Final Flashcards
What kind of RADIUS server is placed between the RADIUS server and RADIUS clients?
a RADIUS client server
a RADIUS engine server
a RADIUS proxy server
a RADIUS relay server
a RADIUS proxy server
What is a RADIUS server known as in Microsoft parlance?
Network Access Server
Network Policy Server
Network Authentication Server
Network Remote Access Server
Network Policy Server
When an access client contacts a VPN server or wireless access point, a connection request is sent to what system?
the NPS server
the 802.1X switch
an authorization relay
an access client
the NPS server
What is the final step in the authentication, authorization, and accounting scenario between an access client and the RADIUS server?
a log entry that the connection is established
an Access-Reject message to the access server
a final credential check with the domain controller
an Accounting-Response to the access server
an Accounting-Response to the access server
Which parameter specifies the order of importance of the RADIUS server to the NPS proxy server?
relay link number
weight
precedence
priority
priority
What information does the Accounting-Start message contain?
the RADIUS server name and IP address
the type of service and the user it’s delivered to
the list of permissions granted to the user
the list of services provided to RADIUS access servers
the type of service and the user it’s delivered to
What type of NPS authentication is recommended over password authentication?
certificate
complex
biometric
PAP2
certificate
Where do you get certificates for authentication purposes
Microsoft
the computer manufacturer
a certificate authority
a certificate broker
a certificate authority
What would be the biggest problem with configuring text files for accounting logging?
Space; filling up the C drive has catastrophic effects.
Logs are saved as plain text format.
Data isn’t sent to a SQL Server database.
Writing logs to disk requires disk I/O, which might impact performance.
Space; filling up the C drive has catastrophic effects.
An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?
who, what, and where
who, when, and how
who, when, and where
who, how, and how long
who, when, and how
The default connection request policy uses NPS as what kind of server?
DNS
Active Domain controller
RRAS
RADIUS
RADIUS
What is the last setting in the Routing and Remote Access IP settings?
the number of assigned IP addresses
which DHCP server will supply the requests
which NPS server to connect to
how IP addresses are assigned
how IP addresses are assigned
To which type of file do you export an NPS configuration?
TXT
DOC
XML
NPS
XML
Network policies determine what two important connectivity constraints?
who is authorized to connect
the DHCP server for the connection
the DNS server for the connection
the connection circumstances for connectivity
who is authorized to connect
& the connection circumstances for connectivity
If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?
retries
accepts
denies
locks
denies
Which two of the following are Routing and Remote Access IP settings?
Server Must Request an IP Address
Client May Request an IP Address
Server Must Supply an IP Address
Client Must Supply an IP Address
Client May Request an IP Address
& Server Must Supply an IP Address
Which of the following is the strongest type of encryption?
MPPE 40-Bit
MPPE 56-Bit
MPPE 128-Bit
No Encryption
MPPE 128-Bit
RADIUS Access-Request messages are processed or forwarded by NPS only if the settings of the incoming message match what on the NPS server?
one of the connection request policies
the time zone of the requestor
the client type of the requestor
the TCP/IP port of the requestor
one of the connection request policies
Network Access Protection (NAP) is Microsoft’s software for controlling network access of computers based on what?
a computer’s IP address and VLAN
a computer’s overall health
a computer’s Windows version
a computer’s network functionality (role)
a computer’s overall health
DHCP enforcement is not available for what kind of clients?
mobile
remote dial-up
noncompliant
IPv6
IPv6
What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?
Windows Server 2012
Windows Server 2008 R2
read-only
updated and compliant
read-only
To verify a NAP client’s configuration, which command would you run?
netsh nap show state
netsh nap client show state
netsh nps nap show state
netsh nps nap agent state
netsh nap client show state
Why do you need a web server as part of your NAP remediation infrastructure?
to provide user information in case of a compliance failure
to provide Internet access to users who fail compliance
to redirect user requests for restored network access
to further assess how far out of compliance a user system is
to provide user information in case of a compliance failure
Health policies are in pairs. What are the members of the pair? Select two.
NAP-compliant
NAP-remedial
NAP-noncompliant
NAP-quarantined
NAP-compliant
& NAP-noncompliant
What happens to a computer that isn’t running Windows Firewall?
The computer is isolated.
The computer is powered off.
A server message is sent to the computer.
An event is logged.
The computer is isolated.
To use the NAP-compliant policy, the client must do what?
pass 75% of the SHV checks
fail no more than 10% of the SHV checks
pass one of the SHV checks
pass all SHV checks
pass all SHV checks
When enabling NAP for DHCP scopes, how should you roll out the service?
all at once
on test systems only
for individual computers
for individual DHCP scopes
for individual DHCP scopes
What is the default authentication protocol for non-domain computers?
NTLM
PAP
CHAP
Kerberos
NTLM
NTLM uses a challenge-response mechanism for authentication without doing what?
revealing the client’s operating system to the server
revealing the protocol to the server
sending a password to the server
sending an encrypt/decrypt message to the server
sending a password to the server
Kerberos security and authentication are based on what type of technology?
secure transmission
secret key
challenge-response
legacy code
secret key
Which three components make up a service principal name (SPN)?
service name, IP address, and port number
service name, URL, and host name
service name, host name, and IP address
service class, host name, and port number
service class, host name, and port number
Which tool can you use to add SPNs to an account?
Notepad
LDAP
Microsoft Word
ADSI Edit
ADSI Edit
Identify another utility that you can use to add SPNs to an account.
dnscmd
spnedit
setspn
netsh
setspn
When creating accounts for operating systems, processes, and services, you should always configure them with what two things in mind?
using strong passwords
using cryptic user names
granting the least rights possible
using built-in accounts
using strong passwords
& granting the least rights possible
By default, which service accounts will the Windows PowerShell cmdlets manage?
standalone MSAs
standard local service accounts
group MSAs
domain user accounts designated as service accounts
group MSAs
What is the default authentication protocol for contemporary domain computers?
NTLM
PAP
CHAP
Kerberos
Kerberos
The domain controllers are the computers that store and run the _______________.
user database
services database
Managed Service Accounts database
Active Directory database
Active Directory database
You do not place the infrastructure master on a global catalog server unless what situation exists?
You have a single domain.
You have Windows NT 4.0 systems to support.
You have multiple schemas.
Your AD DS is Windows 2008 or higher.
You have a single domain.
Which Active Directory object is defined as a specialized domain controller that performs certain tasks so that multi-master domain controllers can operate and synchronize properly?
Schema Master
Forest
RODC
Operations Master
Operations Master
What utility must you run on a cloned system to ensure that the clone receives its own SID?
adprep /renew
sysprep
dcpromo
ntconfig
sysprep
Which of the following commands issued at the fsmo maintenance prompt would successfully seize the role of an Operations Master Holder?
Select all that apply.
seize schema master
seize global master
seize PDC
seize domain control
seize schema master
& seize PDC
What utility must you run on a cloned system to ensure that the clone receives its own SID?
adprep /renew
sysprep
dcpromo
ntconfig
sysprep
Which version of Windows Server introduced incremental universal group membership replication?
Windows Server 2000
Windows Server 2003
Windows Server 2008
Windows Server 2012
Windows Server 2003
The global catalog stores a partial copy of all objects in the forest. What are the reasons for keeping that partial copy? Select all that apply.
logon
object searches
universal group membership
schema integrity
logon, object searches, &
universal group membership
Where in the forest is a global catalog automatically created?
the PDC Emulator
the most powerful system
the first domain controller
the schema master
the first domain controller
What function does the CSVDE tool perform?
It decrypts and encrypts Active Directory information.
It exports/imports Active Directory information.
It exports/imports data from Event Viewer.
It extracts Event Viewer information into CSV files.
It exports/imports Active Directory information.
To perform an authoritative restore, into what mode must you reboot the domain controller?
Repair
Safe
Command line with networking
DSRM
DSRM
What utility first appeared in Windows Server 2008 R2 that allows you to undelete Active Directory containers and objects?
the Active Directory Lost and Found folder
the Active Directory Recycle Bin
the Active Directory Undelete utility
Active Directory Snapshots
the Active Directory Recycle Bin
After you undelete a user account with the LDP utility, what action do you need to perform?
Remove the old identifier.
Re-establish user to domain trust.
Reset the user’s password.
Restore the user-owned objects from a backup.
Reset the user’s password.
What is the proper procedure for removing a domain controller from Active Directory?
Shut down the domain controller and manually remove it from AD.
Use dcdemo to demote the domain controller.
Uninstall Active Directory Domain Services.
Enter the DSRM and delete Active Directory.
Uninstall Active Directory Domain Services.
To perform an authoritative restore of an object or subtree, what bit of information do you need to know about the object?
its formal name
its exact location
its OU and proper name
its distinguished name
its distinguished name
Before you can use the Active Directory Recycle Bin, what two actions do you have to perform?
You have to remove the System Recycle Bin.
You have to enable the AD Recycle Bin.
You have to set the AD forest to Windows Server 2003 or higher.
You have to set the AD forest to Windows Server 2008 R2 or higher.
You have to enable the AD Recycle Bin.
& You have to set the AD forest to Windows Server 2008 R2 or higher.
Which utility do you use to defragment Active Directory?
CSVDE
LDIFDE
ntdsutil
defrag
ntdsutil
Why is backup of the Active Directory database so important?
Backup of all data is a good idea.
Backup is a standard practice in large companies.
Backup is needed in case of corruption, deletion, or other failure.
Backup is an insurance policy for data and should be performed regularly.
Backup is needed in case of corruption, deletion, or other failure.
What are examples of password policies? Select all that apply.
history
length
complexity
age
ALL OF THEM
What is the default setting for password history?
6
10
16
24
24
What setting can you give for account lockout duration that requires an administrator to manually unlock the account?
0
10
99
99,999
0
How should you assign Password Settings objects (PSOs) to users?
Assign the PSOs directly to individual users.
Assign the PSOs to a new group and add the users to the new group.
Assign the PSOs to a global security group and add users to the group.
Assign the PSOs to various Active Directory groups as needed.
Assign the PSOs to a global security group and add users to the group.
What is the secpol.msc utility used for?
editing group policies
editing local security policies
editing global security policies
editing domain-level policies
editing local security policies
Why should administrator passwords change more often than user passwords?
because administrator passwords are usually simpler than user passwords
because administrator accounts carry more security sensitivity than users do
because administrators are paranoid about security
because administrator accounts are watched by management in large companies
because administrator accounts carry more security sensitivity than users do
What is an easy method of creating a strong password?
Use your username and add numbers and special characters.
Use your favorite football team’s name with numbers and special characters.
Ask a friend for some ideas for good passwords and then add your own number and characters.
Start with a sentence and then add numbers and special characters.
Start with a sentence and then add numbers and special characters.
Account policies contain various subsets. Which of the following are legitimate subsets of account policies? Check all that apply.
Password Policy
Account Lockout Policy
Kerberos Policy
Username Policy
Password Policy
Account Lockout Policy
Kerberos Policy
Which of the following passwords is considered complex?
M!croS0ft
candybar01
bobj
fred@local
M!croS0ft
Which feature affects all users in the domain, including domain controllers?
Global Group Policy
Default Domain Policy
Default Group Policy
Default Global Domain Policy
Default Domain Policy
What is the default timeout value for GPOs to process on system startup?
60 seconds
120 seconds
300 seconds
600 seconds
600 seconds
What is the first step in the GPO processing order?
The user initiates interactive logon.
The computer obtains a list of GPOs from the domain controller.
The computer establishes a secure link to the domain controller.
The GPOs are applied to the computer and to the user.
The computer establishes a secure link to the domain controller.
If a site, domain, or OU has multiple GPOs, how are the group policies processed?
by precedence
by importance
by administrative control
by GPO controller policy
by precedence
For users to receive GPO settings, they must have which two permissions to the GPO?
Allow Read
Allow Write
Allow Modify
Allow Apply
Allow Read
Allow Apply
At what point are WMI filters evaluated?
when the filter is created
when the policy is applied
when the filter is applied
when the policy is processed
when the policy is processed
How many WMI filters can be configured for a GPO?
one
two
four
eight
one
What is the primary purpose of running the Group Policy Results Wizard? Check all that apply.
to guarantee that GPOs are enforced in full
to analyze the cumulative effect of GPOs
for GPO troubleshooting
to ensure that you have administrative rights to the client computer
to analyze the cumulative effect of GPOs
for GPO troubleshooting
Which of the following Windows 8.1 and Windows Server 2012 R2 features can speed up the performance of processing synchronous policy settings?
GPO Turbo Mode
GPO Enhanced Mode
Group Policy Update
Group Policy Caching
Group Policy Caching
Which of the following operating systems can have its security settings managed by using security templates? Select all that apply.
Windows XP
Windows Vista
Windows 7
Windows 8
Windows 7
Windows 8
What is an ADMX file?
an ADM file translator
the ADM format for newer operating systems
a template buffer
the protocol that deploys ADM files across networks
the ADM format for newer operating systems
Which of the following are legitimate Administrative Template Property Filters? Select all that apply.
Keyword Filters
Requirements Filters
Security Filters
Operating System Filters
Keyword Filters
Requirements Filters
What is the filename extension for the files in which installation information is stored?
.txt
.xml
.ini
.msi
.msi
Windows Installer cannot install .exe files. To distribute a software package that installs with an .exe file, what must you do to it?
Convert it to a ZIP file
Convert it to an MSI file
Convert it to an MSP file
Convert it to an MST file
Convert it to an MSI file
Where is the default location for ADMX files?
C:\Windows\SYSVOL\ADMX
C:\Windows\System32\XML\ADMX
C:\Windows\Inf
C:\Windows\PolicyDefinitions
C:\Windows\PolicyDefinitions
What language are ADMX files based on?
HTML
XML
SGML
Java
XML
Where is the Central Store located?
in the SYSVOL directory
Microsoft Online
TechNet
on a domain controller public share
in the SYSVOL directory
When configuring Group Policy to deploy applications, the applications must be mapped to where?
UNC path
drive letter
shared folder
full install path
UNC path
Which domain users are automatically granted permissions to perform Group Policy Management tasks?
local administrators
power users
domain administrators
domain users
domain administrators
Why would you ever want or need to reset the domain policy and the domain controller policy to the default settings? Select all that apply.
if they’ve become corrupted
to refresh policy settings
as a regular part of domain maintenance and housekeeping
if someone deleted one of the policies
if they’ve become corrupted
& if someone deleted one of the policies
A user must have which two existing permissions for new permissions to be applied to their accounts for GPO delegation?
Allow Read
Allow Write
Allow Apply
Allow Modify
Allow Read
& Allow Apply
If you don’t want a GPO to apply, which group policy permission do you apply to a user or group?
Disallow Read
Disallow Write
Disallow Modify
Disallow Apply
Disallow Apply
When you’re about to reset domain policy and domain controllers policy back to default with the dcgpofix.exe command, what final warning are you given before you accept the change?
that you’re about to reset policies to their defaults
that all User Rights Assignments will be replaced
that all security for the domain will be overwritten
that you’re about to restore all security to the default
that all User Rights Assignments will be replaced
To give someone permission to manage a particular GPO, you use the __________ tab of the individual GPO.
Permissions
Security
Delegate
Settings
Delegate
What is a collection of files stored in the SYSVOL (%SystemRoot%\SYSVOL\Policies) of each domain controller?
Group Policy Container (GPC)
Group Policy Template (GPT)
migration table
delegation
Group Policy Template (GPT)
What is a file that maps references to users, groups, computers, and UNC paths in the source GPO to new values in the destination GPO?
Group Policy Container (GPC)
Group Policy Template (GPT)
migration table
delegation
migration table
What is an Active Directory object stored in the Group Policy Objects container with the domain naming content of the directory that defines basic attributes of the GPO but does not contain any of the settings?
Group Policy Container (GPC)
Group Policy Template (GPT)
migration table
delegation
Group Policy Container (GPC)
What process grants permissions to other users to manage group policies?
Group Policy Container (GPC)
Group Policy Template (GPT)
migration table
delegation
delegation
Which utility do you use to create GPO preferences?
Group Policy Management Editor
Group Policy Preference Editor
Group Policy Editor
Group Policy Wizard
Group Policy Management Editor
How do you stop processing a preference if an error occurs?
Select the Stop processing items option on the Common tab.
Select the Remove this item option on the Common tab.
Select the Stop on any error option in the GPP Wizard.
Select the Stop on all errors option in the GPP Wizard.
Select the Stop processing items option on the Common tab.
Which Windows extension allows you to add, replace, or delete sections or properties in configuration settings or setup information files?
.ini files
files
folders
environment
.ini files
If you need to provide users access to a common network location, which GPP would you use? Select all that apply.
Shortcut
File
Drive Maps
Folders
Shortcut & Drive Maps
Which component allows you to create multiple Registry preference items based on registry settings that you select?
the Registry Scope
the Registry Extension
the Registry Configurator
the Registry Wizard
the Registry Wizard
Which term describes changing the scope of individual preference items so that the preference items apply only to selected users or computers?
individual targeting
user-specific targeting
item-level targeting
focused targeting
item-level targeting
Windows Settings has multiple preference extensions. Identify all that apply.
Registry
Shortcuts
Folders
Storage
Registry, Shortcuts, & Folders
GPP can be configured on domain controllers running which version of Windows Server? Select all that apply.
2003
2008
2008 R2
2012
2008, 2008 R2, & 2012
GPPs are divided into which two sections?
Windows and Registry
Applications and Registry
Applications and Control Panel
Windows and Control Panel
Windows and Control Panel
