|
Authentication is used for what purpose? |
to verify a user’s identity |
|
Authorization is used for what purpose? |
to grant access to a user |
|
Auditing is used for what purpose? |
recording user’s actions |
|
Why is choosing what to audit, instead of auditing everything that a user does, a good idea? |
High levels of auditing can affect system performance. |
|
Before Windows 2008 R2, only nine basic audit settings existed. Windows Server 2012 introduces a total of how many audit subsettings? |
56 |
|
What is the purpose of implementing new audit subsettings? |
so that you can focus on important audit items |
|
Why should you avoid using basic audit policy settings and advanced audit policy settings together? |
Audit policies might cause conflicts or erratic behavior. |
|
Which command do you use to manage auditing at the command prompt? |
AuditPol.exe |
|
Where can you view audit events? |
in Security logs in Event Viewer |
|
Which auditing feature allows you to define computer-wide system access control lists for the file system or the registry? |
Global Object Access Auditing |
|
By using what type of policy can you track, limit, or deny a user’s ability to use removable storage devices such as USB drives in Windows Server 2012? |
Removable Storage Access |
|
Which utility do you use to access advanced audit policy settings? |
Group Policy Editor |
|
What type of audit event notifies you that an account failed to log on? |
Logon/Logoff |
|
Shutting down the system is an example of what kind of audit event? |
Privilege Use |
|
When resetting audit settings back to basic mode, what file must you remove as part of the process? |
audit.csv |
|
Why is it a good idea (other than the effect on system performance) to set up auditing for only those objects that you really need to focus on? Choose the Best option according to Microsoft. |
Searching through too many events makes finding problems more difficult. |
|
Why are success audits as important as failure audits? Choose the Best option according to Microsoft. |
Successes allow you to track activity such as new account creation. |
|
Why would auditing include logon and logoff times? Choose the Best option according to Microsoft. |
Logon and logoff times can help pinpoint who was logged on during a failure. |
|
Order the following steps for setting up Printer Event Auditing. |
Choose Control Panel > View devices and printers. Right-click and select Printer properties. On the Security tab, click Advanced. Select the Auditing tab. Click the Add button to open the Auditing Entry for Microsoft XPS Document Writer dialog box. To specify a user or group, click Select a principal. For Type, select Success, Fail, or All. |
|
Order the following steps required to audit account logon. |
-Server Manager->Tools->Group Policy Management. -Expand the Domain Controllers to show the Default Domain Controllers Policy. -Right-click the Default Domain Control Default Policy and click Edit. -Expand Computer Configuration, Windows Settings, Security Settings, Local Policies, and select Audit Policy. -Double-click Audit account logon events. -Select Define these policy settings and select both Success and Failure. |
|
Order the following steps required to configure monitoring of removable storage devices |
-Choose Server Manager > Tools > Group Policy Management. -In the console tree, right-click a group policy object, and then click Edit. -Double-click Computer Configuration, double-click Security Settings, double-click Advanced Audit Policy Configuration, and double-click Object Access. -Double-click Audit Removable Storage. -Select the Configure the following audit events check box, select the Success check box, and then click OK. |
|
The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /remove /allusers command. |
Remove the per-user audit policy for all users. |
|
The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /get /category:* command. |
Show an authoritative report on what audit settings are being applied. |
|
The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /clear command. |
Delete the per-user audit policy for all users, reset or disable the system audit policy for all subcategories, and then set the audit policies settings to disable. |
|
The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /remove /user:usernamecommand. |
Remove the per-user audit policy for a single user’s account. |
|
The Domain Name System (DNS) works much like a phone book to associate URLs (names) with what kinds of numbers? |
IP addresses |
|
Which TCP/UDP port does the DNS service use to communicate? |
53 |
|
What does the acronym FQDN stand for? |
Fully Qualified Domain Name |
|
Which one of the following is an example of an FQDN? |
sales.microsoft.com |
|
What type of structure does DNS have? |
hierarchical distributed |
|
Which of the following is an example of a top-level domain? |
.net |
|
Which of the following is an example of a second-level domain? |
blah.com |
|
A specific, individual computer or other network device in a domain is known as what? |
host |
|
What is another term for DNS client? |
DNS resolver |
|
Which type of DNS zone resolves host names to IP addresses? |
forward lookup zone |
|
By using the Active Directory-integrated zone, DNS follows what kind of model? |
multi-master |
|
What is one of the primary advantages to using Active Directory to store DNS information? |
fault tolerance |
|
What is one advantage of subdomains? |
They allow you to break up larger domains into smaller, more manageable ones. |
|
A stub zone is a zone copy that contains only what type of records? |
necessary resource entries |
|
What is the primary advantage of a caching-only DNS server? |
It speeds DNS queries by building a DNS request cache. |
|
The complete or partial transfer of DNS data from a zone on a DNS server to another DNS server is the definition of a zone transfer. |
True |
|
Why would you implement a caching-only DNS server on your network? Choose the BEST answer according to Microsoft. |
to speed DNS queries and decrease network traffic |
|
What is the first and most important step in installing and deploying DNS in your network? Choose the BEST answer according to Microsoft. |
planning the infrastructure and service requirements |
|
What is the major reason behind using a forwarder? Choose the BEST answer according to Microsoft. |
to improve the efficiency of name resolution for your computers |
|
Order the following steps required to configure a DNS server to forward DNS queries to another DNS server. |
-Choose Server Manager > Tools > DNS. -Right-click the DNS server and select Properties. -Select the Forwarders tab. -Click the Edit button. -In the IP address column, type the IP address of the DNS server that you want to forward DNS queries to and press Enter. |
|
Order the following steps required to configure zone transfer settings. |
-Choose Server Manager > Tools > DNS. -Expand DNS Console. -Expand the server so that you can see the Forward Lookup Zones and Reverse Lookup Zones folders. -Right-click forward or reverse lookup and click Properties. -Select the Zone Transfers tab. -Select the Allow zone transfers option. -Select the type of zone transfer: To any server, Only to servers listed on the Name Servers, or Only to the following servers. |
|
Order the following steps required to install DNS. |
Choose Server Manager > Manage > Add Roles and Features. -Select Role-based or feature-based installation. -Click Select a server from the server pool and select the name of the server to install DNS to. -Click DNS Server. |
|
By default, zone transfers are disabled. You can choose one of three different zone transfer methods. Which of the following describes the Only to servers listed on the Name Servers tab method? |
restricts zone transfers to secondary DNS servers as defined with NS resource records |
|
By default, zone transfers are disabled. You can choose one of three different zone transfer methods. Which of the following describes the To any server method? |
allows a data transfer to any server that asks for a zone transfer (least secure) |
|
By default, zone transfers are disabled. You can choose one of three different zone transfer methods. Which of the following describes the Only to the following servers method? |
restricts zone transfers to those servers specified in the accompanied list |
|
What is another designation for an Alias? |
canonical name or CNAME |
|
A Start of Authority record specifies what kind of information about a zone? |
the zone serial number |
|
If you have a server named server1.blah.com, want to use it as your web server, and have requests point to www.blah.com, what kind of DNS record would you create? |
a CNAME record |
|
Before creating PTR records, what DNS objects must you create? |
reverse lookup zones |
|
What does Time to Live (TTL) mean in DNS parlance? |
the length of time a record remains in DNS cache |
|
Round-robin DNS is a term that refers to what kind of distribution mechanism for DNS responses to queries? |
balanced |
|
Which command do you use to verify local DNS settings? |
ipconfig /all |
|
What does issuing the nslookup command with no parameters do on your system? |
It places you into nslookup’s interactive mode. |
|
Which DNS record contains the serial number for the zone? |
SOA record |
|
Which of the following is an example of an SRV record? |
AD server |
|
You can use the dnscmd command to create zones. What other tasks can you perform with it? |
delete resource records |
|
If an A record maps a host name to an IP address, what does an AAAA record do? |
maps a host name to a single IPv6 address |
|
Which one of the following is correct for querying a PTR record? |
nslookup 192.168.1.50 |
|
How can you force a system to update its DNS record? |
Execute ipconfig /registerdns. |
|
If you issue the command nslookup 192.168.1.50 and get no response, but then issue nslookup server1 and receive 192.168.1.50 as a response, what do you know is wrong? |
The PTR record doesn’t exist. |
|
If you have corrected a DNS server problem, such as renamed a system or changed its IP address, but your local system still attempts to connect to the old system, what can you do to obtain the new information from the DNS server quickly? Choose the BEST answer according to Microsoft. |
Execute ipconfig /flushdns. |
|
What is the primary advantage to enabling round-robin DNS? Choose the BEST answer according to Microsoft. |
load balancing |
|
What is the purpose of a priority number in MX records? Choose the BEST answer according to Microsoft. |
for fault tolerance |
|
Order the following steps required to create a Host record. |
-Choose Server Manager > Tools > DNS. -Expand the DNS Console. -Expand the server to display the Forward Lookup Zones and Reverse Lookup Zones folders. -Right-click the zone that you want to create a Host resource record for and select New Host (A or AAAA). -In the Name text box, type the name of the host. -In the IP address text box, type the IP address (IPv4 or IPv6). -If you want to also create a PTR record, select the Create associated pointer (PTR) record option. |
|
Order the following steps required to modify the TTL value for a resource record. |
-Choose Server Manager > Tools > DNS. -Expand the DNS Console. -Expand the server to display the Forward Lookup Zones and Reverse Lookup Zones folders. -To view additional options, click View > Advanced. -To modify a record, double-click a resource record. The Properties dialog box opens. -Type the TTL using the DDDDD:HH.MM.SS format, where DDDDD is days, HH is hours, MM is minutes, and SS is seconds. |
|
Order the following steps required to enable aging and scavenging. |
-Choose Server Manager > Tools > DNS. -Right-click the DNS server and click Set Aging/Scavenging for all Zones. -Click the Scavenge stale resource records option. -Modify the no-refresh interval and refresh interval as needed. -If you want the aging/scavenging settings to apply to all existing Active Directory-integrated zones, select the Apply these settings to the existing Active Directory-integrated zones option. |
|
DNS servers contain several different types of resource records with which you need to become familiar. Select the correct definition for Host (A and AAAA) records. |
maps a domain/host name to an IP address |
|
DNS servers contain several different types of resource records with which you need to become familiar. Select the correct definition for Name Server (NS) records. |
identifies a DNS server that is authoritative for a zone |
|
DNS servers contain several different types of resource records with which you need to become familiar. Select the correct definition for Canonical Name (CNAME) records. |
identifies an alias for a host name |
|
DNS servers contain several different types of resource records with which you need to become familiar. Select the correct definition for Pointer (PTR) records. |
resolves host names from IP addresses |
Share This
Flashcard
