Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
91 Cards in this Set
- Front
- Back
|
If you configure a trust between ForestA and ForestB, and a trust already exists between ForestB and ForestC, then ForestA trusts ForestC. True or False? |
false |
|
|
The Windows Server 2008 R2 domain functional level supports Authentication Policy Silos. True or False? |
false |
|
|
What term is used for transferring Active Directory information among domain controllers? |
Replication |
|
|
Which of the following is a component of Active Directory's physical structure? |
Sites |
|
|
Which of the following is not a function of the global catalog? |
Facilitates inter-site replication |
|
|
You have an Active Directory forest of two trees and eight domains. You haven't changed any of the operations master domain controllers. On which domain controller is the schema master? |
The first domain controller in the forest root domain |
|
|
Which of the following is true about installing WSUS? |
The Web Server role is also installed., Clients can begin using WSUS as soon as it's installed. |
|
|
Which of the following is a method for adding computers to WSUS groups? |
Client-side targeting |
|
|
Which of the following is true about automatic approvals? |
You can change the update classification of the default rule., You can set a deadline to force an update |
|
|
What should you create if you need to service multiple IPv4 subnets on a single physical network? |
Super scope |
|
|
What do you configure if you need to assign addresses dynamically to applications or services that need a class D IP address? |
Multicast scope |
|
|
Which of the following uses digital signatures contained in DNSSEC related resource records to verify DNS responses? |
Zone signing |
|
|
Which security feature should you use if you want to prevent DNS records retrieved from other DNS servers from being overwritten until the TTL is at least 75% expired? |
Cache locking |
|
|
If you disable the option to use root hints when no forwarders are available, what are you doing? |
Disabling recursion |
|
|
Which of the following is true about the DHCP protocol? |
There are eight message types, It uses the UDP Transport-layer protocol |
|
|
Which of the following is an example of what a server uses storage for? |
Page file, Virtual machines, Documents |
|
|
Which of the following is the correct sequence of steps for creating a volume with Storage Spaces? |
Disk pool, virtual disk, volume |
|
|
You need a disk system that provides the best performance for a new application that frequently reads and writes data to the disk. You aren't concerned about disk fault tolerance because the data will be backed up each day; performance is the main concern. What type of volume arrangement should you use? |
RAID 0 volume |
|
|
The Network Access Permission attribute for a user account is set to which of the following by default? |
Allow access |
|
|
Remote access is denied to users by default. Which of the following must you do to allow users to connect via remote access? |
Configure settings in the Routing and Remote Access console |
|
|
Which of the following is a benefit of using a PKI instead of self-signed certificates when configuring Direct Access? |
Better security |
|
|
Which of the following needs to be configured on the firewall to allow PPTP VPN connections? |
TCP port 1723, IP protocol ID 47 |
|
|
Which of the following can benefit from using the Branch Cache role service? |
File Server, Web Server, Background Intelligence Transfer Service |
|
|
Which mode should you configure if you want to support multiple subnets? |
Hosted cache mode |
|
|
Which of the following is a requirement for configuring a server in hosted cache mode? |
Windows Server 2008 R2 or later |
|
|
Which FSRM feature should you use if you want to set certain attributes of a file automatically based on its contents? |
Classification Management |
|
|
Which of the following is a file attribute containing a value that's used to categorize the data in a file or an aspect of the file, such as its location or creation time? |
Classification property |
|
|
You want to use a predefined classification property named Confidentiality. What should you do before you use this property the first time? |
Run the update-FsrmclassificationPropertyDefinition cmdlet |
|
|
You want a security event to be created whenever a user who's a member of the accounting group accesses a file named payroll on any server on the network. What should you do? |
Create a global object access auditing policy and add the accounting group to the SACL |
|
|
A group of consultants has been hired to do some work for your company. The consultants need access to some shared files on your Windows Server 2012 R2 systems. They will be bringing their laptops that run Linux. You have learned that they're required to use the native file-sharing system on their laptops. What should you do to facilitate sharing the files on your servers? |
Install the Server for NFS role service on your servers |
|
|
Which of the following is a logical storage space consisting of one or more virtual disks in an iSCSI system? |
iSCSI target |
|
|
You want to optimize the space used by your Hyper-V virtual machine's virtual disks. You're running Hyper-V on Windows Server 2012 R2 servers. What feature can you use to ensure that your VMs are taking no more space than necessary on your storage system? |
Automatic trim and unmap |
|
|
Which of the following is a network share containing the files required to install roles, role services, and features on Windows Server 2012/R2 servers? |
Feature file store |
|
|
You need a highly available file-sharing system that accommodates the native Linux and UNIX file-sharing protocol. What do you need to configure? |
A Network File System data store |
|
|
Users usually notice a failure of the domain naming master immediately. True or False? |
false |
|
|
You have an Active Directory forest of two trees and eight domains. You haven't changed any of the operations master domain controllers. On which domain controller is the schema master? |
The first domain controller in the forest root domain |
|
|
Users of a new network subnet have been complaining that logons and other services are taking much longer than they did before being moved to the new subnet. You discover that many logons and requests for DFS resources from clients in the new subnet are being handled by domain controllers in a remote site instead of local domain controllers. What should you do to solve this problem? |
Create a new subnet and add the subnet to the site that maps to the physical location of the clients |
|
|
You want to decrease users' logon time at Site A but not increase replication traffic drastically. You have 50 users at this site with one domain controller. Overall, your network contains 3000 user and computer accounts. What solution can decrease logon times with the least impact on replication traffic? |
Enable universal group membership caching |
|
|
Which of the following configurations should you avoid? |
Infrastructure master configured as a global catalogue server |
|
|
User authentications are taking a long time. The domain controller performing which FSMO role will most likely decrease authentication times if it's upgraded? |
PDC emulator |
|
|
You have an application integrated with AD DS that maintains Active Directory objects containing credential information, and there are serious security implications if these objects are compromised. An RODC at one branch office isn't physically secure, and theft is a risk. How can you best protect this application's sensitive data? |
Configure the PRP for the RODC, and specify a Deny setting for the application object |
|
|
Where would you find files related to logon and logoff scripts in an Active directory environment? |
C:\Windows\NTDS |
|
|
Which command must you use to restore deleted Active Directory objects in a domain with two or more writeable DCs if the Active Directory Recycle Bin isn't enabled? |
ntdsutil with the authoritative restore command |
|
|
What's the term for removing deleted objects in Active Directory? |
Garbage collection |
|
|
Which of the following is the period between an object being deleted and being removed from the Active Directory database? |
Tombstone lifetime |
|
|
Which of the following is a reason for establishing multiple sites? |
Improving authentication efficiency, Reducing traffic on the WAN |
|
|
In a Windows domain running Windows Server 2012 R2, account lockout is enabled by default. True or False? |
false |
|
|
Where are user accounts stored on a stand-alone computer? |
SAM database |
|
|
You discovered that a user changed his password 10 times in one day. When you ask why he did this, he replied that the system required him to change his password. He wanted to use his favorite password, but the system wouldn't accept it until he changed it 10 times. What should you do to prevent this user from reusing the same password for at least 60 days? |
Change the value for the "Minimum password age" setting |
|
|
A user is logged on to a Windows Server 2012 R2 domain from a Windows 8.1 computer and requests access to a shared folder. What must the user account request before the shared folder can be accessed? |
A service ticket |
|
|
group of users in the Research Department has access to sensitive company information, so you want to be sure the group members' passwords are strong, with a minimum length of 12 characters and a requirement to change their passwords every 30 days. The current password policy requires passwords with a minimum length of 7 characters that users must change every 120 days. You don't want to inconvenience other users in the domain by mak-ing their password policies more stringent. What can you do? |
Create a PSO in ADAC, configure the password policy, and link it to the Research Department OU |
|
|
Which of the following is used to uniquely identify a service instance to a client? |
Service ticket |
|
|
You have created an MSA on DC1 to run a service on the IdsServ1 server. What's the last thing you should do before using the Services MMC to configure the service to use the new MSA? |
On DC1, run the Install -ADServiceAccount cmdlet |
|
|
You have four servers running a service in a load-balancing configuration, and you want the services on all four servers to use the same service account. What should you do? |
Create a group and add the servers' computer accounts to it. Run the New-ADServiceAccount cmdlet |
|
|
Which of the following can you use to create user accounts on a domain controller? |
New-ADUser, dsadd user |
|
|
Which of the following is true about GPOs? |
They affect all groups in their scope., They can be linked to a site, Account policies are under the Computer Configuration node |
|
|
Which of the following is included in account policies for a GPO? |
Password Policy, Account Lockout Policy, Kerberos Policy |
|
|
Which of the following is true about user accounts in a Windows Server 2012/R2 domain? |
The username can be from 1 to 20 characters, The username can't be duplicated in the domain |
|
|
Which of the following is a built-in service account? |
Local system, Network Service |
|
|
Which of the following is an advantage of using a managed service account instead of a regular user account for service logon? |
The system manages passwords., You can assign rights and permissions precisely., You can use the account to log on interactively |
|
|
When you restore a GPO, it's automatically linked to any containers it was linked to at the time you performed the backup. True or False? |
true |
|
|
You have created a GPO named RestrictU and linked it to the Operations OU (containing 30 users) with link order 3. RestrictU sets several policies in the User Configuration node. After a few days, you realize the Operations OU has three users who should be exempt from the restrictions in this GPO. You need to make sure these three users are exempt from RestrictU's settings, but all other policy settings are still in effect for them. What's the best way to proceed |
Set the Enforced option on RestrictU with a WMI filter that excludes the three user accounts |
|
|
You need to move some user and computer accounts in Active Directory, but before you do, you want to know how these accounts will be affected by the new group policies they'll be subject to. What can you do?
|
Run Group Policy Modeling
|
|
|
You want to create policies in a new GPO that affects only computers with Windows 7 installed. You don't want to reorganize your computer accounts to do this, and you want computers that are upgraded to Windows 8 to fall out of the GPO's scope automatically. What can you do
|
Configure a WMI filter on the GPO that specifies Windows 7 as the OS. Link the GPO to the domain |
|
|
An OU structure in your domain has one OU per department, and all the computer and user accounts are in their respective OUs. You have configured several GPOs defining computer and user policies and linked the GPOs to the domain. A group of managers in the Marketing Department need different policies from the rest of the Marketing Department users and computers, but you don't want to change the top-level OU structure. Which of the following GPO processing features are you most likely to use?
|
WMI filtering |
|
|
You have just made changes to a GPO that you want to take effect as soon as possible on several user and computer accounts in the Sales OU. Most of the users in this OU are cur-rently logged on to their computers. There are about 50 accounts. What's the best way to get these accounts updated with the new policies as soon as possible?
|
Run the Get -ADComputer and Invoke-GPUpdate PowerShell cmdlets
|
|
|
You have just finished configuring a GPO that modifies several settings on computers in the Operations OU and linked the GPO to the OU. You right-click the Operations OU and click Group Policy Update. You check on a few computers in the Operations department and find that the policies haven't been applied. On one computer, you run gpupdate, and the policies are applied correctly. What's a likely reason the policies weren't applied to all computers when you tried to update them remotely?
|
The Operations OU has Block Inheritance set |
|
|
A junior administrator deleted a GPO accidentally, but you had backed it up. What should you do to restore the deleted GPO?
|
Right-click the Group Policy Objects folder and click Manage Backups |
|
|
You were hired to fix problems with group policies at a company. You open the GPMC to look at the default GPOs and see that extensive changes have been made to both. You want to restore settings to a baseline so that you know where to start. What should you do?
|
Run gpofix |
|
|
What kind of group policy processing always occurs when a user is logged on to the computer at the time a group policy refresh occurs?
|
Background processing |
|
|
Users who log on from a branch office connected to the DC via a slow WAN link are complaining of slow logon times whenever you assign applications via group policies. What can you do to speed their logons?
|
Disable group policy caching |
|
|
None of the computers in an OU seem to be getting computer policies from the GPO linked to the OU, but users in the OU are getting user policies from this GPO. Which of the following is a possible reason that computer policies in the GPO aren't affecting the computers?
|
The Computer Configuration settings are disabled, The computer accounts have Deny Read permission |
|
|
The IP address for the DNS server for the primary domain csmpub.local has just been changed. You have a stub zone named csmpub.local on another server. You need to update the NS record in the stub zone. True or False? |
false |
|
|
The entire DNS tree is referred to as which of the following? |
DNS namespace |
|
|
Which of the following accurately represents an FQDN? |
host.domain.top-level-domain.subdomain |
|
|
What type of DNS server maintains a database containing addresses of name servers for domains such as microsoft.com, yahoo.com, netacad.net, and data.gov? |
Secondary server |
|
|
What type of resource record is necessary to get a positive response from the command nslookup 192.168.100.10? |
PTR |
|
|
What type of zone should you create that contains records allowing a computer name to be resolved from its IP address? |
RLZ |
|
|
You have a DNS server running Windows Server 2012 R2 named DNS1 that contains a primary zone named csmtech.local. You have discovered a static A record for a server name DB1 in the zone, but you know that DB1 was taken offline several months ago. Aging and scavenging are enabled on the server and the zone. What should you do first to ensure that stale static records are removed from the zone? |
Enable the Advanced View setting in DNS Manager |
|
|
You have a DNS server outside your company's firewall that's a stand-alone Windows Server 2012 R2 server. It hosts a primary zone for the public Internet domain name, which is dif-ferent from the internal Active Directory domain names. You want one or more of your internal servers to be able to handle DNS queries for the public domain and serve as a backup for the primary DNS server outside the firewall. Which configuration should you choose for internal DNS servers? |
Configure a standard secondary zone |
|
|
The DNS server at your company's headquarters holds a standard primary zone for the abc.com domain. A branch office connected by a slow WAN link holds a secondary zone for abc.com. Updates to the zone aren't frequent. How can you decrease the amount of WAN traffic caused by the secondary zone checking for zone updates? |
In the SOA tab of the zone's Properties dialog box, increase the Refresh interval timer |
|
|
You have delegated a subdomain to a zone on another server. Several months later, you hear that DNS clients can't resolve host records in the subdomain. You discover that the IP address scheme was changed recently in the building where the server hosting the subdo-main is located. What can you do to make sure DNS clients can resolve hostnames in the subdomain? |
Edit the NS record in the delegated zone on the parent DNS server |
|
|
You're in charge of a standard primary zone for a large network with frequent changes to the DNS database. You want changes to the zone to be transmitted as quickly as possible after a change has been made to all secondary servers. What should you configure and where? |
Configure DNS notifications on the primary zone |
|
|
You have a server named DNS1 with a zone named csmtech.local. Several computers use DHCP for IP address assignment, and their IP addresses change often. Client computers are often unable to communicate with some of these computers until they clear their local DNS caches. What can you do to reduce the problem? |
Set the minimum (default) TTL on the zone to a lower value |
|
|
You have a zone containing two "A" records for the same hostname, but each A record has a different IP address configured. The host records point to two servers hosting a high-traffic Web site, and you want the servers to share the load. After some testing, you find that you're always accessing the same Web server, so load sharing isn't occurring. What can you do to solve the problem? |
Enable the round-robin option on the server |
|
|
You have three servers providing the Kerberos authentication service—DC1, DC2, and DC3—and an SRV record for each server. You want to make sure DC1 handles 30% of the requests for the Kerberos server, DC2 handles 50% of the requests, and DC3 handles 20% of the requests. Currently, all settings for SRV records are at the default values. What should you configure? |
The weight on each SRV record |
|
|
You want to verify whether a PTR record exists for the Serv2.csmpub.local host, but you don't know the IP address. Which of the following commands should you use? |
ns lookup Serv2 . csmpub . local and then nslookup IPAddress returned from the first ns lookup |
|
|
Which of the following is not an advantage of using Active Directory integrated zones? |
Can be stored on member servers |
|
|
You have an application that needs to contact an LDAP server without knowing the name or address of the server. What kind of record can you create in DNS? |
SRV |
|
|
Which of the following is true about a stub zone? |
It's not authoritative for the zone, It holds mostly A records, It contains SOA and NS records |
|
|
You want a DNS server to be able to respond to queries for a domain in a standard primary zone hosted on another DNS server. You don't want the server to be authoritative for that zone. How should you configure the server? |
Configure a stub zone on the DNS server, Configure a conditional forwarder on the DNS server |
