test Flashcards
(165 cards)
1
Q
An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?
A
who, when, and how
2
Q
Which variable can be set to authorize or deny a remote connection?
A
group membership
3
Q
The default connection request policy uses NPS as what kind of server?
A
Radius
4
Q
Where is the default connection policy set to process all authentication requests?
A
Locally
5
Q
What is the last setting in the Routing and Remote Access IP settings?
A
how IP addresses are assigned
6
Q
What command-line utility is used to import and export NPS templates?
A
netsh
7
Q
To which type of file do you export an NPS configuration?
A
XML
8
Q
When should you not use the command-line method of exporting and importing the NPS configuration?
A
when the source NPS database has a higher version number than the version number of the destination NPS database
9
Q
Network policies determine what two important connectivity constraints?
A
- who is authorized to connect
- the connection circumstances for connectivity
10
Q
When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _______________ that have been configured for the policy.
A
constraints
11
Q
If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?
A
Denies
12
Q
Which Routing and Remote Access IP setting is the default setting?
A
Server Settings Determine IP Address Assignment
13
Q
Which of the following is the strongest type of encryption?
A
MPPE 128-Bit
14
Q
Why is there a No Encryption option for network connections?
A
to allow for third-party encryption programs that might be incompatible with native encryption
15
Q
RADIUS Access-Request messages are processed or forwarded by NPS only if the settings of the incoming message match what on the NPS server?
A
one of the connection request policies
16
Q
Network Access Policy is part of which larger scope NPS policy?
A
Health
17
Q
What character string makes up the telephone number of the network access server (NAS)?
A
Called Station ID
18
Q
What character string attribute designates the phone number used by the access client?
A
Calling Station ID
19
Q
What is used to restrict the policy only to clients that can be identified through the special mechanism such as a NAP statement of health?
A
Identity Type
20
Q
What is the name of the RADIUS client computer that requests authentication?
A
Client Friendly Name
21
Q
Network Access Protection (NAP) is Microsoft’s software for controlling network access of computers based on what?
A
a computer’s overall health
22
Q
Because NAP is provided by _________, you need to install _________ to install NAP.
A
NPS, NPS
23
Q
DHCP enforcement is not available for what kind of clients?
A
IPv6
24
Q
What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?
A
Read-Only
25
When you fully engage NAP for remediation enforcement, what mode do you place the policy in?
Isolation
26
To verify a NAP client's configuration, which command would you run?
netsh nap client show state
27
Why do you need a web server as part of your NAP remediation infrastructure?
to provide user information in case of a compliance failure
28
Where do you look to find out which computers are blocked and which are granted access via NAP?
the NAP Server Event Viewer
29
You should restrict access only for clients that don't have all available security updates installed, if what situation exists?
the computers are running Windows Update
30
What happens to a computer that isn't running Windows Firewall?
The computer is isolated
31
To use the NAP-compliant policy, the client must do what?
pass all SHV checks
32
Which computers are not affected by VPN enforcement?
locally connected computers
33
When enabling NAP for DHCP scopes, how should you roll out the service?
for individual DHCP scopes
34
What is the purpose of the System Health Agent (SHA)?
Either
to provide feedback on the status of system protection and updates
OR
to provide feedback to the system for CPU, memory, and disk health
35
Why is monitoring system health so important?
to maintain a safe computing environment
36
Why would you set up a monitor-only NAP policy on your network?
You are testing your NAP rollout before implementation
37
These Windows computers don't typically move much and are part of the domain. Because they are part of the domain, they are easier to manage with group policies, managed anti-virus/anti-malware systems, and administrative control.
desktop computers
38
These Windows computers are not usually connected directly to the network but connect through a VPN connection. Because they are usually personal computers, they are not part of the domain. Therefore, they usually do not get security updates and might not have an up-to-date anti-virus/anti-malware software package.
unmanaged home computers
39
These Windows computers are unmanaged computers often used by consultants or vendors who need to connect to your organization's network. Because they are unmanaged, they might not have the newest up-to-date security patches and an up-to-date anti-virus/anti-malware software package.
visiting laptops
40
These Windows computers move often and might not be connected to the organization's network office. Because they are typically part of the domain, they can be managed but might not get the newest updates because they are not always connected to the network.
roaming laptops
41
What is the default authentication protocol for non-domain computers?
NTLM
42
What does the acronym NTLM stand for?
NT LAN Manager
43
NTLM uses a challenge-response mechanism for authentication without doing what?
sending a password to the server
44
What type of protocol is Kerberos?
a secure network authentication protocol
45
Kerberos security and authentication are based on what type of technology?
secret key
46
What is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly?
5 minutes
47
Which three components make up a service principal name (SPN)?
service class, host name, and port number
48
What happens if a client submits a service ticket request for an SPN that does not exist in the identity store?
The client receives an access denied error
49
Which tool can you use to add SPNs to an account?
ADSI Edit
50
Identify another utility that you can use to add SPNs to an account.
setspn
51
What type of account is an account under which an operating system, process, or service runs?
Service
52
By default, which service accounts will the Windows PowerShell cmdlets manage?
group MSAs
53
What is the default authentication protocol for contemporary domain computers?
Kerberos
54
What is the name by which a client uniquely identifies an instance of a service?
service principal name
55
Before you can create an MSA object type, you must create what?
a key distribution services root key
56
What service right does an MSA account automatically receive upon creation?
log on as a service
57
Which Kerberos setting defines the maximum time skew that can be tolerated between a ticket's timestamp and the current time at the KDC?
maximum tolerance for computer clock synchronization
58
Which Kerberos setting defines the maximum lifetime ticket for a Kerberos TGT ticket?
maximum lifetime for user ticket
59
Which Kerberos setting defines the maximum lifetime of a Kerberos ticket?
maximum lifetime for service ticket
60
Which Kerberos setting defines how long a service or user ticket can be renewed?
maximum lifetime for user ticket renewal
61
The domain controllers are the computers that store and run the _______________.
Active Directory database
62
How many PDC Emulators are required, if needed, in a domain?
One
63
You do not place the infrastructure master on a global catalog server unless what situation exists?
You have a single domain
64
When you add attributes to an Active Directory object, what part of the domain database are you actually changing?
schema
65
Which Active Directory object is defined as a specialized domain controller that performs certain tasks so that multi-master domain controllers can operate and synchronize properly?
Operations Master
66
How many global catalogs are recommended for every organization?
at least two
67
Where are you most likely to see a Read-Only Domain Controller (RODC)?
in a remote site
68
Beginning with which server version can you safely deploy domain controllers in a virtual machine?
Windows Server 2012
69
What utility must you run on a cloned system to ensure that the clone receives its own SID?
sysprep
70
Which type of system must you connect to and use to make changes to Active Directory?
writable domain controller
71
Which version of Windows Server introduced incremental universal group membership replication?
Windows Server 2003
72
3 group in Domain
domain local, global, universal
73
Although the changes are easy to make, why is changing the AD Schema such a big deal?
The changes could corrupt the database
74
Where in the forest is a global catalog automatically created?
the first domain controller
75
Which utility do you use to manage Active Directory from the command line?
ntdsutil
76
Which command-line command do you use to allow Windows Server 2003 domain controllers to replicate to RODCs?
adprep
77
Which term describes a collection of domains grouped together in hierarchical structures that share a common root domain?
Domain trees
78
Which term describes an administrative boundary for users and computers, which are stored in a common directory database?
domains
79
Which term describes a collection of domain trees that share a common Active Directory Domain Services (AD DS)?
forests
80
Which term describes containers in a domain that allow you to organize and group resources for easier administration, including providing for delegating administrative rights?
organizational units
81
Which of the following ntdsutil commands cleans up metadata?
metadata cleanup
82
Why is backing up the Windows system state necessary?
It's needed to perform a full system restore
83
In interactive mode, what aspect of AD can you check with the ntdsutil integrity command?
low-level database corruption
84
What is the range of password history settings?
0 to 24
85
What is the primary advantage of using Group Policies in a domain environment?
centralized management
86
How should you assign Password Settings objects (PSOs) to users?
Assign the PSOs to a global security group and add users to the group
87
By default, how often does Active Directory "garbage collection" occur?
every 12 hours
88
What is the proper procedure for removing a domain controller from Active Directory?
Uninstall Active Directory Domain Services.
89
To perform an authoritative restore, into what mode must you reboot the domain controller?
DSRM
90
If a single domain controller's AD database becomes corrupt, which type of restore should you perform on it?
nonauthoritative
91
Why can you not modify snapshots?
They are read-only.
92
What is the default minimum password length in characters?
7
93
Which aspect of passwords is a key component of their strength?
number of characters
94
Why primarily are account lockout policies put into place?
security
95
Why should administrator passwords change more often than user passwords?
because administrator accounts carry more security sensitivity than users do
96
An Active Directory snapshot is actually what kind of backup?
a shadow copy
97
What is a GUID?
a unique identifier for a snapshot
98
When you do an authoritative restore process, a back-links file is created. What is a back-links file?
a reference to an attribute within another object
99
Which utility do you use to defragment Active Directory?
ntdsutil
100
To perform an authoritative restore of an object or subtree, what bit of information do you need to know about the object?
its distinguished name
101
What utility first appeared in Windows Server 2000 R2 that allows you to undelete Active Directory containers and objects?
the Active Directory Recycle Bin
102
What is the default setting for password history?
24
103
By default, who has read/write capability to the Default Domain Policy?
domain administrators
104
By default, which of the following represents the maximum amount of time by which a computer's internal clock can be inaccurate yet still be able to use Kerberos authentication?
5 minutes
105
What setting can you give for account lockout duration that requires an administrator to manually unlock the account?
0
106
What function does the CSVDE tool perform?
It exports/imports Active Directory information
107
What is an easy method of creating a strong password?
Start with a sentence then add numbers and special characters.
108
The default maximum password age is how long?
42 days
109
what character length for a password is generally accepted as minimum?
eight
110
After you undelete a user account with the LDP utility, what action do you need to perform?
Reset the user's password
111
Why is backup of the Active Directory database so important?
Backup is needed in case of corruption, deletion, or other failure.
112
What does the minimum password age setting control?
how many days a user must wait before a password reset
113
What is the secpol.msc utility used for?
editing local security policies
114
Which of the following passwords is considered complex?
M!croS0ft
115
Windows Server 2012 introduces a new time-saving feature when performing tasks such as AD defragmentation. What is that feature?
Restartable Active Directory Domain Services
116
Which utilities do you use to set up loopback policies?
Group Policy Management Editor
117
Which of the following Windows 8.1 and Windows Server 2012 R2 features can speed up the performance of processing synchronous policy settings
Group Policy Caching
118
What happens when an application deployed via group policies becomes damaged or corrupt?
The installer will detect and reinstall or repair the application
119
Where is the default location for ADMX files?
C:\Windows\PolicyDefinitions
120
GPOs are processed on computer startup and after logon. Why is the user never aware of the processing ?
processing is hidden from the user
121
In which order are Group Policy objects (GPOs) processed?
Local group policy, site, domain, OU
122
To use WMI filters, you must have one domain controller running which version of Windows Server or higher?
2003
123
By default which GPO permissions are all authenticated users given?
Apply Group
124
How many WMI filters can be configured for a GPO?
one
125
What is an ADMX file?
the ADM format for newer operating systems
126
Windows installer cannot install .exe files. To distribute a software package that installs with an .exe file, what must you do to do it?
convert it to an MSI file
127
Which feature affects all users in the domain, including domain controllers?
Default Domain Policy
128
Where would using Replace mode GPOs be appropriate?
in a classroom
129
What language are ADMX files based on?
XML
130
When configuring Group policy to deploy applications, the applications must be mapped to where?
UNC path
131
If you, as administrator, change an installed application, how do you update your users?
by redeploying the application via the GPO
132
What is the filename extension for the files in which installation information is stored?
.msi
133
What is the name of the software component used for installation, maintenance, and removal of software on Windows?
Windows Installer
134
What is the default timeout value for GPOs to process on system startup?
600 seconds
135
The downward flow of group policies is known as what feature of GPOs?
inheritance
136
How are client-side extensions applied?
to the local computer or currently logged-on user
137
Unlike ADM files, ADMX files are not stored where?
in individual GPOs
138
Where is the Central store located?
in the SYSVOL directory
139
At what point are WMI filters evaluated?
when the policy is processed
140
What is the best method of dealing with slow-link processing?
changing the slow-link policy processing behavior
141
What kind of group policies should you enable for student computers?
loopback
142
What is the first step in the GPO processing order?
The computer establishes a secure link to the domain controller
143
What are MST files used for?
They deploy customized software installation files
144
An application cannot be published to a ___________
computer
145
When you're about to reset domain policy and domain controllers policy back to default with the dcgpofix.exe command, what final warning are you given before you accept the change?
that all users Rights Assignments will be replaced
146
What process grants permission to other users to manage group policies?
delegation
147
What is a collection of files store in the SYSVOL (%SystemRoot%\SYSVOL\,\Policies\) of each domain controller?
Group Policy template (GPT)
148
If you don't want a GPO to apply, which group policy permission do you apply to a user or group?
Disallow apply
149
Which utility do you use to create GPO preferences?
Group Policy Management Editor
150
What object can you create to organize Registry preference items?
a Collection
151
Which Windows extension allows you to add, replace or delete sections or properties in configuration settings or setup information files?
.ini files
152
Which domain users are automatically granted permissions to preform Group Policy Management task?
domain administrators
153
For GPP editing states, which key do you use to toggle Enable Current?
F6
154
Which term describes changing the scope of individual preferences items so that the preference items apply only to selected users or computers?
item-level targeting
155
To give someone permission to manage a particular GPO, you use the ______________ tab of the individual GPO.
Delegate
156
Which Windows extension allows you to copy registry settings and apply them to other computers' create, replace, or delete registry settings?
Registry
157
What is the key difference between preferences and policy settings?
enforcement
158
Windows Settings are common configuration settings used in Windows but not used where?
The Control Panel
159
Which components allows you to create multiple Registry preference items based on registry settings that you select?
The Registry Wizard
160
What is a file that maps references to users, groups, computers and UNC paths in the source GPO to new values in the destination GPO?
migration table
161
What is an Active Directory object store in the Group Policy Objects container with the domain naming content of the directory basic attributes of the GPO but does not contain any of the settings?
Group Policy Container (GPC)
162
To support GPPs on older Windows versions (Server and Workstation), you have to install what component from Microsoft?
GPP client-Side Extensions
163
GPPs are divided into which two sections?
Windows and Control Panel
164
How do you stop processing a preference if an error occurs?
Select the Stop processing items option on the Common tab
165
By default, this option runs as the System account. If this option is selected, the logged-on user context is used.
Run in logged-on user's security context.
