test

Question 1

An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?

Answer 1

who, when, and how

Question 2

Which variable can be set to authorize or deny a remote connection?

Answer 2

group membership

Question 3

The default connection request policy uses NPS as what kind of server?

Answer 3

Radius

Question 4

Where is the default connection policy set to process all authentication requests?

Answer 4

Locally

Question 5

What is the last setting in the Routing and Remote Access IP settings?

Answer 5

how IP addresses are assigned

Question 6

What command-line utility is used to import and export NPS templates?

Answer 6

netsh

Question 7

To which type of file do you export an NPS configuration?

Answer 7

XML

Question 8

When should you not use the command-line method of exporting and importing the NPS configuration?

Answer 8

when the source NPS database has a higher version number than the version number of the destination NPS database

Question 9

Network policies determine what two important connectivity constraints?

Answer 9

• who is authorized to connect

- the connection circumstances for connectivity

Question 10

When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _______________ that have been configured for the policy.

Answer 10

constraints

Question 11

If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?

Answer 11

Denies

Question 12

Which Routing and Remote Access IP setting is the default setting?

Answer 12

Server Settings Determine IP Address Assignment

Question 13

Which of the following is the strongest type of encryption?

Answer 13

MPPE 128-Bit

Question 14

Why is there a No Encryption option for network connections?

Answer 14

to allow for third-party encryption programs that might be incompatible with native encryption

Question 15

RADIUS Access-Request messages are processed or forwarded by NPS only if the settings of the incoming message match what on the NPS server?

Answer 15

one of the connection request policies

Question 16

Network Access Policy is part of which larger scope NPS policy?

Answer 16

Health

Question 17

What character string makes up the telephone number of the network access server (NAS)?

Answer 17

Called Station ID

Question 18

What character string attribute designates the phone number used by the access client?

Answer 18

Calling Station ID

Question 19

What is used to restrict the policy only to clients that can be identified through the special mechanism such as a NAP statement of health?

Answer 19

Identity Type

Question 20

What is the name of the RADIUS client computer that requests authentication?

Answer 20

Client Friendly Name

Question 21

Network Access Protection (NAP) is Microsoft’s software for controlling network access of computers based on what?

Answer 21

a computer’s overall health

Question 22

Because NAP is provided by _________, you need to install _________ to install NAP.

Answer 22

NPS, NPS

Question 23

DHCP enforcement is not available for what kind of clients?

Answer 23

IPv6

Question 24

What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?

Answer 24

Read-Only

Question 25

When you fully engage NAP for remediation enforcement, what mode do you place the policy in?

Answer 25

Isolation

Question 26

To verify a NAP client’s configuration, which command would you run?

Answer 26

netsh nap client show state

Question 27

Why do you need a web server as part of your NAP remediation infrastructure?

Answer 27

to provide user information in case of a compliance failure

Question 28

Where do you look to find out which computers are blocked and which are granted access via NAP?

Answer 28

the NAP Server Event Viewer

Question 29

You should restrict access only for clients that don’t have all available security updates installed, if what situation exists?

Answer 29

the computers are running Windows Update

Question 30

What happens to a computer that isn’t running Windows Firewall?

Answer 30

The computer is isolated

Question 31

To use the NAP-compliant policy, the client must do what?

Answer 31

pass all SHV checks

Question 32

Which computers are not affected by VPN enforcement?

Answer 32

locally connected computers

Question 33

When enabling NAP for DHCP scopes, how should you roll out the service?

Answer 33

for individual DHCP scopes

Question 34

What is the purpose of the System Health Agent (SHA)?

Answer 34

Either
to provide feedback on the status of system protection and updates
OR
to provide feedback to the system for CPU, memory, and disk health

Question 35

Why is monitoring system health so important?

Answer 35

to maintain a safe computing environment

Question 36

Why would you set up a monitor-only NAP policy on your network?

Answer 36

You are testing your NAP rollout before implementation

Question 37

These Windows computers don’t typically move much and are part of the domain. Because they are part of the domain, they are easier to manage with group policies, managed anti-virus/anti-malware systems, and administrative control.

Answer 37

desktop computers

Question 38

These Windows computers are not usually connected directly to the network but connect through a VPN connection. Because they are usually personal computers, they are not part of the domain. Therefore, they usually do not get security updates and might not have an up-to-date anti-virus/anti-malware software package.

Answer 38

unmanaged home computers

Question 39

These Windows computers are unmanaged computers often used by consultants or vendors who need to connect to your organization’s network. Because they are unmanaged, they might not have the newest up-to-date security patches and an up-to-date anti-virus/anti-malware software package.

Answer 39

visiting laptops

Question 40

These Windows computers move often and might not be connected to the organization’s network office. Because they are typically part of the domain, they can be managed but might not get the newest updates because they are not always connected to the network.

Answer 40

roaming laptops

Question 41

What is the default authentication protocol for non-domain computers?

Answer 41

NTLM

Question 42

What does the acronym NTLM stand for?

Answer 42

NT LAN Manager

Question 43

NTLM uses a challenge-response mechanism for authentication without doing what?

Answer 43

sending a password to the server

Question 44

What type of protocol is Kerberos?

Answer 44

a secure network authentication protocol

Question 45

Kerberos security and authentication are based on what type of technology?

Answer 45

secret key

Question 46

What is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly?

Answer 46

5 minutes

Question 47

Which three components make up a service principal name (SPN)?

Answer 47

service class, host name, and port number

Question 48

What happens if a client submits a service ticket request for an SPN that does not exist in the identity store?

Answer 48

The client receives an access denied error

Question 49

Which tool can you use to add SPNs to an account?

Answer 49

ADSI Edit

Question 50

Identify another utility that you can use to add SPNs to an account.

Answer 50

setspn

Question 51

What type of account is an account under which an operating system, process, or service runs?

Answer 51

Service

Question 52

By default, which service accounts will the Windows PowerShell cmdlets manage?

Answer 52

group MSAs

Question 53

What is the default authentication protocol for contemporary domain computers?

Answer 53

Kerberos

Question 54

What is the name by which a client uniquely identifies an instance of a service?

Answer 54

service principal name

Question 55

Before you can create an MSA object type, you must create what?

Answer 55

a key distribution services root key

Question 56

What service right does an MSA account automatically receive upon creation?

Answer 56

log on as a service

Question 57

Which Kerberos setting defines the maximum time skew that can be tolerated between a ticket’s timestamp and the current time at the KDC?

Answer 57

maximum tolerance for computer clock synchronization

Question 58

Which Kerberos setting defines the maximum lifetime ticket for a Kerberos TGT ticket?

Answer 58

maximum lifetime for user ticket

Question 59

Which Kerberos setting defines the maximum lifetime of a Kerberos ticket?

Answer 59

maximum lifetime for service ticket

Question 60

Which Kerberos setting defines how long a service or user ticket can be renewed?

Answer 60

maximum lifetime for user ticket renewal

Question 61

The domain controllers are the computers that store and run the _______________.

Answer 61

Active Directory database

Question 62

How many PDC Emulators are required, if needed, in a domain?

Answer 62

One

Question 63

You do not place the infrastructure master on a global catalog server unless what situation exists?

Answer 63

You have a single domain

Question 64

When you add attributes to an Active Directory object, what part of the domain database are you actually changing?

Answer 64

schema

Question 65

Which Active Directory object is defined as a specialized domain controller that performs certain tasks so that multi-master domain controllers can operate and synchronize properly?

Answer 65

Operations Master

Question 66

How many global catalogs are recommended for every organization?

Answer 66

at least two

Question 67

Where are you most likely to see a Read-Only Domain Controller (RODC)?

Answer 67

in a remote site

Question 68

Beginning with which server version can you safely deploy domain controllers in a virtual machine?

Answer 68

Windows Server 2012

Question 69

What utility must you run on a cloned system to ensure that the clone receives its own SID?

Answer 69

sysprep

Question 70

Which type of system must you connect to and use to make changes to Active Directory?

Answer 70

writable domain controller

Question 71

Which version of Windows Server introduced incremental universal group membership replication?

Answer 71

Windows Server 2003

Question 72

3 group in Domain

Answer 72

domain local, global, universal

Question 73

Although the changes are easy to make, why is changing the AD Schema such a big deal?

Answer 73

The changes could corrupt the database

Question 74

Where in the forest is a global catalog automatically created?

Answer 74

the first domain controller

Question 75

Which utility do you use to manage Active Directory from the command line?

Answer 75

ntdsutil

Question 76

Which command-line command do you use to allow Windows Server 2003 domain controllers to replicate to RODCs?

Answer 76

adprep

Question 77

Which term describes a collection of domains grouped together in hierarchical structures that share a common root domain?

Answer 77

Domain trees

Question 78

Which term describes an administrative boundary for users and computers, which are stored in a common directory database?

Answer 78

domains

Question 79

Which term describes a collection of domain trees that share a common Active Directory Domain Services (AD DS)?

Answer 79

forests

Question 80

Which term describes containers in a domain that allow you to organize and group resources for easier administration, including providing for delegating administrative rights?

Answer 80

organizational units

Question 81

Which of the following ntdsutil commands cleans up metadata?

Answer 81

metadata cleanup

Question 82

Why is backing up the Windows system state necessary?

Answer 82

It’s needed to perform a full system restore

Question 83

In interactive mode, what aspect of AD can you check with the ntdsutil integrity command?

Answer 83

low-level database corruption

Question 84

What is the range of password history settings?

Answer 84

0 to 24

Question 85

What is the primary advantage of using Group Policies in a domain environment?

Answer 85

centralized management

Question 86

How should you assign Password Settings objects (PSOs) to users?

Answer 86

Assign the PSOs to a global security group and add users to the group

Question 87

By default, how often does Active Directory “garbage collection” occur?

Answer 87

every 12 hours

Question 88

What is the proper procedure for removing a domain controller from Active Directory?

Answer 88

Uninstall Active Directory Domain Services.

Question 89

To perform an authoritative restore, into what mode must you reboot the domain controller?

Answer 89

DSRM

Question 90

If a single domain controller’s AD database becomes corrupt, which type of restore should you perform on it?

Answer 90

nonauthoritative

Question 91

Why can you not modify snapshots?

Answer 91

They are read-only.

Question 92

What is the default minimum password length in characters?

Answer 92

7

Question 93

Which aspect of passwords is a key component of their strength?

Answer 93

number of characters

Question 94

Why primarily are account lockout policies put into place?

Answer 94

security

Question 95

Why should administrator passwords change more often than user passwords?

Answer 95

because administrator accounts carry more security sensitivity than users do

Question 96

An Active Directory snapshot is actually what kind of backup?

Answer 96

a shadow copy

Question 97

What is a GUID?

Answer 97

a unique identifier for a snapshot

Question 98

When you do an authoritative restore process, a back-links file is created. What is a back-links file?

Answer 98

a reference to an attribute within another object

Question 99

Which utility do you use to defragment Active Directory?

Answer 99

ntdsutil

Question 100

To perform an authoritative restore of an object or subtree, what bit of information do you need to know about the object?

Answer 100

its distinguished name

Question 101

What utility first appeared in Windows Server 2000 R2 that allows you to undelete Active Directory containers and objects?

Answer 101

the Active Directory Recycle Bin

Question 102

What is the default setting for password history?

Answer 102

24

Question 103

By default, who has read/write capability to the Default Domain Policy?

Answer 103

domain administrators

Question 104

By default, which of the following represents the maximum amount of time by which a computer’s internal clock can be inaccurate yet still be able to use Kerberos authentication?

Answer 104

5 minutes

Question 105

What setting can you give for account lockout duration that requires an administrator to manually unlock the account?

Answer 105

0

Question 106

What function does the CSVDE tool perform?

Answer 106

It exports/imports Active Directory information

Question 107

What is an easy method of creating a strong password?

Answer 107

Start with a sentence then add numbers and special characters.

Question 108

The default maximum password age is how long?

Answer 108

42 days

Question 109

what character length for a password is generally accepted as minimum?

Answer 109

eight

Question 110

After you undelete a user account with the LDP utility, what action do you need to perform?

Answer 110

Reset the user’s password

Question 111

Why is backup of the Active Directory database so important?

Answer 111

Backup is needed in case of corruption, deletion, or other failure.

Question 112

What does the minimum password age setting control?

Answer 112

how many days a user must wait before a password reset

Question 113

What is the secpol.msc utility used for?

Answer 113

editing local security policies

Question 114

Which of the following passwords is considered complex?

Answer 114

M!croS0ft

Question 115

Windows Server 2012 introduces a new time-saving feature when performing tasks such as AD defragmentation. What is that feature?

Answer 115

Restartable Active Directory Domain Services

Question 116

Which utilities do you use to set up loopback policies?

Answer 116

Group Policy Management Editor

Question 117

Which of the following Windows 8.1 and Windows Server 2012 R2 features can speed up the performance of processing synchronous policy settings

Answer 117

Group Policy Caching

Question 118

What happens when an application deployed via group policies becomes damaged or corrupt?

Answer 118

The installer will detect and reinstall or repair the application

Question 119

Where is the default location for ADMX files?

Answer 119

C:\Windows\PolicyDefinitions

Question 120

GPOs are processed on computer startup and after logon. Why is the user never aware of the processing ?

Answer 120

processing is hidden from the user

Question 121

In which order are Group Policy objects (GPOs) processed?

Answer 121

Local group policy, site, domain, OU

Question 122

To use WMI filters, you must have one domain controller running which version of Windows Server or higher?

Answer 122

2003

Question 123

By default which GPO permissions are all authenticated users given?

Answer 123

Apply Group

Question 124

How many WMI filters can be configured for a GPO?

Answer 124

one

Question 125

What is an ADMX file?

Answer 125

the ADM format for newer operating systems

Question 126

Windows installer cannot install .exe files. To distribute a software package that installs with an .exe file, what must you do to do it?

Answer 126

convert it to an MSI file

Question 127

Which feature affects all users in the domain, including domain controllers?

Answer 127

Default Domain Policy

Question 128

Where would using Replace mode GPOs be appropriate?

Answer 128

in a classroom

Question 129

What language are ADMX files based on?

Answer 129

XML

Question 130

When configuring Group policy to deploy applications, the applications must be mapped to where?

Answer 130

UNC path

Question 131

If you, as administrator, change an installed application, how do you update your users?

Answer 131

by redeploying the application via the GPO

Question 132

What is the filename extension for the files in which installation information is stored?

Answer 132

.msi

Question 133

What is the name of the software component used for installation, maintenance, and removal of software on Windows?

Answer 133

Windows Installer

Question 134

What is the default timeout value for GPOs to process on system startup?

Answer 134

600 seconds

Question 135

The downward flow of group policies is known as what feature of GPOs?

Answer 135

inheritance

Question 136

How are client-side extensions applied?

Answer 136

to the local computer or currently logged-on user

Question 137

Unlike ADM files, ADMX files are not stored where?

Answer 137

in individual GPOs

Question 138

Where is the Central store located?

Answer 138

in the SYSVOL directory

Question 139

At what point are WMI filters evaluated?

Answer 139

when the policy is processed

Question 140

What is the best method of dealing with slow-link processing?

Answer 140

changing the slow-link policy processing behavior

Question 141

What kind of group policies should you enable for student computers?

Answer 141

loopback

Question 142

What is the first step in the GPO processing order?

Answer 142

The computer establishes a secure link to the domain controller

Question 143

What are MST files used for?

Answer 143

They deploy customized software installation files

Question 144

An application cannot be published to a ___________

Answer 144

computer

Question 145

When you’re about to reset domain policy and domain controllers policy back to default with the dcgpofix.exe command, what final warning are you given before you accept the change?

Answer 145

that all users Rights Assignments will be replaced

Question 146

What process grants permission to other users to manage group policies?

Answer 146

delegation

Question 147

What is a collection of files store in the SYSVOL (%SystemRoot%\SYSVOL\,\Policies) of each domain controller?

Answer 147

Group Policy template (GPT)

Question 148

If you don’t want a GPO to apply, which group policy permission do you apply to a user or group?

Answer 148

Disallow apply

Question 149

Which utility do you use to create GPO preferences?

Answer 149

Group Policy Management Editor

Question 150

What object can you create to organize Registry preference items?

Answer 150

a Collection

Question 151

Which Windows extension allows you to add, replace or delete sections or properties in configuration settings or setup information files?

Answer 151

.ini files

Question 152

Which domain users are automatically granted permissions to preform Group Policy Management task?

Answer 152

domain administrators

Question 153

For GPP editing states, which key do you use to toggle Enable Current?

Answer 153

F6

Question 154

Which term describes changing the scope of individual preferences items so that the preference items apply only to selected users or computers?

Answer 154

item-level targeting

Question 155

To give someone permission to manage a particular GPO, you use the ______________ tab of the individual GPO.

Answer 155

Delegate

Question 156

Which Windows extension allows you to copy registry settings and apply them to other computers’ create, replace, or delete registry settings?

Answer 156

Registry

Question 157

What is the key difference between preferences and policy settings?

Answer 157

enforcement

Question 158

Windows Settings are common configuration settings used in Windows but not used where?

Answer 158

The Control Panel

Question 159

Which components allows you to create multiple Registry preference items based on registry settings that you select?

Answer 159

The Registry Wizard

Question 160

What is a file that maps references to users, groups, computers and UNC paths in the source GPO to new values in the destination GPO?

Answer 160

migration table

Question 161

What is an Active Directory object store in the Group Policy Objects container with the domain naming content of the directory basic attributes of the GPO but does not contain any of the settings?

Answer 161

Group Policy Container (GPC)

Question 162

To support GPPs on older Windows versions (Server and Workstation), you have to install what component from Microsoft?

Answer 162

GPP client-Side Extensions

Question 163

GPPs are divided into which two sections?

Answer 163

Windows and Control Panel

Question 164

How do you stop processing a preference if an error occurs?

Answer 164

Select the Stop processing items option on the Common tab

Question 165

By default, this option runs as the System account. If this option is selected, the logged-on user context is used.

Answer 165

Run in logged-on user’s security context.