|
What kind of RADIUS server is places between the RADIUS user and RADIUS client? |
RADIUS proxy server |
|
What process determines what a user is permitted to do on a computer or on a network? |
Authorization |
|
Which system, in a RADIUS infrastructure, handle the switchboard duties of relating request to the RADIUS server and back to the client? |
The access server |
|
What type of NPS authentication is recommended over password authentication? |
Certificate |
|
Where do you get certificates for authentication purposes? |
A certificate authority |
|
The default connection request policy uses NPS as what kind of server? |
RADIUS |
|
What command-line utility is uses to important and export NPS templates? |
Netsh |
|
Network policies determine what two important connectivity constraints? |
Who is authorized to connect and the connection circumstances for connectivity |
|
Which two of the following are Routing and Remote Access IP settings? |
Client May Request an IP Address and server Must Supply and IP Address |
|
Network Access Protection (NAP) is Microsoft’s software for controlling network access of computers based on what? |
A computer’s overall health |
|
Identify two remediation server types |
Anti-virus/anti-male ware servers and software update servers |
|
What type of Active Directory domain controller is recommended to minimize security risk for remediation servers? |
Read-only |
|
Which two components must a NAP client have enable in order to use NAP? |
Security Center and NAP Agent |
|
You should restrict access only for client that don’t have all available security update installed if what situation exist? |
The computers are running Windows Updates |
|
What happens to computer that isn’t running Windows Firewall? |
The computer is isolated |
|
Health policies are connected to what two other policies? |
Network policies and connection request policies |
|
Name two benefits to using Managed Services Accounts (MSAs) |
Automatic password management and simplified SPN management |
|
What two things must you do to a Windows Server to convert it to a domain controller? |
Seize schema master and seize PDC |
|
What are the three types of groups in a domain? |
Domain local groups, global groups, and universal groups |
|
The global catalog stores a partial copy of all objects in the forest. What are the reasons for keeping that partial copy? Select all that apply. |
Logon, object search, universal group membership |
|
What is a GUID? |
A unique identifier for a snapshot |
|
After you un delete a user account with the LDP utility, what action do you need to perform? |
Reset the use’s password |
|
Before you can use the Active Directory Recycle Bin, what two actions do you have to perform? |
You have to enable the AD Recycle Bin and you have to set the AD forest to Windows server 2008 R2 or higher |
|
What are examples if password policies? Select all that apply? |
History, length, complexity, ange |
|
Why primarily are accounts lockout policies put into place? |
Security |
|
What is the default setting for password history? |
24 |
|
What setting can you give for account lockout duration that requires an administrator to manually unlock the account? |
0 |
|
What is the primary advantage of using Group Policies in a domain environment? |
Centralized management |
|
Why is setting of 0 for maximum password age not a good idea? Check all that apply. |
It means that passwords never expire, which is a major security problem and it means that you’ve disabled password aging |
|
Account policies contain various subsets. Which of the following are legitimate subsets of account policies? Check all that apply. |
Password Policy, Account Lockout Policy, Kerberos Policy |
|
The default maximum password age is how long? |
42 days |
|
In which order are Group Policies objects (GPOs) process? |
Local group policy, site, Domain, OU |
|
GPOs are proceded on computer startup and after logon. Why is the user Berber aware of the processing? |
Processing is hidden from the user. |
|
What is the first step in GPO processing order? |
The computer established a secure link to the domain controller |
|
The downward flow of group policies is know as what feature of GPOs? |
Inheritance |
|
If a site,domain, or OU has multiple GPOs, how are the group policies process? |
By precedence |
|
Which two filters can you use to control who or what receives a group policy? |
Security group filter and WMI filter |
|
For users to receive GPO SETTINGS, they must have which two permissions to the GPO? |
Allow Read |
|
What kind of group policies should you enable for student computers? |
Lookback |
|
Where would using Replace mode GPOs be appropriate? |
In a classroom |
|
What feature uses a security access list(ACL) to determine who can modify or read a policy and who or what a GPO is applied to? |
Security group filtering |
|
What component extends the Windows Driver Model to provide an interface to the operating system to provide information and notification on hardware, software, operating system, and services? |
Windows Management Instrumentation (WMI) |
|
What feature configures a GPO to be applied to certain users or computers based on specific hardware, software, operating system, and services? |
WMI FILTERING |
|
Which of the following operating system can have its security settings managed by using security templates? Select all that apply |
Windows 7 and Windows 8 |
|
What is an ADMX file? |
The ADM format for newer operating system |
|
Which of the following are legitimate Administrative Template Properties Filters? Select all that apply. |
Keyword Filters and Requirement Filters |
|
What is the filename extension for the files in which installation information is stored? |
.msi |
|
If Windows installer cannot install .exe files. To distribute a software package that installs with an .exe file, what must you do to it? |
Convert it to an MSI file |
|
Identify all possible states of an Administrative Template. |
Not Configured/Enable/ Disabled |
|
Where is the Central Store located? |
In the SYSVOL directory |
|
When configuring Group Policy to deploy applications must be map penned to where? |
UNC path |
|
Which node allows you to configure setting such as Name Resolution Policy, Security Settings, and Policy-Based QoS nodes? |
Windows Settings |
|
A user must have which two existing permissions for new permissions to be applied to their accounts for GPO delegation? |
Allow Read and Allow Apply |
|
If you don’t want a GPO to apply, which group policy permission do you apply to abuser or group? |
Disallow apply |
|
To give someone permission to mana he a particular GPO, you use the_____tab of the individual GPO. |
Delegate |
|
What is a collections of files stored in the SYSVOL (%SystemRoot%\SYSVOL\<Domain>\policies\<GPOGUID>) of each domain controller? |
Group Policy Template(GPT) |
|
What is a file that maps reference to users, groups, computers, and UNC paths in the source GPO to new values in the destination GPO? |
Migration table |
|
What is an Active Directory object stored in the Group Policy Objects container with the domain naming content of the directory that defines basic attributes of the GPO but does not contain any of the settings? |
Group Policy Container (GPC) |
|
Which utility do you use to creat GPO preferences? |
Group Policy Management Editor |
|
To copy, replaced, update, or delete files, you can use wildcard characters. Which wildcard characters can you use? Select all all that apply |
? And * |
|
If you need provide users access to common network locations, which GPP would you use? Select all that apply? |
Shortcut and Drive Maps |
|
To support GPPs on older Windows versions ( Server and Workstation), you have to install what component from Microsoft? |
GPP Client-Side Extensions |
|
Which component allows you to create multiple Registry preference items based on registry settings that you select? |
The Registry Wizard |
|
Which of the following are possible targets for individual preference? Select all that apply |
Computer name and CPU speed |
|
Which term describes changing the scope of individual preference items so that the preference items apply only to select users or computers? |
Item-level targeting |
|
Windows Setting has multiple preference extensions. Identify all that apply |
Registry/ shortcuts/folders |
|
When working with Network Drive Mapping Preferences, which preference behaviors delete drive mapping? Select all that apply |
Replace and delete |
|
GPPs are divided into which two sections? |
Windows and Control Panel |
|
Windows Settings are common configuring setting used in Windows but not used where? |
The Control Panel |
|
When this option is selected, if an error occurs while processing a preference, no other preference in this GPO will process. |
Stop processing items items in this extension if an error occurs |
|
You create a RADIUS template so that you can do what with it? |
Easily create multiple RADIUS server from it |
|
Which non-recommended method of user authentication is considered too insecure because username and password are sent in plain text? |
PAP |
|
Which authentication method encompasses the widest range of clients ( Microsoft and non-Microsoft)but has only a moderate level of security? |
CHAP |
|
RADIUS Access-Request message are processed or forwarded by NPS only of the settings of the incoming message match what on the NPS sever? |
One connection request policies |
|
What is the used to restricted the policy only to client that can be identified through the special mechanism such as a NAP statement of health? |
Identify Type |
|
When enable NAP for DHCP scope, how should you roll out the service? |
For individual DHCP scope |
|
What is the purpose of the System Health Agent (SHA) |
To provide feedback on the status of system protection and updates |
|
These Windows computers don’t typically move much and are part of the domain. Because they are part of a domain, they are easier to manage with group policies, managed anti-virus/anti-malware system,and administrative control. |
Desktop computers |
|
These Windows computer are not usually connected directly to the network but connect through a VPN connection. Because they are usually personal computers computers, they are not part of the domain. Therefore, they usually do not get security updates and might not have an up- to-date anti-virus/anti-malware software package. |
Unmanaged home computers |
|
When creating accounts for operating systems, processes,and services, you should always configure them with what two things in minds? |
Using strong passwords and granting the least rights possible |
|
What is the default authentication protocol for contemporary domain computers? |
Kerberos |
|
What is the name by which a client uniquely identifies an instance of a services? |
Service principal name |
|
Which Kerberos setting defines the maximum time skew that can be tolerated between a ticket’s timestamp and the current time at theKDC? |
Maximum lifetime for service ticket |
|
Which Kerberos setting defines how long a services or user tickets can renewed? |
Maximum lifetime for user ticket |
|
Where in the forest is a global catalog automatically created? |
The first domain controller |
|
Why is backup of the Active Directory database so important? |
Backup is needed in case of corruption, deletion, or other failure |
|
Why is backing up the Windows system state necessary? |
It’s needed to perform a full system restored |
|
An Active Directory snapshot is actually what kind of backup ? |
A shadow copy |
|
What is the name of the physical database file in which all directory data is stored? |
ntds.nit |
|
This setting defines a default password filter that is enabled by default. |
Complexity requirements |
|
This setting defines the number of days that a password can be used before the users must change it |
Maximum password age |
|
This setting defines the minimum number of characters that a user’s password must contain. |
Minimum password length |
|
Which type of system must you connect to and use to make changes to Active Directory? |
Writable domain controller |
|
What character length for a password generally accepted as minimum? |
Eight |
|
Which aspect of password is a key component of their strength? |
Number character |
|
If you,as administrator, change an installed application, how do you update your users? |
By redeploying the application via the GPO |
|
What process grants permissions to other users to manage group policies? |
Delegations |
Share This
Flashcard
