Final Flashcards Preview

Windows Server (70-412) > Final > Flashcards

Flashcards in Final Deck (100)
Loading flashcards...
1
Q

After a DNS zone has been secured with DNSSEC, what additional data will be returned to a client as a result of a query?

Information about the organization administering the zone
Information about the server providing the DNS zone
Digital signatures of the administrators of the zone
Digital signatures for the returned records

A

Digital signatures for the returned records

2
Q

What is the function of the RRSIG record?

Used to sign the records
Returned to positively deny that the requested A record exists in the zone
Returned to the client in response to a successful query along with the A record
Used to sign the zone

A

Returned to the client in response to a successful query along with the A record
Used to sign the zone

3
Q

What DNS security feature in Windows Server 2012 R2 can be configured to allow source port randomization for DNS queries?

Randomization factor
Initialization vector
Socket pool
Name Resolution Policy Table

A

Socket pool

4
Q

How are values for DNS Cache Locking expressed?

As a percentage of the TTL
As a percentage of the TTL remaining
As a fixed period of time in hours
As a fixed period of time in days

A

As a percentage of the TTL

5
Q

What is the net effect if recursion is disabled on a DNS server and the DNS server does not have any forwarding or root hints configuration present?

The DNS server will be able to provide only answers to queries about internal DNS zones
The DNS server will be able to provide only answers to queries about external DNS zones
The DNS server will be able to provide answers to queries about internal and external DNS zones
None of the above

A

The DNS server will be able to provide only answers to queries about internal DNS zones

6
Q

Which of the following commands would correctly set the DNS socket pool to a value of 7,000?

dnscmd /Config /SocketPoolSize 7000
dnscmd /Set /SocketPoolSize 7000
dnscmd /GetSocketPoolSize | dnscmd /Set /SocketPoolSize 7000
dnscmd /Configure /PoolSize 7000

A

dnscmd /Config /SocketPoolSize 7000

dnscmd /Set /SocketPoolSize 7000

7
Q

What Windows Server 2012 R2 DNS feature prioritizes DNS responses based on the subnet of the requesting client?

Conditional forwarding
Iterative queries
Recursive queries
Netmask ordering

A

Netmask ordering

8
Q

The main page of your company’s Intranet portal is accessible by the FQDN home.na.adatum.corp. How would you configure an entry in the GlobalNames zone for this?

Add a single A record with the IP of one of the web servers hosting the portal
Add a single CNAME record pointing to the A record in another zone
Add multiple CNAME records pointing to all the A records in the other zones
Add multiple A records with all the IPs of the web servers hosting the portal

A

Add a single CNAME record pointing to the A record in another zone

9
Q

DNSSEC uses public key infrastructure (PKI) encryption to provide what assurances to DNS clients? (Choose all that apply)

Proof of identity of DNS records
Confidentiality of information
Availability of services
Verified denial of existence

A

Proof of identity of DNS records
&
Verified denial of existence

10
Q

How can you best go about delegating administrative access to those employees who need to be able to manage DNS?

Add the user’s Active Directory accounts to the Domain Admins security group
Add the user’s Active Directory accounts to the Enterprise Admins security group
Add the user’s Active Directory accounts to a special universal distribution group created for this purpose (e.g., DNS Service Managers) and then add that group to the DNS Admins local group.
Add the user’s Active Directory accounts to a global security group created for this purpose (e.g., DNS Service Managers) and then add that group to the DNS Admins local group.

A

Add the user’s Active Directory accounts to a global security group created for this purpose (e.g., DNS Service Managers) and then add that group to the DNS Admins local group.

11
Q

In Window Server 2012 IPAM, what is the highest-level entity within the IP address space?

IP address range
IP address block
IP address container
IP address

A

IP address block

12
Q

Which of the following statements regarding the server requirements for an IPAM server is false?

The server must have a dual-core CPU of at least 2.0 GHz
The server must be running Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2
The server must have at least 4 GB of RAM installed
The server must have at least 80 GB of free disk space available

A

The server must be running Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2

13
Q

Which of the following database types can be used with Windows IPAM? (Choose all that apply)

MySQL
Microsoft SQL
Windows Internal Database
Access

A

Microsoft SQL

& Windows Internal Database

14
Q

Which PowerShell cmdlet is the correct one to use to create the IPAM provisioning GPOs?

Set-IpamGpoProvisioning
Initiate-IpamGpoProvisioning
Perform-IpamGpoProvisioning
Invoke-IpamGpoProvisioning

A

Invoke-IpamGpoProvisioning

15
Q

Which of the following categories will you not find in the Monitor and Manage section of the IPAM console?

DNS and DHCP Servers
DHCP Scopes
DNS Zone Records
DNS Zone Monitoring

A

DNS Zone Records

16
Q

Which of the following can be imported into IPAM using the IPAM console?

IP Addresses
IP Address Block
IP Address Ranges
All of the above

A

All of the above

17
Q

In Window Server 2012 IPAM, what is the second-highest-level entity within the IP address space?

IP address range
IP address block
IP address container
IP address

A

IP address range

18
Q

Which of the following advantages are provided to a SQL server when it’s used with IPAM?

Scalability
More secure
Reporting
Additional disaster recovery

A

Scalability, Reporting, & Additional disaster recovery

19
Q

As it pertains to IPAM, what is the name of the process of retrieving a list of all domain controllers, DNS servers, and DHCP servers?

Server discovery
IPAM discovery
Provisioning IPAM
Verifying IPAM access

A

IPAM discovery

20
Q

Members of which IPAM security group have the ability to view information in IPAM and can perform server management tasks?

IPAM MSM Administrators
IPAM ASM Administrators
IPAM IP Audit Administrators
IPAM Administrators

A

IPAM MSM Administrators

21
Q

Which of the following items would not be considered a logical component of Active Directory?

Domains
Organizational Units
Domain Controllers
Trust relationships

A

Domain Controllers

22
Q

In an organization that has three Active Directory forests with a total of six Active Directory domains, how many schemas will exist in the organization?

Three
Six
Nine
Eighteen

A

Three

23
Q

What are the requirements to perform an in-place upgrade of a domain controller to Windows Server 2012 R2?
(Choose all that apply)

The domain controller must be running Windows Server 2003 R2, Windows Server 2008, or Windows Server 2008 R2
The domain controller must be running Windows Server 2008 or Windows Server 2008 R2
The forest functional level will need to be at Windows Server 2003 or higher
The forest functional level will need to be at Windows Server 2008 or higher

A

The domain controller must be running Windows Server 2008 or Windows Server 2008 R2
&

The forest functional level will need to be at Windows Server 2008 or higher

24
Q

Which of the following desirable features first became available with the Windows Server 2008 domain functional level?

SYSVOL replication using DFSR instead of NTFRS
Automatic SPN management
Authentication mechanism assurance
UserPassword attribute

A

SYSVOL replication using DFSR instead of NTFRS

25
Q

You want to use the new features of Key Distribution Center (KDC) support for claims, compound authentication, and Kerberos armoring in your domain. What must you do first? (Choose two answers)

Raise the domain functional level to Windows Server 2008 R2
Raise the domain functional level to Windows Server 2012
Install at least one Windows Server 2012 domain controller
Retire all Windows 2000 Server member servers

A

Raise the domain functional level to Windows Server 2012

& Install at least one Windows Server 2012 domain controller

26
Q

Which of the following desirable features first became available with the Windows Server 2008 R2 forest functional level?

Active Directory recycle bin
Domain rename
Cross-forest trusts
KCC algorithm improvements

A

Active Directory recycle bin

27
Q

Which of the following accurately represents a User Principal Name?

MYCO\jdoe
jdoe@myco
jdoe.myco.corp
jdoe@myco.corp

A

jdoe@myco.corp

28
Q

Your organization currently has three business units (sales, manufacturing, and service) that function mostly independently. What would be the best approach to take when designing a new Active Directory forest environment for your organization? Be sure to consider the current-day environment and the possibility of future change.

Create a multi-domain forest, with one domain per business unit
Create multiple forests, with one forest per business unit, with no trusts
Create multiple organizational units as needed to organize each business unit’s objects
Create multiple forests, with one forest per business unit, with trusts between each forest root domain

A

Create multiple organizational units as needed to organize each business unit’s objects

29
Q

Which Active Directory upgrade method presents the lowest overall cost and risk to an organization, assuming that required physical or virtual servers are available and on hand?

In-place upgrade
Add new domain controllers
Migrate to a new domain
None of the above

A

Add new domain controllers

30
Q

Which partition contains definitions of all objects and attributes that can be created in the directory?

Schema partition
Configuration partition
Domain partition
Application partition

A

Schema partition

31
Q

Which of the following attributes are true of the automatically generated trusts created when a domain is added to the forest? (Choose all that apply)

The trust is two-way between the child domain and the root domain
The trust can be configured to be one-way or two-way
The trust can be configured to be incoming or outgoing, or both
The trust is always transitive

A

The trust is two-way between the child domain and the root domain
&
The trust is always transitive

32
Q

You have just created a one-way incoming trust in your domain for an external domain used by a partner company to allow your domain’s users to access a resource in the partner’s domain. What is the next step that will need to be performed to complete the trust?

You will need to create a one-way outgoing trust in the external domain
The partner will need to create a one-way outgoing trust in the external domain
You will need to create a one-way outgoing trust in your domain
The partner will need to create a one-way outgoing trust in your domain

A

The partner will need to create a one-way outgoing trust in the external domain

33
Q

Which of the following commands correctly illustrates how to create a one-way external trust from the adatum.local domain to the contoso.local domain?

netdom trust adatum.local /Domain:contoso.local /add
netdom -addtrust /Local:adatum.local /External:contoso.local
netdom trust –add adatum.local /Domain:contoso.local

A

netdom trust adatum.local /Domain:contoso.local /add

34
Q

Which of the following scenarios would allow the creation of a shortcut trust? (Choose all that apply)

Between a third-level child domain and a second-level child domain in a different domain tree of the same forest
Between two third-level child domains in the same forest
Between two second-level child domains in different forests
Between a third-level child domain and a forest root domain in different forests

A

Between a third-level child domain and a second-level child domain in a different domain tree of the same forest
&
Between two third-level child domains in the same forest

35
Q

When disabling SID filtering on a forest trust, what netdom switch should be used?

/disenablesidhistory:Yes
/enablesidhistory:No
/quarantine:No
/sidhistory:Disable

A

/enablesidhistory:No

36
Q

In which scenario would you want to disable SID filtering?

There is no trust between all Domain Admins and Enterprise Admins within both trusts
Forests have been renamed
Domains have been authoritatively restored
User accounts have been involved in a domain migration

A

User accounts have been involved in a domain migration

37
Q

What is the disadvantage of configuring selective authentication for a trust?

The inability to definitively control who is accessing what resources
The administrative overhead involved to configure and maintain user access to resources
The SIDs of the foreign security principals will need to be manually obtained
Security groups from the external domain must be used for the foreign security principals

A

The administrative overhead involved to configure and maintain user access to resources

38
Q

Which of the following attributes are true when discussing manually created trusts?

The trust is two-way between the child domain and the root domain
The trust can be configured to be one-way or two-way
The trust can be configured to be incoming or outgoing, or both
The trust is always transitive

A

The trust can be configured to be one-way or two-way

& The trust can be configured to be incoming or outgoing, or both

39
Q

Which of the following scenarios represents the best reason for creating a forest trust between two Active Directory forests?

Company A has purchased Company B
Company A wants to use an application developed by Company B
Company B wants to access data on a Company A web server
Company B wants to send email to recipients in Company A

A

Company A has purchased Company B

40
Q

What type of trust allows users of an internal forest to authenticate to and/or gain access to all resources of an external forest?

Realm trusts
Shortcut trusts
Forest trusts
External trusts

A

Forest trusts

41
Q

Your organization has six offices spread over three cities in North America. At a minimum, how many Active Directory sites should you plan to have?

One
Three
Six
Eighteen

A

Three

42
Q

What management console is used to manage Active Directory Sites?

Active Directory Topology Manager
Active Directory Sites and Services
Active Directory Domains and Trusts
Active Directory Sites and Subnets

A

Active Directory Sites and Services

43
Q

__________ define the logical replication path between sites to perform _________ replication, allowing for faster and optimized replication between sites based on configured costs and frequencies.

Site links, Intrasite
Replication links, Intersite
Site links, Intersite
Connection objects, Intrasite

A

Site links, Intersite

44
Q

Why is it generally not recommended to configure bridgehead servers manually?

You might pick a server that is not a domain controller
You might overload the server if its performance is below other domain controllers
You could pick a server in the wrong site
You could disrupt the flow of replication traffic between sites

A

You could disrupt the flow of replication traffic between sites

45
Q

What default value are all site links costs configured with in Active Directory?

1
10
100
1000

A

100

46
Q

What is defined by the replication schedule?

How often replication occurs
Which site links are the preferred paths
When specific directory partitions are replicated
When replication is allowed to occur

A

When replication is allowed to occur

47
Q

When examining the netlogon.log file, what will be your indicator that you have a problem with your Active Directory sites or subnets configuration?

A NO_CLIENT_SUBNET entry
A NO_CLIENT_DC entry
A NO_CLIENT_LINK entry
A NO_CLIENT_SITE entry

A

A NO_CLIENT_SITE entry

48
Q

What undesirable side effect may result from having the “Bridge All Site Links” option disabled?

You will need to manually create site link bridges between spoke sites
Sites will only replicate among themselves directly if you configure this to occur
Replication time and traffic between spokes will increase due to needing to go through the hub location
Replication will not occur other than to the hub site

A

Replication time and traffic between spokes will increase due to needing to go through the hub location

49
Q

Which of the following represents the best reason why you need to take care when creating site links within your organization?

So you can create connection objects between domain controllers
So you can map the logical layout of site links to the physical layout of WAN links
So you can optimize replication traffic between sites by using the highest quality, or lowest cost, routes
So you can ensure all domain controllers within all sites always stay consistent within 5 minutes

A

So you can optimize replication traffic between sites by using the highest quality, or lowest cost, routes

50
Q

What Active Directory component is automatically configured to take changes made during Intrasite replication and then replicate that to a domain controller in another site?

Bridgehead servers
Knowledge Consistency Checker
Site links
Intersite Topology Generator

A

Bridgehead servers

51
Q

Regarding Intersite and Intrasite replication, which of the following statements is false?

Replication data between sites is compressed
Intrasite replication utilizes Remote Call Procedure over Internet Protocol (RPC over IP) connectivity
Intrasite replication topology is generated by the Knowledge Consistency Checker (KCC)
Replication data within a site is compressed and encrypted

A

Replication data within a site is compressed and encrypted

52
Q

When a user changes his or her password, to what domain controller is the password change notification sent?

The Domain Naming master
The Schema master
A Global Catalog
The PDC Emulator

A

The PDC Emulator

53
Q

Which of the following repadmin commands would cause updates outward to replication partners and trigger replication across the enterprise as a whole?

REPADMIN /SyncAll /AjQ
REPADMIN /SyncAll /PQ
REPADMIN /SyncAll /APd
REPADMIN /SyncAll /APed

A

REPADMIN /SyncAll /APed

54
Q

Why must an RODC be able to connect to at least one Windows Server 2008 or higher domain controller? (Choose all that apply)

To replicate the domain partition
To replicate the global catalog partition
So that the Password Replication Policy (PRP) applied to the RODC can be configured and enforced
So that the SYSVOL folder can be replicated using Distributed File System Replication (DFSR)

A

To replicate the domain partition

& So that the Password Replication Policy (PRP) applied to the RODC can be configured and enforced

55
Q

What requirements must be met in order to perform the configuration of the Filtered Attribute Set? (Choose all that apply)

The Schema Master must be on a domain controller running Windows Server 2008, Windows Server 2012, or Windows Server 2012 R2
The Schema Master must be on a domain controller running Windows Server 2012 R2
You must perform the change directly on the Schema Master
You must perform the change at the command line using the netdom command

A

The Schema Master must be on a domain controller running Windows Server 2008, Windows Server 2012, or Windows Server 2012 R2
& You must perform the change directly on the Schema Master

56
Q

What is the net result of deleting an RODC and leaving the “Reset all passwords for user accounts that were cached on this Read-Only Domain Controller” option selected?

Users will be forced to use their previous password to log in the next time
Users will be forced to request a password reset before they can log in the next time
Users will be forced to request an account unlock before they can log in the next time
Users will need to have their accounts rejoined to the domain before they can log in the next time

A

Users will be forced to request a password reset before they can log in the next time

57
Q

On what domain controller should the DFSR SYSVOL migration process be performed from?

Any writable domain controller in the domain
Any global catalog server in the domain
The PDC Emulator of the domain
The Infrastructure Master of the domain

A

The PDC Emulator of the domain

58
Q

Which of the following scenarios best represents an urgent replication-inducing event?

A change in the domain account lockout policies
The creation of a new user account in the domain
The changing of a user account password
Replication performed to correct a replication conflict

A

A change in the domain account lockout policies

59
Q

Which of the following represents the best reason why you might want to prepopulate passwords on an RODC?

To speed up the initial login for the user at that site
To speed up every login for the user at that site
To reduce replication traffic to that site
To prevent security principals from needing to be added to the “Allowed RODC Password Replication Group” security group

A

To speed up the initial login for the user at that site

60
Q

Which SYSVOL replication migration state is done entirely using DFSR?

Start (State 0)
Prepared (State 1)
Redirected (State 2)
Eliminated (State 3)

A

Eliminated (State 3)

61
Q

What benefit does Single Sign-On provide for application users?

Prohibits users from being able to register multiple accounts within an application
Prevents users from needing to remember multiple usernames and passwords.
Provides users an easy way to remember the login information for the application
Provides for faster account lockout remediation

A

Prevents users from needing to remember multiple usernames and passwords.

62
Q

In order to utilize AD FS, what is the oldest version of Windows Server that any domain controller can be using?

  Windows Server 2003 SP1 
  Windows Server 2008 SP1 
  Windows Server 2008 R2 
  Windows Server 2012 
  Windows Server 2012 R2
A

Windows Server 2003 SP1

63
Q

What PowerShell cmdlet would you use to list the attribute stores currently configured for AD FS?

List-ADFSAttributeStore
Show-ADFSAttributeStore
Display-ADFSAttributeStore
Get-ADFSAttributeStore

A

Get-ADFSAttributeStore

64
Q

While testing AD FS claims-based authentication with a sample application, you encounter an error due to the self-signed certificate you opted to use. What can you do to eliminate this error? (Choose all that apply)

Add the self-signed certificate to your computer’s Trusted Root Certification Authorities store
Add the self-signed certificate to the application server’s Trusted Root Certification Authorities store
Issue a valid certificate from your internal CA
Configure AD FS to ignore self-signed certificate errors

A

Add the self-signed certificate to your computer’s Trusted Root Certification Authorities store
& Issue a valid certificate from your internal CA

65
Q

What step(s) will you need to perform while configuring a claims provider trust that you will not need to perform while configuring a relying party trust? (Choose all that apply)

Map attributes
Specify the application
Edit claims rules
Provide a URL for the partner federation server

A

Map attributes

& Edit claims rules

66
Q

In AD FS, which of the following allows you to create issuance authorization rules for relying party applications and allows you to use custom ‘Access Denied’ message?

Relying party permission policy
Multifactor access control
Usage policy
Federation Service proxy

A

Multifactor access control

67
Q

Which of the following services is used to provision a device object in AD DS and issue a certificate for the Workplace-Joined Device?

Domain Join Service
AD FS Authentication Service
Device Registration Service
Device Emulation Service

A

Device Registration Service

68
Q

Which of the following components of Active Directory Federation Services is a statement made by a trusted entity and includes information identifying the entity?

Federation server proxy
Claims provider
Relying party
Claim

A

Claim

69
Q

Which of the following components of Active Directory Federation Services is the server that issues claims and authenticates users?

Federation server proxy
Claims provider
Relying party
Claim

A

Claims provider

70
Q

Which of the following components of Active Directory Federation Services is the server that issues claims and authenticates users?

Federation server proxy
Claims provider
Relying party
Claim

A

Claims provider

71
Q

What is another name for Asymmetric encryption?

Public key infrastructure
Public key cryptography
Digital certificate
Certificate authority

A

Public key cryptography

72
Q

What is the name of the role in the PKI that is responsible for the distribution of keys and the validation of identities?

Certificate authority
Registration authority
Registration agent
Key recovery agent

A

Registration authority

73
Q

In Windows Server 2012 R2 AD CS, how many Root CAs can you install in a single certificate hierarchy?

One
Two
Three
Unlimited

A

One

74
Q

By default, if you install a CA server on January 1, 2014, when will the CA certificate expire?

January 1, 2019
January 1, 2024
January 1, 2029
January 1, 2034

A

January 1, 2019

75
Q

What is the function of the AIA?

It specifies where to find up-to-date CRLs that are signed by the CA
It specifies where to find up-to-date CRLs that are signed by the RA
It specifies where to find up-to-date certificates for the CA
It specifies which CAs are available to issue certificates to clients

A

It specifies where to find up-to-date certificates for the CA

76
Q

Your network has a mix of Windows, Macintosh, Linux and AIX computers. All of your internal web applications use Web Server certificates issued by your PKI. How will you need to configure your AIA and CDP?

As LDAP paths
As file server paths
As URLs (HTTP paths)
As CIFS paths

A

As URLs (HTTP paths)

77
Q

Which Windows client operating systems are capable of using the Online Responder to check certificate revocation status? (Choose all that apply)

Windows XP Professional
Windows 7
Windows 2000
Windows 8

A

Windows 7

& Windows 8

78
Q

What two values would be required in a CAPolicy.inf file to set the CRL period to 4 hours?

CRLPeriod=Hours
CRLPeriodUnits=4
CRLDeltaPeriod=Hours
CRLDeltaPeriodUnits=4

A

CRLPeriod=Hours

& CRLPeriodUnits=4

79
Q

Why would you want to consider making the Root CA an offline CA?

This improves certificate issuing speed
This improves security of the root CA and its private keys
This reduces the number of CAs you actively need to manage
This prevents requests from inadvertently being sent to the Root CA

A

This improves security of the root CA and its private keys

80
Q

Which PKI role in AD CS is used to validate certificates?

CA
Online Responder
Network Device Enrollment Service
CA Web Enrollment

A

Online Responder

81
Q

What are the contents of the certificate chain?

It is a list of all trusted root certificates
It is a list of certificate authorities that can be used to authenticate an entity certificate
It is a list of all trusted root certificate authorities
It is a list of certificates that can be used to authenticate an entity certificate

A

It is a list of certificates that can be used to authenticate an entity certificate

82
Q

What usages does the User certificate allow by default? (Choose all that apply)

Secure Email
Encrypting File System
Client Authentication
Document Signing

A

Secure Email
, Encrypting File System
, & Client Authentication

83
Q

Which of the following URLs would be the correct one to visit to get to the Web Enrollment pages?

https: ///certificates
https: ///ca
https: ///certsrv
https: ///certsrvcs

A

https:///certsrv

84
Q
What minimum certificate version is required to enable key archival and recovery?
  Version 1 
  Version 2 
  Version 3 
  Version 4
A

Version 2

85
Q

What must you do immediately after issuing the first KRA certificate to a trusted user to enable key archival and recovery on the CA? (Choose all that apply)

Restart the CA
Configure key archival on the CA properties
Archive the keys for the issued KRA certificate
Perform a backup of the CA database

A

Configure key archival on the CA properties

& Archive the keys for the issued KRA certificate

86
Q

To recover a key from the CA database using the certutil utility, what information will you need to know about the certificate?

The password for the private keys
The certificate serial number
The certificate subject name
The certificate key length

A

The certificate serial number

87
Q

You work at a government agency and have been tasked to implement a PKI built on Windows Server 2012 R2. What certificate template version will you need to use to meet the requirements imposed on your agency?

Version 1
Version 2
Version 3
Version 4

A

Version 3

88
Q

What is the advantage of configuring credential roaming? (Select all that apply)

The user’s certificates are securely stored in Active Directory
The user’s certificates follow the user to each computer he or she logs in to
The user’s certificates are automatically enrolled and issued upon first login
The user’s certificates can be easily placed on a USB storage device

A

The user’s certificates are securely stored in Active Directory &
The user’s certificates follow the user to each computer he or she logs in to

89
Q

Which certificate format supports the export of a certificate and its private key?

Base64-encoded X.509
DER-encoded binary X.509
Personal Information Exchange (PKCS #12)
Cryptographic Message Syntax Standard (PKCS #7)

A

Personal Information Exchange (PKCS #12)

90
Q

Which certificate format supports storage of a single certificate, does not support storage of the private key or certification path, has contents that are of an ASCII format, and is generally used for importing into applications that require a “text blob”?

Base64-encoded X.509
DER-encoded binary X.509
Personal Information Exchange (PKCS #12)
Cryptographic Message Syntax Standard (PKCS #7)

A

Base64-encoded X.509

91
Q

How does AD RMS protect a Microsoft Office file that has been transferred out of the organization to an external recipient?

The external recipient will not be able to open the file because they cannot contact the AD RMS server
The external recipient will not be able to open the file because they will not know the unlock password
The external recipient will not be able to open the file because they do not have an account on the AD RMS server
The external recipient will not be able to open the file because they do not have the AD RMS integrated version of Office installed

A

The external recipient will not be able to open the file because they cannot contact the AD RMS server

92
Q

What issue should you be aware of if you perform the installation of AD RMS onto a Domain Controller?
AD RMS will only work for that domain
The AD RMS service account will be a domain administrator
The AD RMS service account will not support Kerberos authentication
AD RMS will not be able to automatically create a Service Connection Point

A

The AD RMS service account will be a domain administrator

93
Q

To enable Kerberos authentication with AD RMS, you will need to be a member of which groups? (Choose all that apply)

AD RMS Enterprise Administrators
Enterprise Admins
Domain Admins
Schema Admins

A

AD RMS Enterprise Administrators

& Enterprise Admins

94
Q

What tools provided in Windows Server 2012 R2 allow you to view the SCP configuration in Active Directory? (Choose all that apply)

Active Directory Users and Computers
ADSI Edit
LDP
SCP Edit

A

ADSI Edit

& LDP

95
Q

What is the name of the objects that are used to enforce the rights a user or group has on rights-protected content?

Protections policy templates
Rights policy templates
Restrictions policy templates
Rights protection templates

A

Rights policy templates

96
Q

Generally speaking, what could be considered the absolute minimum rights that a user could be granted via AD RMS that would allow the user to still consume the document?

View
Edit
Save
Extract

A

View

97
Q

A Temporary Rights Account Certificate has a validity period of how long?

15 minutes
1 hour
4 hours
1 day

A

15 minutes

98
Q

Which of the following must be deleted when you have to recreate a new AD RMS cluster within an Active Directory domain?

AD RMS SID
Publishing license
Client Licensor Certificate
Service Connection Point

A

Service Connection Point

99
Q

What is the best reason you might choose to use RMS templates when configuring RMS policies across your organization?

They allow you to standardize the implementation of AD RMS policies across the organization.
They allow you to speed up the implementation of AD RMS policies across the organization.
They allow you to delegate the implementation of AD RMS policies across the organization.
They allow you to visualize the implementation of AD RMS policies across the organization.

A

They allow you to standardize the implementation of AD RMS policies across the organization.

100
Q

The AD RMS certificate issued the first time a user attempts to access AD RMS-protected content is known as what?

Server licensor certificate
Rights account certificate
Client licensor certificate
Temporary rights account certificate

A

Rights account certificate