Show
Which variable can be set to authorize or deny a remote connection?
The default connection request policy uses NPS as what kind of server?
Where is the default connection policy set to process all authentication requests?
What is the last setting in the Routing and Remote Access IP settings?
how IP addresses are assigned
What command-line utility is used to import and export NPS templates?
To which type of file do you export an NPS configuration?
When should you not use the command-line method of exporting and importing the NPS configuration?
when the source NPS database has a higher version number than the version number of the destination NPS database
Network policies determine what two important connectivity constraints?
-who is authorized to connect -the connection circumstances for connectivity
When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _______________ that have been configured for the policy.
If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?
Which Routing and Remote Access IP setting is the default setting?
Server Settings Determine IP Address Assignment
Which of the following is the strongest type of encryption?
Why is there a No Encryption option for network connections?
to allow for third-party encryption programs that might be incompatible with native encryption
RADIUS Access-Request messages are processed or forwarded by NPS only if the settings of the incoming message match what on the NPS server?
one of the connection request policies
Network Access Policy is part of which larger scope NPS policy?
What character string makes up the telephone number of the network access server (NAS)?
What character string attribute designates the phone number used by the access client?
What is used to restrict the policy only to clients that can be identified through the special mechanism such as a NAP statement of health?
What is the name of the RADIUS client computer that requests authentication?
Network Access Protection (NAP) is Microsoft's software for controlling network access of computers based on what?
a computer's overall health
Because NAP is provided by _________, you need to install _________ to install NAP.
DHCP enforcement is not available for what kind of clients?
What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?
When you fully engage NAP for remediation enforcement, what mode do you place the policy in?
To verify a NAP client's configuration, which command would you run?
netsh nap client show state
Why do you need a web server as part of your NAP remediation infrastructure?
to provide user information in case of a compliance failure
Where do you look to find out which computers are blocked and which are granted access via NAP?
the NAP Server Event Viewer
You should restrict access only for clients that don't have all available security updates installed, if what situation exists?
the computers are running Windows Update
What happens to a computer that isn't running Windows Firewall?
To use the NAP-compliant policy, the client must do what?
Which computers are not affected by VPN enforcement?
locally connected computers
When enabling NAP for DHCP scopes, how should you roll out the service?
for individual DHCP scopes
What is the purpose of the System Health Agent (SHA)?
Either to provide feedback on the status of system protection and updatesORto provide feedback to the system for CPU, memory, and disk health
Why is monitoring system health so important?
to maintain a safe computing environment
Why would you set up a monitor-only NAP policy on your network?
You are testing your NAP rollout before implementation
These Windows computers don't typically move much and are part of the domain. Because they are part of the domain, they are easier to manage with group policies, managed anti-virus/anti-malware systems, and administrative control.
These Windows computers are not usually connected directly to the network but connect through a VPN connection. Because they are usually personal computers, they are not part of the domain. Therefore, they usually do not get security updates and might not have an up-to-date anti-virus/anti-malware software package.
These Windows computers are unmanaged computers often used by consultants or vendors who need to connect to your organization's network. Because they are unmanaged, they might not have the newest up-to-date security patches and an up-to-date anti-virus/anti-malware software package.
These Windows computers move often and might not be connected to the organization's network office. Because they are typically part of the domain, they can be managed but might not get the newest updates because they are not always connected to the network.
What is the default authentication protocol for non-domain computers?
What does the acronym NTLM stand for?
NTLM uses a challenge-response mechanism for authentication without doing what?
sending a password to the server
What type of protocol is Kerberos?
a secure network authentication protocol
Kerberos security and authentication are based on what type of technology?
What is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly?
Which three components make up a service principal name (SPN)?
service class, host name, and port number
What happens if a client submits a service ticket request for an SPN that does not exist in the identity store?
The client receives an access denied error
Which tool can you use to add SPNs to an account?
Identify another utility that you can use to add SPNs to an account.
What type of account is an account under which an operating system, process, or service runs?
By default, which service accounts will the Windows PowerShell cmdlets manage?
What is the default authentication protocol for contemporary domain computers?
What is the name by which a client uniquely identifies an instance of a service?
Before you can create an MSA object type, you must create what?
a key distribution services root key
What service right does an MSA account automatically receive upon creation?
Which Kerberos setting defines the maximum time skew that can be tolerated between a ticket's timestamp and the current time at the KDC?
maximum tolerance for computer clock synchronization
Which Kerberos setting defines the maximum lifetime ticket for a Kerberos TGT ticket?
maximum lifetime for user ticket
Which Kerberos setting defines the maximum lifetime of a Kerberos ticket?
maximum lifetime for service ticket
Which Kerberos setting defines how long a service or user ticket can be renewed?
maximum lifetime for user ticket renewal
The domain controllers are the computers that store and run the _______________.
Active Directory database
How many PDC Emulators are required, if needed, in a domain?
You do not place the infrastructure master on a global catalog server unless what situation exists?
When you add attributes to an Active Directory object, what part of the domain database are you actually changing?
Which Active Directory object is defined as a specialized domain controller that performs certain tasks so that multi-master domain controllers can operate and synchronize properly?
How many global catalogs are recommended for every organization?
Where are you most likely to see a Read-Only Domain Controller (RODC)?
Beginning with which server version can you safely deploy domain controllers in a virtual machine?
What utility must you run on a cloned system to ensure that the clone receives its own SID?
Which type of system must you connect to and use to make changes to Active Directory?
writable domain controller
Which version of Windows Server introduced incremental universal group membership replication?
domain local, global, universal
Although the changes are easy to make, why is changing the AD Schema such a big deal?
The changes could corrupt the database
Where in the forest is a global catalog automatically created?
the first domain controller
Which utility do you use to manage Active Directory from the command line?
Which command-line command do you use to allow Windows Server 2003 domain controllers to replicate to RODCs?
Which term describes a collection of domains grouped together in hierarchical structures that share a common root domain?
Which term describes an administrative boundary for users and computers, which are stored in a common directory database?
Which term describes a collection of domain trees that share a common Active Directory Domain Services (AD DS)?
Which term describes containers in a domain that allow you to organize and group resources for easier administration, including providing for delegating administrative rights?
Which of the following ntdsutil commands cleans up metadata?
Why is backing up the Windows system state necessary?
It's needed to perform a full system restore
In interactive mode, what aspect of AD can you check with the ntdsutil integrity command?
low-level database corruption
What is the range of password history settings?
What is the primary advantage of using Group Policies in a domain environment?
How should you assign Password Settings objects (PSOs) to users?
Assign the PSOs to a global security group and add users to the group
By default, how often does Active Directory "garbage collection" occur?
What is the proper procedure for removing a domain controller from Active Directory?
Uninstall Active Directory Domain Services.
To perform an authoritative restore, into what mode must you reboot the domain controller?
If a single domain controller's AD database becomes corrupt, which type of restore should you perform on it?
Why can you not modify snapshots?
What is the default minimum password length in characters?
Which aspect of passwords is a key component of their strength?
Why primarily are account lockout policies put into place?
Why should administrator passwords change more often than user passwords?
because administrator accounts carry more security sensitivity than users do
An Active Directory snapshot is actually what kind of backup?
a unique identifier for a snapshot
When you do an authoritative restore process, a back-links file is created. What is a back-links file?
a reference to an attribute within another object
Which utility do you use to defragment Active Directory?
To perform an authoritative restore of an object or subtree, what bit of information do you need to know about the object?
What utility first appeared in Windows Server 2000 R2 that allows you to undelete Active Directory containers and objects?
the Active Directory Recycle Bin
What is the default setting for password history?
By default, who has read/write capability to the Default Domain Policy?
By default, which of the following represents the maximum amount of time by which a computer's internal clock can be inaccurate yet still be able to use Kerberos authentication?
What setting can you give for account lockout duration that requires an administrator to manually unlock the account?
What function does the CSVDE tool perform?
It exports/imports Active Directory information
What is an easy method of creating a strong password?
Start with a sentence then add numbers and special characters.
The default maximum password age is how long?
what character length for a password is generally accepted as minimum?
After you undelete a user account with the LDP utility, what action do you need to perform?
Reset the user's password
Why is backup of the Active Directory database so important?
Backup is needed in case of corruption, deletion, or other failure.
What does the minimum password age setting control?
how many days a user must wait before a password reset
What is the secpol.msc utility used for?
editing local security policies
Which of the following passwords is considered complex?
Windows Server 2012 introduces a new time-saving feature when performing tasks such as AD defragmentation. What is that feature?
Restartable Active Directory Domain Services
Which utilities do you use to set up loopback policies?
Group Policy Management Editor
Which of the following Windows 8.1 and Windows Server 2012 R2 features can speed up the performance of processing synchronous policy settings
What happens when an application deployed via group policies becomes damaged or corrupt?
The installer will detect and reinstall or repair the application
Where is the default location for ADMX files?
C:\Windows\PolicyDefinitions
GPOs are processed on computer startup and after logon. Why is the user never aware of the processing ?
processing is hidden from the user
In which order are Group Policy objects (GPOs) processed?
Local group policy, site, domain, OU
To use WMI filters, you must have one domain controller running which version of Windows Server or higher?
By default which GPO permissions are all authenticated users given?
How many WMI filters can be configured for a GPO?
the ADM format for newer operating systems
Windows installer cannot install .exe files. To distribute a software package that installs with an .exe file, what must you do to do it?
convert it to an MSI file
Which feature affects all users in the domain, including domain controllers?
Where would using Replace mode GPOs be appropriate?
What language are ADMX files based on?
When configuring Group policy to deploy applications, the applications must be mapped to where?
If you, as administrator, change an installed application, how do you update your users?
by redeploying the application via the GPO
What is the filename extension for the files in which installation information is stored?
What is the name of the software component used for installation, maintenance, and removal of software on Windows?
What is the default timeout value for GPOs to process on system startup?
The downward flow of group policies is known as what feature of GPOs?
How are client-side extensions applied?
to the local computer or currently logged-on user
Unlike ADM files, ADMX files are not stored where?
Where is the Central store located?
At what point are WMI filters evaluated?
when the policy is processed
What is the best method of dealing with slow-link processing?
changing the slow-link policy processing behavior
What kind of group policies should you enable for student computers?
What is the first step in the GPO processing order?
The computer establishes a secure link to the domain controller
What are MST files used for?
They deploy customized software installation files
An application cannot be published to a ___________
When you're about to reset domain policy and domain controllers policy back to default with the dcgpofix.exe command, what final warning are you given before you accept the change?
that all users Rights Assignments will be replaced
What process grants permission to other users to manage group policies?
What is a collection of files store in the SYSVOL (%SystemRoot%\SYSVOL\,\Policies\) of each domain controller?
Group Policy template (GPT)
If you don't want a GPO to apply, which group policy permission do you apply to a user or group?
Which utility do you use to create GPO preferences?
Group Policy Management Editor
What object can you create to organize Registry preference items?
Which Windows extension allows you to add, replace or delete sections or properties in configuration settings or setup information files?
Which domain users are automatically granted permissions to preform Group Policy Management task?
For GPP editing states, which key do you use to toggle Enable Current?
Which term describes changing the scope of individual preferences items so that the preference items apply only to selected users or computers?
To give someone permission to manage a particular GPO, you use the ______________ tab of the individual GPO.
Which Windows extension allows you to copy registry settings and apply them to other computers' create, replace, or delete registry settings?
What is the key difference between preferences and policy settings?
Windows Settings are common configuration settings used in Windows but not used where?
Which components allows you to create multiple Registry preference items based on registry settings that you select?
What is a file that maps references to users, groups, computers and UNC paths in the source GPO to new values in the destination GPO?
What is an Active Directory object store in the Group Policy Objects container with the domain naming content of the directory basic attributes of the GPO but does not contain any of the settings?
Group Policy Container (GPC)
To support GPPs on older Windows versions (Server and Workstation), you have to install what component from Microsoft?
GPP client-Side Extensions
GPPs are divided into which two sections?
Windows and Control Panel
How do you stop processing a preference if an error occurs?
Select the Stop processing items option on the Common tab
By default, this option runs as the System account. If this option is selected, the logged-on user context is used.
Run in logged-on user's security context. |
Which of the following is the default authentication protocol for non-domain computers?
zusammenhängende Posts
Urheberrechte © © 2024 wiewird Inc.
