Final

Question 1

What service does Dynamic Host Configuration Protocol (DHCP) provide?

Resolves web addresses to IP addresses
Resolves NetBIOS names to host names
Configures the IP address and other TCP/IP settings on network computers
Blocks unsolicited inbound traffic from entering the network perimeter

Answer 1

Configures the IP address and other TCP/IP settings on network computers

Question 2

For DHCP address allocation, by how much is network traffic reduced related to periodic lease renewal messages when switching from dynamic allocation to automatic allocation?

Dynamic address allocation does not require periodic lease renewal messages.
None, because both address allocation methods require periodic lease renewal messages
50 percent because automatic allocation cuts the periodic messages in half
100 percent because dynamic address allocation requires periodic lease renewal messages whereas automatic does not

Answer 2

100 percent because dynamic address allocation requires periodic lease renewal messages whereas automatic does not

Question 3

What is the first packet sent to a DHCP server when a computer boots up?

DHCPINFORM
DHCPDISCOVER
DHCPOFFER
DHCPACK

Answer 3

DHCPDISCOVER

Question 4

How does a DHCP client communicate which offered IP address it will accept from which DHCP server?

The client sends a DHCPREQUEST message to the server.
The client selects the closest server and beeps audibly to accept the offer.
The client sends a DHCPACK message to all servers with the IP address of the chosen DHCP server.
The client sends a DHCPREQUEST message to all servers with the IP address of the chosen DHCP server.

Answer 4

The client sends a DHCPREQUEST message to all servers with the IP address of the chosen DHCP server.

Question 5

What is the default lease period for DHCP dynamic address allocation?

96 hours
3.5 days
4.5 days
8 days

Answer 5

8 days

Question 6

What are the advantages of using a distributed DHCP infrastructure?

Large convergence of network traffic
All the client/server network traffic is local, so minimal DHCP traffic on routers
Reduced administrative burden with fewer DHCP servers
Clients have ready access to DHCP servers

Answer 6

All the client/server network traffic is local, so minimal DHCP traffic on routers

Clients have ready access to DHCP servers

Question 7

Before a DHCP server can hand out addresses, which of the following steps must be completed? (Choose two answers.)

A DHCP scope must be created and activated.
Correct!
The DHCP server must be created and authorized.
The DHCP server must be put in the trusted list on the client computers.
The DHCP server must be installed by an Enterprise Administrator.

Answer 7

A DHCP scope must be created and activated.

The DHCP server must be created and authorized.

Question 8

Which of the following steps must be completed in order to do ensure a network printer is assigned the same address through the DHCP server?

Create a reservation in the DHCP scope.
Create an exclusion in the DHCP scope.
Create a special scope on the DHCP server.
Define the DHCP server on the client in the Advanced TCP/IP Advanced Settings.

Answer 8

Create a reservation in the DHCP scope.

Question 9

What kinds of servers should NOT be DHCP clients?

Servers on a subnet outside the broadcast domain of the DHCP server
DHCP servers
Domain controllers, Internet web servers, and DHCP servers
DHCP relay agents

Answer 9

Domain controllers, Internet web servers, and DHCP servers

Question 10

What is the key benefit of DHCP manual IP address allocation over manually configuring the IP address by person?

The DHCP server then contains a centralized list of permanently assigned addresses.
The DHCP server might pass on more information than just an IP address.
This prevents accidental duplication of permanently assigned IP addresses.
This manually assigned address is officially known as a reservation.

Answer 10

This prevents accidental duplication of permanently assigned IP addresses.

Question 11

What are the servers at the top of the DNS hierarchy called?

Down-level servers
Authoritative sources
Root servers
Forwarders

Answer 11

Root servers

Question 12

The domain name part of a DNS name is _______ and consists of two or more words, separated by ______.

peer-based; periods
hierarchical; commas
unranked; commas
hierarchical; periods

Answer 12

hierarchical; periods

Question 13

When using DNS for name resolution only, why should a company consider using DNS servers outside the network perimeter?

Less administration
Less internal traffic
Fewer servers in the communications server rack
Less traffic crossing the network perimeter

Answer 13

Less traffic crossing the network perimeter

Question 14

Who is responsible for the ratification of new top-level domains?

Internet Corporation for Assigned Names and Numbers (ICANN)
Network Solutions, Inc. (NSI, formerly known as InterNIC)
Internet Assigned Numbers Authority (IANA)
Contoso.com

Answer 14

Internet Corporation for Assigned Names and Numbers (ICANN)

Question 15

Concerning DNS, what is negative caching?

When a DNS server receives incorrect information about a host
When a DNS server receives obsolete information about a host
When a DNS server receives information about a non-existent host
When a DNS server forwards incorrect information about a host

Answer 15

When a DNS server receives information about a non-existent host

Question 16

What is the default TTL for a Windows Server 2012 R2 DNS server?

1 hour
12 hours
5 minutes
36 hours

Answer 16

1 hour

Question 17

You registered the domain name contoso.com. The FQDNs seattle.contoso.com and halifax.contoso.com are examples of different _____.

subdomains of contoso.com
second-level domains
top-level domains
IP addresses

Answer 17

subdomains of contoso.com

Question 18

Concerning DNS domain hierarchy, what are examples of global top-level domains?

.com, .net, .org
.mil, .gov, .edu
.aero, .name, .pro
.ca, .cz, .kr

Answer 18

.com, .net, .org

Question 19

What is the primary purpose of name caching?

Name caching saves an extraordinary amount of time for the user.
Name caching greatly reduces traffic on the company network.
Name caching validates why you should deploy caching-only servers.
Name caching enables the second name resolution request for the same name to bypass the referral process.

Answer 19

Name caching enables the second name resolution request for the same name to bypass the referral process.

Question 20

What is the primary benefit of a DNS forwarder?

Exchanging iterative queries for recursive queries across the network perimeter
Reducing the traffic and making efficient use of available bandwidth across the network perimeter
Making the most of iterative queries to other DNS servers
Reducing the burden on the Internet’s root name servers

Answer 20

Reducing the traffic and making efficient use of available bandwidth across the network perimeter

Question 21

What DNS server represents the top of the DNS hierarchy?

Root name server
Caching-only server
Forwarder
Authoritative source

Answer 21

Root name server

Question 22

What DNS server is responsible for maintaining a particular domain’s resource records?

Root name server
Caching-only server
Forwarder
Authoritative source

Answer 22

Authoritative source

Question 23

What is the process of granting the user access only to the resources he or she is permitted to use?

Authentication
Authorization
Importing a user object to Active Directory
Registering the SRV

Answer 23

Authorization

Question 24

What defines what objects exist as well as what attributes are associated with any object in the Active Directory?

Active Directory administrator
Active Directory global directory
Active Directory root user
Active Directory schema

Answer 24

Active Directory schema

Question 25

Active Directory keeps a naming convention for the domain that mirrors ______.

DHCP
WINS
DNS
files and folders

Answer 25

DNS

Question 26

If an administrator creates a domain tree in an Active Directory forest, and then creates a separate and different domain tree, what is the relationship between the two domain trees?

Completely different security entities, creating two Active Directory forests
Different security entities, within one Active Directory forest
Same security entity as one Active Directory forest, bidirectional trust between domain trees
No trust between domain trees in an Active Directory forest

Answer 26

Same security entity as one Active Directory forest, bidirectional trust between domain trees

Question 27

What is the global catalog?

The schema that lists what objects and attributes exist in the AD DS forest
An index of all AD DS objects in a forest
A list of all domain controllers currently available
A matrix of all domains, sites, and domain controllers

Answer 27

An index of all AD DS objects in a forest

Question 28

What is an important difference between groups and OUs?

An OU can represent the various divisions of your organization.
Group membership can be a subset of an OU.
OUs are a security entity.
Group memberships are independent of the domain’s tree structure.

Answer 28

Group memberships are independent of the domain’s tree structure.

Question 29

For Server Core installations, how does Windows Server 2012 R2 differ from Windows Server 2008 when installing the AD DS role and promoting the system to a domain controller?

Windows Server 2012 R2 now allows administrators to use Dcpromo.exe.
Windows Server 2012 R2 now allows administrators to use PowerShell.
Windows Server 2012 R2 permits administrators to use answer files for unattended DC installations.
Windows Server 2012 R2 recommends administrators use Install from Media.

Answer 29

Windows Server 2012 R2 now allows administrators to use PowerShell.

Question 30

Which of the following features allows you to create virtual machines on a leased cloud resource?

Windows Intune
Hyper-V on a Cloud
Office 365
Infrastructure as a Service (IaaS)

Answer 30

Infrastructure as a Service (IaaS)

Question 31

What administrative division in Active Directory is defined as a collection of subnets that have good connectivity between them to facilitate the replication process?

Forests
Locations
Domains
Sites

Answer 31

Sites

Question 32

When is an Active Directory site topology created?
Site topology is started upon initial installation of the Active Directory.

Site topology starts when you finalize the links and subnets configuration.
Creation of sites and its topology is dependent on link costs.
Site topology is manually configured dependent on WAN bandwidth and transmission speed.

Answer 32

Site topology is manually configured dependent on WAN bandwidth and transmission speed.

Question 33

An Active Directory _____ consists of one or more separate domain trees.

organizational unit
group
domain
forest

Answer 33

forest

Question 34

What is a container object that functions in a subordinate capacity to a domain, and still inherits policies and permissions from its parent objects?

Organizational unit
Group
Domain
Forest

Answer 34

Organizational unit

Question 35

Resource access for individuals takes place through their ______.

computer accounts
user accounts
authentication
shared folders

Answer 35

user accounts

Question 36

What are the two built-in user accounts are created on a computer running Windows Server 2012 R2?

system and guest
default and guest
domain administrator and local administrator
administrator and guest

Answer 36

administrator and guest

Question 37

What you call the process of confirming a user’s identity by using a known value such as a password, a smart card, or a fingerprint?

authorization
permission
delegation
authentication

Answer 37

authentication

Question 38

The LDIFDE.exe utility is most similar to what other utility?

Microsoft Excel
Active Directory Administrative Center (ADAC)
CSVDE.exe
Dsadd.exe

Answer 38

CSVDE.exe

Question 39

Which of the following guidelines are NOT best practice for securing the Administrator account?

Renaming the Administrator account name so as not to distinguish it from non-administrative accounts
At least seven characters length and strong complexity for the account password
Using the Administrator account for daily, non-administrative tasks
Share the administrator account with only a few, necessary individuals

Answer 39

Using the Administrator account for daily, non-administrative tasks

Question 40

What user creation tool incorporates new features such as the Active Directory Recycle Bin and fine-grained password policies?

Active Directory Users and Computers console
Windows PowerShell
Active Directory Administrative Center (ADAC)
LDIFDE.exe

Answer 40

Active Directory Administrative Center (ADAC)

Question 41

To perform an offline domain join, how many times would an administrator run the Djoin.exe command?

once
twice
as many times as necessary
Djoin.exe cannot perform this task

Answer 41

twice

Question 42

What would be a sufficient user account to provide temporary access to the network for a user such as a vendor representative or a temporary employee?

Administrator
Guest
Privileged accounts such as “Vendor” or “TempEmployee”
no vendor nor temporary

Answer 42

Guest

Question 43

What graphical tool can create user and computer accounts and was redesigned for Windows Server 2012?

New-ADUser
CSVDE.exe
Active Directory Administrative Center
Dsadd.exe

Answer 43

Active Directory Administrative Center

Question 44

Which of the following is a PowerShell cmdlet for creating user objects?

New-ADUser
CSVDE.exe
Active Directory Administrative Center
Dsadd.exe

Answer 44

New-ADUser

Question 45

Which of the following is NOT a group scope?

Universal groups
Global groups
Domain local groups
Security groups

Answer 45

Security groups

Question 46

Of the key reasons for creating organizational units, which of the following is NOT one of them?

Delegating administration
Assigning Group Policy settings
Duplicating organizational divisions
Assigning permissions to network resources

Answer 46

Assigning permissions to network resources

Question 47

Within a domain, the primary hierarchical building block is the _________.

forest
group
organizational unit
user

Answer 47

organizational unit

Question 48

The Delegation of Control Wizard is capable of \_\_\_\_\_\_\_\_ permissions.
  granting 
  modifying 
  removing 
  all the above

Answer 48

granting

Question 49

An administrator needs to grant an e-mail distribution group of 100 members access to a database, how would the administrator proceed? The e-mail group is obsolete and can be dissolved.

Assign the necessary access permissions to the database to the distribution group.
Create a new group with the 100 members, then assign permissions.
Remove the distribution group, and then convert the members into a universal group, granting access permissions.
Convert the distribution group to a security group and then assign the group access permissions.

Answer 49

Convert the distribution group to a security group and then assign the group access permissions.

Question 50

What is the group scope for Domain Admins, Domain Controllers, and Domain Users default groups?

Distribution
Universal
Global
Domain local

Answer 50

Global

Question 51

Which of the following is NOT an example of a special identity?

Dialup Service
Creator Owner
Authenticated Users
Anonymous Logon

Answer 51

Dialup Service

Question 52

What are the different kinds of groups?

There are two types: security and distribution.
There are two types: security and distribution; and there are three group scopes: domain local, global, and universal.
There are three group scopes: domain local, global, and universal.
There are three group types: domain local, global, and universal.

Answer 52

There are two types: security and distribution; and there are three group scopes: domain local, global, and universal.

Question 53

What command-line utility allows administrators to modify a group’s type and scope as well as add or remove members?

PowerShell and the applicable cmdlet
Active Directory Users and Computers console
Active Directory Administrative Center
Dsmod.exe

Answer 53

Dsmod.exe

Question 54

Which of these groups would an administrator use to assign permissions to resources in the same domain?

Universal groups
Global groups
Domain local groups
Distribution groups

Answer 54

Domain local groups

Question 55

Which of these groups would an administrator use to assign permissions to resources in the same domain?

Universal groups
Global groups
Domain local groups
Distribution groups

Answer 55

Domain local groups

Question 56

What is the proper term for associating a Group Policy to a set of AD DS objects?

Linking
Connecting
Implementing
Granting

Answer 56

Linking

Question 57

The three types of Group Policy Objects (GPOs) include local, domain and _____.

OU
universal
starter
nonlocal

Answer 57

starter

Question 58

Configuring a Central Store of ADMX files help solve the problem of ________

excessive REQ_QWORD registry entries on every workstation
replication time for copying policies
Windows 7 workstations not able to receive policies
“SYSVOL bloat”

Answer 58

“SYSVOL bloat”

Question 59

What is the Microsoft Management Console (MMC) snap-in that you use to create GPOs and manage their deployment to AD DS objects?

Group Policy Management console
Active Directory Administrative Center
Server Manager
Disk Management

Answer 59

Group Policy Management console

Question 60

Group Policy settings are divided into two subcategories: User Configuration and Computer Configuration. Each of those two are further organized into three subnodes. What are the three?

Software settings, Windows settings, and Delegation Templates
Software settings, Windows settings, and Administrative Templates
Security settings, Windows settings, and Delegation Templates
Security settings, Windows settings, and Administrative Templates

Answer 60

Software settings, Windows settings, and Administrative Templates

Question 61

What is the technique called that you can modify the default permission assignments so that only certain users and computers receive the permissions and, consequently, the settings in the GPO?

inheritance
special identity linking
permission granting
security filtering

Answer 61

security filtering

Question 62

What is the order in which Windows systems receiving and process multiple GPOs.

LSOUD (local, site, OU, then domain)
LOUDS (local, OU, domain, then site)
SLOUD (site, local, OU, then domain)
LSDOU (local, site, domain, then OU)

Answer 62

LSDOU (local, site, domain, then OU)

Question 63

Local GPOs contain fewer options than domain GPOs. Local GPOs do not support ______.

Scripts, including logon, logoff, startup, and shutdown commands
Windows Deployment Services (WDS)
Folder redirection or Group Policy software installation
Registry-based policies, such as user desktop settings and environment variables

Answer 63

Folder redirection or Group Policy software installation

Question 64

If creating a Local Group Policy Object, then a secondary GPO, then a tertiary GPO, what policy settings are included in each GPO?

The first GPO contains both Computer Configuration and User Configuration settings, while the secondary and tertiary GPOs contain only Computer Configuration settings.
Each GPO contains both Computer Configuration and User Configuration settings.
All GPOs contain User Configuration settings.
The first GPO contains both Computer Configuration and User Configuration settings, while the secondary and tertiary GPOs contain only User Configuration settings.

Answer 64

The first GPO contains both Computer Configuration and User Configuration settings, while the secondary and tertiary GPOs contain only User Configuration settings.

Question 65

What nonlocal GPO has its properties stored in the Active Directory object Group Policy container (GPC), as well as a Group Policy template located in the SYSVOL share?

multiple local GPOs
local GPO
starter GPO
domain GPO

Answer 65

domain GPO

Question 66

What capability allows you to create specific GPO settings for one or more local users configured on a workstation?

multiple local GPOs
local GPO
starter GPO
domain GPO

Answer 66

multiple local GPOs

Question 67

What are the two categories of security settings within Group Policy? Select two answers.

User
Workstation
Administrator
Computer

Answer 67

User & Computer

Question 68

What are the three primary event logs?

Application, Forwarded, and System
Application, Security, and Setup
Application, Security, and System
Application, System, and Setup

Answer 68

Application, Security, and System

Question 69

What is the default size for each of the three Event logs?

16,384 KB
8,192 KB
32,768 KB
65,536 KB

Answer 69

16,384 KB

Question 70

What is a collection of configuration settings stored as a text file with an .inf extension?

Security template
Policy configuration
Deployment list
Right assignment

Answer 70

Security template

Question 71

When does Windows apply User Configuration policies by default?

As the user logs in
When the computer shuts down
As the user logs out
When the computer starts up

Answer 71

As the user logs in

Question 72

You create a GPO that contains computer settings, but not user settings. What can you do to quicken GPO processing?

You can set the priority higher for the configured setting area.
You can manually refresh the GPO settings.
You can disable the setting area that is not configured for faster processing.
Regardless of whether part or all of a GPO is configured, the GPO is processed at the same speed.

Answer 72

You can disable the setting area that is not configured for faster processing.

Question 73

What did Microsoft introduce in Windows Server 2008, which is used to ensure users with administrative privileges still operate routine tasks as standard users?

New Group Policy and Local Security Policy
Secure desktop
User Account Control (UAC)
Built-in administrator account

Answer 73

User Account Control (UAC)

Question 74

How are most Group Policy settings applied or reapplied?

Every time a computer starts up
At the refresh interval
Whenever a user logs on
Whenever the domain controller restarts

Answer 74

At the refresh interval

Question 75

What are the two interfaces available for creating and managing user accounts in Windows Server 2012 R2?

Control Panel and the MMC snap-in
Server Manager and Control Panel
Control Panel and Active Directory Users and Computers
User Accounts control panel and the Local Users and Groups snap-in for MMC

Answer 75

User Accounts control panel and the Local Users and Groups snap-in for MMC

Question 76

What tool for creating new users is only valid while the Windows Server 2012 R2 computer is part of a workgroup and not joined to an AD DS domain?

User Accounts Control Panel
Local Users and Groups snap-in
Administrator
Guest

Answer 76

User Accounts Control Panel

Question 77

What tool for user creation provides full access to all local user and group accounts on the computer?

User Accounts Control Panel
Local Users and Groups snap-in
Administrator

Answer 77

Local Users and Groups snap-in

Question 78

What service works with Group Policy to install, upgrade, patch, or remove software applications?

Windows Installer
Microsoft Office
Software distribution point
Server Manager

Answer 78

Windows Installer

Question 79

When configuring a GPO to deploy a software package, what is the difference between assigning and publishing the application?

Assigning forces the application to the computer, whereas publishing forces it to the user.
Publishing forces the application, whereas assigning provides the option to install.
Assigning forces the application, whereas publishing provides the option to install.
Publishing forces the application to the computer, whereas assigning forces it to the user.

Answer 79

Assigning forces the application, whereas publishing provides the option to install.

Question 80

After deploying software by GPO using the Assigned option, where is the package made available for the user?

The user’s My Documents folder
Start menu or desktop
The M: drive
Windows Control Panel

Answer 80

Start menu or desktop

Question 81

Not all software on the market provides .msi support. What is your best option to use Windows Installer to assign and publish the software?

Find a different software vendor.
Repackage the software for Windows Installer.
Install the software manually.
Distribute copies to users for installation.

Answer 81

Repackage the software for Windows Installer.

Question 82

In what Group Policy objects container are AppLocker settings located?

Computer Configuration\Windows Settings\Security Settings\Application Control Policies\AppLocker
User Configuration\Windows Settings\Security Settings\Application Control Policies\AppLocker
Computer Configuration\Windows Settings\Security Settings\AppLocker
User Configuration\Windows Settings\Security Settings\AppLocker

Answer 82

Computer Configuration\Windows Settings\Security Settings\Application Control Policies\AppLocker

Question 83

How does AppLocker handle all executables, installer packages, and scripts by default?

AppLocker blocks all by default, except for those specified in Allow rules.
AppLocker blocks all by default, especially those specified in Allow rules.
AppLocker allows all by default, except for those blocked by DLL access checking rules.
AppLocker allows all by default, except for those specified in Block rules.

Answer 83

AppLocker blocks all by default, except for those specified in Allow rules.

Question 84

What are the three default security levels within software restriction policies?

Restricted, Allowed, and Blocked
Guest, Basic User, and Advanced User
Unrestricted, Disallowed, and Restricted
Unrestricted, Disallowed, and Basic User

Answer 84

Unrestricted, Disallowed, and Basic User

Question 85

What is the most common way to implement software restriction policies?

Configuring software restriction policies on individual computers using Local Security Policy
Managing through Active Directory Users and Computers
Linking Group Policy objects to Active Directory Domain Services containers, so that you can apply their policy settings to several computers simultaneously
Using AppLocker, provided you’re applying to computers running Windows 7 and Windows Server 2008 R2 or later

Answer 85

Linking Group Policy objects to Active Directory Domain Services containers, so that you can apply their policy settings to several computers simultaneously

Question 86

When installing software using Group Policy, what file or files does an administrator use?

Windows Installer package files, or .msi files—modifications to the package files require transform files, or .mst files. Further, patch files are designated as .msp files.
Any approved software from Microsoft, including the Certified for Windows Server 2012 R2 logo on the packaging.
Windows Installer package files, or .mst files—modifications to the package files require instruction files, or .msi files.
Windows Installer packages that contain all the information about the software.

Answer 86

Windows Installer package files, or .msi files—modifications to the package files require transform files, or .mst files. Further, patch files are designated as .msp files.

Question 87

Software restriction relies on four types of rules to specify which programs can or cannot run. What type identifies software by its directory where the application is stored in the file system?

Hash
Certificate
Network zone
Path

Answer 87

Path

Question 88

Software restriction relies on four types of rules to specify which programs can or cannot run. What type enables Windows Installer packages to be installed only if they come from a trusted area of the network?

Hash
Certificate
Network zone
Path

Answer 88

Network zone

Question 89

Firewall rules function in two ways: admit all traffic, except that which conforms to the applied rules, and secondly, block all traffic, except that which conforms to the applied rules. How does the Windows Firewall work for inbound traffic and for outbound traffic?

Inbound—permit all. Outbound—block all
Inbound—block all. Outbound—block all
Inbound—block all. Outbound—permit all
Inbound—permit all. Outbound—permit all

Answer 89

Inbound—block all. Outbound—permit all

Question 90

Windows Firewall uses three profiles to represent the type of network to which the server is connected. What are the three profiles?

Private, temporary, and authenticated
Public, DMZ, and private
Internet, secure, and private
Domain, private, and public

Answer 90

Domain, private, and public

Question 91

What does the term “filter” refer to in the Windows Firewall With Advanced Security console?

The ability to screen traffic segments or packets
The ability to display inbound or outbound rules according to a profile
The ability to filter Group Policy settings per firewall
The ability to filter Group Policy settings per traffic type

Answer 91

The ability to display inbound or outbound rules according to a profile

Question 92

What tool offers more flexibility in creating rules compared with the Windows Firewall interface under Control Panel?

Active Directory Users and Computers
Windows Firewall With Advanced Security snap-in for the Microsoft Management console
Windows Firewall With Advanced Settings in the Server Manager Tools menu

Answer 92

Windows Firewall With Advanced Security snap-in for the Microsoft Management console

Question 93

By exporting the Windows Firewall policy, you have a file with a .wfw extension that contains _____.

all its rules, including the preconfigured rules and the ones you have created or modified
all the rules you have created or modified
preconfigured rules to be applied to another firewall
firewall settings as specified by the Group Policy settings

Answer 93

all its rules, including the preconfigured rules and the ones you have created or modified

Question 94

Windows Firewall allows an administrator to import and export firewall rules. What are the rules’ file extension?

.wfw
.inf
.wfr
.inr

Answer 94

.wfw

Question 95

You can configure the Windows Firewall to allow or block specific _________.

ports and protocols
applications and users
ports, protocols, and applications, but not users
ports, protocols, applications, users, and IP address ranges

Answer 95

ports, protocols, applications, users, and IP address ranges

Question 96

What is the primary objective of a firewall?

To authenticate and authorize users past the network perimeter
To permit traffic in and out for legitimate users, and to block the rest
To compare traffic information against a list of known valid traffic
To protect a network by allowing certain types of network traffic in and out of the system

Answer 96

To permit traffic in and out for legitimate users, and to block the rest

Question 97

When creating a firewall exception, what is the difference between opening a port and allowing an application through?

Opening a port is permanent, and thus is less risky than allowing an application.
Allowing an application opens the specified port only while the program is running, and thus is less risky.
Both options are available in the Windows Firewall with Advanced Security console.
There is no functional difference between opening a port and allowing an application.

Answer 97

Allowing an application opens the specified port only while the program is running, and thus is less risky.

Question 98

What parameter in the Windows Firewall New Inbound Rule Wizard specifies the IP address range of local and remote systems to which the rule applies?

Program
Action
Scope
Protocol and Ports

Answer 98

Scope

Question 99

What parameter in the Windows Firewall New Inbound Rule Wizard specifies what the firewall should do when a packet matches the rule?

Program
Action
Scope
Protocol and Ports

Answer 99

Action

Question 100

What is a key difference between a domain tree hierarchy and the organizational unit (OU) hierarchy within a domain?

Ability to apply Group Policy
Members allowed within
Inheritance
Membership

Answer 100

Inheritance