Final Flashcards by Victor Mendez

What service does Dynamic Host Configuration Protocol (DHCP) provide?

Resolves web addresses to IP addresses
Resolves NetBIOS names to host names
Configures the IP address and other TCP/IP settings on network computers
Blocks unsolicited inbound traffic from entering the network perimeter

Configures the IP address and other TCP/IP settings on network computers

How well did you know this?

Not at all

Perfectly

For DHCP address allocation, by how much is network traffic reduced related to periodic lease renewal messages when switching from dynamic allocation to automatic allocation?

Dynamic address allocation does not require periodic lease renewal messages.
None, because both address allocation methods require periodic lease renewal messages
50 percent because automatic allocation cuts the periodic messages in half
100 percent because dynamic address allocation requires periodic lease renewal messages whereas automatic does not

100 percent because dynamic address allocation requires periodic lease renewal messages whereas automatic does not

How well did you know this?

Not at all

Perfectly

What is the first packet sent to a DHCP server when a computer boots up?

DHCPINFORM
DHCPDISCOVER
DHCPOFFER
DHCPACK

DHCPDISCOVER

How well did you know this?

Not at all

Perfectly

How does a DHCP client communicate which offered IP address it will accept from which DHCP server?

The client sends a DHCPREQUEST message to the server.
The client selects the closest server and beeps audibly to accept the offer.
The client sends a DHCPACK message to all servers with the IP address of the chosen DHCP server.
The client sends a DHCPREQUEST message to all servers with the IP address of the chosen DHCP server.

The client sends a DHCPREQUEST message to all servers with the IP address of the chosen DHCP server.

How well did you know this?

Not at all

Perfectly

What is the default lease period for DHCP dynamic address allocation?

96 hours
3.5 days
4.5 days
8 days

8 days

How well did you know this?

Not at all

Perfectly

What are the advantages of using a distributed DHCP infrastructure?

Large convergence of network traffic
All the client/server network traffic is local, so minimal DHCP traffic on routers
Reduced administrative burden with fewer DHCP servers
Clients have ready access to DHCP servers

All the client/server network traffic is local, so minimal DHCP traffic on routers

Clients have ready access to DHCP servers

How well did you know this?

Not at all

Perfectly

Before a DHCP server can hand out addresses, which of the following steps must be completed? (Choose two answers.)

A DHCP scope must be created and activated.
Correct!
The DHCP server must be created and authorized.
The DHCP server must be put in the trusted list on the client computers.
The DHCP server must be installed by an Enterprise Administrator.

A DHCP scope must be created and activated.

The DHCP server must be created and authorized.

How well did you know this?

Not at all

Perfectly

Which of the following steps must be completed in order to do ensure a network printer is assigned the same address through the DHCP server?

Create a reservation in the DHCP scope.
Create an exclusion in the DHCP scope.
Create a special scope on the DHCP server.
Define the DHCP server on the client in the Advanced TCP/IP Advanced Settings.

Create a reservation in the DHCP scope.

How well did you know this?

Not at all

Perfectly

What kinds of servers should NOT be DHCP clients?

Servers on a subnet outside the broadcast domain of the DHCP server
DHCP servers
Domain controllers, Internet web servers, and DHCP servers
DHCP relay agents

Domain controllers, Internet web servers, and DHCP servers

How well did you know this?

Not at all

Perfectly

What is the key benefit of DHCP manual IP address allocation over manually configuring the IP address by person?

The DHCP server then contains a centralized list of permanently assigned addresses.
The DHCP server might pass on more information than just an IP address.
This prevents accidental duplication of permanently assigned IP addresses.
This manually assigned address is officially known as a reservation.

This prevents accidental duplication of permanently assigned IP addresses.

How well did you know this?

Not at all

Perfectly

What are the servers at the top of the DNS hierarchy called?

Down-level servers
Authoritative sources
Root servers
Forwarders

Root servers

How well did you know this?

Not at all

Perfectly

The domain name part of a DNS name is _______ and consists of two or more words, separated by ______.

peer-based; periods
hierarchical; commas
unranked; commas
hierarchical; periods

hierarchical; periods

How well did you know this?

Not at all

Perfectly

When using DNS for name resolution only, why should a company consider using DNS servers outside the network perimeter?

Less administration
Less internal traffic
Fewer servers in the communications server rack
Less traffic crossing the network perimeter

Less traffic crossing the network perimeter

How well did you know this?

Not at all

Perfectly

Who is responsible for the ratification of new top-level domains?

Internet Corporation for Assigned Names and Numbers (ICANN)
Network Solutions, Inc. (NSI, formerly known as InterNIC)
Internet Assigned Numbers Authority (IANA)
Contoso.com

Internet Corporation for Assigned Names and Numbers (ICANN)

How well did you know this?

Not at all

Perfectly

Concerning DNS, what is negative caching?

When a DNS server receives incorrect information about a host
When a DNS server receives obsolete information about a host
When a DNS server receives information about a non-existent host
When a DNS server forwards incorrect information about a host

When a DNS server receives information about a non-existent host

How well did you know this?

Not at all

Perfectly

What is the default TTL for a Windows Server 2012 R2 DNS server?

1 hour
12 hours
5 minutes
36 hours

1 hour

How well did you know this?

Not at all

Perfectly

You registered the domain name contoso.com. The FQDNs seattle.contoso.com and halifax.contoso.com are examples of different _____.

subdomains of contoso.com
second-level domains
top-level domains
IP addresses

subdomains of contoso.com

How well did you know this?

Not at all

Perfectly

Concerning DNS domain hierarchy, what are examples of global top-level domains?

.com, .net, .org
.mil, .gov, .edu
.aero, .name, .pro
.ca, .cz, .kr

.com, .net, .org

How well did you know this?

Not at all

Perfectly

What is the primary purpose of name caching?

Name caching saves an extraordinary amount of time for the user.
Name caching greatly reduces traffic on the company network.
Name caching validates why you should deploy caching-only servers.
Name caching enables the second name resolution request for the same name to bypass the referral process.

Name caching enables the second name resolution request for the same name to bypass the referral process.

How well did you know this?

Not at all

Perfectly

What is the primary benefit of a DNS forwarder?

Exchanging iterative queries for recursive queries across the network perimeter
Reducing the traffic and making efficient use of available bandwidth across the network perimeter
Making the most of iterative queries to other DNS servers
Reducing the burden on the Internet’s root name servers

Reducing the traffic and making efficient use of available bandwidth across the network perimeter

How well did you know this?

Not at all

Perfectly

What DNS server represents the top of the DNS hierarchy?

Root name server
Caching-only server
Forwarder
Authoritative source

Root name server

How well did you know this?

Not at all

Perfectly

What DNS server is responsible for maintaining a particular domain’s resource records?

Root name server
Caching-only server
Forwarder
Authoritative source

Authoritative source

How well did you know this?

Not at all

Perfectly

What is the process of granting the user access only to the resources he or she is permitted to use?

Authentication
Authorization
Importing a user object to Active Directory
Registering the SRV

Authorization

How well did you know this?

Not at all

Perfectly

What defines what objects exist as well as what attributes are associated with any object in the Active Directory?

Active Directory administrator
Active Directory global directory
Active Directory root user
Active Directory schema

Active Directory schema

How well did you know this?

Not at all

Perfectly

Active Directory keeps a naming convention for the domain that mirrors ______. DHCP WINS DNS files and folders

DNS

If an administrator creates a domain tree in an Active Directory forest, and then creates a separate and different domain tree, what is the relationship between the two domain trees? Completely different security entities, creating two Active Directory forests Different security entities, within one Active Directory forest Same security entity as one Active Directory forest, bidirectional trust between domain trees No trust between domain trees in an Active Directory forest

Same security entity as one Active Directory forest, bidirectional trust between domain trees

What is the global catalog? The schema that lists what objects and attributes exist in the AD DS forest An index of all AD DS objects in a forest A list of all domain controllers currently available A matrix of all domains, sites, and domain controllers

An index of all AD DS objects in a forest

What is an important difference between groups and OUs? An OU can represent the various divisions of your organization. Group membership can be a subset of an OU. OUs are a security entity. Group memberships are independent of the domain’s tree structure.

Group memberships are independent of the domain’s tree structure.

For Server Core installations, how does Windows Server 2012 R2 differ from Windows Server 2008 when installing the AD DS role and promoting the system to a domain controller? Windows Server 2012 R2 now allows administrators to use Dcpromo.exe. Windows Server 2012 R2 now allows administrators to use PowerShell. Windows Server 2012 R2 permits administrators to use answer files for unattended DC installations. Windows Server 2012 R2 recommends administrators use Install from Media.

Windows Server 2012 R2 now allows administrators to use PowerShell.

Which of the following features allows you to create virtual machines on a leased cloud resource? Windows Intune Hyper-V on a Cloud Office 365 Infrastructure as a Service (IaaS)

Infrastructure as a Service (IaaS)

What administrative division in Active Directory is defined as a collection of subnets that have good connectivity between them to facilitate the replication process? Forests Locations Domains Sites

Sites

When is an Active Directory site topology created? Site topology is started upon initial installation of the Active Directory. Site topology starts when you finalize the links and subnets configuration. Creation of sites and its topology is dependent on link costs. Site topology is manually configured dependent on WAN bandwidth and transmission speed.

Site topology is manually configured dependent on WAN bandwidth and transmission speed.

An Active Directory _____ consists of one or more separate domain trees. organizational unit group domain forest

forest

What is a container object that functions in a subordinate capacity to a domain, and still inherits policies and permissions from its parent objects? Organizational unit Group Domain Forest

Organizational unit

Resource access for individuals takes place through their ______. computer accounts user accounts authentication shared folders

user accounts

What are the two built-in user accounts are created on a computer running Windows Server 2012 R2? system and guest default and guest domain administrator and local administrator administrator and guest

administrator and guest

What you call the process of confirming a user's identity by using a known value such as a password, a smart card, or a fingerprint? authorization permission delegation authentication

authentication

The LDIFDE.exe utility is most similar to what other utility? Microsoft Excel Active Directory Administrative Center (ADAC) CSVDE.exe Dsadd.exe

CSVDE.exe

Which of the following guidelines are NOT best practice for securing the Administrator account? Renaming the Administrator account name so as not to distinguish it from non-administrative accounts At least seven characters length and strong complexity for the account password Using the Administrator account for daily, non-administrative tasks Share the administrator account with only a few, necessary individuals

Using the Administrator account for daily, non-administrative tasks

What user creation tool incorporates new features such as the Active Directory Recycle Bin and fine-grained password policies? Active Directory Users and Computers console Windows PowerShell Active Directory Administrative Center (ADAC) LDIFDE.exe

Active Directory Administrative Center (ADAC)

To perform an offline domain join, how many times would an administrator run the Djoin.exe command? once twice as many times as necessary Djoin.exe cannot perform this task

twice

What would be a sufficient user account to provide temporary access to the network for a user such as a vendor representative or a temporary employee? Administrator Guest Privileged accounts such as "Vendor" or "TempEmployee" no vendor nor temporary

Guest

What graphical tool can create user and computer accounts and was redesigned for Windows Server 2012? New-ADUser CSVDE.exe Active Directory Administrative Center Dsadd.exe

Active Directory Administrative Center

Which of the following is a PowerShell cmdlet for creating user objects? New-ADUser CSVDE.exe Active Directory Administrative Center Dsadd.exe

New-ADUser

Which of the following is NOT a group scope? Universal groups Global groups Domain local groups Security groups

Security groups

Of the key reasons for creating organizational units, which of the following is NOT one of them? Delegating administration Assigning Group Policy settings Duplicating organizational divisions Assigning permissions to network resources

Assigning permissions to network resources

Within a domain, the primary hierarchical building block is the _________. forest group organizational unit user

organizational unit

``` The Delegation of Control Wizard is capable of ________ permissions. granting modifying removing all the above ```

granting

An administrator needs to grant an e-mail distribution group of 100 members access to a database, how would the administrator proceed? The e-mail group is obsolete and can be dissolved. Assign the necessary access permissions to the database to the distribution group. Create a new group with the 100 members, then assign permissions. Remove the distribution group, and then convert the members into a universal group, granting access permissions. Convert the distribution group to a security group and then assign the group access permissions.

Convert the distribution group to a security group and then assign the group access permissions.

What is the group scope for Domain Admins, Domain Controllers, and Domain Users default groups? Distribution Universal Global Domain local

Global

Which of the following is NOT an example of a special identity? Dialup Service Creator Owner Authenticated Users Anonymous Logon

Dialup Service

What are the different kinds of groups? There are two types: security and distribution. There are two types: security and distribution; and there are three group scopes: domain local, global, and universal. There are three group scopes: domain local, global, and universal. There are three group types: domain local, global, and universal.

There are two types: security and distribution; and there are three group scopes: domain local, global, and universal.

What command-line utility allows administrators to modify a group's type and scope as well as add or remove members? PowerShell and the applicable cmdlet Active Directory Users and Computers console Active Directory Administrative Center Dsmod.exe

Dsmod.exe

Which of these groups would an administrator use to assign permissions to resources in the same domain? Universal groups Global groups Domain local groups Distribution groups

Domain local groups

Which of these groups would an administrator use to assign permissions to resources in the same domain? Universal groups Global groups Domain local groups Distribution groups

Domain local groups

What is the proper term for associating a Group Policy to a set of AD DS objects? Linking Connecting Implementing Granting

Linking

The three types of Group Policy Objects (GPOs) include local, domain and _____. OU universal starter nonlocal

starter

Configuring a Central Store of ADMX files help solve the problem of ________ excessive REQ_QWORD registry entries on every workstation replication time for copying policies Windows 7 workstations not able to receive policies "SYSVOL bloat"

"SYSVOL bloat"

What is the Microsoft Management Console (MMC) snap-in that you use to create GPOs and manage their deployment to AD DS objects? Group Policy Management console Active Directory Administrative Center Server Manager Disk Management

Group Policy Management console

Group Policy settings are divided into two subcategories: User Configuration and Computer Configuration. Each of those two are further organized into three subnodes. What are the three? Software settings, Windows settings, and Delegation Templates Software settings, Windows settings, and Administrative Templates Security settings, Windows settings, and Delegation Templates Security settings, Windows settings, and Administrative Templates

Software settings, Windows settings, and Administrative Templates

What is the technique called that you can modify the default permission assignments so that only certain users and computers receive the permissions and, consequently, the settings in the GPO? inheritance special identity linking permission granting security filtering

security filtering

What is the order in which Windows systems receiving and process multiple GPOs. LSOUD (local, site, OU, then domain) LOUDS (local, OU, domain, then site) SLOUD (site, local, OU, then domain) LSDOU (local, site, domain, then OU)

LSDOU (local, site, domain, then OU)

Local GPOs contain fewer options than domain GPOs. Local GPOs do not support ______. Scripts, including logon, logoff, startup, and shutdown commands Windows Deployment Services (WDS) Folder redirection or Group Policy software installation Registry-based policies, such as user desktop settings and environment variables

Folder redirection or Group Policy software installation

If creating a Local Group Policy Object, then a secondary GPO, then a tertiary GPO, what policy settings are included in each GPO? The first GPO contains both Computer Configuration and User Configuration settings, while the secondary and tertiary GPOs contain only Computer Configuration settings. Each GPO contains both Computer Configuration and User Configuration settings. All GPOs contain User Configuration settings. The first GPO contains both Computer Configuration and User Configuration settings, while the secondary and tertiary GPOs contain only User Configuration settings.

The first GPO contains both Computer Configuration and User Configuration settings, while the secondary and tertiary GPOs contain only User Configuration settings.

What nonlocal GPO has its properties stored in the Active Directory object Group Policy container (GPC), as well as a Group Policy template located in the SYSVOL share? multiple local GPOs local GPO starter GPO domain GPO

domain GPO

What capability allows you to create specific GPO settings for one or more local users configured on a workstation? multiple local GPOs local GPO starter GPO domain GPO

multiple local GPOs

What are the two categories of security settings within Group Policy? Select two answers. User Workstation Administrator Computer

User & Computer

What are the three primary event logs? Application, Forwarded, and System Application, Security, and Setup Application, Security, and System Application, System, and Setup

Application, Security, and System

What is the default size for each of the three Event logs? 16,384 KB 8,192 KB 32,768 KB 65,536 KB

16,384 KB

What is a collection of configuration settings stored as a text file with an .inf extension? Security template Policy configuration Deployment list Right assignment

Security template

When does Windows apply User Configuration policies by default? As the user logs in When the computer shuts down As the user logs out When the computer starts up

As the user logs in

You create a GPO that contains computer settings, but not user settings. What can you do to quicken GPO processing? You can set the priority higher for the configured setting area. You can manually refresh the GPO settings. You can disable the setting area that is not configured for faster processing. Regardless of whether part or all of a GPO is configured, the GPO is processed at the same speed.

You can disable the setting area that is not configured for faster processing.

What did Microsoft introduce in Windows Server 2008, which is used to ensure users with administrative privileges still operate routine tasks as standard users? New Group Policy and Local Security Policy Secure desktop User Account Control (UAC) Built-in administrator account

User Account Control (UAC)

How are most Group Policy settings applied or reapplied? Every time a computer starts up At the refresh interval Whenever a user logs on Whenever the domain controller restarts

At the refresh interval

What are the two interfaces available for creating and managing user accounts in Windows Server 2012 R2? Control Panel and the MMC snap-in Server Manager and Control Panel Control Panel and Active Directory Users and Computers User Accounts control panel and the Local Users and Groups snap-in for MMC

User Accounts control panel and the Local Users and Groups snap-in for MMC

What tool for creating new users is only valid while the Windows Server 2012 R2 computer is part of a workgroup and not joined to an AD DS domain? User Accounts Control Panel Local Users and Groups snap-in Administrator Guest

User Accounts Control Panel

What tool for user creation provides full access to all local user and group accounts on the computer? User Accounts Control Panel Local Users and Groups snap-in Administrator

Local Users and Groups snap-in

What service works with Group Policy to install, upgrade, patch, or remove software applications? Windows Installer Microsoft Office Software distribution point Server Manager

Windows Installer

When configuring a GPO to deploy a software package, what is the difference between assigning and publishing the application? Assigning forces the application to the computer, whereas publishing forces it to the user. Publishing forces the application, whereas assigning provides the option to install. Assigning forces the application, whereas publishing provides the option to install. Publishing forces the application to the computer, whereas assigning forces it to the user.

Assigning forces the application, whereas publishing provides the option to install.

After deploying software by GPO using the Assigned option, where is the package made available for the user? The user's My Documents folder Start menu or desktop The M: drive Windows Control Panel

Start menu or desktop

Not all software on the market provides .msi support. What is your best option to use Windows Installer to assign and publish the software? Find a different software vendor. Repackage the software for Windows Installer. Install the software manually. Distribute copies to users for installation.

Repackage the software for Windows Installer.

In what Group Policy objects container are AppLocker settings located? Computer Configuration\Windows Settings\Security Settings\Application Control Policies\AppLocker User Configuration\Windows Settings\Security Settings\Application Control Policies\AppLocker Computer Configuration\Windows Settings\Security Settings\AppLocker User Configuration\Windows Settings\Security Settings\AppLocker

Computer Configuration\Windows Settings\Security Settings\Application Control Policies\AppLocker

How does AppLocker handle all executables, installer packages, and scripts by default? AppLocker blocks all by default, except for those specified in Allow rules. AppLocker blocks all by default, especially those specified in Allow rules. AppLocker allows all by default, except for those blocked by DLL access checking rules. AppLocker allows all by default, except for those specified in Block rules.

AppLocker blocks all by default, except for those specified in Allow rules.

What are the three default security levels within software restriction policies? Restricted, Allowed, and Blocked Guest, Basic User, and Advanced User Unrestricted, Disallowed, and Restricted Unrestricted, Disallowed, and Basic User

Unrestricted, Disallowed, and Basic User

What is the most common way to implement software restriction policies? Configuring software restriction policies on individual computers using Local Security Policy Managing through Active Directory Users and Computers Linking Group Policy objects to Active Directory Domain Services containers, so that you can apply their policy settings to several computers simultaneously Using AppLocker, provided you’re applying to computers running Windows 7 and Windows Server 2008 R2 or later

Linking Group Policy objects to Active Directory Domain Services containers, so that you can apply their policy settings to several computers simultaneously

When installing software using Group Policy, what file or files does an administrator use? Windows Installer package files, or .msi files—modifications to the package files require transform files, or .mst files. Further, patch files are designated as .msp files. Any approved software from Microsoft, including the Certified for Windows Server 2012 R2 logo on the packaging. Windows Installer package files, or .mst files—modifications to the package files require instruction files, or .msi files. Windows Installer packages that contain all the information about the software.

Windows Installer package files, or .msi files—modifications to the package files require transform files, or .mst files. Further, patch files are designated as .msp files.

Software restriction relies on four types of rules to specify which programs can or cannot run. What type identifies software by its directory where the application is stored in the file system? Hash Certificate Network zone Path

Path

Software restriction relies on four types of rules to specify which programs can or cannot run. What type enables Windows Installer packages to be installed only if they come from a trusted area of the network? Hash Certificate Network zone Path

Network zone

Firewall rules function in two ways: admit all traffic, except that which conforms to the applied rules, and secondly, block all traffic, except that which conforms to the applied rules. How does the Windows Firewall work for inbound traffic and for outbound traffic? Inbound—permit all. Outbound—block all Inbound—block all. Outbound—block all Inbound—block all. Outbound—permit all Inbound—permit all. Outbound—permit all

Inbound—block all. Outbound—permit all

Windows Firewall uses three profiles to represent the type of network to which the server is connected. What are the three profiles? Private, temporary, and authenticated Public, DMZ, and private Internet, secure, and private Domain, private, and public

Domain, private, and public

What does the term “filter” refer to in the Windows Firewall With Advanced Security console? The ability to screen traffic segments or packets The ability to display inbound or outbound rules according to a profile The ability to filter Group Policy settings per firewall The ability to filter Group Policy settings per traffic type

The ability to display inbound or outbound rules according to a profile

What tool offers more flexibility in creating rules compared with the Windows Firewall interface under Control Panel? Active Directory Users and Computers Windows Firewall With Advanced Security snap-in for the Microsoft Management console Windows Firewall With Advanced Settings in the Server Manager Tools menu

Windows Firewall With Advanced Security snap-in for the Microsoft Management console

By exporting the Windows Firewall policy, you have a file with a .wfw extension that contains _____. all its rules, including the preconfigured rules and the ones you have created or modified all the rules you have created or modified preconfigured rules to be applied to another firewall firewall settings as specified by the Group Policy settings

all its rules, including the preconfigured rules and the ones you have created or modified

Windows Firewall allows an administrator to import and export firewall rules. What are the rules' file extension? .wfw .inf .wfr .inr

.wfw

You can configure the Windows Firewall to allow or block specific _________. ports and protocols applications and users ports, protocols, and applications, but not users ports, protocols, applications, users, and IP address ranges

ports, protocols, applications, users, and IP address ranges

What is the primary objective of a firewall? To authenticate and authorize users past the network perimeter To permit traffic in and out for legitimate users, and to block the rest To compare traffic information against a list of known valid traffic To protect a network by allowing certain types of network traffic in and out of the system

To permit traffic in and out for legitimate users, and to block the rest

When creating a firewall exception, what is the difference between opening a port and allowing an application through? Opening a port is permanent, and thus is less risky than allowing an application. Allowing an application opens the specified port only while the program is running, and thus is less risky. Both options are available in the Windows Firewall with Advanced Security console. There is no functional difference between opening a port and allowing an application.

Allowing an application opens the specified port only while the program is running, and thus is less risky.

What parameter in the Windows Firewall New Inbound Rule Wizard specifies the IP address range of local and remote systems to which the rule applies? Program Action Scope Protocol and Ports

Scope

What parameter in the Windows Firewall New Inbound Rule Wizard specifies what the firewall should do when a packet matches the rule? Program Action Scope Protocol and Ports

Action

What is a key difference between a domain tree hierarchy and the organizational unit (OU) hierarchy within a domain? Ability to apply Group Policy Members allowed within Inheritance Membership

Inheritance