Win Admin Ch 6-9
On a Windows Server 2016, what is the default CRL publication interval?
1 week
By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely
180 Days
Which of the following is the company whose users are accessing resources from another company?
Account partner
Which feature was first introduced with Windows Server 2012 R2, and are new Active Directory containers to which authentication policies can be applied to restrict where high-privilege user accounts can be used in the domain?
Authentication Policy silos
Select below the FSMO role that is a forest-wide FSMO role
Domain naming master
Group conversion facilitates migrating user accounts from one domain to another.
False
If your domain includes Windows Server 2003 or older DCs, it's using DFSR to replicate SYSVOL.
False
The intermediate CA is the most critical and is the server typically configured for offline operation.
False
Which type of CA in the three-level hierarchy is sometimes referred to as a policy CA and issues certificates to issuing CAs?
Intermediate
For intrasite replication, what component builds a replication topology for DCs in a site and establishes replication partners?
KCC
You have a number of Cisco routers and switches that you wish to secure using IPsec. You want IPsec authentication to use digital certificates. You already have a PKI in place using Certificate Services on Windows Server 2016. What should you install to secure your devices?
NDES role service
Which of the following contains a list of users and specifies what the users can do with a rights-protected document?
Publishing license
What is the name of a domain controller on which changes can't be written?
Read only domain controller
What feature should you enable to prevent the sIDHistory attribute from being used to falsely gain administrative privileges in a trusting forest?
SID filtering
What folder contains group policy templates, logon/logoff scripts, and DFS synchronization data?
SYSVOL
Which of the following is a self-signed certificate and identifies the AD RMS cluster?
Server licensor certificate
What type of key is used in symmetric cryptography, must be known by both parties, and is used for both encryption and decryption?
Shared secret
Before you configure a forest trust, what should you configure to ensure you can contact the forest root of both forests from both forests?
Stub zones
During garbage collection, what setting controls how long deleted objects remain within the database before such objects are completely removed?
Tombstone lifetime
A Web Application Proxy server needs two NICS installed to function correctly.
True
A delegated installation allows a domain administrator to create the RODC computer account in Active Directory, so a that a regular user can perform the installation at a later time.
True
AD FS is designed to work over the public Internet with a Web browser interface.
True
Adding a subdomain is a common reason for expanding an Active Directory forest.
True
Authentication efficiency, replication efficiency, and application efficiency are the three main reasons for establishing multiple sites.
True
Before you can install a DC running a newer Windows Server version in an existing forest with a lower functional level, you must prepare existing DCs with the adprep.exe command-line program,
True
Device registration is a feature that allows non domain-joined devices to access claims-based resources securely.
True
Intrasite replication occurs between bridgehead servers.
True
Multi-factor authentication means users must authenticate with more than one device.
True
Remote Desktop Gateway applications are a convenient way for organizations to make applications available to users without having to install the application on every user's computer.
True
The PowerShell cmdlet "Restore-CARoleService" restores the CA database and all private key data.
True
The repadmin /replicate command causes replication of a specified partition from one DC to another.
True
Users can request certificates that aren't configured for autoenrollment by using the Certificates snap-in.
True
When a full backup or system state backup is performed on a CA server, the certificate store is backed up along with other data.
True
You run a PKI that has issued tens of thousands of certificates to hundreds of thousands of clients. You have found that the traffic created when clients download the CRL is becoming excessive. What can you do to reduce the traffic caused by clients downloading the CRL?
Use a Delta CRL
Which of the following is true about the domain functional level?
You can have different functional levels within the forest
What are are conditions that determine what attributes are required in a claim and how claims are processed by the federation server?
claim rules
Which of the following manages adding, removing, and renaming domains in the forest?
domain naming master
Which option will allow private keys to be locked away and then restored if the user's private key is lost?
key archival
Which option below is not one of the three main methods for cleaning up metadata
wbsadmin.exe