Create and Manage Group Policy

Question 1

Which tool do you use to edit a local Group Policy on a computer?

Answer 1

you can open and edit a GPO by using the Group Policy Editor

Question 2

How can domain administrators disable the processing of local GPOs on clients that are running Windows client and Windows Server operating systems?

Answer 2

by enabling the Turn Off Local Group Policy Objects Processing policy setting in a domain GPO

Question 3

Which user can always change permissions on an object, even when that user is denied all access to the object?

Answer 3

The user or group that is the owner of the object

Question 4

How do you export AppLocker rules from a GPO in one domain to another GPO in another domain?

Answer 4

Export the AppLocker rules from the source GPO to an XML file. Import the XML file with Group Policy Editor on the destination GPO

Question 5

Which user feature protects the computer from the unauthorized installation of any software?

Answer 5

User Account Control (UAC)

Question 6

What is the path to the central store that is used to store and replicate Windows policy files on a domain controller?

Answer 6

%logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions

Question 7

What is the scope of the Restore-GPO cmdlet when restoring GPO backups?

Answer 7

It only restores GPO backups to the original domain where the GPO was saved

Question 8

After creating ADMX files to define registry-based policy settings on all client computers in the domain, what should you do to ensure that the custom ADMX file for the Chinese language is automatically available to all Group Policy administrators in the domain?

Answer 8

Create an ADML file and copy it to the SYSVOLl\domain\policies\PolicyDefinitions[MUIculture] folder on the domain controller.

Question 9

What are the two enforcement options that can be set on the enforcement of AppLocker executable rules, Windows Installer rules, script rules, and packaged app rules?

Answer 9

Enforce Rules and Audit

Question 10

Which GPO setting manages mapped drives, scheduled tasks, environment variables, printer mappings, and Start menu settings?

Answer 10

Preferences

Question 11

What should you do to allow AppLocker rules to test what software will be affected by the rules when they are implemented?

Answer 11

Set enforcement to Audit

Question 12

If you have multiple local GPOs on a Windows Server 2012 server, in what order are the local GPOs processed?

Answer 12

1. Local Group Policy
2. Administrators and Non-Administrators Group Policy
3. User-specific Local Group Policy

Question 13

What is the term for the folder that is created in the SYSVOL folder of an Active Directory domain controller and is used to provide a centralized storage location for ADMX and ADML files for the domain?

Answer 13

central store

Question 14

What type of AppLocker rules are available to configure in a GPO for Windows 8.1 or Windows Server 2012 R2 computers?

Answer 14

packaged app rules, executable rules, Windows Installer rules, and script rules

Question 15

When editing a Group Policy, which Flexible Single Master Operations (FSMO) role contains the version of the Group Policy that is being edited?

Answer 15

PDC emulator

Question 16

What type of condition would you apply to an AppLocker rule to restrict users from running a specific version number of a program?

Answer 16

a file hash rule

Question 17

What does the Block all connections setting on a Firewall profile block?

Answer 17

Blocks all connections, regardless of any firewall rules that explicitly allow the connection

Question 18

What does the Block setting on a Firewall profile block?

Answer 18

Blocks all connections that do not have firewall rules that explicitly allow the connection

Question 19

Which Hyper-V features can be accessed by members of the Hyper-V Administrators group?

Answer 19

Members of the Hyper-V Administrators have complete and unrestricted access to all features of Hyper-V.

Question 20

What path on a domain controller contains the Group Policy files?

Answer 20

%SystemRoot%\SYSVOL\Domain\Policies\GPOGUID path, where GPOGUID is the GUID of the Group Policy container.

Question 21

What does the Allow setting on a Firewall profile allow?

Answer 21

Allows the connection, unless there is a firewall rule that explicitly blocks the connection

Question 22

Which service, if stopped, with will prevent AppLocker policies from being enforced?

Answer 22

the Application Identity service

Question 23

Which ports and protocols should you enable on the Windows Firewall for a Windows Server 2012 R2 acting as a VPN server to allow inbound L2TP connections?

Answer 23

UDP port 500 and 4500 as well as IP Protocol ID 50

Question 24

How does an administrator repair or change permissions on a file in which the administrator has been denied permissions?

Answer 24

The administrator should take ownership of the file

Question 25

Which firewall rules should be configured to allow ping commands to work?

Answer 25

the correct echo rules, such as “File and Printer Sharing (Echo Request - ICMPv4-In)”

Question 26

Which command is used to configure one or many servers with an SCW-generated policy?

Answer 26

Scwcmd

Question 27

What type of condition would you apply to an AppLocker rule to restrict users from running software from a specific software vendor?

Answer 27

a publisher rule

Question 28

Which firewall profile is applied when a computer is connected to a network in which the computer’s domain account does not reside, such as a home network?

Answer 28

Private profile

Question 29

To specify the Accounts:Rename Administrator account policy to rename the local Administrator account on a computer to a different name, what path in a GPO must you search for the policy?

Answer 29

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options

Question 30

Which firewall profile is applied when a computer is connected to a domain through a public network?

Answer 30

Public profile

Question 31

What type of AppLocker rule would you use to control an application from the Windows store?

Answer 31

a packaged app rule

Question 32

What type of condition would you apply to an AppLocker rule to restrict users from installing software in a particular location?

Answer 32

a path rule

Question 33

If you upgrade a computer that is using Software Restriction Policies to Windows Server 2012 R2 or Windows 8.1, and then implement AppLocker rules, which set of policies is enforced?

Answer 33

only the AppLocker rules are enforced

Question 34

Which firewall profile is applied when a computer is connected to a network in which the computer’s domain account resides?

Answer 34

Domain profile

Question 35

Which group can reduce the number of users that belong to the local Administrators group while providing users with access to Hyper-V?

Answer 35

Hyper-V Administrators

Question 36

What PowerShell cmdlet would you use to display the settings that have been enabled in a particular GPO?

Answer 36

the Get-GPOReport cmdlet

Question 37

What parameter of the Import-GPO cmdlet will create the destination GPO if the GPO does not exist?

Answer 37

-CreateIfNeeded

Question 38

Which ports and protocols should you enable on the Windows Firewall for a Windows Server 2012 R2 acting as a VPN server to allow inbound PPTP connections?

Answer 38

TCP port 1723 and IP Protocol ID 47

Question 39

Which type of GPO allows you to create a baseline from which you can build GPOs?

Answer 39

A Starter GPO

Question 40

How can you copy AppLocker rules to another computer?

Answer 40

Export the AppLocker rules from a GPO or local security policy to an XML file, and import the XML file to another GPO or another local security policy

Question 41

Which ports and protocols should you enable on the Windows Firewall for a Windows Server 2012 R2 acting as a VPN server to allow inbound SSTP connections?

Answer 41

TCP Port 443

Question 42

Which local group(s) membership on a member server allows the user to back up and restore files and directories on the server?

Answer 42

Membership in the Administrators OR Backup Operators groups