70-647 Flashcards by Lewis Davis

BIND

Berkeley Internet Name Darmon

DNS server

How well did you know this?

Not at all

Perfectly

Bubbles

Teredo client.

Bubble messages create mapping’s for both computers in each other’s NAT routers.

How well did you know this?

Not at all

Perfectly

Format Prefix FP

A sequence of bits that identify atheism address type

How well did you know this?

Not at all

Perfectly

Forwarder

DNS system forwards name resolution requests to another DNS server specified by an administrator. Recursive not iterative queries
(Subsequent queries)

How well did you know this?

Not at all

Perfectly

GlobalNamesZone

New DNS feature can resolve single-label names like those us d in NetBIOS

How well did you know this?

Not at all

Perfectly

Global unicast address

IPv6 equivalent of registered IPv4 address - routable worldwide and unique on the Internet

How well did you know this?

Not at all

Perfectly

ISATAP

Inter-Site Automatic Tunnel Addressing Protocol
TCP
Link that emulates an IPv6 link using IPv4 network

How well did you know this?

Not at all

Perfectly

Iterative query

DNS query that responds immediately with the best information available

How well did you know this?

Not at all

Perfectly

Link-local address

FD/FC:80

IPv6 equivalent APIPA address in IPv4 - Automatic Private IP Addressing

How well did you know this?

Not at all

Perfectly

Network Address Translation

Group of workstations share single address

How well did you know this?

Not at all

Perfectly

OUI

Organisationally Unique Identifier - first 24 bits of a MAC Address which identifies the company who made the adaptor

How well did you know this?

Not at all

Perfectly

Proxy Server

Server on a private network forwards requests onto the internet using its own registered address

How well did you know this?

Not at all

Perfectly

Recursive query

DNS server reviving the query takes full responsibility for resolving the name

How well did you know this?

Not at all

Perfectly

Referral

Process in which a DNS server sends a name resolution request to another DNS server

How well did you know this?

Not at all

Perfectly

Scope

IPv6 the size an address functionality area

How well did you know this?

Not at all

Perfectly

SLAAC

Stateless Address Auto-configuration.

Process during which a computer assigns each interface a link local address

How well did you know this?

Not at all

Perfectly

Teredo

Allows non IPv6 NAT routers to function as tunnel end points

How well did you know this?

Not at all

Perfectly

Unique local Unicast Address

IPv6 equivalent of private network addresses in IPv4

How well did you know this?

Not at all

Perfectly

WINS

Windows Internet Name System

App that registers NetBIOS names and IP addresses as computers connect to the network.

How well did you know this?

Not at all

Perfectly

Zone Transfer

In DNS the process by which the server hosting the primary zone copies the primary zone database file to the secondary zone so the records match

How well did you know this?

Not at all

Perfectly

Multiple server WSUS architecture assume remote sites are well connected. However some sites have relatively low-bandwidth connections. In cases like these it is best to limit updates (usually critical). A
Answer
WSUS server limits to critical updates being transferred to remote servers. (answer does not include spaces)

low-bandwidth

How well did you know this?

Not at all

Perfectly

In the simplest configuration, a
Answer
WSUS server downloads updates from the Microsoft Update Site.

single

How well did you know this?

Not at all

Perfectly

Select from the following, all of the problems associated with non-centralised updates.
Select one or more:
a. Efficient bandwidth use 
b. Heavy bandwidth utilisation 
c. Compliance 
d. Update approval 
e. Centralised reports

b. Heavy bandwidth utilisation
(Each O.S. is performing separate updates, which of course uses more network bandwidth.)
c. Compliance
(Default windows update settings provide no means for feedback to administrators.)
d. Update approval
(Each user on each computer must approve updates individually.)

How well did you know this?

Not at all

Perfectly

In a basic configuration a single WSUS server can support how many clients?
Select one:
a. 25,000 
b. 5,000 
c. 10,000 
d. 1,000 
e. 50,000

25,000

How well did you know this?

Not at all

Perfectly

``` Where would the administrator configure WSUS automatic updates easiest? Select one: a. Registry editor b. Using a GPO (Group policy) c. On each individual PC. d. On the server "Control panel" ```

Using a GPO (Group policy)

This question tests knowledge of where you would use WSUS and where you would not. Match the following 2 statements with the correct answer: Mobile workstations? Small offices?

Mobile workstations – would not have access to a dedicated update server most of the time Small offices – don't really benefit as time configuring is greater than manual effort

The Answer WSUS server architecture is the same as a replica or autonomous server, except that instead of central servers transmitting updates directly to the downstream servers, administrators save updates to a shared medium.

disconnected

Match the following terms with the correct response. An upstream WSUS server is: A downstream WSUS server is:

An upstream WSUS server is: – where updates originate and are distributed. A downstream WSUS server is: – a server that acquires updates and passes them to clients.

WSUS servers, function in much the same way as replica WSUS servers, except that remote administrators at each site are responsible for evaluating & approving updates.

Autonomous

In a Answer WSUS server configuration, one central WSUS server downloads updates from the Microsoft update website. Approved updates filter down to additional downstream servers. This model minimises internet traffic, offloading transmissions to the LAN instead.

replica

``` 3 common examples of IP address tunneling are: Select one or more: a. SLARP b. 6 to 4 c. Teredo d. 4 to 6 e. ISATAP ```

6 to 4, ISATAP, Teredo

``` The address 180.76.5.136 is an example of which class of IP address? Write your answer in the following format: Class X ```

class b

How many bits are available for IPv6 subnetting? Select one: a. 16 bits (bits 48-64) b. 8 bits (bits 16-32) c. 32 bits (bits 32-64) d. You can't as you don't need to subnet IPv6

a. 16 bits (bits 48-64) | Directly after the global routing prefix

The main reason for using "Dual stack" is to? Select one: a. Speed up data transfer b. Improve performance c. To force users to upgrade their client operating systems. d. Make the transition from IPv4 to IPv6 as simple as possible.

Make the transition from IPv4 to IPv6 as simple as possible.

Generally speaking, where would Class A networks be used? Select one or more: a. Serial links. b. The military; using a private address range. c. ISP's (RIR) d. VERY large organisations e. Networks that require a small number of addresses.

VERY large organisations, ISP's (RIR), The military; using a private address range.

``` In order to use IPv6 across your entire network, the following devices must be configured correctly: Select one or more: a. Modems b. Switches c. Hardware firewalls d. Client machines e. Routers ```

Routers, Switches, Client machines, Hardware firewalls

What service must be enabled in order to audit AD DS activity? Select one: a. The Audit directory service access policy in the Default Domain Controllers Policy GPO. b. The Audit management service access policy in the Default Domain Controllers Policy GPO. c. The Audit forest service access policy in the Default Domain Controllers Policy GPO. d. The Monitor directory service access policy in the Default Domain Controllers Policy GPO.

The Audit directory service access policy in the Default Domain Controllers Policy GPO.

The purpose of setting the domain and forest functional levels is: Select one: a. to activate features that have been introduced in successive versions of Windows Server. b. to force the administrators to install the latest Windows Servers. c. to tell the administrators what the oldest version of Windows Server is in the forest/domain. d. to tell the administrators what the latest version of Windows Server is in the forest/domain.

to activate features that have been introduced in successive versions of Windows Server.

Administrative isolation is: Select one: a. when an individual is granted complete administration over some part of a domain. b. when an individual is granted complete administration control over some part of a forest. c. when an individual has complete and exclusive control over some part of a forest. d. when an individual has complete and exclusive control over some part of a domain.

when an individual has complete and exclusive control over some part of a forest

``` Which of the following is a Service Management Role? Select one: a. Help Desk Operators b. Replication Monitoring Operators c. Business Unit Administrators d. Workstation Administrators ```

Replication Monitoring Operators

Common reasons for creating OUs is (2 answers): Select one or more: a. to gain access to resources in another domain. b. to make the structure of the OUs reflect the company's organizational chart. c. to gain access to resources in another forest. d. to delegate administrative control over parts of the enterprise.

to delegate administrative control over parts of the enterprise., to make the structure of the OUs reflect the company's organizational chart.

The restricted-access forest model ... Select one: a. is achieved by setting up a two-way trust to the restricted forest. b. is intended for an enterprise with a business unit that must remain completely isolated from the rest of the network. c. is achieved by setting up a one-way non transitive trust to the restricted forest. d. is used for an enterprise with some parts which must have restricted access from the remainder of the network.

is intended for an enterprise with a business unit that must remain completely isolated from the rest of the network.

A shortcut trust is used: Select one: a. to speed the process of logging on between child domains of separate trees in the same forest. b. to enable a child domain in one tree to log on to a child domain in another tree in the same forest. c. to enable a child domain in one tree to log on to a child domain in another tree in different forests. d. to speed the process of logging on between child domains of separate trees in different forests.

to speed the process of logging on between child domains of separate trees in the same forest.

Perimeter networks are often created: Select one: a. to host Internet servers so that they are accessible from the internet, but are isolated from the internal network. b. to isolate elements of an enterprise by business units. c. to isolate elements of an enterprise by geographical areas. d. and always contain a separate forest.

to host Internet servers so that they are accessible from the internet, but are isolated from the internal network.

The group nesting strategy is often referred to as? | Answer:

AGGUDLP | Accounts-->Global groups-->Other global groups-->Universal groups-->Domain local groups-->Permissions.

If the forest root domain is irretrievably lost then... Select one: a. only the tree for which it is the root will be affected. Other trees in the forest will be unaffected. b. The role of forest root domain should be reassigned to another domain c. It has no operational effect on the forest. d. The forest has to be rebuilt from scratch.

The forest has to be rebuilt from scratch.

The term latency (in relation to sites) means? Select one: a. The replication schedule b. The time it takes for replication to propagate to all DC's. c. The replication interval d. The response time of the server

The time it takes for replication to propagate to all DC's.

``` The location of all servers by default in "AD Sites & Services" is: Select one: a. 1st Site b. Default Site c. Default-First-Site-Name d. Default e. Servers ```

Default-First-Site-Name | It is important to remember the hyphens

Which of the following statements are true, relating to site link bridging? Select one or more: a. Is enabled by default b. Must involve more than 2 sites c. Must be configured manually d. Can only involve 2 sites e. Treats all site links as equally available f. Enables administrators to customise replication traffic.

Must involve more than 2 sites, Is enabled by default, Treats all site links as equally available

Which of the following statements are true regarding; Intra-site replication? Select one or more: a. Traffic is compressed b. Replication occurs according to a schedule c. Is uncompressed d. Rarely needs configuring e. Requires creation and configuration of site links

Is uncompressed, | Rarely needs configuring

``` According to the textbook 70-647, the single site model assumes that DC's are: Select one: a. Co-located b. High powered c. Running Server2008 d. Well connected ```

Well connected | Good. The assumption is that speeds exceed 512Kbps (most ADSL/WAN links do)

The definition of a "Site" in active directory is: Select one: a. A descriptor of the speed available on a LAN\WAN link b. A collection of DC's from various forests c. A term that defines domain boundaries. d. An area of active directory network in which all of the domain controllers are well connected.

d. An area of active directory network in which all of the domain controllers are well connected. Textbook answer from page 69

You can rename the "Default-First-Site-Name" without causing any problems. Select one: True False

True

Match the following terms with their definitions. The only site created automatically is Answer 1 AD uses Answer 2 Intersite replication is Answer 3 A site is defined as an Answer 4 Intrasite replication is Answer 5 The default transport between sites is the Answer 6

The only site created automatically is – DEFAULT-FIRST-SITE-NAME, AD uses – multimaster replication, Intersite replication is – where replication occurs between 2 (or more) sites, A site is defined as an – area of AD where DC's are well connected, Intrasite replication is – where replication occurs within one site, The default transport between sites is the – DEFAULTIPSITELINK

Which of the following statements are true regarding; Inter-site replication? Select one or more: a. Is uncompressed b. Rarely needs configuring c. Requires creation and configuration of site links d. Traffic is compressed e. Replication occurs according to a schedule

Replication occurs according to a schedule, Traffic is compressed, Requires creation and configuration of site links

The default site created after DCPromo command has been run is called:? Answer:

Default-First-Site-Name

``` Which of the following criteria should be considered when selecting a migration path. Select one or more: a. Productivity b. Bandwidth c. Design d. Time e. Effort f. Redundancy g. Manpower h. Budget ```

``` Design, Time, Budget, Productivity, Manpower ```

Is the following statement true or false? When performing an "Interforest migration", you create a new Server2008 R2 forest - called a pristine forest. Select one: True False

True

Type the command (as if you were using the CMD prompt) to prepare a down-level domain for the addition of Server2008R2 DC's. Answer:

adprep /domainprep /gpprep

Match the following statements with the appropriate answer. Domain restructure migration Answer 1 Upgrade-then-restructure Answer 2 Domain-upgrade migration Answer 3

Domain restructure migration – Create a pristine forest on a new DC.Allows administrators to make changes., Upgrade-then-restructure – Best of both worlds, a 2 phase process that buys time to make changes later., Domain-upgrade migration – Easiest path-bring newer servers online and let objects replicate.

What is the correct (Recommended) Order of Migration? Select one: a. Computers, Groups, Users b. Groups, Users, Computers c. Groups, Computers, Users d. Computers, Users, Groups

Groups, Users, Computers

``` A free package from Microsoft that enables easy movement of objects, within or between forests. Includes a "modelling mode" to try out redesigns before making them permanent. Select one: a. ADPrep b. Domainprep c. ADMT d. SCCM ```

ADMT

Type the command (as if you were using the CMD prompt) to prepare a forest for the addition of Server2008R2 DC's.

adprep /forestprep

If moving objects between forests, and therefore switching SIDs (Security Identifier), what is the name of the attribute in AD DS that maps the SID from one forest, to the SID from the new forest?

sIDHistory

Is the following statement true or false? When performing an "Intraforest migration", you create a new Server2008 R2 forest - called a pristine forest. Select one: True False

False

``` Being able to deploy applications or services to business partners over the internet, but without creating an AD trust relationship, uses which role service? Select one: a. AD FS b. AD RMS c. RRAS d. AD DS ```

AD FS

WHAT? is the full version of Server 2008R2 (Standard or Enterprise), but is considered more secure due to missing the GUI (graphical user interface)

Servercore

A "medium" branch office is defined as having (up to)

100

"Admin role separation" is described as? Select one: a. Delegating domain admin tasks on an RODC b. Granting a user account; individual local administrative privileges on an RODC. c. Giving control over an O.U d. Delegating tasks in Active Directory e. Granting users total administrative access to a server

Granting a user account; individual local administrative privileges on an RODC.

``` The "Branchcache" feature has 2 configuration options. When it obtains files from a server on the network, it is classed as _________________ mode. Select one: a. DFS b. Distributed c. Cluster d. Random e. Hosted ```

Hosted

A "small" branch office is defined as having (up to) Answer users.

As per the Branch Office Resources recommendations, locations have either? (Choose 3) Select one or more: a. Dedicated administrative staff (Full staff) b. Outsourced administrators c. No dedicated admin staff (Branch manager) d. Dedicated administrative staff (1 staff member) e. Remote Administration

Dedicated administrative staff (Full staff), Dedicated administrative staff (1 staff member), No dedicated admin staff (Branch manager)

``` As per the Branch Office Topology recommendations, what should be considered regarding services at a branch office? Select one or more: a. WAN connection speed/bandwidth b. Number of Domain Controllers c. Creation of a separate site d. Number of users e. DNS server/Global catalogue server f. OU structure g. Forest functional level h. Standard/Enterprise Server edition ```

``` Number of users, WAN connection speed/bandwidth, Number of Domain Controllers, DNS server/Global catalogue server, Creation of a separate site ```

The following statements regarding the use of a RODC, should be paired up (drag the correct words in place): When installing a ?, there must be at least one ?contactable to be able to complete the ? command. The "best practice" is to ? the account in A.D beforehand.

When installing a [RODC], there must be at least one [Writable DC] contactable to be able to complete the [DCPROMO] command. The "best practice" is to [Pre‑Stage] the account in A.D beforehand.

``` The "Branchcache" feature has 2 configuration options. When it obtains files from another PC on the network, it is classed as _________________ mode. Select one: a. DFS b. Random c. Cluster d. Distributed e. Hosted ```

Distributed

A "Large" branch office is classed as having (up to) Answer users.

1000

``` How many "Remote Desktop Licenses" are included with Server 2008 R2 O.S? Select one: a. 8 b. 1 c. Unlimited d. 2 ```

The following terms need to be matched correctly: Windows Remote Desktop Session Host Answer 1 Windows Remote Desktop Gateway Server Answer 2 Windows Remote Desktop Licensing Server Answer 3

Windows Remote Desktop Session Host – Actually hosts the desktop sessions, Windows Remote Desktop Gateway Server – Fields connection requests from "Outside" to "Inside", Windows Remote Desktop Licensing Server – Enables administrators to manage access for desktop users

SCCM (System Centre Configuration Manager) is..? Select one: a. A network management application that provides administrators with a centralised solution for tasks. b. A networked application for deploying WDS c. An application that produces network traffic reports d. A networked application for deploying VM's

A network management application that provides administrators with a centralised solution for tasks.

Common Gateway Interface (CGI) is considered unsafe because? Select one: a. It does not have full functionality b. It invokes "worker process isolation mode" c. It allows any remote code to be run over the internet on a server/workstation d. It is 100% safe as long as you have a firewall in place

It allows any remote code to be run over the internet on a server/workstation

Match the following statements with the correct answer. Your RDSH (Remote desktop session host) should be Answer 1 Your secure RDGS (Gateway server) sever should be placed

Your RDSH (Remote desktop session host) should be – Part of your secure "Private network", Your secure RDGS (Gateway server) sever should be placed – In the perimeter network

By utilising THIN CLIENTS money can be spent...? Select one: a. Re-allocated to other departments b. It offers no real cost saving c. On purchasing more powerful hardware such as dedicated servers for applications. d. On additional operating systems

On purchasing more powerful hardware such as dedicated servers for applications.

Introduced around Vista SP4/Windows 7, NLA (Network level authentication) increases security because? Select one: a. The end user MUST enter credentials BEFORE a connection is even established b. Only administrators can use RDS c. It provides load balancing d. It enables SSO (Single sign on) technology

The end user MUST enter credentials BEFORE a connection is even established

Using "Remoteapp" has the following advantages? (Choose 2) Select one or more: a. Uses remote applications but all run in a single window b. Removes the need to purchase applications at all c. Is pointless! d. Makes applications available from a single installation e. Reduces the cost of purchasing additional applications

Reduces the cost of purchasing additional applications, | Makes applications available from a single installation

Match the following statement with the correct answer. The initial connection between client & RDGS Answer 1 The RDGS then communicates with the RDS server/Client PC

The initial connection between client & RDGS – uses SSL port 443 to connect, The RDGS then communicates with the RDS server/Client PC – using RDP protocol port 3389

What is the biggest significant advantage of using THIN CLIENTS? (Choose 2) Select one or more: a. They are more expensive to buy b. They use more space than FAT CLIENTS c. They are considerably cheaper to buy d. They have more processor power & memory e. They use much less power than FAT CLIENTS

They are considerably cheaper to buy, They use much less power than FAT CLIENTS

``` If your client and server O.S. is required to support legacy systems, which of the following authentication protocols should you consider using? Select one or more: a. CHAP b. MS-CHAP c. EAP/EAP-TLS d. PAP e. IKEv2 ```

MS-CHAP, CHAP, PAP

``` Perimeter networks provide security for your internal resources, but which of these belong in them? Select one or more: a. SMTP server b. DC c. Remote desktop gateway server d. RADIUS server e. Proxy server f. RRAS/NAT server g. Network File server ```

``` SMTP server, RRAS/NAT server, Proxy server, Remote desktop gateway server, RADIUS server ```

``` Which of the following statements about Directaccess are ACTUAL benefits? Select one or more: a. Bidirectional b. Easier configuration c. Authorised d. Increased function e. Verified(Screened) f. Authenticated g. Requires IPv4 to function h. Encrypted ```

``` Bidirectional, Encrypted, Authenticated, Authorised, Verified(Screened) ```

Server 2008 R2 uses the Answer role to enable services designed for remote access and VPN, as well as many others, such as routing.

Directaccess

In addition to RRAS & RADIUS capabilities, the network policy server (NPS) includes a Answer server role, that enables administrators to create and enforce health policies.

NAP

Match the terms with the correct response. Tunnelling protocol that requires IPSec in order to work Answer 1 Used extensively within the Windows environment Answer 2 Oldest and considered "least secure" of the VPN protocols Answer 3 Brand new, used only in Server2008 R2, Win7 & newer Answer 4 Used extensively after Server2008 was released, using port 443

L2TP MS-CHAPv2(and v1), PPTP (Point-to-point tunnelling protocol), IKEv2 (Internet Key Exchange version2), SSTP (Secure socket tunnelling protocol)

Match the NAP components to the right definition The NAP agent compiles a Answer 1 The "Server-side" of NAP is the Answer 2 Statement of Health Answer 3 System Health Agents Answer 4 On the server, for each System health agent Answer 5 The NAP Enforcement Client Answer 6

System Statement of Health(SSoH), NAP ES (Enforcement server), reports on the element it is monitoring, Agents There is a system health validator Transmits SSoH to the NAP health policy server

``` If your client and server O.S. is current and up-to-date, which of the following authentication protocols should you consider using? Select one or more: a. CHAP b. MS-CHAP c. PAP d. IKEv2 e. EAP/EAP-TLS ```

EAP/EAP-TLS, MS-CHAP, IKEv2

Port number Answer should be used as often as possible, to enable SSL connections.

443

The Distributed File System (DFS) is designed to allow multiple "up-to-date" copies of network shared files. For it to function properly in "standalone mode", which components are required? Select one or more: a. Access to at least one DC on the network b. DFS replication group configured c. Folder shares configured d. At least 1 server with DFS role installed e. Add targets

At least 1 server with DFS role installed, Folder shares configured, Add targets

? is the name of the encryption service that is designed to secure entire volumes/partitions/drives. It operates at the physical level to secure data.

Bitlocker

Having an alternative hard drive to swap out for a faulty one without shutting down the server is known as a Answer spare.

Hot

is the file sharing format used by windows, as opposed to which is the type used in Unix\Linux & others.

SMB NFS

``` The two "Hybrid RAID" versions are: Select one or more: a. 01 b. 10 c. 1+0 d. 0+1 ```

1+0, | 0+1

``` RAID 5 is commonly referred to as? Select one: a. JBOD(Just a bunch of disks) b. Mirroring c. Striping d. Striping with parity ```

Striping with parity

The term RAID stands for? Select one: a. Redundant array of independent disks b. Redundant arrangement of independent disks c. Replica arrangement of individual drives d. Redundant array of inexpensive disks

Redundant array of inexpensive disks

? is the name of the encryption service that is fairly limited and can be used to secure individual files and folders on a drive.

EFS

The Distributed File System (DFS) is designed to allow multiple "up-to-date" copies of network shared files. For it to function properly, allowing for redundancy in "Domain-integrated model", which components are required? Select one or more: a. Access to at least one DC on the network b. Add targets c. DFS replication group configured d. Folder shares configured e. At least 2 servers with DFS role installed

At least 2 servers with DFS role installed, Folder shares configured, Access to at least one DC on the network, DFS replication group configured, Add targets

? enables ? bit operating systems to be installed on a host PC, when Server2008 is the O.S. 2008r2 64 32 2005

2008r2 | 64

Answer the following by matching responses. Multiple instances of O.S on 1 physical host ? Microsoft Hyper-V is an example of ? The hypervisor is installed ? A hypervisor virtualisation system. between hardware & software(O.S) referred to as VM's

are referred to as VM's, A hypervisor virtualisation system, between hardware & software(O.S)

Hyper-V uses which of the following file formats for VM's? Select one or more: a. .vmc b. .vhd Correct c. .xml d. .iso Incorrect e. .vsv Correct

vmc vhd vsv

If you have a large number of Virtual Machines to administer you should consider using? Select one: a. Clustering b. SCCM c. JBOD d. Hyper V admin console Incorrect e. RAID

SCCM

Virtualising an application, rather than the entire operating system, uses ?

App-V

is the process which enables physical computers to be converted to virtual machines.

P2V

The moving of VM's between Hyper-V servers, without having to shut them down first, is known as? Select one: a. Using the command line b. Live migration Correct c. VSMT d. Virtual Server Migration Toolkit

Live migration

Match the following statement and answers regarding VM "Virtual Instances" Windows Server 2008 Enterprise? Windows Server 2008 Datacenter? Windows Server 2008 Standard?

4 Virtual instances, Unlimited, Windows | 1 Virtual instance

``` Virtual Server ? enables ? bit operating systems to be installed on a host PC, when Server2003 is the O.S. 32 64 2005 2008r2 ```

2005 | 32

2008R2 version of Hyper-V supports? Select one or more: a. Cluster node fault tolerance Correct b. Solaris 10 c. Red hat Linux 7.3 d. Live migration Correct e. Virtual switch capabilities Correct

Live migration, Cluster node fault tolerance, Virtual switch capabilities

A ? root Incorrect CA does not use A.D or certificate templates, they store all information locally. Importantly they do not respond to auto-enrolment requests and all administration of them must be done manually.

standalone

Which of the following reasons might cause I.E to refuse a connection to a website? Select one or more: a. Certificate has expired Correct b. Website is down c. None of these d. Certificate is corrupted e. Certificate has been revoked f. D.N.S improperly configured. g. Certificate does not match the name of the website(CNAME)

Certificate has expired, Certificate is corrupted, Certificate has been revoked, Certificate does not match the name of the website(CNAME)

Match the following certificate template terms with the answers. ``` Certificate template V3 ? Certificate template V1 ? Certificate template V2 ? ```

Used solely with Server2008/R2. Backwards compatibility to Server 2000/2003, Used with 2003 or 2008/2008R2

Match the following encryption protocols with the correct description. VPN's using the PPTP (Point-to-point-tunnelling protocol) VPN's using the L2TP (Layer 2 tunnelling protocol) usually require digital certificates VPN's using the IPsec optional encryption protocol do not require certificates to establish connection., can use certificates (optional) or pre-shared keys.

VPN's using the IPsec optional encryption protocol do not require certificates to establish connection., can use certificates (optional) or pre-shared keys. usually require digital certificates

? CA's are integrated into active directory. They use certificate templates, publish them and CRL's to A.D domains

Enterprise

Which of the following are Windows Server 2008 R2 CA roles? (Choose 1 answer) Select one: a. All of these are valid roles b. Enterprise subordinate c. Enterprise root d. Standalone root e. Standalone subordinate

All of these are valid roles

In order to be able to request a certificate, enrol & autoenrol, what is the minimum combination of permissions that allow this? Select one or more: a. Write b. Read c. Autoenrol d. Full control Incorrect e. Enroll Correct

Read, Enroll, Autoenrol

? is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.

OCSP

A ? CA exists beneath the root CA and if a client trusts the root CA it will also trust this.

Standalone

The term ? , also referred to as the certification path, is a list of certificates used to authenticate an entity.

certificate chain

Essentially an extension of SSL (but not SSL itself) TLS - Transport layer security is often referred to as? Select one: a. PPP b. SSL 3.0 c. EAP d. PEAP

b. SSL 3.0

Select from the following statements; which are true regarding Network Load Balanced clusters. Select one or more: a. Multiple nodes are configured b. Workload is rebalanced between remaining hosts(in a process called convergence) c. Each node is assigned a unique (shared) IP address d. The requests are distributed among the various nodes e. Each server retains its own unique IP address f. Traffic (except VPN/Proxy traffic) is redirected to another node g. If a node does not respond within 5 seconds (& 5 consecutive heartbeats) it has failed h. When a node fails all processes switch to another node

Multiple nodes are configured, Each node is assigned a unique (shared) IP address, The requests are distributed among the various nodes, If a node does not respond within 5 seconds (& 5 consecutive heartbeats) it has failed, Workload is rebalanced between remaining hosts(in a process called convergence)

Cluster nodes are kept alive using?

heartbeats

A ? backup, backs up all files and data that has been designated, after which it will [?] the archive bit. A [?] backup, backs up all files and data designated, after which DOES NOT [?] the archive bit. Making it easier to restore, but progressively longer to perform. An [?] backup, backs up all files designated, after which it DOES [?] the archive bit. Making it faster to perform, but progressively longer to restore. A [?] backup, backs up the entire contents of a volume designated, and does not reset the archive bit, the process is essentially invisible & does not interfere with backup strategy. A [?} backup, is the same as 4 (above) but only for files that have been accessed or altered on a specific date. ``` Incremental differential reset full daily copy ```

A [Full] backup, backs up all files and data that has been designated, after which it will [Reset] the archive bit. A [Differential] backup, backs up all files and data designated, after which DOES NOT [Reset] the archive bit. Making it easier to restore, but progressively longer to perform. An [Incremental] backup, backs up all files designated, after which it DOES [Reset] the archive bit. Making it faster to perform, but progressively longer to restore. A [Copy] backup, backs up the entire contents of a volume designated, and does not reset the archive bit, the process is essentially invisible & does not interfere with backup strategy. A [Daily] backup, is the same as 4 (above) but only for files that have been accessed or altered on a specific date.

A ? Incorrect (2 words) is a set of independent computers that work together to increase availability of services. If one node does not respond in timely fashion, another is used.

failover cluster

Match up the monthly availability percentages: 99. 99% (4 nines) 99. 9999% (6 nines) 99%

99.99% (4 nines) – Approx 5 minutes downtime, 99.9999% (6 nines) – Approx 3 seconds downtime, 99% – Approx 7 hours downtime