Mid-Term Flashcards
Windows Deployment Services (WDS) is a software platform and technology that allows you to perform which function?
automated staging setup for bootable images
automated network-based installations based on network-based boot and installation media
downloadable installations based on staged image files
automated configuration and installation via ISO images and an FTP service
automated network-based installations based on network-based boot and installation media
What role does preboot execution environment (PXE) play in WDS?
It’s used to boot to a WDS Server to install a preinstallation environment.
It’s used to install WDS services onto a domain controller.
PXE is enabled only in an interdomain trust environment.
It’s a prerequisite for installing WDS services onto a deployment server system.
It’s used to boot to a WDS Server to install a preinstallation environment.
How do you mount a Windows image using Dism.exe so that you can update it?
read-only
staged
offline
MountDir
offline
Windows PE 4.0 is based on which operating system?
Windows XP
Windows 7
Windows 8
Windows Mobile
Windows 8
The initial configuration of WDS includes setup of what other server?
DHCP
Dism
World Wide Web
Image store
DHCP
Where do you place a discover image to ensure proper deployment?
on a network share
on bootable media
in the PXE configuration parameters
in memory
on bootable media
Which of the following is the most efficient method of using WDS on a very large network?
bootable media using discover images
unattended installation using PXE boot
installation using PXE boot
unattended installation using bootable media
unattended installation using PXE boot
Which of the following describes the WDS boot.wim image file?
It installs a standard Windows Server 2012 R2 image to the client computer.
It contains the file resources for all the images in an image group.
It loads Windows PE 4.0 on the client computer.
It’s used to create a bootable ISO file for WDS deployment.
It loads Windows PE 4.0 on the client computer.
What is the default port number for WSUS synchronization?
8510
8530
8550
8830
8530
WSUS allows you to automatically approve every update, but you shouldn’t necessarily do that. What should you do before approving updates to be installed?
Check with Microsoft about which updates to apply.
Move the updates into quarantine and wait for others to report problems.
Approve all updates after the normal installation date.
Test the updates on your own systems before approving for rollout.
Test the updates on your own systems before approving for rollout.
If Windows Update fails to retrieve updates, what should you check first?
the Windows Update site
the Windows Registry settings for Windows Update
the current patch level
Internet Explorer proxy settings
Internet Explorer proxy settings
Other than the default computer group, how many other groups may a computer be assigned to in WSUS?
one
two
four
sixteen
one
Which of the following best describes a critical update?
It fixes a known security problem.
It is high priority but not security related.
It is high priority but requires prior approval.
It is security related but requires no approval.
It is high priority but not security related.
Which of the following is the best example of when you need to restart the Windows Update service?
after you make a configuration change
before you look at the Windows Update log file
after you check the registry settings
if you can’t resolve the WSUS server name
after you make a configuration change
Microsoft classifies its updates into general categories. What is the definition of important updates?
They offer significant benefits, such as improved security, privacy, and reliability.
They provide a broadly released fix for a specific problem addressing a critical, non-security related bug.
They include updates, drivers, or new software from Microsoft to enhance your computing experience.
They address non-critical problems or help enhance your computing experience.
They offer significant benefits, such as improved security, privacy, and reliability.
Microsoft classifies its updates into general categories. What is the definition of optional updates?
They offer significant benefits, such as improved security, privacy, and reliability.
They provide a broadly released fix for a specific problem addressing a critical, non-security related bug.
They include updates, drivers, or new software from Microsoft to enhance your computing experience.
They address non-critical problems or help enhance your computing experience.
They include updates, drivers, or new software from Microsoft to enhance your computing experience.
When you set a service to start automatically with delayed start, how long is the delay?
One minute
Two minutes
Five minutes
Delayed until all other services start
Two minutes
If you install SQL Server and a third-party backup service on the same system, what rule should you follow when creating service accounts?
Create difficult-to-guess usernames and passwords.
Use a single account for both services.
Use separate accounts for both services.
Add the service accounts to the Local Administrators group.
Use separate accounts for both services.
Microsoft’s new Event Viewer allows you to collect events from remote computers and store them locally. By what name is this collection of events known?
event logging
event virtualization
event consolidation
event subscription
event subscription
The Reliability Monitor provides a range of numbers to help you evaluate the reliability of a computer. What is the name of this range of numbers?
Reliability Index
Stability Index
Event Index
Evaluation Index
Stability Index
Task Manager is not a definitive performance tool because it gives you what kind of look at computer performance?
in-depth analysis
high-level overview
quick glance
performance history
quick glance
Which tool allows you to best monitor resource usage on a virtual machine host and its individual virtual machines?
Task Manager
Hyper-V Resource Metering
Performance Monitor
Resource Monitor
Hyper-V Resource Metering
When reading events in the Event Viewer, you need to recognize the designated levels or classifications. What is the definition for the Critical level?
An issue has occurred that can impact service or result in a more serious problem if action is not taken.
A failure has occurred from which the application or component that triggered the event cannot automatically recover.
A problem has occurred that might impact functionality that is external to the application or component that triggered the event.
A change in an application or component has occurred (such as an operation has successfully completed, a resource has been created, or a service started).
A failure has occurred from which the application or component that triggered the event cannot automatically recover.
When reading events in the Event Viewer, you need to recognize the designated levels or classifications. What is the definition for the Warning level?
An issue has occurred that can impact service or result in a more serious problem if action is not taken.
A failure has occurred from which the application or component that triggered the event cannot automatically recover.
A problem has occurred that might impact functionality that is external to the application or component that triggered the event.
A change in an application or component has occurred (such as an operation has successfully completed, a resource has been created, or a service started).
An issue has occurred that can impact service or result in a more serious problem if action is not taken.
What are DFS Namespace shared folders referred to in relation to the virtual folders?
targets
folder spaces
redirects
No answer text provided.
targets
The default namespace mode is Windows Server 2008, which supports up to 50,000 folders. How many folders does using non-Windows Server 2008 provide?
500
1,500
3,000
5,000
5,000
DFS Replication does not replace the need for backups because of what feature of replication?
It fails with more than 8 million files per volume.
It replicates deleted, changed, and corrupted files.
The frequency of replication is too seldom.
It has a very small cache in which to store files.
It replicates deleted, changed, and corrupted files.
Which replication topology is more efficient than the default replication topology and allows you to set bandwidth, timing, and directionality to your configuration?
meshless
collective mesh
hub/spoke
token ring
hub/spoke
What type of resolution model does DFS Replication use to resolve simultaneous-write conflicts?
first-in, first-out
last-in, last-out
last-writer wins
first-writer wins
last-writer wins
What type of special cache folder does each replication folder use to hold files ready to be replicated?
cache folder
upload folder
replication folder
staging folder
staging folder
Which of the following is an advantage of disabling automatic auto-recovery for DFS databases when the DFSR service stops abnormally?
To prevent the constant restarting of the DFS initial replication.
To prevent the automatic deleting of files that have not been replicated.
To prevent the reseeding of the replicated files.
You have the opportunity to fix any underlying problems and to back up the existing replicated folders before recovery begins.
You have the opportunity to fix any underlying problems and to back up the existing replicated folders before recovery begins.
When DFS Replication and DFS Namespace are combined into a single service offering, the pair creates what type of file sharing service?
unbreakable
N+1 redundant
bandwidth intensive
fault tolerant
fault tolerant
When setting target priority on a root target for a domain-based namespace, you can override referral ordering and select the priority you want to use. What does the “Last among all targets” option specify?
Users should always be referred to this target if the target is available.
Users should never be referred to this target unless all other targets are unavailable.
Users should be referred to this target before other targets of equal cost (which usually means other targets in the same site).
Users should never be referred to this target if other targets of equal cost are available (which usually means other targets in the same site).
Users should never be referred to this target unless all other targets are unavailable.
When setting target priority on a root target for a domain-based namespace, you can override referral ordering and select the priority you want to use. What does the “First among all targets” option specify?
Users should always be referred to this target if the target is available.
Users should never be referred to this target unless all other targets are unavailable.
Users should be referred to this target before other targets of equal cost (which usually means other targets in the same site).
Users should never be referred to this target if other targets of equal cost are available (which usually means other targets in the same site).
Users should always be referred to this target if the target is available.
What type of service is the Windows File Server Resource Manager?
quota
role
third-party add-on
extension
role
What technology did Microsoft develop to combat the storage of storage-using and potentially illegal files on corporate servers?
Windows Firewall
Quotas
Windows Defender
File Screening
File Screening
Some exemptions might be required for certain groups to store otherwise restricted file types. What type of exemption can you set up on folders?
file save exemption
file type exemption
file screen exception
folder screen exception
file screen exception
What FSRM feature can you use to show the state of file server volumes, quotas, and disallowed files?
Storage Reports
Storage Exceptions
Storage Quotas
Storage Assessments
Storage Reports
When using File System Resource Manager, which group must you be a member of to enable SMTP?
Administrators
Domain Users
Schema Admins
Power Users
Administrators
You can generate several different reports from FSRM. One of them gives you a list of Least Recently Accessed Files. What would be the purpose of that report?
To warn you that users are storing unused files
To allow you to archive unused files
To remove unused files
To warn you of possible security risks of old files
To allow you to archive unused files
What is the purpose of setting soft quotas?
to notify users that they have reached the quota limit
to list files that need to be deleted
to identify users who violate quotas
to determine where hard quotas need to be set
to notify users that they have reached the quota limit
If you were asked to set up a shared file area for users that prevented them from saving video files or images of any kind, what would you set up on that shared folder?
Active file screen with included and excluded file groups
hard quota for each user and passive file screening
standard file share with e-mail notification
Passive file screen and a soft quota
Active file screen with included and excluded file groups
You can use FSRM to create several different types of storage reports that show the state of server volumes and anyone who exceeds the quotas or uses files that aren’t allowed. What does a Duplicate Files storage report show?
a list of files sorted by selected file groups defined with FSRM
a list of files that have not been accessed for a specified number of days
a list of quotas that exceed a specified percentage of the storage limit
a list of files that are the same size and have the same last modified date
a list of files that are the same size and have the same last modified date
You can use FSRM to create several different types of storage reports that show the state of server volumes and anyone who exceeds the quotas or uses files that aren’t allowed. What does a Quota Usage storage report show?
a list of files sorted by selected file groups defined with FSRM
a list of files that have not been accessed for a specified number of days
a list of quotas that exceed a specified percentage of the storage limit
a list of files that are the same size and have the same last modified date
a list of quotas that exceed a specified percentage of the storage limit
An encrypted file can be converted back to its original format by a process known as what?
encryption
digitization
decryption
encapsulation
decryption
Public-key cryptography uses how many keys?
one
two
two pair
256
two
What is one purpose of using hash function encryption?
to store passwords in a non-readable format
to demonstrate one-way encryption techniques
to provide keyless encryption and decryption algorithms
to keep track of 128-bit key pairs
to store passwords in a non-readable format
EFS encryption is what type of feature that can be enabled or disabled at will, similar in effect to read-only, compression, or hidden?
status
characteristic
attribute
handle
attribute
If you’re a command-line user, what command will encrypt files and folders?
encrypt. exe
compress. exe
efs. exe
cipher. exe
cipher.exe
On what type of computer is BitLocker not commonly used?
laptops
desktops
netbooks
servers
servers
Where is the most secure location to store secure key recovery information?
on an encrypted USB device
in a secure cabinet on an encrypted USB device
in Active Directory
on the local device
in Active Directory
BitLocker has multiple operational modes for OS drives that define the steps involved in the boot process. Match the TPM + startup PIN BitLocker mode with its correct description.
The system stores the BitLocker volume encryption key on the TPM chip, but you must supply a personal identification number (PIN) and insert a USB flash drive containing a startup key before the system can unlock the BitLocker volume and complete the system boot sequence.
The system stores the BitLocker volume encryption key on the TPM chip and accesses it automatically when the chip has determined that the boot environment is unmodified. This unlocks the protected volume and the computer continues to boot. No administrative interaction is required during the system boot sequence.
The system stores the BitLocker volume encryption key on the TPM chip, but you must supply a PIN before the system can unlock the BitLocker volume and complete the system boot sequence.
The system stores the BitLocker volume encryption key on the TPM chip, but you must insert a USB flash drive containing a startup key before the system can unlock the BitLocker volume and complete the system boot sequence.
The system stores the BitLocker volume encryption key on the TPM chip, but you must supply a PIN before the system can unlock the BitLocker volume and complete the system boot sequence.
Authentication is used for what purpose?
to grant access to a user
to verify a user’s identity
to determine security restrictions
to calculate effective permissions
to verify a user’s identity
Auditing is used for what purpose?
authenticating users
authorizing users
recording user’s actions
assessing a user’s permissions
recording user’s actions
Why should you avoid using basic audit policy settings and advanced audit policy settings together?
That amount of auditing will fill up Event Logs too quickly.
The two audit setting ranges have too much redundancy or overlap between them.
Setting too many policies can put your system in an “out of compliance” state.
Audit policies might cause conflicts or erratic behavior.
Audit policies might cause conflicts or erratic behavior.
Where can you view audit events?
in the C:\Temp\Logs folder as text files
in System logs in Event Viewer
Correct!
in Security logs in Event Viewer
by using audit /logs at the command line
in Security logs in Event Viewer
By using what type of policy can you track, limit, or deny a user’s ability to use removable storage devices such as USB drives in Windows Server 2012 R2?
USB Storage Access
Removable Storage Access
Removable Device Access
Storage Device Audit
Removable Storage Access
When resetting audit settings back to basic mode, what file must you remove as part of the process?
policies. txt
audit. txt
policies. csv
audit. csv
audit.csv
Why are success audits as important as failure audits?
Successes are important to troubleshooting for establishing baselines of normal behavior.
Successes are included by default and can be filtered out.
Successes can point to security breaches as well as normal behavior.
Successes allow you to track activity such as new account creation.
Successes allow you to track activity such as new account creation.
The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /remove /allusers command.
Delete the per-user audit policy for all users, reset or disable the system audit policy for all subcategories, and then set the audit policies settings to disable.
Remove the per-user audit policy for a single user’s account.
Remove the per-user audit policy for all users.
Show an authoritative report on what audit settings are being applied.
Remove the per-user audit policy for all users.
The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /get /category:* command.
Delete the per-user audit policy for all users, reset or disable the system audit policy for all subcategories, and then set the audit policies settings to disable.
Remove the per-user audit policy for a single user’s account.
Remove the per-user audit policy for all users.
Show an authoritative report on what audit settings are being applied.
Show an authoritative report on what audit settings are being applied.
The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /clear command.
Delete the per-user audit policy for all users, reset or disable the system audit policy for all subcategories, and then set the audit policies settings to disable.
Remove the per-user audit policy for a single user’s account.
Remove the per-user audit policy for all users.
Show an authoritative report on what audit settings are being applied.
Delete the per-user audit policy for all users, reset or disable the system audit policy for all subcategories, and then set the audit policies settings to disable.
The Domain Name System (DNS) works much like a phone book to associate URLs (names) with what kinds of numbers?
ID numbers
World Wide Web numbers
domain addresses
IP addresses
IP addresses
What type of structure does DNS have?
hierarchical distributed
flat distributed
top-down distributed
wheel-spoke distributed
hierarchical distributed
Which of the following is an example of a top-level domain?
.local
.net
.business
microsoft.com
.net
What is another term for DNS client?
top-level host
DNS server
DNS resolver
DNS query
DNS resolver
By using the Active Directory–integrated zone, DNS follows what kind of model?
master-slave
multi-master
primary-secondary
forward-reverse
multi-master
What is one advantage of subdomains?
They allow you to use fewer IP addresses per domain.
They offer more efficient network segmentation with inherent VLAN capability.
They provide better overall network performance for large networks.
They allow you to break up larger domains into smaller, more manageable ones.
They allow you to break up larger domains into smaller, more manageable ones.
What is the first and most important step in installing and deploying DNS in your network?
setting up Active Directory so that DNS can be integrated into it
planning the infrastructure and service requirements
configuring the forward and reverse lookup zones correctly
splitting the network into subdomains
planning the infrastructure and service requirements
By default, zone transfers are disabled. You can choose one of three different zone transfer methods. Which of the following describes the Only to servers listed on the Name Servers tab method?
restricts zone transfers to those servers specified in the accompanied list
retrieves only resource records that have changed within a zone
restricts zone transfers to secondary DNS servers as defined with NS resource records
allows a data transfer to any server that asks for a zone transfer (least secure)
restricts zone transfers to secondary DNS servers as defined with NS resource records
By default, zone transfers are disabled. You can choose one of three different zone transfer methods. Which of the following describes the To any server method?
restricts zone transfers to those servers specified in the accompanied list
retrieves only resource records that have changed within a zone
restricts zone transfers to secondary DNS servers as defined with NS resource records
allows a data transfer to any server that asks for a zone transfer (least secure)
allows a data transfer to any server that asks for a zone transfer (least secure)
What is another designation for an Alias?
A host or A record
canonical name or CNAME
pointer or PTR record
Name Server or NS record
canonical name or CNAME
If you have a server named server1.blah.com, want to use it as your web server, and have requests point to www.blah.com, what kind of DNS record would you create?
an A record
a CNAME record
a PTR record
an NS record
a CNAME record
Which command do you use to verify local DNS settings?
nslookup
ipconfig /all
ping localhost
tracert
ipconfig /all
Which DNS record contains the serial number for the zone?
NS record
A record
PTR record
SOA record
SOA record
You can use the dnscmd command to create zones. What other tasks can you perform with it?
delete resource records
start/stop the DNS service
perform name service queries
install DNS services
delete resource records
Which one of the following is correct for querying a PTR record?
nslookup Microsoft.com
nslookup www.technet.com
nslookup server1
nslookup 192.168.1.50
nslookup 192.168.1.50
If you issue the command nslookup 192.168.1.50 and get no response, but then issue nslookup server1 and receive 192.168.1.50 as a response, what do you know is wrong?
The CNAME record is incorrect.
The PTR record doesn’t exist.
The A record doesn’t exist.
The SOA for the zone is malformed.
The PTR record doesn’t exist.
DNS servers contain several different types of resource records with which you need to become familiar. Select the correct definition for Host (A and AAAA) records.
identifies an alias for a host name
identifies a DNS server that is authoritative for a zone
maps a domain/host name to an IP address
resolves host names from IP addresses
maps a domain/host name to an IP address
DNS servers contain several different types of resource records with which you need to become familiar. Select the correct definition for Canonical Name (CNAME) records.
identifies an alias for a host name
identifies a DNS server that is authoritative for a zone
maps a domain/host name to an IP address
resolves host names from IP addresses
identifies an alias for a host name
Why are phone lines and ISDN not used today for remote access services (RAS)?
They’re too expensive.
They’re not secure enough.
They create dedicated access.
They no longer supply acceptable bandwidth.
They no longer supply acceptable bandwidth.
Why would you set Verify Caller ID on a remote dial-up connection for a user?
for enhanced security
because you don’t trust the user
because you want users to call in only from specific numbers
because it’s the default setting
for enhanced security
When would you want to use a split tunnel for users?
if your users work only from the office
if your users might compromise security by browsing to insecure sites
if your users have laptop computers and work from home or office
if your users often need remote assistance
if your users have laptop computers and work from home or office
How is data verified when transferred through the Internet?
by cryptographic checksum
by RAS callback options
by correct firewall settings
by using PPTP for VPN connections
by cryptographic checksum
Which authentication method is weakest (least secure)?
PAP
CHAP
MS-CHAPv2
EAP-MS-CHAPv2
PAP
Which VPN protocol provides constant connectivity?
L2TP
IKEv2
SSTP
PPTP
IKEv2
How are routing tables created dynamically?
through the use of RIP
with static routes
by using the routing table protocol (RTP)
by using a layer 2 switch
through the use of RIP
In Windows Server 2012 R2, what is used as a reverse proxy?
Web Application proxy
Reverse Lookup
AD FS proxy
Reverse Web
Web Application proxy
What is the first thing to check when troubleshooting VPN problems?
network connectivity
usernames and passwords
DNS lookups
firewall settings
network connectivity
RRAS has multiple options from which you can select one or more services to provide to your users. Select the correct description for the Virtual private network (VPN) access and NAT option.
sets up the server to provide NAT services to clients on the private network that need to access the Internet
sets up a demand-dial or persistent connection between two private networks
sets up the server to support incoming VPN connections and to provide NAT services
sets up the server to accept incoming remote access connections (dial-up or VPN)
sets up the server to support incoming VPN connections and to provide NAT services
DirectAccess was introduced with which workstation/server pair?
Windows XP/Windows Server 2003
Windows Vista/Windows Server 2008
Windows 7/Windows Server 2008 R2
Windows 8/Windows Server 2012
Windows 7/Windows Server 2008 R2
What type of server is the network location server (NLS)?
DNS
DHCP
web
AD
web
What is the most basic requirement for a DirectAccess implementation?
The DirectAccess server must be part of a cluster.
The DirectAccess server must be highly available.
The DirectAccess server must also run DNS services.
The DirectAccess server must be part of an Active Directory domain.
The DirectAccess server must be part of an Active Directory domain.
What does the netsh namespace show policy command do?
shows the DNS search order
displays the static routing table for a namespace
shows the NRPT rules as configured on the group policy
displays local DirectAccess security policy
shows the NRPT rules as configured on the group policy
What kind of connectivity does DirectAccess provide between client computers and network resources?
stable but limited
seamless and always on
active and firewalled
firewalled and passive
seamless and always on
How do the DirectAccess server and DirectAccess client authenticate each other?
IPSec and PAP
PPTP and username/password
computer and user credentials
encrypted secret channel handshake
computer and user credentials
In addition to meeting operating system requirements, a DirectAccess client must be a member of what?
a DirectAccess client group
a NAP group
an AD domain
a fault-tolerant network segment
an AD domain
The Run the Remote Access Setup Wizard breaks the installation into four separate installations that give you a great deal of control over settings and configurations. Identify the correct description for the installation of Infrastructure Servers.
Configure the network connections based on one or two network cards and which adapters are internal and which adapters are external. You can also specify the use of smartcards and specify the certificate authority (CA) to use for DirectAccess to provide secure communications.
Specify which clients within your organization can use DirectAccess. You specify the computer groups that you want to include and whether you want to include Windows 7 clients.
Configure how the clients access the core infrastructure services such as Active Directory domain controllers and DNS servers. You also specify an internal web server that can provide location services for infrastructure components to your DirectAccess clients.
Configure your end-to-end authentication and security for the DirectAccess components. It also provides secure connections to individual servers.
Configure how the clients access the core infrastructure services such as Active Directory domain controllers and DNS servers. You also specify an internal web server that can provide location services for infrastructure components to your DirectAccess clients.
The Run the Remote Access Setup Wizard breaks the installation into four separate installations that give you a great deal of control over settings and configurations. Identify the correct description for the installation of Remote Access Servers.
Configure the network connections based on one or two network cards and which adapters are internal and which adapters are external. You can also specify the use of smartcards and specify the certificate authority (CA) to use for DirectAccess to provide secure communications.
Specify which clients within your organization can use DirectAccess. You specify the computer groups that you want to include and whether you want to include Windows 7 clients.
Configure how the clients access the core infrastructure services such as Active Directory domain controllers and DNS servers. You also specify an internal web server that can provide location services for infrastructure components to your DirectAccess clients.
Configure your end-to-end authentication and security for the DirectAccess components. It also provides secure connections to individual servers.
Configure the network connections based on one or two network cards and which adapters are internal and which adapters are external. You can also specify the use of smartcards and specify the certificate authority (CA) to use for DirectAccess to provide secure communications.
