Final Flashcards by Victor Mendez

After a DNS zone has been secured with DNSSEC, what additional data will be returned to a client as a result of a query?

Information about the organization administering the zone
Information about the server providing the DNS zone
Digital signatures of the administrators of the zone
Digital signatures for the returned records

Digital signatures for the returned records

How well did you know this?

Not at all

Perfectly

What is the function of the RRSIG record?

Used to sign the records
Returned to positively deny that the requested A record exists in the zone
Returned to the client in response to a successful query along with the A record
Used to sign the zone

Returned to the client in response to a successful query along with the A record
Used to sign the zone

How well did you know this?

Not at all

Perfectly

What DNS security feature in Windows Server 2012 R2 can be configured to allow source port randomization for DNS queries?

Randomization factor
Initialization vector
Socket pool
Name Resolution Policy Table

Socket pool

How well did you know this?

Not at all

Perfectly

How are values for DNS Cache Locking expressed?

As a percentage of the TTL
As a percentage of the TTL remaining
As a fixed period of time in hours
As a fixed period of time in days

As a percentage of the TTL

How well did you know this?

Not at all

Perfectly

What is the net effect if recursion is disabled on a DNS server and the DNS server does not have any forwarding or root hints configuration present?

The DNS server will be able to provide only answers to queries about internal DNS zones
The DNS server will be able to provide only answers to queries about external DNS zones
The DNS server will be able to provide answers to queries about internal and external DNS zones
None of the above

The DNS server will be able to provide only answers to queries about internal DNS zones

How well did you know this?

Not at all

Perfectly

Which of the following commands would correctly set the DNS socket pool to a value of 7,000?

dnscmd /Config /SocketPoolSize 7000
dnscmd /Set /SocketPoolSize 7000
dnscmd /GetSocketPoolSize | dnscmd /Set /SocketPoolSize 7000
dnscmd /Configure /PoolSize 7000

dnscmd /Config /SocketPoolSize 7000

dnscmd /Set /SocketPoolSize 7000

How well did you know this?

Not at all

Perfectly

What Windows Server 2012 R2 DNS feature prioritizes DNS responses based on the subnet of the requesting client?

Conditional forwarding
Iterative queries
Recursive queries
Netmask ordering

Netmask ordering

How well did you know this?

Not at all

Perfectly

The main page of your company’s Intranet portal is accessible by the FQDN home.na.adatum.corp. How would you configure an entry in the GlobalNames zone for this?

Add a single A record with the IP of one of the web servers hosting the portal
Add a single CNAME record pointing to the A record in another zone
Add multiple CNAME records pointing to all the A records in the other zones
Add multiple A records with all the IPs of the web servers hosting the portal

Add a single CNAME record pointing to the A record in another zone

How well did you know this?

Not at all

Perfectly

DNSSEC uses public key infrastructure (PKI) encryption to provide what assurances to DNS clients? (Choose all that apply)

Proof of identity of DNS records
Confidentiality of information
Availability of services
Verified denial of existence

Proof of identity of DNS records
&
Verified denial of existence

How well did you know this?

Not at all

Perfectly

How can you best go about delegating administrative access to those employees who need to be able to manage DNS?

Add the user’s Active Directory accounts to the Domain Admins security group
Add the user’s Active Directory accounts to the Enterprise Admins security group
Add the user’s Active Directory accounts to a special universal distribution group created for this purpose (e.g., DNS Service Managers) and then add that group to the DNS Admins local group.
Add the user’s Active Directory accounts to a global security group created for this purpose (e.g., DNS Service Managers) and then add that group to the DNS Admins local group.

Add the user’s Active Directory accounts to a global security group created for this purpose (e.g., DNS Service Managers) and then add that group to the DNS Admins local group.

How well did you know this?

Not at all

Perfectly

In Window Server 2012 IPAM, what is the highest-level entity within the IP address space?

IP address range
IP address block
IP address container
IP address

IP address block

How well did you know this?

Not at all

Perfectly

Which of the following statements regarding the server requirements for an IPAM server is false?

The server must have a dual-core CPU of at least 2.0 GHz
The server must be running Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2
The server must have at least 4 GB of RAM installed
The server must have at least 80 GB of free disk space available

The server must be running Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2

How well did you know this?

Not at all

Perfectly

Which of the following database types can be used with Windows IPAM? (Choose all that apply)

MySQL
Microsoft SQL
Windows Internal Database
Access

Microsoft SQL

& Windows Internal Database

How well did you know this?

Not at all

Perfectly

Which PowerShell cmdlet is the correct one to use to create the IPAM provisioning GPOs?

Set-IpamGpoProvisioning
Initiate-IpamGpoProvisioning
Perform-IpamGpoProvisioning
Invoke-IpamGpoProvisioning

Invoke-IpamGpoProvisioning

How well did you know this?

Not at all

Perfectly

Which of the following categories will you not find in the Monitor and Manage section of the IPAM console?

DNS and DHCP Servers
DHCP Scopes
DNS Zone Records
DNS Zone Monitoring

DNS Zone Records

How well did you know this?

Not at all

Perfectly

Which of the following can be imported into IPAM using the IPAM console?

IP Addresses
IP Address Block
IP Address Ranges
All of the above

All of the above

How well did you know this?

Not at all

Perfectly

In Window Server 2012 IPAM, what is the second-highest-level entity within the IP address space?

IP address range
IP address block
IP address container
IP address

IP address range

How well did you know this?

Not at all

Perfectly

Which of the following advantages are provided to a SQL server when it’s used with IPAM?

Scalability
More secure
Reporting
Additional disaster recovery

Scalability, Reporting, & Additional disaster recovery

How well did you know this?

Not at all

Perfectly

As it pertains to IPAM, what is the name of the process of retrieving a list of all domain controllers, DNS servers, and DHCP servers?

Server discovery
IPAM discovery
Provisioning IPAM
Verifying IPAM access

IPAM discovery

How well did you know this?

Not at all

Perfectly

Members of which IPAM security group have the ability to view information in IPAM and can perform server management tasks?

IPAM MSM Administrators
IPAM ASM Administrators
IPAM IP Audit Administrators
IPAM Administrators

IPAM MSM Administrators

How well did you know this?

Not at all

Perfectly

Which of the following items would not be considered a logical component of Active Directory?

Domains
Organizational Units
Domain Controllers
Trust relationships

Domain Controllers

How well did you know this?

Not at all

Perfectly

In an organization that has three Active Directory forests with a total of six Active Directory domains, how many schemas will exist in the organization?

Three
Six
Nine
Eighteen

Three

How well did you know this?

Not at all

Perfectly

What are the requirements to perform an in-place upgrade of a domain controller to Windows Server 2012 R2?
(Choose all that apply)

The domain controller must be running Windows Server 2003 R2, Windows Server 2008, or Windows Server 2008 R2
The domain controller must be running Windows Server 2008 or Windows Server 2008 R2
The forest functional level will need to be at Windows Server 2003 or higher
The forest functional level will need to be at Windows Server 2008 or higher

The domain controller must be running Windows Server 2008 or Windows Server 2008 R2
&

The forest functional level will need to be at Windows Server 2008 or higher

How well did you know this?

Not at all

Perfectly

Which of the following desirable features first became available with the Windows Server 2008 domain functional level?

SYSVOL replication using DFSR instead of NTFRS
Automatic SPN management
Authentication mechanism assurance
UserPassword attribute

SYSVOL replication using DFSR instead of NTFRS

How well did you know this?

Not at all

Perfectly

You want to use the new features of Key Distribution Center (KDC) support for claims, compound authentication, and Kerberos armoring in your domain. What must you do first? (Choose two answers) Raise the domain functional level to Windows Server 2008 R2 Raise the domain functional level to Windows Server 2012 Install at least one Windows Server 2012 domain controller Retire all Windows 2000 Server member servers

Raise the domain functional level to Windows Server 2012 | & Install at least one Windows Server 2012 domain controller

Which of the following desirable features first became available with the Windows Server 2008 R2 forest functional level? Active Directory recycle bin Domain rename Cross-forest trusts KCC algorithm improvements

Active Directory recycle bin

Which of the following accurately represents a User Principal Name? MYCO\jdoe jdoe@myco jdoe.myco.corp jdoe@myco.corp

jdoe@myco.corp

Your organization currently has three business units (sales, manufacturing, and service) that function mostly independently. What would be the best approach to take when designing a new Active Directory forest environment for your organization? Be sure to consider the current-day environment and the possibility of future change. Create a multi-domain forest, with one domain per business unit Create multiple forests, with one forest per business unit, with no trusts Create multiple organizational units as needed to organize each business unit’s objects Create multiple forests, with one forest per business unit, with trusts between each forest root domain

Create multiple organizational units as needed to organize each business unit’s objects

Which Active Directory upgrade method presents the lowest overall cost and risk to an organization, assuming that required physical or virtual servers are available and on hand? In-place upgrade Add new domain controllers Migrate to a new domain None of the above

Add new domain controllers

Which partition contains definitions of all objects and attributes that can be created in the directory? Schema partition Configuration partition Domain partition Application partition

Schema partition

Which of the following attributes are true of the automatically generated trusts created when a domain is added to the forest? (Choose all that apply) The trust is two-way between the child domain and the root domain The trust can be configured to be one-way or two-way The trust can be configured to be incoming or outgoing, or both The trust is always transitive

The trust is two-way between the child domain and the root domain & The trust is always transitive

You have just created a one-way incoming trust in your domain for an external domain used by a partner company to allow your domain’s users to access a resource in the partner’s domain. What is the next step that will need to be performed to complete the trust? You will need to create a one-way outgoing trust in the external domain The partner will need to create a one-way outgoing trust in the external domain You will need to create a one-way outgoing trust in your domain The partner will need to create a one-way outgoing trust in your domain

The partner will need to create a one-way outgoing trust in the external domain

Which of the following commands correctly illustrates how to create a one-way external trust from the adatum.local domain to the contoso.local domain? netdom trust adatum.local /Domain:contoso.local /add netdom -addtrust /Local:adatum.local /External:contoso.local netdom trust –add adatum.local /Domain:contoso.local

netdom trust adatum.local /Domain:contoso.local /add

Which of the following scenarios would allow the creation of a shortcut trust? (Choose all that apply) Between a third-level child domain and a second-level child domain in a different domain tree of the same forest Between two third-level child domains in the same forest Between two second-level child domains in different forests Between a third-level child domain and a forest root domain in different forests

Between a third-level child domain and a second-level child domain in a different domain tree of the same forest & Between two third-level child domains in the same forest

When disabling SID filtering on a forest trust, what netdom switch should be used? /disenablesidhistory:Yes /enablesidhistory:No /quarantine:No /sidhistory:Disable

/enablesidhistory:No

In which scenario would you want to disable SID filtering? There is no trust between all Domain Admins and Enterprise Admins within both trusts Forests have been renamed Domains have been authoritatively restored User accounts have been involved in a domain migration

User accounts have been involved in a domain migration

What is the disadvantage of configuring selective authentication for a trust? The inability to definitively control who is accessing what resources The administrative overhead involved to configure and maintain user access to resources The SIDs of the foreign security principals will need to be manually obtained Security groups from the external domain must be used for the foreign security principals

The administrative overhead involved to configure and maintain user access to resources

Which of the following attributes are true when discussing manually created trusts? The trust is two-way between the child domain and the root domain The trust can be configured to be one-way or two-way The trust can be configured to be incoming or outgoing, or both The trust is always transitive

The trust can be configured to be one-way or two-way | & The trust can be configured to be incoming or outgoing, or both

Which of the following scenarios represents the best reason for creating a forest trust between two Active Directory forests? Company A has purchased Company B Company A wants to use an application developed by Company B Company B wants to access data on a Company A web server Company B wants to send email to recipients in Company A

Company A has purchased Company B

What type of trust allows users of an internal forest to authenticate to and/or gain access to all resources of an external forest? Realm trusts Shortcut trusts Forest trusts External trusts

Forest trusts

Your organization has six offices spread over three cities in North America. At a minimum, how many Active Directory sites should you plan to have? One Three Six Eighteen

Three

What management console is used to manage Active Directory Sites? Active Directory Topology Manager Active Directory Sites and Services Active Directory Domains and Trusts Active Directory Sites and Subnets

Active Directory Sites and Services

__________ define the logical replication path between sites to perform _________ replication, allowing for faster and optimized replication between sites based on configured costs and frequencies. Site links, Intrasite Replication links, Intersite Site links, Intersite Connection objects, Intrasite

Site links, Intersite

Why is it generally not recommended to configure bridgehead servers manually? You might pick a server that is not a domain controller You might overload the server if its performance is below other domain controllers You could pick a server in the wrong site You could disrupt the flow of replication traffic between sites

You could disrupt the flow of replication traffic between sites

What default value are all site links costs configured with in Active Directory? 1 10 100 1000

100

What is defined by the replication schedule? How often replication occurs Which site links are the preferred paths When specific directory partitions are replicated When replication is allowed to occur

When replication is allowed to occur

When examining the netlogon.log file, what will be your indicator that you have a problem with your Active Directory sites or subnets configuration? A NO_CLIENT_SUBNET entry A NO_CLIENT_DC entry A NO_CLIENT_LINK entry A NO_CLIENT_SITE entry

A NO_CLIENT_SITE entry

What undesirable side effect may result from having the “Bridge All Site Links” option disabled? You will need to manually create site link bridges between spoke sites Sites will only replicate among themselves directly if you configure this to occur Replication time and traffic between spokes will increase due to needing to go through the hub location Replication will not occur other than to the hub site

Replication time and traffic between spokes will increase due to needing to go through the hub location

Which of the following represents the best reason why you need to take care when creating site links within your organization? So you can create connection objects between domain controllers So you can map the logical layout of site links to the physical layout of WAN links So you can optimize replication traffic between sites by using the highest quality, or lowest cost, routes So you can ensure all domain controllers within all sites always stay consistent within 5 minutes

So you can optimize replication traffic between sites by using the highest quality, or lowest cost, routes

What Active Directory component is automatically configured to take changes made during Intrasite replication and then replicate that to a domain controller in another site? Bridgehead servers Knowledge Consistency Checker Site links Intersite Topology Generator

Bridgehead servers

Regarding Intersite and Intrasite replication, which of the following statements is false? Replication data between sites is compressed Intrasite replication utilizes Remote Call Procedure over Internet Protocol (RPC over IP) connectivity Intrasite replication topology is generated by the Knowledge Consistency Checker (KCC) Replication data within a site is compressed and encrypted

Replication data within a site is compressed and encrypted

When a user changes his or her password, to what domain controller is the password change notification sent? The Domain Naming master The Schema master A Global Catalog The PDC Emulator

The PDC Emulator

Which of the following repadmin commands would cause updates outward to replication partners and trigger replication across the enterprise as a whole? REPADMIN /SyncAll /AjQ REPADMIN /SyncAll /PQ REPADMIN /SyncAll /APd REPADMIN /SyncAll /APed

REPADMIN /SyncAll /APed

Why must an RODC be able to connect to at least one Windows Server 2008 or higher domain controller? (Choose all that apply) To replicate the domain partition To replicate the global catalog partition So that the Password Replication Policy (PRP) applied to the RODC can be configured and enforced So that the SYSVOL folder can be replicated using Distributed File System Replication (DFSR)

To replicate the domain partition | & So that the Password Replication Policy (PRP) applied to the RODC can be configured and enforced

What requirements must be met in order to perform the configuration of the Filtered Attribute Set? (Choose all that apply) The Schema Master must be on a domain controller running Windows Server 2008, Windows Server 2012, or Windows Server 2012 R2 The Schema Master must be on a domain controller running Windows Server 2012 R2 You must perform the change directly on the Schema Master You must perform the change at the command line using the netdom command

The Schema Master must be on a domain controller running Windows Server 2008, Windows Server 2012, or Windows Server 2012 R2 & You must perform the change directly on the Schema Master

What is the net result of deleting an RODC and leaving the “Reset all passwords for user accounts that were cached on this Read-Only Domain Controller” option selected? Users will be forced to use their previous password to log in the next time Users will be forced to request a password reset before they can log in the next time Users will be forced to request an account unlock before they can log in the next time Users will need to have their accounts rejoined to the domain before they can log in the next time

Users will be forced to request a password reset before they can log in the next time

On what domain controller should the DFSR SYSVOL migration process be performed from? Any writable domain controller in the domain Any global catalog server in the domain The PDC Emulator of the domain The Infrastructure Master of the domain

The PDC Emulator of the domain

Which of the following scenarios best represents an urgent replication-inducing event? A change in the domain account lockout policies The creation of a new user account in the domain The changing of a user account password Replication performed to correct a replication conflict

A change in the domain account lockout policies

Which of the following represents the best reason why you might want to prepopulate passwords on an RODC? To speed up the initial login for the user at that site To speed up every login for the user at that site To reduce replication traffic to that site To prevent security principals from needing to be added to the “Allowed RODC Password Replication Group” security group

To speed up the initial login for the user at that site

Which SYSVOL replication migration state is done entirely using DFSR? Start (State 0) Prepared (State 1) Redirected (State 2) Eliminated (State 3)

Eliminated (State 3)

What benefit does Single Sign-On provide for application users? Prohibits users from being able to register multiple accounts within an application Prevents users from needing to remember multiple usernames and passwords. Provides users an easy way to remember the login information for the application Provides for faster account lockout remediation

Prevents users from needing to remember multiple usernames and passwords.

In order to utilize AD FS, what is the oldest version of Windows Server that any domain controller can be using? ``` Windows Server 2003 SP1 Windows Server 2008 SP1 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 ```

Windows Server 2003 SP1

What PowerShell cmdlet would you use to list the attribute stores currently configured for AD FS? List-ADFSAttributeStore Show-ADFSAttributeStore Display-ADFSAttributeStore Get-ADFSAttributeStore

Get-ADFSAttributeStore

While testing AD FS claims-based authentication with a sample application, you encounter an error due to the self-signed certificate you opted to use. What can you do to eliminate this error? (Choose all that apply) Add the self-signed certificate to your computer’s Trusted Root Certification Authorities store Add the self-signed certificate to the application server’s Trusted Root Certification Authorities store Issue a valid certificate from your internal CA Configure AD FS to ignore self-signed certificate errors

Add the self-signed certificate to your computer’s Trusted Root Certification Authorities store & Issue a valid certificate from your internal CA

What step(s) will you need to perform while configuring a claims provider trust that you will not need to perform while configuring a relying party trust? (Choose all that apply) Map attributes Specify the application Edit claims rules Provide a URL for the partner federation server

Map attributes | & Edit claims rules

In AD FS, which of the following allows you to create issuance authorization rules for relying party applications and allows you to use custom ‘Access Denied’ message? Relying party permission policy Multifactor access control Usage policy Federation Service proxy

Multifactor access control

Which of the following services is used to provision a device object in AD DS and issue a certificate for the Workplace-Joined Device? Domain Join Service AD FS Authentication Service Device Registration Service Device Emulation Service

Device Registration Service

Which of the following components of Active Directory Federation Services is a statement made by a trusted entity and includes information identifying the entity? Federation server proxy Claims provider Relying party Claim

Claim

Which of the following components of Active Directory Federation Services is the server that issues claims and authenticates users? Federation server proxy Claims provider Relying party Claim

Claims provider

Which of the following components of Active Directory Federation Services is the server that issues claims and authenticates users? Federation server proxy Claims provider Relying party Claim

Claims provider

What is another name for Asymmetric encryption? Public key infrastructure Public key cryptography Digital certificate Certificate authority

Public key cryptography

What is the name of the role in the PKI that is responsible for the distribution of keys and the validation of identities? Certificate authority Registration authority Registration agent Key recovery agent

Registration authority

In Windows Server 2012 R2 AD CS, how many Root CAs can you install in a single certificate hierarchy? One Two Three Unlimited

One

By default, if you install a CA server on January 1, 2014, when will the CA certificate expire? January 1, 2019 January 1, 2024 January 1, 2029 January 1, 2034

January 1, 2019

What is the function of the AIA? It specifies where to find up-to-date CRLs that are signed by the CA It specifies where to find up-to-date CRLs that are signed by the RA It specifies where to find up-to-date certificates for the CA It specifies which CAs are available to issue certificates to clients

It specifies where to find up-to-date certificates for the CA

Your network has a mix of Windows, Macintosh, Linux and AIX computers. All of your internal web applications use Web Server certificates issued by your PKI. How will you need to configure your AIA and CDP? As LDAP paths As file server paths As URLs (HTTP paths) As CIFS paths

As URLs (HTTP paths)

Which Windows client operating systems are capable of using the Online Responder to check certificate revocation status? (Choose all that apply) Windows XP Professional Windows 7 Windows 2000 Windows 8

Windows 7 | & Windows 8

What two values would be required in a CAPolicy.inf file to set the CRL period to 4 hours? CRLPeriod=Hours CRLPeriodUnits=4 CRLDeltaPeriod=Hours CRLDeltaPeriodUnits=4

CRLPeriod=Hours | & CRLPeriodUnits=4

Why would you want to consider making the Root CA an offline CA? This improves certificate issuing speed This improves security of the root CA and its private keys This reduces the number of CAs you actively need to manage This prevents requests from inadvertently being sent to the Root CA

This improves security of the root CA and its private keys

Which PKI role in AD CS is used to validate certificates? CA Online Responder Network Device Enrollment Service CA Web Enrollment

Online Responder

What are the contents of the certificate chain? It is a list of all trusted root certificates It is a list of certificate authorities that can be used to authenticate an entity certificate It is a list of all trusted root certificate authorities It is a list of certificates that can be used to authenticate an entity certificate

It is a list of certificates that can be used to authenticate an entity certificate

What usages does the User certificate allow by default? (Choose all that apply) Secure Email Encrypting File System Client Authentication Document Signing

Secure Email , Encrypting File System , & Client Authentication

Which of the following URLs would be the correct one to visit to get to the Web Enrollment pages? https: ///certificates https: ///ca https: ///certsrv https: ///certsrvcs

https:///certsrv

``` What minimum certificate version is required to enable key archival and recovery? Version 1 Version 2 Version 3 Version 4 ```

Version 2

What must you do immediately after issuing the first KRA certificate to a trusted user to enable key archival and recovery on the CA? (Choose all that apply) Restart the CA Configure key archival on the CA properties Archive the keys for the issued KRA certificate Perform a backup of the CA database

Configure key archival on the CA properties | & Archive the keys for the issued KRA certificate

To recover a key from the CA database using the certutil utility, what information will you need to know about the certificate? The password for the private keys The certificate serial number The certificate subject name The certificate key length

The certificate serial number

You work at a government agency and have been tasked to implement a PKI built on Windows Server 2012 R2. What certificate template version will you need to use to meet the requirements imposed on your agency? Version 1 Version 2 Version 3 Version 4

Version 3

What is the advantage of configuring credential roaming? (Select all that apply) The user’s certificates are securely stored in Active Directory The user’s certificates follow the user to each computer he or she logs in to The user’s certificates are automatically enrolled and issued upon first login The user’s certificates can be easily placed on a USB storage device

The user’s certificates are securely stored in Active Directory & The user’s certificates follow the user to each computer he or she logs in to

Which certificate format supports the export of a certificate and its private key? Base64-encoded X.509 DER-encoded binary X.509 Personal Information Exchange (PKCS #12) Cryptographic Message Syntax Standard (PKCS #7)

Personal Information Exchange (PKCS #12)

Which certificate format supports storage of a single certificate, does not support storage of the private key or certification path, has contents that are of an ASCII format, and is generally used for importing into applications that require a “text blob”? Base64-encoded X.509 DER-encoded binary X.509 Personal Information Exchange (PKCS #12) Cryptographic Message Syntax Standard (PKCS #7)

Base64-encoded X.509

How does AD RMS protect a Microsoft Office file that has been transferred out of the organization to an external recipient? The external recipient will not be able to open the file because they cannot contact the AD RMS server The external recipient will not be able to open the file because they will not know the unlock password The external recipient will not be able to open the file because they do not have an account on the AD RMS server The external recipient will not be able to open the file because they do not have the AD RMS integrated version of Office installed

The external recipient will not be able to open the file because they cannot contact the AD RMS server

What issue should you be aware of if you perform the installation of AD RMS onto a Domain Controller? AD RMS will only work for that domain The AD RMS service account will be a domain administrator The AD RMS service account will not support Kerberos authentication AD RMS will not be able to automatically create a Service Connection Point

The AD RMS service account will be a domain administrator

To enable Kerberos authentication with AD RMS, you will need to be a member of which groups? (Choose all that apply) AD RMS Enterprise Administrators Enterprise Admins Domain Admins Schema Admins

AD RMS Enterprise Administrators | & Enterprise Admins

What tools provided in Windows Server 2012 R2 allow you to view the SCP configuration in Active Directory? (Choose all that apply) Active Directory Users and Computers ADSI Edit LDP SCP Edit

ADSI Edit | & LDP

What is the name of the objects that are used to enforce the rights a user or group has on rights-protected content? Protections policy templates Rights policy templates Restrictions policy templates Rights protection templates

Rights policy templates

Generally speaking, what could be considered the absolute minimum rights that a user could be granted via AD RMS that would allow the user to still consume the document? View Edit Save Extract

View

A Temporary Rights Account Certificate has a validity period of how long? 15 minutes 1 hour 4 hours 1 day

15 minutes

Which of the following must be deleted when you have to recreate a new AD RMS cluster within an Active Directory domain? AD RMS SID Publishing license Client Licensor Certificate Service Connection Point

Service Connection Point

What is the best reason you might choose to use RMS templates when configuring RMS policies across your organization? They allow you to standardize the implementation of AD RMS policies across the organization. They allow you to speed up the implementation of AD RMS policies across the organization. They allow you to delegate the implementation of AD RMS policies across the organization. They allow you to visualize the implementation of AD RMS policies across the organization.

They allow you to standardize the implementation of AD RMS policies across the organization.

The AD RMS certificate issued the first time a user attempts to access AD RMS-protected content is known as what? Server licensor certificate Rights account certificate Client licensor certificate Temporary rights account certificate

Rights account certificate

Final Flashcards

(100 cards)