Server Flashcards
which of the following is used to boot a computer over the network?
PXE
which of the following is used to load a minimum version of windows to troubleshoot an installation?
Windows PE
which two roles are available in wds?
Deployment server
transport server
which of the following are necessary for deploying wds? (choose all that apply)
AD DS
DHCP
DNS
the answer file is made as a ____ file
XML
which of the following allows you to package drivers together and deploy them with images?
dynamic driver provisioning
which command allows you to modify an offline image?
dism
which program is used to remove the computer name and sid from a computer?
system preparation utility (sysprep)
which of the following is the filename extension for install images and boot images?
WIM
which of the following is used to convert a master computer to an image file?
Windows Deployment Service Capture utility
Which term best describes multiple hot fixes, security updates, and critical updates which are packaged together and thoroughly tested together?
service pack
to specify which computers get which updates, into which of the following categories should you divide the computers?
computer groups
which of the following is the default port used for synchronization?
8530
which of the following wsus modes has upstream wsus servers share updates and the approval of updates with wsus downstream servers?
replica
which of the following is the process of downloading updates for a wsus server?
synchronization
which term best describes when computers are automatically assigned to a computer group using group policies or by modifying the registry?
client side targeting
which of the following is required in order to view reports in wsus?
microsoft report viewer 2008 redistributable
which of the following is the default database used by wsus?
WID (wsus internal database)
which of the following is the best strategy for getting all clients within an organization to use a wsus server?
use group policies
if a client is not part of a domain, client-side targeting can be accomplished by doing which of the following?
by modifying the registry
which of the following is the primary tool to add or remove server tools?
server manager
which of the following is used to view the windows logs?
event viewer
when you are troubke shooting a problem and decide to use the event viewer, which of the following should be used to help you focus on a reduced set of events?
filters
which of the following is used to modify a task after you add a basic task to an event viewer?
task scheduler
which of the following allows you to view events from multiple computers using the event viewer?
subscriptions
which command is used to configure a collecting computer to receive an event subscription?
wecutil qc
which program allows you to stop a running process?
task manager
which program is used to determine what process is using a file?
resoource monitor
which of the following is used to group multiple performance counters so that they can be used over and over in performance monitor?
data collector sets
which program allows you to determine what processes are using which network connections?
netstat
what are two types of dfs namespace?
domain based namespace
stand alone namespace
how many target folders can you have for each namespace in windows server 2008 mode?
50,000
what is an order list of servers and targets that a client computer receives from a domain controller or namespace server when a user accesses a namespace root or a dfs folder with targets?
referrals
what is the default topology used in dfs replication?
full mesh topology
which of the following is the compression algorithm used in dfs replication found with windows server 2012 r2?
remote differential compression (rdc)
which is the default size of a staging folder?
4gb
which is the collection of servers that hold targets of a dfs folder?
replication group
which of the following is a shared folder of shared folders?
dfs namespace
which of the following replaced file replication services (frs)?
dfs replication
what is the default quota size of the conflict and deleted folder?
660 mb
which type of quota used with fsrm prevents users from saving files when the quota is exceeded?
hard quota
which of the following is supported when you define quotas using fsrm? (choose all that apply)
- place an event in the windows logs
- send email
- run a command or script
which of the following do you perform when you change a quota template? (choose all that apply)
- apply template only to derived quotas that match the original template
- apply template to all derived quotas
which of the following is used to control the type of files that users can save to a file server?
fsrm
which type of screening prevents users from saving the defined authorized files?
active screening
which tool is used to manage file servers, including configuring quotas and blocking certain files?
file server resource manager (fsrm)
which type of quota used by fsrm will send notifications only when the quota is exceeded?
soft quota
which of the following enables users to use certain files but notifies an administrator via an email when the user saves those types files?
passive screening
which of the following do you setup when you want to allow a file that is blocked with file screening?
screen exception
which of the following do you use to simplify the management of file screens?
file screen template
which encryption technology should you use to protect individual files on a computer running windows server 2012 r2?
efs
when using efs, the encryption key is stored in which of the following?
digital certificate
what happens when you move an efs encrypted file to a fat32 volume?
it is decrypted
which encryption algorithm uses a single key to encrypt and decrypt data?
symmetric
how do you define the dra’s?
GPOs
how do you decrypt an efs encrypted file for a person who has left an organization?
use a DRA (data recovery agent)
if you dont have a tpm on your computer, what can you use to store the key to us bitlocker?
usb memory device
which windows technology is used to encrypt a usb disk device?
bitlocker to go
which command do you use to encrypt a folder with efs?
use the cipher command
how do you configure windows to automatically encrypt a users’ documents folder?
use group policies
where do you view the security events collected by auditing with group policies?
event viewer
to audit who accessed a file, which of the following must you first enable?
object access auditing
to audit who modified a group policy, which of the following should you change?
policy change
in which audit group do you find the audit filtering platform connection and audit filtering platform packet drop?
object access auditing
which of the following do you need to perform when you want to remove advanced auditing policies?
use basic audit policies with the enforce option
which command should you use to show the current audit policies on a machine?
auditpol.exe /get /subcategory:*
how many audit policy sub settings are found in the advanced audit policy settings?
56
which command clears the audit policy on a computer?
auditpol /clear
which of the following should you use to give you more control on what events to audit?
advanced audit policy settings
which of the following do you define when you configure auditing files and printers?
system access control lists
how many primary zones can a zone have?
1
which are often known as name servers?
dns servers
which zone is used to translate host names to ip addresses?
forward lookup zone
which would you use when you create a reverse lookup zone for the 172.25.0.0 255.255.0.0 subnet?
0.0.25.172
which is each node or leaf in the dns tree referred to as?
resource record
which is used to automatically create and update the host’s primary dns server?
dynamic updates
which zone contains only the necessary resource records that act as an authoritative name server?
stub zone
which forwards queries to other dns servers based on the dns domain name in the query?
conditional forwarding
which sends dns information from a zone on a dns server to another dns server?
zone transfer
which command do you use to create a zone to a dns on a dns server?
dnscmd /zoneadd
which records are automatically created when you create a zone? (choose all that apply)
soa
ns
which dns resource record is used to map a host name to an ip address?
A record
which dns resource record specifies the authoritative information about a zone?
soa record
which resource record defines an alias for a host name?
cname record
which type of zone do you find a ptr record in?
reverse lookup zone
which record do you use to specify an organization’s mail server?
mx record
which of the following do you use to ensure the only computer that can update its own resource records used?
secure dynamic updates
to scavenge dns records, where must you enable scavenging and aging? (choose two answers)
dns server
zone
which command do you use to clear a computer’s dns cache?
ipconfig /flushdns
when is the ttl that is defined by the soa overwritten?
when a resource record has its own ttl
which of the following can you find in rras? (choose all that apply)
routing
nat
is you want to use vpn reconnect, which vpn protocol should you use?
ikev2
you want to make a server running windows 20129 r2 into a vpn server. however, the networking team allows only https through the firewall. which vpn protocol should you use?
sstp
you want to start using smart cards with the vpn. what authentication protocol should you use?
eap
which authentication protocol should you not use because it is the least secure?
pap
how do you allow split tunneling?
- open advanced tcp/ip settings
- deselect use default gateway on remote network
what is the easiest way to set up a vpn client on a computer for a user that is not technical?
use cmak to create an executable install
which option would you use to make sure that a user can dial in using only his or her home phone?
always callback to
which tab in the rip properties would you use to prevent routes being received from a router located on 10.10.10.10?
security
which option should you use with the route command when creating a static route that will ensure the route is still available if the computer is rebooted?
-p
you have the following servers for direct access:
-domain controller/dns server running windows server 2008 operating at windows server 2003 domain functional level
-certificate authority running windows server 2012 r2
-file server running windows 2008 r2
-direct access server running windows server 2012 r2
which of the following do you need to modify?
upgrade the domain controller to windows server 2008 r2
you are to configure the network location server (nls). which web server (iis) role service would you install on the nls server?
ip and domain restrictions
you have installed and configured a direct address server. you created a group called daclients. however, when users log into their computers, the computers are not configured to us direct access. what do you need to do to configure the clients to use direct access?
make sure that the client is added to the daclients group
you are configuring direct access on server1. which step do you need to perform to ensure that server1 can initiate connections to direct access client computers?
infrastructure server
how can you identify the url of the network location server that a client is using?
run netsh namespace show effective policy command
what two steps do you need to perform on the dns server so that it can support direct access?
- remove the isatap from the dns global query block
- add a record for the nsl server
you have a client that is configured for direct access. the client is connected to the internet from home. how can you verify whether the client can resolve the direct access server called server1.contosol.com?
run the ping server1.contoso.com command
you have configured a server called server1 as a direct access server. how do you need to configure the windows firewall on the server to support direct access?
allow icmpv6 echo request
which table is used to determine the behavior of the dns clients when determining the address of internal resources?
nrtp (name resolution policy table)
which of the following clients can connect to a direct access server? (choose all that apply)
- windows 8 enterprise
- windows 7 ultimate
- windows 8 professional
which ports does nps use for authentication and accounting? (choose four)
- 1812
- 1813
- 1645
- 1646
you have several vpn servers configured using rras. what is the best way to collect information on when and how long someone is connected through the vpn?
radius accounting
which do you use to provide central authentication of vpn and wireless connections on the network?
use an nps server (network policy server)
which of the following are access clients? (choose all that apply)
- vpn server
- dial up server
- 802.1x server
which of the following is used to save a configuration so that it can be reused on other nps servers?
templates
which two locations can nps log to? (choose two)
- sql server
- text file
to use eap-tsl, each client must have which of the following?
digital certificate
which of the following are used with nps templates? (choose all that apply)
- remote radius servers
- radius clients
Microsoft’s radius server is known as which of the following?
AAA server
which of the following tracks network usage for auditing and billing purposes?
radius accounting
which of the following is the default location for the log files if you use text files for radius accounting?
c:\windows\system32\logfiles
which three types of policies are avialbale on the network policy server (nps)? (choose all that apply)
- health policies
- network polices
- connection request policies
which policy is used to establish sets of conditions and settings that specify which radius servers perform the authentication. authorization, and accounting of connection requests received by the nps server from radius clients?
connection request polices
which policy establishes sets of conditions, constraints, and settings that specify who is authorized to connect to the network?
network policies
which policy would you use if you want to limit when a user can log in through the vpn?
network policies
how do you specify which radius server handles authentication for a vpn server?
connection request policies
how can you stop an nps server to stop acting as a radius server and to stop process connections requests locally?
delete the default connection request policy
which of the following are remote connections based on when creating network policies? (choose all that apply)
- constraints
- conditions
- settings
which of the following are remote connections based on when creating a connection request policy? (choose all that apply)
- conditions
- settings
what technology allows you to decrease allocated bandwidth when using multilink?
BAP (bandwidth allocation protocol)
if you use an isdn line, which of the following allows you to use multiple connections to allow for higher bandwidth?
- multilink connections
- BAP
how many bits does basic encryption support?
40 bit
which of the following nap enforcement mechanisms is considered the weakest?
DHCP
which of the following nap enforcement mechanisms is considered the strongest?
ipsec
which component used with nap maintains information and reports on the health of a nap client?
system health agent
which is the most common system health agent used in windows?
windows security center
which is used to make a computer compliant when you have quarantined computers that are not compliant when using nap?
use remediation servers
with nap, what defines the requirements for the client computers to connect to a network that is connected?
shv (system health validator)
which of the following is typically a remediation server when using nap? (choose all that apply)
- antivirus management server
- dhcp server
- dns server
- domain controller
you just implemented nap. how can you ensure that domain computers are up to date?
wsus
which server is used as the nap health policy server?
nps
which of the following is used as a windows security health validator? (choose all that apply)
- anti virus program
- spyware
which act confirms the identity of a user or system?
authentication
which fallback authentication is used when kerberos does not work?
ntlm (ny lan manager)
by default, what is the maximum amount time that a clock can be off in order for kerberos to work?
300 seconds
which authentication protocol uses the key distribution center that maintains a database of secret keys and is more secure than ntlm?
kerberos
which of the following is the format for kerberos?
sqlservice/service1:1433
which name uniquely identifies an insurance of a service for a client?
spn (service principal name)
which command do you use to configure an spn for a user account?
setspn
what allows a kerberos ticket to be created for another service on the originating user’s behalf?
kerberos delegation
by default,how often do passwords change for managed service accounts?
30 days
which account runs a service on multiple computers that belong to a cluster and that automatically have the password changed on a regular basis?
group managed service account
which of the following is found on a domain controller? (choose all that apply)
- global catalog
- rid master
- pdc emulator
which of the following is not an operations master?
global catalog
what is the cause of the problem if account lockout is not working?
the pdc emulator is down
what do you use to transfer the holder of the rid master?
active directory users and computers
what do you use to transfer the holder of the schema master?
active directory schema
what do you use to seize the role of the domain naming operations master?
ntdsutil.exe
you are creating a self served kiosk console at a local mall. at the mall, the kiosk will need to access a domain controller. what should you use?
rodc
what are you cloning when you use the new-addccloneconfigfile?
virtual domain controller
what is the minimum forest function level for rodc?
windows server 2008
you deployed a rodc running windows server 2008 to a branch office. you need to ensure that users at the branch office are able to log on to the domain using the rodc. what should you do?
configure a password replication policy on the rodc
which windows powershell applet enables the active directory recycle bin?
enable-adoptionalfeature
which of the following does the system state contain? (choose all that apply)
- boot files
- user profiles
- active directory database
- iis database
with the windows backup, how do you back up the active directory database?
back up the system state
which of the following is included with the sysvol folder? (choose all that apply)
- login scripts
- dfs staging folder and files
which mode do you need to use when you perform an authoritative restore?
directory services restore mode (dsrm)
how do you create an active directory snapshot?
use ntdsutil.exe
how can you determine the size of the active directory database?
use windows explorer to view the properties of the c:\windows\ntds
ntds.dit file
how do you compress the size of an active directory database?
use the ntdsutil command with the files option
which utility can you use to remove the server metadata? (choose two)
- active directory recycle bin
- ntdsutil.exe
you mount an active directory snapshot. what do you need to do so that you can query the snapshot by using ldap?
dsamain.exe
which of the following is found under the account policies? (choose all that apply)
- kerberos policy
- password policy
- account lockout policy
what is used to determine the circumstances and length of time that an account will be locked out of the system?
account lockout policy
what determines settings for passwords, including enforcement and lifetime?
password policy
how many password policies can you define for each domain?
1
what is the default value for the enforce password history?
24
what value must you assign to the account lockout duration to ensure that the administrator will have to manually unlock the account?
0
which do you use if you want to assign different password policies to different sets of people?
fine grained password policies
which do you use to configure a password policy on a standalone computer running windows?
secpol.msc
what is the minimum domain level necessary in order for the forest to use fine grained password policies?
windows server 2008
in which policy do you normally find the password policy?
default domain policy
what are the two default group policies that are already created in active directory? (choose two answers)
- default domain controller policy
- default domain policy
gpo’s are assigned to users by which of the following?
being linked to a container in active directory
you assign a gpo at the domain. how do you ensure that it is not overridden by another gpo?
use the enforce option
you have 20 users assigned to an ou. you want 10 of those users to be affected by another gpo. what should you do?
use a security filter
which do you use if you want to apply a group policy that affects only laptops?
wmi filtering (windows management instrumentation)
how many wmi filters can you configure per gpo
one per gpo
which two modes are used in loopback processing?
- replace mode
- merge mode
which command is used to force a computer to download gpo settings after a gpo has been modified?
gpupdate /force
by default, what speed is considered a slow link when using slow link processing?
500kbps
which tool is used to order gpo precedence when assigning multiple gpo’s to an ou?
group policy management console
how often do gpos get refreshed on client pc’s
every 90 to 120 minutes
which filename extension patches files for microsoft software installation (msi) files?
.msp
which type of software installation would you perform if you want to add an icon to the users control panel?
publish software to a user
which type of software supports self healing?
.msi
which option would you use to repoint the documents folder to the user’s home folder?
folder redirection
which type of folder redirection would you use to redirect the user’s home directory to a location based on the group that the user is a member of?
advanced
most of the time, why do laptop users use folder redirection?
offline folders
where is the central store located?
c:\windows\sysvol\domain\policies\policydefinitions
what is used to display only the administrative templates that are being used?
property filters
which two components make up a gpo?
- GPT (group policy template)
- GPC (group policy container)
which tool is used to backup only a gpo?
group policy management console
which feature allows you to restore from backup, delete a backup, and view the settings of a gpo?
group policy object editor
which file maps references to users, groups, computers, and unc paths when importing settings from one gpo to another gpo?
migration table
which command allows you to restore the default domain policy or the default domain controllers policy to their default settings?
dcgpofix
which tab do you use in the gpmc that grants permissions to a user or group for a gpo?
delegation
which of the following permissions can you grant to a group or user to manage a gpo? (choose all that apply)
- edit settings
- read
- delete
- modify security
which button do you click on the delegation tab that allows you to assign granular permissions to a gpo?
advanced
which permission is necessary for a gpo to be applied to a group or user? (choose all that apply)
- allow apply group policy permission
- allow read permission
after you copy and paste a gpo, what is the last step you have to do?
rename the gpo
which minimum domain controller is needed to use group policy preferences (gpp)?
windows server 2008
which of the following are actions found in preferences? (choose all that apply)
- delete
- create
- replace
which two categories are gpp divided into? (choose two)
- windows settings
- control panel settings
you create a preference item for windows internet explorer 10 and you configure the html editor option and it includes a red dashed underline. what do you do to enable this option?
press the f6 key
which of the following are control panel settings options in gpp? (choose all that apply)
power options extension
which of the following are windows settings options in gpp? (choose all that apply)
network shares
you want to configure the default home page for internet explorer for your organization. you have windows 7, windows 8, windows 9, and windows 10. how many preference items do you need to create?
3
which of the following preferences support editing state for gpp? (choose all that apply)
- folder options
- regional and language settings
which printers are supported for gpp? (choose all that apply)
- tcp/ip printer
- local printer
- shared printer
how do you include multiple targeting items when configuring gpp?
use logical operators