Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
259 Cards in this Set
- Front
- Back
|
1. What allows businesses to define, manage, access, and secure network resources including files, printers, people, and applications? |
directory service
|
|
|
2. A Windows Server 2008 computer that has been configured with the Active Directory DS role is referred to as a __________.
|
domain controller
|
|
|
3. The process of keeping each domain controller in synch with changes that have been made elsewhere on the network is called __________.
|
replication
|
|
|
4. Which of the following is not a benefit of Active Directory Domain Services?
|
personalized desktops
|
|
|
5. Interoperability with prior versions of Microsoft Windows is available in Windows Server 2008 through the use of __________.
|
functional levels
|
|
|
6. The __________ Domain Controller contains a copy of the ntds.dit file that cannot be modified and does not replicate its changes to other domain controllers within Active Directory.
|
Read-Only
|
|
|
7. The largest container object within Active Directory is a(n) __________.
|
forest
|
|
|
8. What contains the rules and definitions that are used for creating and modifying object classes and attributes within Active Directory?
|
Schema NC
|
|
|
9. What master database contains definitions of all objects in the Active Directory?
|
schema
|
|
|
10. A __________ is defined as one or more IP subnets that are connected by fast links.
|
site
|
|
|
11. What protocol has become an industry standard that enables data exchange between directory services and applications?
|
LDAP
|
|
|
12. A __________ name references an object in the Active Directory directory structure by using its entire hierarchical path, starting with the object itself and including all parent objects up to the root of the domain
|
distinguished
|
|
|
13. What locator records within DNS allow clients to locate an Active Directory domain controller or global catalog?
|
SRV records
|
|
|
14. Which functional level only allows Windows Server 2003 and Windows 2008 domain controllers?
|
Windows Server 2003
|
|
|
15. __________ is the highest available forest functional level.
|
Windows Server 2008
|
|
|
16. To raise the functional level of a forest, you must be logged on as a member of the __________ group.
|
Enterprise Admins
|
|
|
17. Active Directory uses __________ relationships to allow access between multiple domains and/or forests, either within a single forest or across multiple enterprise networks.
|
trust
|
|
|
18. What type of trust is new to Windows Server 2008 and is only available when the forest functionality is set to Windows Server 2008?
|
cross-forest trust
|
|
|
19. When a child domain is created, it automatically receives a __________ trust with its parent domain.
|
two-way transitive
|
|
|
20. If the domains within a forest are separated by slow WAN links and the tree-walking process takes an exceedingly long time to allow user authentication across domains, you can configure a __________ trust.
|
shortcut
|
|
|
1. What command can you use to run the Active Directory Installation Wizard?
|
dcpromo
|
|
|
2. What shared folder exists on all domain controllers and is used to store Group Policy objects, login scripts, and other files that are replicated domain-wide?
|
SYSVOL
|
|
|
3. What is the minimum amount of storage space required for the Active Directory installation files?
|
200 MB
|
|
|
4. What is the process of replicating DNS information from one DNS server to another?
|
zone transfer
|
|
|
5. __________ roles work together to enable the multimaster functionality of Active Directory.
|
FSMO
|
|
|
6. __________ partitions are used to separate forest-wide DNS information from domain-wide DNS information to control the scope of replication of different types of DNS data.
|
Application Directory
|
|
|
7. What processes can be used by Windows Server 2008 DNS to clean up the DNS database after DNS records become “stale” or out of date?
|
aging and scavenging
|
|
|
8. What type of zone is necessary for computer hostname-to-IP address mappings, which are used for name resolution by a variety of services?
|
forward lookup
|
|
|
9. What SRV record information serves as a mechanism to set up load balancing between multiple servers that are advertising the same SRV records?
|
priority
|
|
|
10. What new Windows Server 2008 feature is a special installation option that creates a minimal environment for running only specific services and roles?
|
Server Core
|
|
|
11. Read-Only Domain Controllers provide added security in the way passwords are stored through what feature?
|
Password Replication Policy
|
|
|
12. What feature makes it possible to configure a user as the local administrator of a specific RODC without making the user a Domain Admins with far-reaching authority over all domain controllers in your entire domain and full access to your Active Directory domain data?
|
Admin Role Separation
|
|
|
13. Each class or attribute that you add to the schema should have a valid __________.
|
OID
|
|
|
14. When modifying the schema, Microsoft recommends adding administrators to what group only for the duration of the task?
|
Schema Admins
|
|
|
15. What DLL must be registered to use the Schema Management snap-in?
|
schmmgmt.dll
|
|
|
16. What role provides developers with the ability to store data for directory-enabled applications without incurring the overhead of extending the Active Directory schema to support their applications?
|
AD LDS
|
|
|
17. What type of trust allows you to configure trust relationships between Windows Server 2008 Active Directory and a UNIX MIT Kerberos realm?
|
realm
|
|
|
18. What type of trust relationship allows you to create two-way transitive trusts between separate forests?
|
cross-forest
|
|
|
19. What utility is used to manually create trust relationships?
|
Active Directory Domains and Trusts MMC snap-in
|
|
|
20. What command-line tool is used to create, delete, verify, and reset trust relationships from the Windows Server 2008 command line?
|
netdom
|
|
|
21. Active Directory __________ provide the means by which administrators can control replication traffic.
|
sites
|
|
|
22. Domain controllers located in different sites will participate in __________ replication.
|
intersite
|
|
|
23. How often does intersite replication occur by default?
|
15 minutes
|
|
|
24. When you install the forest root domain controller in an Active Directory forest, the Active Directory Installation Wizard creates a single site named __________.
|
Default-First-Site-Name
|
|
|
25. Active Directory creates a __________ with the idea that all writeable domain controllers in a domain should communicate Active Directory information to each other, in addition to communicating forest-wide information with other domains.
|
replication topology
|
|
|
26. Replication within Active Directory will occur when which of the following conditions is met?
|
An object is added or removed from Active Directory; The value of an attribute has changed; The name of an object has changed; All of the above
|
|
|
27. When replicating information between sites, Active Directory will designate a __________ server in each site to act as a gatekeeper in managing site-to-site replication.
|
bridgehead
|
|
|
28. What describes the amount of time that it takes for all domain controllers in the environment to contain the most up-to-date information?
|
convergence
|
|
|
29. Certain operations, such as a password change or an account lockout, will be transmitted by using __________ replication, which means that the change will be placed at the “beginning of the line” and applied before any other changes that are waiting to be replicated.
|
urgent
|
|
|
30. What process is responsible for selecting a bridgehead server and mapping the topology to be used for replication between sites?
|
Intersite Topology Generator
|
|
|
31. The primary goal of intersite replication is to minimize the usage of __________.
|
bandwidth
|
|
|
32. When configuring a site link object, which attribute allows the administrator to define the path that replication will take?
|
cost
|
|
|
33. For both intrasite and intersite replication, what protocol does Active Directory use for all replication traffic?
|
RPC over IP
|
|
|
34. What is an alternative solution for intersite replication when a direct or reliable IP connection is not available?
|
SMTP
|
|
|
35. How often does replication occur in intersite replication?
|
180 minutes
|
|
|
36. The ISTG automatically assigns one server in each site as the bridgehead server unless you override this by establishing a list of __________ bridgehead servers.
|
preferred
|
|
|
37. What defines a chain of site links by which domain controllers from different sites can communicate?
|
site link bridge
|
|
|
38. What command-line tool used for monitoring Active Directory provides functionality that includes performing connectivty and replication tests?
|
dcdiag
|
|
|
39. What command-line tool can be used to manually create a replication topology if site link bridging is disabled if the network is not fully routed?
|
Repadmin
|
|
|
40. The KCC is responsible for calculating intrasite replication partners. During this process, what is the maximum number of hops that the KCC will allow between domain controllers?
|
3
|
|
|
41. What holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest?
|
global catalog
|
|
|
42. What is a partial copy of all objects from other domains within the same forest that is held on aglobal catalog server?
|
partial attribute set
|
|
|
43. What port is used by Active Directory to direct search requests to a global catalog server?
|
3268
|
|
|
44. Which of the following is not a function performed by a global catalog server?
|
maintaining a backup of all data stored on a domain controller
|
|
|
45. What Windows Server 2008 feature stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server?
|
universal group membership caching
|
|
|
46. As a rule of thumb, you should estimate __________ percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server.
|
50
|
|
|
47. How many FSMO roles does Active Directory support?
|
5
|
|
|
48. Which FSMO role is responsible for reference updates from its domain objects to other domains?
|
Infrastructure Master
|
|
|
49. Which FSMO role has the authority to manage the creation and deletion of domains, domain trees, and application data partitions in the forest?
|
Domain Naming Master
|
|
|
50. Which of these design aspects should you consider when planning the appropriate location of FSMO role holders?
|
number of domains that are or will be part of the forest; physical structure of the network; number of domain controllers that will be available in each domain; all of the above
|
|
|
51. What process is used when you move a FSMO role gracefully from one domain controller to another?
|
role transfer
|
|
|
52. What procedure is used only when you have experienced a catastrophic failure of a domain controller that holds a FSMO role and you need to recover that role?
|
role seizure
|
|
|
53. What console must be used to move the Domain Naming Master FSMO role?
|
Active Directory Domains and Trusts
|
|
|
54. What tool is used to seize a FSMO role?
|
ntdsutil
|
|
|
55. The RID Master FSMO role distributes RIDs to domain controllers in what increments?
|
500
|
|
|
56. What is used to uniquely identify an object throughout the Active Directory domain?
|
security identifier
|
|
|
57. Each object’s SID consists of two components: the domain portion and the __________.
|
relative identifier
|
|
|
58. How many RID Masters can a domain have?
|
1
|
|
|
59. What types of memberships are stored in the global catalog?
|
universal
|
|
|
60. What allows a user to be able to log on using a cached copy of his or her logon credentials that have been stored on his or her local workstation?
|
cached credentials
|
|
|
61. What is the process of confirming a user’s identity by using a known value, such as a password, pin number on a smart card, or user’s fingerprint or handprint in the case of biometric authentication?
|
authentication
|
|
|
62. What is the process of confirming that an authenticated user has the correct permissions to access one or more network resources?
|
authorization
|
|
|
63. Which of the following is not a type of user account that can be configured in Windows Server 2008?
|
network accounts
|
|
|
64. The two built-in user accounts that are created on a Windows Server 2008 computer are the Administrator account and the __________ account.
|
Guest
|
|
|
65. When a user logs on, what is created that identifies the user and all of the user’s group memberships?
|
access token
|
|
|
66. What describes the process of configuring one or more groups as members of another group?
|
group nesting
|
|
|
67. __________ groups are nonsecurity-related groups created for the distribution of information to one or more persons.
|
Distribution
|
|
|
68. __________ groups are used to consolidate groups and accounts that either span multiple domains or the entire forest.
|
Universal
|
|
|
69. All default groups are __________ groups.
|
security
|
|
|
70. __________ groups are a collection of user accounts that are local to one specific workstation or member server.
|
Local
|
|
|
71. You cannot manually modify the group membership of or view the membership lists of __________ groups.
|
special identity
|
|
|
72. What special identity group contains all authenticated users and domain guests?
|
Everyone
|
|
|
73. What special identity group is used as a reduced-privilege account to allow applications to run on a server without requiring administrative access?
|
Network Service
|
|
|
74. What special identity group is used by the system to allow permission to protected system files for services to function properly?
|
Service
|
|
|
75. What command-line utility is used to import or export Active Directory information from a comma-separated value (.csv) file?
|
CSVDE
|
|
|
76. What can be used to add, delete, or modify objects in Active Directory, in addition to modifying the schema if necessary?
|
LDIFDE
|
|
|
77. What signifies an object’s relative location within an Active Directory OU structure?
|
distinguished name
|
|
|
78. __________ name refers to each user’s login name.
|
SAM account
|
|
|
79. When using CSVDE, what is the first line of the text file that uses proper attribute names?
|
header record
|
|
|
80. What provides a robust scripting method that supports a multitude of administrative tasks including creating Active Directory objects, mapping drives, connecting to printers, modifying environment variables, and modifying registry keys?
|
Windows Script Host
|
|
|
81. A __________ is an alphanumeric sequence of characters that you enter with a username to access a server, workstation, or shared resource.
|
password
|
|
|
82. What can be defined as a password that follows guidelines that make it difficult for a potential hacker to determine the user’s password?
|
strong password
|
|
|
83. Password-__________ is an attempt to discover a user’s password.
|
cracking
|
|
|
84. Which of the following is not a characteristic of a strong password?
|
contains your birth date
|
|
|
85. What is a credit card–sized or token-style device, such as a USB device, that is used with a PIN to enable logon to the enterprise?
|
smart card
|
|
|
86. What is a system of digital certificates, certification authorities (CAs), and other registration authorities (RAs) that verify and authenticate the validity of each party involved in an electronic transaction through the use of public key cryptography?
|
PKI
|
|
|
87. Which of the following is a benefit of implementing a public key infrastructure (PKI)?
|
Users no longer need to remember passwords; All information is stored on the smart card, making it difficult for anyone except the intended user to use or access it; Smart cards can be used from remote locations, such as a home office, to provide authentication services; All of the above
|
|
|
88. What command-line tool can be used with a standard user account to reduce the risks associated with the Administrator account?
|
runas
|
|
|
89. Which OU is created by default when Active Directory is installed?
|
Domain Controllers
|
|
|
90. What tool allows you to utilize a simple interface to delegate permissions for domains, OUs, or containers?
|
Delegation of Control Wizard
|
|
|
91. What typically consists of at least four characters or digits that are entered while presenting a physical access token, such as an ATM card or smart card?
|
PIN
|
|
|
92. Password-cracking can be accomplished by intelligent guessing on the part of the hacker or through the use of an automated __________ attack.
|
dictionary
|
|
|
93. A password should be __________ characters in length to be considered a strong password.
|
8
|
|
|
94. Passwords for Windows Server 2008, Windows Vista, Windows Server 2003, and Microsoft Windows XP clients can be __________ characters in length.
|
127
|
|
|
95. What method of authentication requires a smart card and a PIN to provide more secure access to company resources?
|
two-factor authentication
|
|
|
96. To implement PKI, what must be installed on your Windows 2008 Server?
|
Active Directory Certificate Services
|
|
|
97. What dedicated workstation allows an administrator or another authorized user to preconfigure certificates and smart cards on behalf of a user or workstation?
|
smart card enrollment station
|
|
|
98. What types of certificates are generated by the enterprise CA and used to generate a smart card logon certificate for users in the organization?
|
enrollment agent
|
|
|
99. What component issues and manages certificates for individuals, computers, and organizations?
|
Certification Authority
|
|
|
100. Where is the certificate database located on a Certification Authority?
|
C:\Windows\system32\CertLog
|
|
|
101. What is a method of controlling settings across your network?
|
Group Policy
|
|
|
102. What process applies Group Policy settings to various containers within Active Directory?
|
linking
|
|
|
103. What policies can be used to ensure that users always have the latest versions of applications?
|
software installation
|
|
|
104. What policies work with folder redirection to provide the ability to cache files locally?
|
offline file storage
|
|
|
105. What advanced technique allows you to apply GPO settings to only one or more users or groups within a container by selectively granting the “Apply Group Policy” permission to one or more users or security groups?
|
security group filtering
|
|
|
106. What can be measured by tangible benefits, such as implementation costs and ongoing support?
|
return on investment
|
|
|
107. Administrators find that Group Policy implementation helps them to achieve __________.
|
centralized management
|
|
|
108. Which of the following is an administrative benefit of using Group Policy?
|
Administrators have control over centralized configuration of user settings, application installation, and desktop configuration; Problems due to missing application files and other minor application errors often can be alleviated by the automation of application repairs; Centralized backup of user files eliminates the need and cost of trying to recover files from a damaged drive; All of the above
|
|
|
109. What contains all of the Group Policy settings that you wish to implement to user and computer objects within a site, domain, or OU?
|
Group Policy Objects
|
|
|
110. Which of the following is not a type of GPO?
|
advanced GPO
|
|
|
111. Local GPO settings are stored in what folder on a computer?
|
%systemroot%/System32/GroupPolicy
|
|
|
112. What directory object includes subcontainers that hold GPO policy information?
|
Group Policy container
|
|
|
113. What is the path to the default GPT structure for a domain?
|
%systemroot%\sysvol\sysvol\domain.com\Policies
|
|
|
114. The __________ Policy is linked to the domain, and its settings affect all users and computers in the domain.
|
Default Domain
|
|
|
115. What Microsoft Management Console (MMC) snap-in is used to create and modify Group Policies and their settings?
|
Group Policy Management Console
|
|
|
116. Group policy is divided into two subcategories, or nodes, that are named Computer Configuration and __________.
|
User Configuration
|
|
|
117. What folder located under the Computer Configuration node in the Group Policy Management Editor contains security settings and scripts that apply to all users who log on to Active Directory from that specific computer?
|
Windows Settings
|
|
|
118. What means that each policy must be read and applied completely before the next policy can be invoked?
|
synchronous processing
|
|
|
119. Configuring what setting on an individual GPO link forces a particular GPO’s settings to flow down through the Active Directory without being blocked by any child OUs?
|
Enforce
|
|
|
120. What allows the Group Policy processing order to circle back and reapply the computer policies after all user policies and logon scripts run?
|
Loopback Processing
|
|
|
121. What Computer Configuration node setting includes three subcategories: Audit Policy, User Rights Assignment, and Security Options?
|
Local Policies
|
|
|
122. What policies can be applied to one or more users or groups of users, allowing you to specify a more or less stringent password policy for this subset than the password policy defined for the entire domain?
|
Fine-Grained Password Policies
|
|
|
123. What is the default mechanism for authenticating domain users in Windows Server 2008, Windows Server 2003, and Microsoft Windows 2000?
|
Kerberos
|
|
|
124. What term refers to tracking events that take place on the local computer?
|
auditing
|
|
|
125. What section of GPO Local Policies allows administrators to log successful and failed security events such as logon events, account access, and object access?
|
Audit Policy
|
|
|
126. What policy setting is set to audit successes in the Default Domain Controllers GPO?
|
account management events
|
|
|
127. What policy setting allows an administrator to specify group membership lists?
|
Restricted Groups
|
|
|
128. Settings available in the __________ area of Group Policy allow greater administrative control in establishing rules and governing the issuance, maintenance, and guidelines within a public key infrastructure (PKI).
|
Public Key Policies
|
|
|
129. What provides administrators with the ability to redirect the contents of certain folders to a network location or to another location on the user’s local computer?
|
Folder Redirection
|
|
|
130. What term means that the Group Policy setting continues to apply until it is reversed by using a policy that overwrites the setting?
|
tattooing
|
|
|
131. What separate Group Policy category allows files to be available to users, even when the users are disconnected from the network?
|
Offline Files
|
|
|
132. By implementing the __________ feature when Folder Redirection is also configured, administrators can control the amount of information that is stored on the server.
|
Disk Quotas
|
|
|
133. If you set the refresh interval to zero, the system attempts to update the policy at what interval?
|
every 7 seconds
|
|
|
134. What command-line tool can be used to manually refresh group policy?
|
gpupdate.exe
|
|
|
135. How often are Computer Configuration group policies refreshed by default?
|
every 90 minutes
|
|
|
136. What policy can specify software that you wish to run on computers?
|
Software Restriction Policies
|
|
|
137. Which of these is not an option when configuring Fine-Grained Password Policies?
|
PasswordCommonNameUsage
|
|
|
138. What setting logs events related to successful user logons to a domain?
|
Account Logon Events
|
|
|
139. What category is used to configure the startup and security settings for services running on a computer?
|
System Services
|
|
|
140. Where can you configure the Group Policy refresh interval?
|
Computer Configuration\AdministrativeTemplates\System\Group Policy
|
|
|
141. What process takes place from the time an application is evaluated for deployment in an organization until the time when it is deemed old or not suitable for use?
|
software life cycle
|
|
|
142. Which of the following is not a phase of the software life cycle?
|
evaluation
|
|
|
143. Microsoft Windows Server 2008 uses the Windows Installer with Group Policy to install and manage software that is packaged into what type of file?
|
.msi
|
|
|
144. Modifications to .msi files require transform files, which have the __________ extension.
|
.mst
|
|
|
145. __________ files are used to apply service packs and hotfixes to installed software.
|
Patch
|
|
|
146. Before deploying software using Group Policy, what must you create?
|
distribution share
|
|
|
147. What option allows users to install the applications that they consider useful to them?
|
Publish
|
|
|
148. What option is helpful when you are deploying required applications to pertinent users and computers?
|
Assign
|
|
|
149. What allows published applications to be organized within specific groupings for easy navigation?
|
software categories
|
|
|
150. What policies are designed to identify software and control its execution?
|
Software Restriction
|
|
|
151. When configuring Software Restriction policies, which option prevents any application from running that requires administrative rights, but allows programs to run that only require resources that are accessible by normal users?
|
Basic User
|
|
|
152. By default, the Software Restriction Policies area has what value in the Default Security Level setting?
|
Unrestricted
|
|
|
153. Which of the following is a software restriction rule that can be used to govern which programs can or cannot run on your network?
|
hash rule; certificate rule; Path rule; all of the above
|
|
|
154. What is a series of bytes with a fixed length that uniquely identifies a program or file?
|
hash
|
|
|
155. What identifies software by specifying the directory path where the application is stored in the file system?
|
path rule
|
|
|
156. What type of rule can be applied to allow only Windows Installer packages to be installed if they come from a trusted area of the network?
|
network zone rules
|
|
|
157. When implementing multiple Software Restriction Policy rules, which rule is always applied last?
|
path rule
|
|
|
158. What Software Restriction Policy properties allow you to determine whether the policies apply to all files or whether library files, such as Dynamic Link Library (DLL), are excluded?
|
enforcement
|
|
|
159. What Software Restriction Policy properties allow an administrator to control how certificate rules are handled?
|
trusted publishers
|
|
|
160. What type of file can be written to allow non–Windows Installer–compliant applications to be deployed?
|
.zap
|
|
|
161. What MMC snap-in provides a single access point to all aspects of Group Policy that were previously spread across other tools such as Active Directory Users and Computers, Active Directory Sites and Services, Resultant Set of Policy (RSoP), and the Group Policy Management Editor?
|
Group Policy Management
|
|
|
162. Which of the following can be done from the Group Policy Management snap-in?
|
import and copy GPO settings to and from the file system; search for GPOs based on name, permissions, WMI filter, GUID, or policy extensions set in the GPOs; search for individual settings within a GPO by keyword, and search for only those settings that have been configured; all of the above
|
|
|
163. Group Policy Management started being natively installed with what version of Windows Server?
|
2008
|
|
|
164. What tab displays groups and users with permission to link, perform modeling analyses, or read Group Policy Results information?
|
Delegation
|
|
|
165. When a GPO is selected in Group Policy Management, which tab allows administrators to view the locations to which the policy is linked?
|
Scope
|
|
|
166. __________ GPOs can act as templates when creating new GPOs for your organization.
|
Starter
|
|
|
167. What setting will prevent policy settings from applying to all child objects at the current level and all subordinate levels?
|
Block Policy Inheritance
|
|
|
168. What refines the application of a GPO to include or exclude certain users, groups, or computers based on the ACL that is applied to the GPO?
|
Security Group Filtering
|
|
|
169. What component of the Microsoft Windows operating system allows administrators to create queries based on hardware, software, operating systems, and services?
|
Windows Management Instrumentation
|
|
|
170. How many WMI filters can be configured per GPO?
|
one
|
|
|
171. What is the sum of the policies applied to a user or computer after all filters, security group permissions, and inheritance settings, such as Block Policy Inheritance and Enforce, have finished processing?
|
Effective Permissions
|
|
|
172. Which mode in the Resultant Set of Policy Wizard is useful for documenting and understanding how combined policies are affecting users and computers?
|
Logging
|
|
|
173. What database of information includes hardware, Group Policy Software Installation settings, Internet Explorer Maintenance settings, scripts, Folder Redirection settings, and Security settings?
|
CIMOM
|
|
|
174. Group Policy __________ is used to simulate the effect of a policy on the user environment.
|
Modeling
|
|
|
175. Rather than simulating policy effects like the Group Policy Modeling Wizard, what obtains RSoP information from the client computer to show the actual effects that policies have on the client computer and user environment?
|
Group Policy Results
|
|
|
176. What command-line tool allows you to create and display an RSoP query from the command line?
|
GPResult
|
|
|
177. What would the syntax of the GPResult command be if you want to obtain RSoP information on computer and user policies that will affect a user named jsmith?
|
gpresult /user jsmith /v
|
|
|
178. Which mode in the Resultant Set of Policy Wizard allows administrators to simulate the effect of policy settings prior to implementing them on a computer or user?
|
Planning
|
|
|
179. WMI filters cannot be evaluated on which operating system?
|
Windows 2000
|
|
|
180. WMI Filtering uses filters written in what language, which is similar to structured query language (SQL)?
|
WMI Query Language
|
|
|
181. What is responsible for managing changes to the Active Directory database?
|
Extensible Storage Engine
|
|
|
182. Changes in Active Directory are referred to as __________.
|
transactions
|
|
|
183. Active Directory writes transactions to the __________ log file.
|
transaction
|
|
|
184. What manual process defragments the Active Directory database in addition to reducing its size?
|
offline defragmentation
|
|
|
185. To back up Active Directory, you must install what feature from the Server Manager console?
|
Windows Server Backup
|
|
|
186. What new command-line and task-based scripting technology is included with Windows Server 2008?
|
Windows PowerShell
|
|
|
187. Server Backup does not support the use of which type of backup media?
|
magnetic tape
|
|
|
188. Which backup type will update each file’s backup history and clear the Application log files?
|
VSS full backup
|
|
|
189. What is the command-line component of the Windows Server Backup snap-in?
|
wbadmin
|
|
|
190. What type of restore will restore Active Directory objects with their original Update Sequence Number (USN), which is the number that each domain controller assigns to every transaction that is either originated on the DC or replicated in from another domain controller?
|
nonauthoritative restore
|
|
|
191. To perform a System State restore in Windows Server 2008, you will boot the DC into what mode?
|
Directory Services Restore
|
|
|
192. What tool in Windows Server 2008 allows you to collect real-time information on your local computer or from a specific computer to which you have permissions?
|
Reliability and Performance Monitor
|
|
|
193. What are the specific processes or events that you want to track in the Reliability and Performance Monitor?
|
performance counters
|
|
|
194. Configuring Active Directory diagnostic event logging requires that you edit what registry key?
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
|
|
|
195. What logging setting should you use if Minimal logging is not producing sufficient error messages to allow you to troubleshoot a particular issue?
|
Basic
|
|
|
196. What command-line tool can analyze the state of the domain controllers in the forest or enterprise and report any problems to assist in troubleshooting?
|
dcdiag
|
|
|
197. The Reliability and Performance Monitor uses categories called performance __________ to organize the items that can be monitored.
|
objects
|
|
|
198. What in the event log is indicated by a red circle with an X on it?
|
stop error
|
|
|
199. If you find yourself in a position where you need to restore an object or container within Active Directory that has been inadvertently deleted, you need to perform what type of restore?
|
authoritative restore
|
|
|
200. In Windows Server 2008, you must back up __________ rather than only backing up the System State data.
|
critical volumes
|
|
|
201. What is the name resolution mechanism that computers use for all Internet communications and for private networks that use the Active Directory domain services included with Microsoft Windows Server 2008, Windows Server 2003, and Windows 2000 Server?
|
DNS
|
|
|
202. What represents the computer’s IP address in applications and other references?
|
host name
|
|
|
203. Which of the following is not a column of the host table?
|
distinguished name
|
|
|
204. What has direct access to at least one name server and can also process referrals to direct its queries to other name servers when necessary?
|
resolver
|
|
|
205. What resource record identifies which name server is the authoritative source of information for data within this domain?
|
Start of Authority (SOA)
|
|
|
206. What resource record provides the name-to-IP-address mappings that DNS name servers use to perform name resolution?
|
Host (A)
|
|
|
207. What resource record is the functional opposite of the A record, providing an IP address-to-name mapping for the system identified in the Name field using the in-addr.arpa domain name?
|
Pointer (PTR)
|
|
|
208. What are the highest-level DNS servers in the entire namespace?
|
root name server
|
|
|
209. What is the process by which one DNS server sends a name resolution request to another DNS server?
|
referral
|
|
|
210. In what type of query does the server that receives the name resolution request immediately respond to the requester with the best information it possesses?
|
iterative
|
|
|
211. What DNS server contains no zones and hosts no domains?
|
caching-only server
|
|
|
212. What DNS server receives queries from other DNS servers that are explicitly configured to send them?
|
forwarder
|
|
|
213. What type of zone contains the master copy of the zone database in which administrators make all changes to the zone’s resource records?
|
primary zone
|
|
|
214. What type of zone forwards or refers requests to the appropriate server that hosts a primary zone for the selected query?
|
stub zone
|
|
|
215. What can be configured to enable enterprise-wide NetBIOS name resolution for your clients and servers?
|
WINS
|
|
|
216. What Windows Server 2008 service can you use to protect sensitive data on a Windows network?
|
AD RMS
|
|
|
217. What role allows administrators to configure Single Sign-On (SSO) for Web-based applications across multiple organizations without requiring users to remember multiple usernames and passwords?
|
AD FS
|
|
|
218. In terms of AD FS, what organizations contain the user accounts that are accessing the resources controlled by resource organizations, similar to a trusted domain in a traditional Windows trust relationship?
|
account organizations
|
|
|
219. What will forward queries selectively based on the domain specified in the name resolution request?
|
conditional forwarder
|
|
|
220. What type of zone is a read-only copy of the data that is stored within a primary zone on another server?
|
secondary zone
|
|
|
221. What enables network administrators and owners to configure access rights for users during the users’ entire lifecycle within an organization?
|
Identity Lifecycle Management
|
|
|
222. What role in ILM is to provide services for managing public key certificates that can be used by any security system that relies on a PKI for authentication or authorization?
|
Active Directory Certificate Services
|
|
|
223. What consists of a number of elements that allow two parties to communicate securely, without any previous communication, through the use of a mathematical algorithm called public key cryptography?
|
public key infrastructure
|
|
|
224. What is a secret piece of information that is shared between two parties prior to being able to communicate securely?
|
shared secret key
|
|
|
225. What is an entity that issues and manages digital certificates for use in a PKI, such as a Windows Server 2008 server running the AD CS server role?
|
Certificate Authority
|
|
|
226. What electronic piece of information proves the identity of the entity that has signed a particular document?
|
digital signature
|
|
|
227. What are small physical devices on which a digital certificate is installed that are usually the size of a credit card or keychain fob?
|
smart cards
|
|
|
228. What is used to request certificates on behalf of a user, computer, or service if self-enrollment is not practical or is otherwise an undesirable solution for reasons of security or auditing?
|
enrollment agents
|
|
|
229. What service allows devices, such as hardware-based routers and other network devices and appliances, to enroll for certificates within a Windows Server 2008 PKI that might not otherwise be able to do so?
|
Network Device Enrollment Service
|
|
|
230. What ACL specifically allows users or computers to be automatically issued certificates based on a template?
|
Autoenroll
|
|
|
231. What enables a user to manually create a certificate request file using the Certificates MMC snap-in?
|
Certificate Request Wizard
|
|
|
232. Users with what predefined security role are tasked with issuing and managing certificates, including approving certificate enrollment and revocation requests?
|
Certificate Manager
|
|
|
233. Which of the following are not able to be performed by those with the Auditor predefined security role?
|
define key recovery agents
|
|
|
234. What identifies certificates that have been revoked or terminated?
|
Certificate Revocation List
|
|
|
235. What is the process by which private keys are maintained by the CA for retrieval by a recovery agent?
|
key archival
|
|
|
236. What type of CA is not integrated with Active Directory and relies on administrator intervention to respond to certificate requests?
|
standalone CA
|
|
|
237. What type of CA can use certificate templates as well as Group Policy Objects to allow auto-enrollment of digital certificates, as well as store digital certificates within the Active Directory database for easy retrieval by users and devices?
|
enterprise CA
|
|
|
238. What service responds to requests from clients concerning the revocation status of a particular certificate, returning a digitally signed response indicating the certificate’s current status?
|
Online Responder
|
|
|
239. What is at the top level of a CA hierarchy?
|
root CA |
