Final

Question 1

What kind of RADIUS server is placed between the RADIUS server and RADIUS clients?

a RADIUS client server
a RADIUS engine server
a RADIUS proxy server
a RADIUS relay server

Answer 1

a RADIUS proxy server

Question 2

What is a RADIUS server known as in Microsoft parlance?

Network Access Server
Network Policy Server
Network Authentication Server
Network Remote Access Server

Answer 2

Network Policy Server

Question 3

When an access client contacts a VPN server or wireless access point, a connection request is sent to what system?

the NPS server
the 802.1X switch
an authorization relay
an access client

Answer 3

the NPS server

Question 4

What is the final step in the authentication, authorization, and accounting scenario between an access client and the RADIUS server?

a log entry that the connection is established
an Access-Reject message to the access server
a final credential check with the domain controller
an Accounting-Response to the access server

Answer 4

an Accounting-Response to the access server

Question 5

Which parameter specifies the order of importance of the RADIUS server to the NPS proxy server?

relay link number
weight
precedence
priority

Answer 5

priority

Question 6

What information does the Accounting-Start message contain?

the RADIUS server name and IP address
the type of service and the user it’s delivered to
the list of permissions granted to the user
the list of services provided to RADIUS access servers

Answer 6

the type of service and the user it’s delivered to

Question 7

What type of NPS authentication is recommended over password authentication?

certificate
complex
biometric
PAP2

Answer 7

certificate

Question 8

Where do you get certificates for authentication purposes

Microsoft
the computer manufacturer
a certificate authority
a certificate broker

Answer 8

a certificate authority

Question 9

What would be the biggest problem with configuring text files for accounting logging?

Space; filling up the C drive has catastrophic effects.
Logs are saved as plain text format.
Data isn’t sent to a SQL Server database.
Writing logs to disk requires disk I/O, which might impact performance.

Answer 9

Space; filling up the C drive has catastrophic effects.

Question 10

An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?

who, what, and where
who, when, and how
who, when, and where
who, how, and how long

Answer 10

who, when, and how

Question 11

The default connection request policy uses NPS as what kind of server?

DNS
Active Domain controller
RRAS
RADIUS

Answer 11

RADIUS

Question 12

What is the last setting in the Routing and Remote Access IP settings?

the number of assigned IP addresses
which DHCP server will supply the requests
which NPS server to connect to
how IP addresses are assigned

Answer 12

how IP addresses are assigned

Question 13

To which type of file do you export an NPS configuration?

TXT
DOC
XML
NPS

Answer 13

XML

Question 14

Network policies determine what two important connectivity constraints?

who is authorized to connect
the DHCP server for the connection
the DNS server for the connection
the connection circumstances for connectivity

Answer 14

who is authorized to connect

& the connection circumstances for connectivity

Question 15

If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?

retries
accepts
denies
locks

Answer 15

denies

Question 16

Which two of the following are Routing and Remote Access IP settings?

Server Must Request an IP Address
Client May Request an IP Address
Server Must Supply an IP Address
Client Must Supply an IP Address

Answer 16

Client May Request an IP Address

& Server Must Supply an IP Address

Question 17

Which of the following is the strongest type of encryption?

MPPE 40-Bit
MPPE 56-Bit
MPPE 128-Bit
No Encryption

Answer 17

MPPE 128-Bit

Question 18

RADIUS Access-Request messages are processed or forwarded by NPS only if the settings of the incoming message match what on the NPS server?

one of the connection request policies
the time zone of the requestor
the client type of the requestor
the TCP/IP port of the requestor

Answer 18

one of the connection request policies

Question 19

Network Access Protection (NAP) is Microsoft’s software for controlling network access of computers based on what?

a computer’s IP address and VLAN
a computer’s overall health
a computer’s Windows version
a computer’s network functionality (role)

Answer 19

a computer’s overall health

Question 20

DHCP enforcement is not available for what kind of clients?

mobile
remote dial-up
noncompliant
IPv6

Answer 20

IPv6

Question 21

What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?

Windows Server 2012
Windows Server 2008 R2
read-only
updated and compliant

Answer 21

read-only

Question 22

To verify a NAP client’s configuration, which command would you run?

netsh nap show state
netsh nap client show state
netsh nps nap show state
netsh nps nap agent state

Answer 22

netsh nap client show state

Question 23

Why do you need a web server as part of your NAP remediation infrastructure?

to provide user information in case of a compliance failure
to provide Internet access to users who fail compliance
to redirect user requests for restored network access
to further assess how far out of compliance a user system is

Answer 23

to provide user information in case of a compliance failure

Question 24

Health policies are in pairs. What are the members of the pair? Select two.

NAP-compliant
NAP-remedial
NAP-noncompliant
NAP-quarantined

Answer 24

NAP-compliant

& NAP-noncompliant

Question 25

What happens to a computer that isn’t running Windows Firewall?

The computer is isolated.
The computer is powered off.
A server message is sent to the computer.
An event is logged.

Answer 25

The computer is isolated.

Question 26

To use the NAP-compliant policy, the client must do what?

pass 75% of the SHV checks
fail no more than 10% of the SHV checks
pass one of the SHV checks
pass all SHV checks

Answer 26

pass all SHV checks

Question 27

When enabling NAP for DHCP scopes, how should you roll out the service?

all at once
on test systems only
for individual computers
for individual DHCP scopes

Answer 27

for individual DHCP scopes

Question 28

What is the default authentication protocol for non-domain computers?

NTLM
PAP
CHAP
Kerberos

Answer 28

NTLM

Question 29

NTLM uses a challenge-response mechanism for authentication without doing what?

revealing the client’s operating system to the server
revealing the protocol to the server
sending a password to the server
sending an encrypt/decrypt message to the server

Answer 29

sending a password to the server

Question 30

Kerberos security and authentication are based on what type of technology?

secure transmission
secret key
challenge-response
legacy code

Answer 30

secret key

Question 31

Which three components make up a service principal name (SPN)?

service name, IP address, and port number
service name, URL, and host name
service name, host name, and IP address
service class, host name, and port number

Answer 31

service class, host name, and port number

Question 32

Which tool can you use to add SPNs to an account?

Notepad
LDAP
Microsoft Word
ADSI Edit

Answer 32

ADSI Edit

Question 33

Identify another utility that you can use to add SPNs to an account.

dnscmd
spnedit
setspn
netsh

Answer 33

setspn

Question 34

When creating accounts for operating systems, processes, and services, you should always configure them with what two things in mind?

using strong passwords
using cryptic user names
granting the least rights possible
using built-in accounts

Answer 34

using strong passwords

& granting the least rights possible

Question 35

By default, which service accounts will the Windows PowerShell cmdlets manage?

standalone MSAs
standard local service accounts
group MSAs
domain user accounts designated as service accounts

Answer 35

group MSAs

Question 36

What is the default authentication protocol for contemporary domain computers?

NTLM
PAP
CHAP
Kerberos

Answer 36

Kerberos

Question 37

The domain controllers are the computers that store and run the _______________.

user database
services database
Managed Service Accounts database
Active Directory database

Answer 37

Active Directory database

Question 38

You do not place the infrastructure master on a global catalog server unless what situation exists?

You have a single domain.
You have Windows NT 4.0 systems to support.
You have multiple schemas.
Your AD DS is Windows 2008 or higher.

Answer 38

You have a single domain.

Question 39

Which Active Directory object is defined as a specialized domain controller that performs certain tasks so that multi-master domain controllers can operate and synchronize properly?

Schema Master
Forest
RODC
Operations Master

Answer 39

Operations Master

Question 40

What utility must you run on a cloned system to ensure that the clone receives its own SID?

adprep /renew
sysprep
dcpromo
ntconfig

Answer 40

sysprep

Question 41

Which of the following commands issued at the fsmo maintenance prompt would successfully seize the role of an Operations Master Holder?
Select all that apply.

seize schema master
seize global master
seize PDC
seize domain control

Answer 41

seize schema master

& seize PDC

Question 42

What utility must you run on a cloned system to ensure that the clone receives its own SID?

adprep /renew
sysprep
dcpromo
ntconfig

Answer 42

sysprep

Question 43

Which version of Windows Server introduced incremental universal group membership replication?

Windows Server 2000
Windows Server 2003
Windows Server 2008
Windows Server 2012

Answer 43

Windows Server 2003

Question 44

The global catalog stores a partial copy of all objects in the forest. What are the reasons for keeping that partial copy? Select all that apply.

logon
object searches
universal group membership
schema integrity

Answer 44

logon, object searches, &

universal group membership

Question 45

Where in the forest is a global catalog automatically created?

the PDC Emulator
the most powerful system
the first domain controller
the schema master

Answer 45

the first domain controller

Question 46

What function does the CSVDE tool perform?

It decrypts and encrypts Active Directory information.
It exports/imports Active Directory information.
It exports/imports data from Event Viewer.
It extracts Event Viewer information into CSV files.

Answer 46

It exports/imports Active Directory information.

Question 47

To perform an authoritative restore, into what mode must you reboot the domain controller?

Repair
Safe
Command line with networking
DSRM

Answer 47

DSRM

Question 48

What utility first appeared in Windows Server 2008 R2 that allows you to undelete Active Directory containers and objects?

the Active Directory Lost and Found folder
the Active Directory Recycle Bin
the Active Directory Undelete utility
Active Directory Snapshots

Answer 48

the Active Directory Recycle Bin

Question 49

After you undelete a user account with the LDP utility, what action do you need to perform?

Remove the old identifier.
Re-establish user to domain trust.
Reset the user’s password.
Restore the user-owned objects from a backup.

Answer 49

Reset the user’s password.

Question 50

What is the proper procedure for removing a domain controller from Active Directory?

Shut down the domain controller and manually remove it from AD.
Use dcdemo to demote the domain controller.
Uninstall Active Directory Domain Services.
Enter the DSRM and delete Active Directory.

Answer 50

Uninstall Active Directory Domain Services.

Question 51

To perform an authoritative restore of an object or subtree, what bit of information do you need to know about the object?

its formal name
its exact location
its OU and proper name
its distinguished name

Answer 51

its distinguished name

Question 52

Before you can use the Active Directory Recycle Bin, what two actions do you have to perform?

You have to remove the System Recycle Bin.
You have to enable the AD Recycle Bin.
You have to set the AD forest to Windows Server 2003 or higher.
You have to set the AD forest to Windows Server 2008 R2 or higher.

Answer 52

You have to enable the AD Recycle Bin.

& You have to set the AD forest to Windows Server 2008 R2 or higher.

Question 53

Which utility do you use to defragment Active Directory?

CSVDE
LDIFDE
ntdsutil
defrag

Answer 53

ntdsutil

Question 54

Why is backup of the Active Directory database so important?

Backup of all data is a good idea.
Backup is a standard practice in large companies.
Backup is needed in case of corruption, deletion, or other failure.
Backup is an insurance policy for data and should be performed regularly.

Answer 54

Backup is needed in case of corruption, deletion, or other failure.

Question 55

What are examples of password policies? Select all that apply.

history
length
complexity
age

Answer 55

ALL OF THEM

Question 56

What is the default setting for password history?

6
10
16
24

Answer 56

24

Question 57

What setting can you give for account lockout duration that requires an administrator to manually unlock the account?

0
10
99
99,999

Answer 57

0

Question 58

How should you assign Password Settings objects (PSOs) to users?

Assign the PSOs directly to individual users.
Assign the PSOs to a new group and add the users to the new group.
Assign the PSOs to a global security group and add users to the group.
Assign the PSOs to various Active Directory groups as needed.

Answer 58

Assign the PSOs to a global security group and add users to the group.

Question 59

What is the secpol.msc utility used for?

editing group policies
editing local security policies
editing global security policies
editing domain-level policies

Answer 59

editing local security policies

Question 60

Why should administrator passwords change more often than user passwords?

because administrator passwords are usually simpler than user passwords
because administrator accounts carry more security sensitivity than users do
because administrators are paranoid about security
because administrator accounts are watched by management in large companies

Answer 60

because administrator accounts carry more security sensitivity than users do

Question 61

What is an easy method of creating a strong password?

Use your username and add numbers and special characters.
Use your favorite football team’s name with numbers and special characters.
Ask a friend for some ideas for good passwords and then add your own number and characters.
Start with a sentence and then add numbers and special characters.

Answer 61

Start with a sentence and then add numbers and special characters.

Question 62

Account policies contain various subsets. Which of the following are legitimate subsets of account policies? Check all that apply.

Password Policy
Account Lockout Policy
Kerberos Policy
Username Policy

Answer 62

Password Policy
Account Lockout Policy
Kerberos Policy

Question 63

Which of the following passwords is considered complex?

M!croS0ft
candybar01
bobj
fred@local

Answer 63

M!croS0ft

Question 64

Which feature affects all users in the domain, including domain controllers?

Global Group Policy
Default Domain Policy
Default Group Policy
Default Global Domain Policy

Answer 64

Default Domain Policy

Question 65

What is the default timeout value for GPOs to process on system startup?

60 seconds
120 seconds
300 seconds
600 seconds

Answer 65

600 seconds

Question 66

What is the first step in the GPO processing order?

The user initiates interactive logon.
The computer obtains a list of GPOs from the domain controller.
The computer establishes a secure link to the domain controller.
The GPOs are applied to the computer and to the user.

Answer 66

The computer establishes a secure link to the domain controller.

Question 67

If a site, domain, or OU has multiple GPOs, how are the group policies processed?

by precedence
by importance
by administrative control
by GPO controller policy

Answer 67

by precedence

Question 68

For users to receive GPO settings, they must have which two permissions to the GPO?

Allow Read
Allow Write
Allow Modify
Allow Apply

Answer 68

Allow Read

Allow Apply

Question 69

At what point are WMI filters evaluated?

when the filter is created
when the policy is applied
when the filter is applied
when the policy is processed

Answer 69

when the policy is processed

Question 70

How many WMI filters can be configured for a GPO?

one
two
four
eight

Answer 70

one

Question 71

What is the primary purpose of running the Group Policy Results Wizard? Check all that apply.

to guarantee that GPOs are enforced in full
to analyze the cumulative effect of GPOs
for GPO troubleshooting
to ensure that you have administrative rights to the client computer

Answer 71

to analyze the cumulative effect of GPOs

for GPO troubleshooting

Question 72

Which of the following Windows 8.1 and Windows Server 2012 R2 features can speed up the performance of processing synchronous policy settings?

GPO Turbo Mode
GPO Enhanced Mode
Group Policy Update
Group Policy Caching

Answer 72

Group Policy Caching

Question 73

Which of the following operating systems can have its security settings managed by using security templates? Select all that apply.

Windows XP
Windows Vista
Windows 7
Windows 8

Answer 73

Windows 7

Windows 8

Question 74

What is an ADMX file?

an ADM file translator
the ADM format for newer operating systems
a template buffer
the protocol that deploys ADM files across networks

Answer 74

the ADM format for newer operating systems

Question 75

Which of the following are legitimate Administrative Template Property Filters? Select all that apply.

Keyword Filters
Requirements Filters
Security Filters
Operating System Filters

Answer 75

Keyword Filters

Requirements Filters

Question 76

What is the filename extension for the files in which installation information is stored?

.txt
.xml
.ini
.msi

Answer 76

.msi

Question 77

Windows Installer cannot install .exe files. To distribute a software package that installs with an .exe file, what must you do to it?

Convert it to a ZIP file
Convert it to an MSI file
Convert it to an MSP file
Convert it to an MST file

Answer 77

Convert it to an MSI file

Question 78

Where is the default location for ADMX files?

C:\Windows\SYSVOL\ADMX
C:\Windows\System32\XML\ADMX
C:\Windows\Inf
C:\Windows\PolicyDefinitions

Answer 78

C:\Windows\PolicyDefinitions

Question 79

What language are ADMX files based on?

HTML
XML
SGML
Java

Answer 79

XML

Question 80

Where is the Central Store located?

in the SYSVOL directory
Microsoft Online
TechNet
on a domain controller public share

Answer 80

in the SYSVOL directory

Question 81

When configuring Group Policy to deploy applications, the applications must be mapped to where?

UNC path
drive letter
shared folder
full install path

Answer 81

UNC path

Question 82

Which domain users are automatically granted permissions to perform Group Policy Management tasks?

local administrators
power users
domain administrators
domain users

Answer 82

domain administrators

Question 83

Why would you ever want or need to reset the domain policy and the domain controller policy to the default settings? Select all that apply.

if they’ve become corrupted
to refresh policy settings
as a regular part of domain maintenance and housekeeping
if someone deleted one of the policies

Answer 83

if they’ve become corrupted

& if someone deleted one of the policies

Question 84

A user must have which two existing permissions for new permissions to be applied to their accounts for GPO delegation?

Allow Read
Allow Write
Allow Apply
Allow Modify

Answer 84

Allow Read

& Allow Apply

Question 85

If you don’t want a GPO to apply, which group policy permission do you apply to a user or group?

Disallow Read
Disallow Write
Disallow Modify
Disallow Apply

Answer 85

Disallow Apply

Question 86

When you’re about to reset domain policy and domain controllers policy back to default with the dcgpofix.exe command, what final warning are you given before you accept the change?

that you’re about to reset policies to their defaults
that all User Rights Assignments will be replaced
that all security for the domain will be overwritten
that you’re about to restore all security to the default

Answer 86

that all User Rights Assignments will be replaced

Question 87

To give someone permission to manage a particular GPO, you use the __________ tab of the individual GPO.

Permissions
Security
Delegate
Settings

Answer 87

Delegate

Question 88

What is a collection of files stored in the SYSVOL (%SystemRoot%\SYSVOL\Policies) of each domain controller?

Group Policy Container (GPC)
Group Policy Template (GPT)
migration table
delegation

Answer 88

Group Policy Template (GPT)

Question 89

What is a file that maps references to users, groups, computers, and UNC paths in the source GPO to new values in the destination GPO?

Group Policy Container (GPC)
Group Policy Template (GPT)
migration table
delegation

Answer 89

migration table

Question 90

What is an Active Directory object stored in the Group Policy Objects container with the domain naming content of the directory that defines basic attributes of the GPO but does not contain any of the settings?

Group Policy Container (GPC)
Group Policy Template (GPT)
migration table
delegation

Answer 90

Group Policy Container (GPC)

Question 91

What process grants permissions to other users to manage group policies?

Group Policy Container (GPC)
Group Policy Template (GPT)
migration table
delegation

Answer 91

delegation

Question 92

Which utility do you use to create GPO preferences?

Group Policy Management Editor
Group Policy Preference Editor
Group Policy Editor
Group Policy Wizard

Answer 92

Group Policy Management Editor

Question 93

How do you stop processing a preference if an error occurs?

Select the Stop processing items option on the Common tab.
Select the Remove this item option on the Common tab.
Select the Stop on any error option in the GPP Wizard.
Select the Stop on all errors option in the GPP Wizard.

Answer 93

Select the Stop processing items option on the Common tab.

Question 94

Which Windows extension allows you to add, replace, or delete sections or properties in configuration settings or setup information files?

.ini files
files
folders
environment

Answer 94

.ini files

Question 95

If you need to provide users access to a common network location, which GPP would you use? Select all that apply.

Shortcut
File
Drive Maps
Folders

Answer 95

Shortcut & Drive Maps

Question 96

Which component allows you to create multiple Registry preference items based on registry settings that you select?

the Registry Scope
the Registry Extension
the Registry Configurator
the Registry Wizard

Answer 96

the Registry Wizard

Question 97

Which term describes changing the scope of individual preference items so that the preference items apply only to selected users or computers?

individual targeting
user-specific targeting
item-level targeting
focused targeting

Answer 97

item-level targeting

Question 98

Windows Settings has multiple preference extensions. Identify all that apply.

Registry
Shortcuts
Folders
Storage

Answer 98

Registry, Shortcuts, & Folders

Question 99

GPP can be configured on domain controllers running which version of Windows Server? Select all that apply.

2003
2008
2008 R2
2012

Answer 99

2008, 2008 R2, & 2012

Question 100

GPPs are divided into which two sections?

Windows and Registry
Applications and Registry
Applications and Control Panel
Windows and Control Panel

Answer 100

Windows and Control Panel