a remote computer?

Policy events

Which tab in the Group Policy Results window shows all log entries that are related to and generated by group policies, and can be used to view the relevant information on a remote computer?

Policy events

​When creating a new rule type in the New Inbound (or Outbound) rule Wizard, what rule type can be used for built-in Windows services?

Predefined

​What RFC defines the DNS resource record types?

RFC 1183

What permission is given to the Enterprise Domain Controllers universal group on all GPOs by default, and grants permission to view settings and back up a GPO ?

Read

What permission is given to the Enterprise Domain Controllers universal group on all GPOs by default, and grants permission to view settings and back up a GPO?

Read

What is the name for a domain controller on which changes can't be written?

Read only domain controller

What is the name of a domain controller on which changes can't be written?

Read only domain controller

What is the name of a DC on which changes can't be written?

Read-Only Domain Controller

The _____________ cmdlet within PowerShell can be used to rename an object in Active Directory.​

Rename-ADObject

Timestamps within Kerberos are used to help guard against what type of attack?

Replay Attack

What policy allows an administrator to control the membership of both domain groups and local groups on member computers?

Restricted Groups

d. Restricted Groups

Restricted Groups

What policy allows an administrator to control the membership of both domain groups and local groups on member computers?

Restricted groups

A ____________ contains PTR records that map IP addresses to names and is named after the IP network address of the computers whose records it contains.

Reverse Lookup Zone

What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data?

SYSVOL

If a central store for policy definition files has been created, where should the PolicyDefinitions folder reside?

SYSVOL folder

d. SYSVOL folder

SYSVOL folder

d. System folder

SYSVOL folder

An administrator has attempted to change the forest functional level, but the attemps failed due to the failure of an FSMO role. Which FSMO role should be investigated?

Schema master

An administrator has attempted to change the forest functional level, but the attempt failed due to the failure of an FSMO role. Which FSMO role should be investigated?

Schema master

Which of the following is a series of commands saved in a text file to be repeated easily at any time ?

Script

Which of the following is a series of commands saved in a text file to be repeated easily at any time?

Script

The __________ command can be used to perform many of the same functions as the Security Configuration and Analysis snap-in, and can be used in conjunction with batch files and scripts to automate work with security templates.​

Secedit.exe

d. Local Administrator Account

Security Accounts Manager

​A local account is stored in the __________________ database on the local computer.

Security Accounts Manager (SAM)

Which of the following are text files with a .inf extension that contain information for defining policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO?

Security Templates

What are the two different types of GPO filtering?​

Security filtering and WMI filtering

Which of the following are text files with a .inf extension that contain information for defining policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO?

Security templates

d. Policies templates

Security templates

When a client computer wants to connect to a service instance, what specific name type does it use to find the service?

Service Principal name

Which PowerShell cmdlet below can be used to set permissions for a security principal to a GPO or to all GPOs?

Set-GPPermission

Which Powershell cmdlet below can be used to set permissions for security principal to a GPO or to all GPOs?

Set-GPPermission

In the User Configuration node, where can policies that determine whether a user can publish DFS root folders in Active Directory?

Shared Folders

d. System

Shared Folders

If the slow link detection policy is set at 0, what does this indicate?

Slow link detection is disabled

If the slow link detection policy is set to 0, what does this indicate?

Slow link detection is disabled

Which policy below requires sychronous processing to ensure a consistent computing environment?

Software installation policies

In the Computer Configuration node, what folder contains policies than can be used to affect general computer system operation settings, such as disk quotas and group policy processing?

System

What Security Settings Policy Manages the startup mode and security settings of services on target computers?

System Services

What Security Settings Policy manages the startup mode and security settings of services on target computers?

System Services

What Security Settings policy manages the startup mode and security settings of services on target computers?

System Services

d. Security Services

System Services

A delegated installation allows a domain administrator to create the RODC computer account in Active Directory, so a that a regular user can perform the installation at a later time.

T

A loopback policy can be used to change user policy settings based on the GPO within whose scope a computer object falls.

T

A migration table is a list of security principals and UNC paths in a GPO that can be mapped to the security principals and UNC paths in the destination domain.

T

An Active Directory snapshot is a replica of the Active Directory database at a specific moment.

T

Authentication efficiency, replication efficiency, and application efficiency are the three main reasons for establishing multiple sites

T

GPO enforcement is configured on a GPO, not on an Active Directory container.

T

GPOs set at the domain level should contain settings that you want to apply to all objects in the domain.

T

If you want to create a security template using a baseline of settings from an existing desktop computer or server, you can begin by opening secpol.msc.

T

When working with policies in the Security Configuration and Analysis snap-in, what does an X in a red circle indicate?

Template Policy and Current Computer policy dont match

A policy setting within the Security Configuration and Analysis snap-in with a question mark in a white circle indicates which option below?

Template policy and current computer policy don't match

When working with policies in the Security Configuration and Analysis snap-in, what does an X in a red circle mean?

Template policy and current computer policy don't match

d. The message is considered valid, but an alert is generated for an administrator

The Kerberos message is considered invalid

d. The Logon Hours forces a user to log off during "Logon denied" periods

The Logon Hours can't be used to disconnect a user that is already logged in

d. The domain structure must provide easy management capabilities

The domain structure must be able to utilize different name identities

The responsible person section of an SOA record contains what information?

The e-mail address of the responsible person

What GPO policy will take precedence over all other GPO policies when they are being applied?

The last policy applied takes precedence

d. The resource must have proper permissions set for ComputerName$, where ComputerName is the name of the computer attempting to access the resource.

The resource must have proper permissions set for ComputerName$, where ComputerName is the name of the computer attempting to access the resource.

After running the Security Configuration and Analysis snap-in with a template, what does a check mark in a green circle mean?

The template policy and current computer policy are the same

d. The policy is available and current

The template policy and current computer policy are the same

After running the Security Configuration and Analysis snap-in with a template, what does an "X" in a red circle on a template policy indicate?

The template policy and current computer policy do not match

After running the Security Configuration and Analysis snap-in with a template, what does an "X" in a red circle on a template policy indicate?​

The template policy and current computer policy do not match

Approximately 42 days after a service was configured to use a normal user account, the service has stopped working and refuses to run. An administrator has verified that the account still exists on the domain. Assuming default domain policy settings, what could be the issue

The user account password Expired

How is a Computer's Designated Site determined, such that the Computer is given a Domain Controller to request services from within the same site?

Through Subnets added to the site.

How is a computer's designated site determined, such that the computer is give a domain controller to request services from within the same site?

Through subnets added to the site

During garbage collection, what setting controls how long deleted objects remain within the database before such objects are completely removed?

Tombstone lifetime

A delegated installation allows a domain administrator to create the RODC computer account in Active Directory, so that a regular user can perform the installation at a later time

True

The Restricted Groups Policy, under security settings, controls group membership for both domain groups and local SAM groups

True

The Restricted Groups policy, under Security Settings, Controls group membership for both domain groups and local SAM groups

True

User Account Control policies determine what happens on a computer when a user attempts to perform an action that requires elevation.

True

You can configure a firewall with the Group Policy tool or on a client computer.

True

How can the output of a command be redirected to a file instead of being displayed on screen?​

Type the > character followed by the file name at the end of the command

What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's change by another policy or manually?

Unmanaged policy setting

What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy manually?

Unmanaged policy setting

What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy or manually?

Unmanaged policy setting

d. Unmanaged policy setting

Unmanaged policy setting

What is the easiest way to make policies in a new new branch office similar to those already in place?

Use GPO migration by adding the domains with the policies you want to GMPC, and then copy and paste them.

d. Use the Disable-ADAccount cmdlet

Use the dsmod user command

The _____________ policies determine what happens on a computer when a user attempts to perform an action that requires elevation.

User Account Control

Which of the following uses queries to select a group of computers based on certain attributes, and then applies or doesn't apply policies based on the query's results?

WMI filerting

When DNS forwarders or conditional forwarders are configured, what order will a Windows DNS server use to attempt to resolve DNS queries?​

When DNS forwarders or conditional forwarders are configured, what order will a Windows DNS server use to attempt to resolve DNS queries?​

What folder within the Computer Configuration node contains settings related to Event Viewer, File Explorer, Windows PowerShell, and Windows Update?

Windows Components

d. Windows Server 2012 or higher

Windows Server 2008 R2 or higher

What subnode under Security Settings applies to wireless network policies?

Wireless Network (IEEE 802.11) Policies

What is the difference between a managed policy setting and an unmanaged policy setting?​

a managed policy setting is applied to a user or computer when the object is in the scope of the GPO containing the setting. An unmanaged policy setting is persistent, meaning it remains even after the computer or user object falls out of the GPO's scope until it is changed by another policy or manually.

​These XML format text files define policies in the Administrative Templates folder ina GPO.

administrative template files

​Although the hosts file is no longer used for localhost name resolution, what else can the hosts file be used for?

as a sort of web filter

What type of application can be installed automatically when the user logs on to a computer in the domain?

assigned

What is the potential security risk of utilizing a naming standard for user accounts?​

attackers can guess usernames easily and gain unauthorized access to the network

How can an administrator remove all audit policy subcategories so that auditing is controlled only by Group Policy?

auditpol /clear

d. auditpol /remove

auditpol /clear

What tool within Windows Server 2012/R2 must be used in order to change the default auditing settings?

auditpol.exe

​What tool within Windows Server 2012/R2 must be used in order to change the default auditing settings?

auditpol.exe

A DNS server that holds a complete copy of a zone's resource records (typically a primary or secondary zone)​

authoritative server

Which of the answers below is not a valid scripting language supported by Scripts (Startup/Shutdown) subnode.

bash scripts

Why might an organization want a single DNS server to make all external queries?​

because network security can be enhanced by limiting exposure to the internet. Because a single server is making all the queries to internet domains, overall DNS performance can be enhanced because the server builds an extensive cache of internet names

A DNS server with no zones. Its sole job is to field DNS queries, do recursive lookups to root servers, or send requests to forwarders, and then cache the results.​

cachine-only DNS server

What components make up an object's distinguished name (DN)?

common name; common name; organizational unit; domain component

​An Active Directory object that usually represents a person for informational purposes only, much like an address book entry.

contact

d. automatic

custom

What command below can be used to reset the default GPOs to their original settings?

dcgpofix

The process of a user with higher security privileges assigning authority to perform certain tasks to a user with lesser security privileges.​

delegation of control

d. delegation of control

delegation of control

What are the two different ways that responsibility for an OU can be delegated to a non-administrator user?

delegation of control wizard or AD users and computers

Network zone

developer

Which of the following is not one of the four different ways an application can be designated as an exception to a ​Software Restriction Policy?

developer

d. partition

directory service

A group type used when you want to group users together, mainly for sending e-mails to several people at once with an Active Directory integrated e-mail application, such as Mcirsoft Exchange.​

distribution group

Group Policy Objects stored in Active Directory on domain controllers.

domain GPOs

​Group Policy Objects stored in Active Directory on domain controllers. They can be linked to a site, a domain, or an OU and affect users and computers whose accounts are stored in these containers.

domain GPOs

A group scope that's the main security principal recommended for assigning rights and permissions to domain resources​

domain local group

A process that occurs when a user attempts to perform an action requiring administrative rights and is prompted to enter credentials​

elevation

How often does garbage collection run on a DC?

every 12 hours

Local GPOs can affect all computers within a local domain.

false

The Microsoft best practice recommendation is to modify the two default GPOs in a domain for making password policy changes.

false

The security configuration and analysis Snap-in can not be used to apply a security template to a computer/

false

The use of WINS forward lookup is enabled by default.​

false

What are the two flexible single master operation (FSMO) roles? (Choose all that apply.)

forest wide, domain wide

A DNS server to which other DNS servers send requests they can't resolve themselves.​

forwarder

d. database

global catalog

​A group scope used mainly to group users from the same domain who have similar access and rights requirements.

global group

An A record used to resolve the name in an NS record to its IP address.​

glue A record

What command can be used to perform tasks similar to those in Group Policy Results Wizard and the Resultant Set of Policy snap-in?

gpresults

d. gpupdate /refresh

gpupdate /force

d. application service account

group managed service account

A GPO component that's an Active Directory object stored in the System\Policies folder.​

group policy container (GPC)

A GPO component that's stored as a set of files in the SYSVOL share.​

group policy template (GPT)

​The _____________ determines the reach of a group's application in a domain or forest: which security principals in a forest can be group members and to which forest resources a group can be assigned rights or permissions.

group scope

d. multimaster

intrasite

In the New Connection Security Rule Wizard, which connection security rule restricts connections based on authentication criteria, such as domain membership or health status?

isolation

When creating a custom Applocker rule, how does the file hash option work?

it creates a rule for an unsigned application

If a GPO's link status is "disabled", what affect does this have on the GPO?​

it disables the policy for the users in the domain who are in the scope of the GPO

A Group Policy Object that's stored on local computers and can be edited by the Group Policy Object Editor snap-in.

local GPOs

A group created in the local SAM database on a member server or workstation or a stand-alone computer​

local group

d. local, site, OU, domain

local, site, domain, OU

​A type of group policy setting whereby the setting on the user or computer account reverts to its original state when the object is no longer in the scope of the GPO containing the setting.

managed policy setting

What type of replication scheme does Active Directory use to synchronize copies of most information in the Active Directory database?

multimaster

d. nesting

nesting

A Windows feature for configuring each network connection on your computer with on of three settings, called profiles: Domain Profile, Private Profile, and Public profile.​

network location awareness

Within the NTDS folder, which file stores the main Active Directory database?

ntds.dit

Using ______________, a computer joining the domain doesn't have to be connected to the network when the join occurs.​

offline domain join

d. linked password settings

password settings object

​Sending the output of one command as input to another command

piping

A DNS zone containing a read/write master copy of all resource records for the zone; this zone is authoritative for the zone.​

primary zone

​Of the three different zone types, what type of zone contains a read/write master copy of all resource records for the zone?

primary zone

​An internal DNS server with a forward lookup zone named "." is configured as a ___________.

root server

___________ load balancing using DNS works by creating two A records with the same hostname, but different IP addresses, which point any queries for the hostname to multiple hosts running the same service.

round robin

What command can be used to convert an XML policy file into a GPO?

scwcmd.exe

​A DNS zone containing a read-only copy of all resource records for the zone.

secondary zone

Which of the following uses permissions to restrict objects from accessing a GPO?

security filtering

​A group type that's the main Active Directory object administrators use to manage network resource access and grant rights to users.

security groups

Which of the following are text files with a .inf extension that contain information for defining policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO?

security templates

In the New Connection Security Rule Wizard, what option can be used to set up a rule that requires authentication between two computers, between IP subnets, or between a specific computer and a group of computers in a subnet?​

server-to-server

OU-linked policies are applied last so they take precedence over which policies? (Choose all that apply.)

site

When a user leaves a company, why is it preferable to disable the user rather than delete the user?​

so that all the user's files are still accessible and all group memberships are maintained

Select the RODC installation type where the domain administrator creates the RODC computer account in Active Directory, and then a regular user can perform the installation at a later time.

staged installation

A GPO template that can be used as a baseline for creating new GPOs, much like user account templates.

starter GPO

A DNS zone containing a read-only copy of only the zone's SOA and NS records and the necessary A records to resolve NS records.​

stub zone

If a user is created without a password and the domain's password policy requires a non-blank password, what is the result?​

the user account is disabled

What is a conditional forwarder used for?​

they are used to resolve IP addresses to the FQDN for DNS servers that are authoritative.

​What does a NS record specify?

they specify FQDNs and IP addresses of authoritative server for zone

How are Group Policy Objects linked to Active Directory?​

through AD containers

d. session stamp

timestamp

A zone that is not integrated into Active Directory is referred to as a standard zone, and the zone data is stored in a text file.​

true

DNS recursion is enabled on Windows DNS servers by default.​

true

DNS servers maintain a database of information that contains zones.​

true

GPOs linked to a site object can facilitate IP address based policy settings.​

true

Information within an OU can be hidden using permissions, and administration of an OU can be delegated to a non-administrative account.​

true

Using a "Deny Read" permission on a GPO enables the creation of an exception to normal GPO processing.​

true

When creating a new user, the "User must change password at next logon" option is enabled by default.​

true

​A Group Policy Container (GPC) stores GPO properties and status information, but no actual policy settings.

true

d. schema

trust relationship

​A group scope that can contain users from any domain in the forest and be assigned permission to resources in any domain in the forest

universal group

When utilizing roaming profiles, what should be done to minimize logon/logoff delays and reduce bandwidth used by uploading / downloading profile data?​

use folder redirection

d. cloned user

user template

​A userr account that's copied to create users with common attributes

user template

How can an administrator initiate a system state recovery using the command line?

wbadmin start systemstaterecovery

Which option below is not one of the three main methods for cleaning up metadata?

wbsadmin.exe

A GPO filtering method that uses Windows Management Instrumentation (WMI), a Windows technology for gathering management information about computers.​

wmi filtering

​An operation that copies all or part of a zone from one DNS server to another and occurs as the result of a secondary server requesting the transfer from another server.

zone transfer

The hosts file is contained within what directory in Windows?​

​%systemroot%\System32\drivers\etc

By default, the Windows password policy requires a minimum password of what length?​

​7 characters

A valid comma separated value file that can be imported using csvde must have what option below on the first line?

​A header record

What special identity group is used when a user accesses an FTP server that doesn't require user account logon?​

​Anonymous logon

Which special identity group specifically includes any user account (except the Guest) logged into a computer or domain with a valid username and password?

​Authenticated Users

A user's profile is stored in what directory on a local computer by default?​

​C:\Users

​What Active Directory replication method makes use of remote differential compression (RDC)?

​Distributed File System Replication (DFSR)

​What is the most typically used group type conversion?

​Distribution group -> security group

Which of the following options can an administrator enable to improve DNS security?

​Do not allow dynamic updates

​Select below the built-in group that facilitates anonymous access to web resources by Internet Information Services

​IIS_IUSRS

Remote computers attempting to connect to the local computer are examples of what type of connection?

​Inbound connections

Who is responsible for the management of the Internet root servers?

​Internet Assigned Numbers Authority (IANA)

What is a downlevel user logon name used for?​

​Logging into older Windows OSs or using older Windows applications

Under the Computer Configuration of a GPO, what folder within the "Windows Settings" folder contains policies that can be used to manage network bandwidth use?​

​Policy-based QoS

Which of the following statements is not true regarding the built-in Administrator account?​

​The Administrator account can't be renamed, but it can be deleted.

Which of the following statements is true regarding the built-in Guest account?

​The Guest account should be renamed if it will be used

Logon hours can be set for specific days of the month, as well as holidays

​The Logon Hours can't be used to disconnect a user that has already logged in

​In a zone's Properties dialog box, what option is unavailable under Dynamic updates for only standard zones?

​The Secure only option

​After a template account has been created, what can be done to ensure that the template account does not pose a security risk?

​The account should be disabled

How can an administrator enable or disable accounts using the command line?​

​Use the dsmod user command

When creating a new user, the "User cannot change password" option can't be used in conjunction with what other option?​

​User must change password at next logon

​What is the difference between static and dynamic DNS records?

​What is the difference between static and dynamic DNS records?

​How can an administrator remove all audit policy subcategories so that auditing is controlled only by Group Policy?

​auditpol /clear

Which Windows command line utility below can be used to check for resource records on a server, verify delegations, verify resource records needed for AD replication, and perform e-mail connectivity tests?​

​dnslint

​A valid reverse lookup zone consists of the network ID's octets in reverse order, with what at the end of the name?

​in-addr.arpa

​Where can all ADMX and ADML files be found on a Windows Server 2008 or Vista and later computer?

​​%systemroot%\PolicyDefinitions

The folders containing Group Policy Templates (GPTs) can be found under what folder on a domain controller?

​​%systemroot%\SYSVOL\sysvol\​domain​\Policies

What Active Directory replication method makes use of remote differential compression (RDC)?

**Advanced System Replication (ASR)

Which of the following are text files with a .inf extension that contain information for defining policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO?

**Configuration templates

If a domain consists of DCs that are running versions of Windows Server earlier than Windows Server 2008, what replication method is used?

**Distributed File System Replication (DFSR)

What command below can be used to reset the default GPOs to their original settings?

**dcrevertgpo **dcgporeset

What type of replication scheme does Active Directory use to synchronize copies of most information in the Active Directory database?

**domain-wide **flexible single master

When a GPO is linked to a site object, what will be affected?

All users and computers physically located at the site

Which server role below cannot be installed on a domain controller that will be cloned?

DHCP

Which of the following is not one of the criteria that can be used within an administrative templates filter?

Enable Action Filters

A GPO component that's an Active Directory object stored in the System\Policies folder. It stores GPO properties and status information but no actual policy settings.

Group Policy Container (GPC)

What is used to identify all objects in a domain?

SID

Because the GPC and GPT use different replication methods, they can become out of sync.

TRUE

A domain controller clone is a replica of an existing DC.

True

A loopback policy can be used to change user policy settings based on the GPO within whose scope a computer object falls.

True

A migration table is a list of security principals and UNC paths in a GPO that can be mapped to the security principals and UNC paths in the destination domain.

True

Authentication efficiency, replication efficiency, and application efficiency are the three main reasons for establishing multiple sites.

True

Before you can install an RODC, the forest functional level must be at least Windows Server 2003.

True

Local GPOs are edited with the gpedit.msc tool.

True

What Security Settings policy manages the startup mode and security settings of services on target computers?

**Security Services **Restricted Services

Under the Computer Configuration, which folder contains settings related to the Regional and Language Options, User Accounts, and Personalization options?

**System

If a central store for policy definition files has been created, where should the PolicyDefinitions folder reside?

**System32 folder

What are the two flexible single master operation (FSMO) roles? (Choose all that apply.)

**Systemwide **Objectwide

Within the Security Configuration and Analysis snap-in, what does an exclamation point in a white circle indicate?

**Template policy and local policy don't match **Template policy and computer policy are the same

What does the /target option do when used with the gpupdate command?

**The option can be used to specify a remote computer to force policy updates

How can an administrator remove all audit policy subcategories so that auditing is controlled only by Group Policy?

**auditpol /remove

Which of the following are ways to change default GPO inheritance? (Choose all that apply.)

**blocking enforcement **GPO enforcement

Which option below is not one of the three main methods for cleaning up metadata?

**ntdsutil.exe

What type of application can be installed automatically when the user logs on to a computer in the domain?

**published **selected

Which of the following manages adding, removing, and renaming domains in the forest?

**schema master

What tool within Windows Server 2016 must be used in order to change the default auditing settings?

**secpol.exe

Select the RODC installation type where the domain administrator creates the RODC computer account in Active Directory, and then a regular user can perform the installation at a later time.

**selected installation **deferred installation

By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely?

180 days

With universal group membership caching, how often is the cached information on group membership refreshed?

Every 8 hours

To find a full list of policies and preferences that can have background processing disabled, where should you look?

**Computer Configuration\Policies\Administrative Templates\Group Policy **User Configuration\Policies\Administrative Templates\System\Group Policy

Settings in the Computer Configuration node of Administrative Templates will impact which registry key below?

**HKEY_CURRENT_USER

What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy or manually?

**Managed policy setting

What option under the folder redirection settings redirects everyone's folder to the same location?

**Open

Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those objects in other domains?

**PDC emulator

What DC is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?

**RID Master **schema master

What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data?

**Root

Select the FSMO role that is required to be online to facilitate the addition or removal of a domain controller:

**Schema master

The option to turn off background processing is not available for which type of policy below?

**Scripts processing **Disk quota

The account lockout threshold contains a value between 0 and 1,000 that determines how many times a user's password can be entered incorrectly before the user's password must be reset by an administrator.

FALSE

A site bridge is needed to connect two or more sites for replication.

False

Active Directory metadata describes the actual Active Directory data, not the Active Directory database.

False

Administrative template files are in HTML format, using the .admx extension.

False

By default, subnets are created in Active Directory Sites and Services

False

When you back up a GPO, the policy settings are backed up, but not the security filtering settings, delegation settings, and WMI filter links.

False

An administrator has received a call indicating that some users are having difficulty logging on after a password change. Which FSMO role should be investigated?

PDC emulator

You can see a GPO's DACL in Active Directory Users and Computers in the System\Policies folder.

True

What PowerShell cmdlet will allow an administrator to check for software that is incompatible with the cloning process?

Get-ADDCCloningExcludedApplicationList

What command can be used to cause a group policy refresh remotely on Windows Vista and later clients?

Invoke-GPUpdate

What is a major drawback to enabling the auditing of object access?

Involves considerable overhead

Which of these is not a new GPO in Windows Vista and Server 2008?

Local Computers GPO

d. trusted delegation

constrained delegation

Which of the following manages adding, removing, and renaming domains in the forest?

domain naming master

d. dsmod

dsquery

Computers can utilize _____________ to register or update their own DNS records, or DHCP can update DNS on behalf of the clients when the clients lease a new IP address.​

dynamic DNS (DDNS)

What holds the log of Active Directory transactions or changes?

edb.log

Settings in local GPOs that are inherited from domain GPOs can't be changed on the local computer; only settings that are undefined or not configured by domain GPOs can be edited locally.

TRUE

When working with policies in the Security Configuration and Analysis snap-in, what does an X in a red circle indicate?

Template policy and current computer policy don't match

How is a computer's designated site determined, such that the computer is given a domain controller to request services from within the same site?

Through subnets added to the site

Command scripts are just a series of commands saved in a file with a .bat extension.

True

GPO enforcement is configured on a GPO, not on an Active Directory container.

True

If you want to create a security template using a baseline of settings from an existing desktop computer or server, you can begin by opening secpol.msc.

True

The Group Policy Results wizard will show administrators which policy settings apply only to a user, computer, or both.

True

The folders containing Group Policy Templates (GPTs) can be found under what folder on a domain controller?

**%systemroot%\domain\Policies

An administrative template file using what file extension provides a language specific user interface in the Group Policy Management Editor?

**.admx

The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon?

**/full **/wait

By default, how many previous logons are cached locally to a computer?

**5

How often does garbage collection run on a DC?

**6 hours

Each Group Policy Object is assigned a globally unique identifier (GUID) of what length?

**64 bits **32 bits

To increase security of data stored on an RODC, what can be configured to specify domain objects that aren't replicated to RODCs?

**Bridgehead server

What policy setting can be used to force synchronous processing?

**Change Group Policy processing to run asynchronously when a slow network connection is detected

Which PowerShell cmdlet below can be used to set permissions for a security principal to a GPO or to all GPOs?

**Chmod-GPO

What policy allows an administrator to control the membership of both domain groups and local groups on member computers?

**Domain Groups

A published application is installed automatically.

FALSE

The Security Configuration and Analysis Snap-in can not be used to apply a security template to a computer.

False

A slow link, by default, is a network connection that's less than which of the following?

**500 Mbps

What assigned value represents the bandwidth of the connection between sites?

cost

Which of the following is a series of commands saved in a text file to be repeated easily at any time?

script


Related study sets

Design of Database Systems- Test 1 T/F Questions

View Set

1. Introduction to Analysis of Risk

View Set

SCM 301 Chapter 8: Lean and Six Sigma in the Supply Chain

View Set

Case Analysis: Herman Miller's Sustainable Values

View Set

American History The New Nation 2 The Three Branches of Government

View Set

Chapter 30: Basic Pediatric Nursing Care [Cooper and Gosnell: Foundations and Adult Health Nursing, 7th Edition]

View Set

AP United States History Chapter 7

View Set