Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
The For Real Final.
It's actually for real not gonna lie it's gonna be fucking hard.
| Question | Answer |
|---|---|
| After a DNS zone has been secured with DNSSEC, what additional data will be returned to a client as a result of a query? | Digital signatures for the returned records |
| What is the function of the RRSIG record? | Returned to the client in response to a successful query along with the A record |
| What DNS security feature in Windows Server 2012 can be configured to allow source port randomization for DNS queries? | Socket pool |
| How are values for DNS Cache Locking expressed? | As a percentage of the TTL |
| What is the net effect if recursion is disabled on a DNS server and the DNS server does not have any forwarding or root hints configuration present? | The DNS server will be able to provide only answers to queries about internal DNS zones |
| Which of the following commands would correctly set the DNS socket pool to a value of 7,000? | dnscmd /Config /SocketPoolSize 7000 |
| What Windows Server 2012 DNS feature prioritizes DNS responses based on the subnet of the requesting client? | Netmask ordering |
| The main page of your company's Intranet portal is accessible by the FQDN home.na.adatum.corp. How would you configure an entry in the GlobalNames zone for this? | Add a single CNAME record pointing to the A record in another zone |
| NSSEC uses public key infrastructure (PKI) encryption to provide what assurances to DNS clients? (Choose all that apply) | Proof of identity of DNS records [&] Verified denial of existence |
| How can you best go about delegating administrative access to those employees who need to be able to manage DNS? | Add the user's Active Directory accounts to the Domain Admins security group |
| In Windows Server 2012 IPAm, what is the second-highest level entity within the IP address space? | IP address block |
| Which of the following statements regarding the server requirements for an IPAM server is false? | The server must be running Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 |
| Which of the following database types can be used with Windows IPAM? | Microsoft SQL [&] Windows Internal Database |
| Which PowerShell cmdlet is the correct one to use to create the IPAM provisioning GPOs? | Invoke-IpamGpoProvisioning |
| Which of the following categories will you not find in the Monitor and Manage section of the IPAM console? | DNS Zone Records |
| Which of the following can be imported into IPAM using the IPAM console? | [All of the above] |
| In Windows Server 2012 IPAm, what is the second-highest level entity within the IP address space? | IP address range |
| Which of the following advantages are provided to a SQL server when it's used with IPAM? | Scalability [&] Additional disaster recovery [&] Reporting |
| As it pertains to IPAM, what is the name of the process of retrieving a list of all domain controllers, DNS servers, and DHCP servers? | IPAM discovery |
| Members of which IPAM security group have the ability to view information in IPAM and can perform server management tasks? | IPAM MSM Administrators |
| Which of the following items would not be considered a logical component of Active Directory? | Domain Controllers |
| In an organization that has three Active Directory forests with a total of six Active Directory domains, how many schemas will exist in the organization? | Three |
| What are the requirements to perform an in-place upgrade of a domain controller to Windows Server 2012 R2? | The domain controller must be running Windows Server 2008 or Windows Server 2008 R2 [&] The forest functional level will need to be at Windows Server 2008 or higher |
| Which of the following desirable features first became available with the Windows Server 2008 domain functional level? | SYSVOL replication using DFSR instead of NTFRS |
| You want to use the new features of Key Distribution Center (KDC) support for claims, compound authentication, and Kerberos armoring in your domain. What must you do first? | Install at least one Windows Server 2012 domain controller [&] Raise the domain functional level to Windows Server 2012 |
| Which of the following desirable features first became available with the Windows Server 2008 R2 forest functional level? | Active Directory recycle bin |
| Which of the following accurately represents a User Principal Name? | jdoe@myco.corp |
| Your organization has 3 business units that function independently. What is the best approach to take when designing a new AD forest environment for your organization? Be sure to consider the current environment and possibility of future change. | Create multiple organizational units as needed to organize each business unit's objects |
| Which Active Directory upgrade method presents the lowest overall cost and risk to an organization, assuming that required physical or virtual servers are available and on hand? | Add new domain controllers |
| Which partition contains definitions of all objects and attributes that can be created in the directory? | Schema partition |
| Which of the following attributes are true of the automatically generated trusts created when a domain is added to the forest? | The trust is always transitive [&] The trust is two-way between the child domain and the root domain |
| You have created a one-way incoming trust in your domain for an external domain used by a partner company to allow your domain's users to access a resource in the partner's domain. What is the next step that needs to be performed to complete the trust? | The partner will need to create a one-way outgoing trust in the external domain |
| Which of the following commands correctly illustrates how to create a one-way external trust from the adatum.local domain to the contoso.local domain? | netdom trust adatum.local /Domain:contoso.local /add |
| Which of the following scenarios would allow the creation of a shortcut trust? | Between a third-level child domain and a second-level child domain in a different domain tree of the same forest [&] Between two third-level child domains in the same forest |
| When disabling SID filtering on a forest trust, what netdom switch should be used? | /enablesidhistory:No |
| In which scenario would you want to disable SID filtering? | User accounts have been involved in a domain migration |
| What is the disadvantage of configuring selective authentication for a trust? | The administrative overhead involved to configure and maintain user access to resources |
| Which of the following attributes are true when discussing manually created trusts? | The trust can be configured to be one-way or two-way [&] The trust can be configured to be incoming or outgoing, or both |
| Which of the following scenarios represents the best reason for creating a forest trust between two Active Directory forests? | Company A has purchased Company B |
| What type of trust allows users of an internal forest to authenticate to and/or gain access to all resources of an external forest? | Forest trusts |
| Your organization has six offices sppread over three cities in North America. At a minimum, how many Active Directory sites should you plan to have? | Three |
| What management console is used to manage active Directory Sites? | Active Directory Sites & Services |
| __________ Define the logical replication path between sites to perform __________ replication, allowing for faster & optimized replication between sites based on configured costs & frequencies? | Site links, intersite |
| Why is it generally not recommended to configure bridgehead servers manually? | You could disrupt the flow of replication traffic between sites |
| What default value are all site links costs configured with in Active Directory? | 100 |
| What is defined by the replication schedule? | When replication is allowed to occur |
| When examining the netlogon.log file, what will be your indicator that you have a problem with your active Directory sites or subnets configuration? | A NO_CLIENT_SITE entry |
| What undesirable side effect may result from having the "Bridge ALL Site Links" option disabled? | Replication time & traffic between spokes will increase due to needing to go through the hub location |
| Which of the following represents the best reason why you need yo take care when creating site links within your organization? | So you can optimize replication traffic between sites by using the highest quality, or lowest cost, routes |
| What Active Directory component is automatically configured to take changes made during intrasite replication and then replicate that to a domain controller in another site? | Bridgehead servers |
| Regarding intersite and intrasite replication, which of the following statements is false? | Replication data within a site is compressed & encrypted |
| When a user changes his or her password, to what domain controller is the password change notification sent? | The PDC Emulator |
| Which of the following repadmin commands would cause updates outward to replication partners & trigger replication across the enterprise as a whole? | REPADMIN /SyncAll /APed |
| Why must an RODC be able to connect to at least one Windows Server 2008 or higher domain controller? | To replicate the domain partition [&] So that the Password Replication Policy (PRP) applied to the RODC can be configured and enforced |
| What requirements must be met in order to perform the configuration of the Filtered Attribute Set? | The Schema Master must be on a domain controller running Windows Server 2008, Windows Server 2012, or Windows Server 2012 R2 [&] You must perform the change directly on the Schema Master |
| What is the net result of deleting an RODC & leaving the "Reset all passwords for user accounts that were cached on this Read-Only Domain Controller" option selected? | Users will be forced to request a password to reset before they can log in the next time |
| On what domain controller should the DFSR SYSVOL migration process be performed from? | The PDC Emulator of the domain |
| Which of the following scenarios best represents an urgent replication-inducing event? | A change in the domain account lockout policies |
| Which of the following represents the best reason why you might want to prepopulate passwords on an RODC? | To speed up the initial login for the user at that site |
| Which SYSVOL replication migration state is done entirely using DSFR? | Eliminated (State 3) |
| What benefit does Single Sign-On provide for application users? | Prevents users from needing to remember multiple usernames & passwords |
| In order to utilize AD FS, what is the oldest version of Windows Server that any domain controller can be using? | Windows Server 2003 SP1 |
| What PowerShell cmdlet would you use to list the attribute stores currently configured for AD FS? | Get-ADFSAttributeStore |
| While testing AD FS claims-based authentication with a sample application, you encounter an error due to the self-signed certificate you opted to use. What can you do to eliminate this error? | Issue a valid certificate from your internal CA [&] Add the self-signed certificate to your computer's Trusted Root Certification Authorities store |
| What step(s) will you need to perform while configuring a claims provider trust that will not need to perform while configuring a relying party trust? | Map attributes [&] Edit claims rules |
| In AD FS, which of the following allows you to create issuance authorization rules for relying party applications & allows you to use custom 'Access Denied' | Multifactor access control |
| Which of the following services is used to provision a device object in AD FS & issue a certificate for the Workplace-joined Device? | Device Registration Service |
| Which of the following components of Active Directory Federation Services is a statement made by a trusted entity & includes information identifying the entity? | Claim |
| Which of the following components of Active Directory Federation Services is the server that issues claims and authenticates users? | Claims provider |
| Which of the following components of Active Directory Federation Services is the application or web service that accepts claims? | Relying party |
| What is another name for Asymmetric encryption? | Public Key cryptography |
| What is the name of the role in the PKI that is responsible for the distributions of keys & the validation of identities? | Registration authority |
| In Windows Server 2012 AD CS, how many Root CAs can you install in a single certificate hierarchy? | One |
| By default, if you install a CA server on January 1, 2012, when will the CA certificate expire? | January 1, 2019 |
| What is the function of the AIA? | It specifies where to find up-to-date certificates for the CA |
| Your network has a mix of Windows, Macintosh, Linux & AIX computers. All of your internal web applications use Web Server certificates issued by your PKI. How will you need to configure your AIA & CDP? | As URLs (HTTP paths) |
| Which Windows client operating systems are capable of using the Online Responder to check certificate revocation status? | Windows 7 [&] Windows 8 |
| What two values would be required in a CAPolicy.inf file to set the CRL period of 4 hours? | CRLPeriod=Hours [&] CRLPeriodUnits=4 |
| Why would you want to consider making the Root CA an offline CA? | This improves security of the root CA & its private keys |
| Which PKI role in AD CS is used to validate certificates? | Online Responder |
| What are the contents of the certificate chain? | Is is a list of certificates that can be used to authenticate an entity certifcate |
| What usages does the User certificate allow by default? | Secure Email [&] Encrypting File System [&] Client Authentication |
| Which of the following URLs would be the correct one to visit to get to the Enrollment pages? | htps://<servername>/certsrv |
| What minimum certificates version is required to enable key archival & recovery? | Version 2 |
| What must you do immediately after issuing the first KRA certificates to a trusted user to enable key archival & recovery on the CA? | Configure key archival on the CA properties [&] Archive the keys for the issued KRA certificate |
| To recover a key from the CA database using the certutil utility, what information will you need to know about the certificate? | The certificate serial numbers |
| You work at a government agency & have been tasked to implement a PKI built on Windows Server 2012 R2. What certificate template version will you need to use to meet the requirements imposed on your agency? | Version 3 |
| What is the advantage of configuring credential roaming? | The user's certificates follow the user to each computer he or she logs in to |
| Which certificate format supports the export of a certificate & its private key? | Personal Information Exchange (PKCS #12) |
| Which certificate format supports storage of a single certificate, does not support storage of the private key or certification path, has contents that are of an ASCII format, & is generally used for importing into applications that require a "text blob"? | Base-64encoded X.509 |
| How does AD RMS protect a Microsoft Office file that has been transferred out of the organization to an external recipient? | The external recipient will not be able to open the file because they cannot contact the AD RMS server |
| What issue should you be aware of if you perform the installation of AD RMS onto a Domain Controller? | The AD RMS service account will be a domain administrator |
| To enable kerberos authentication with AD RMS, you will need to be a member of which groups? | AD RMS Enterprise Administrators [&] Enterprise Admins |
| What tools provided in Windows Server 2012 R2 allow you to view the SCP configuration in Active Directory? | ADSI Edit [&] LDP |
| What is the name of the objects that are used to enforce the rights a user or group has on rights-protected content? | Rights policy templates |
| Generally speaking, what could be considered the absolute minimum rights that a user could be granted via AD RMS that would allow the use to still consume the document? | View |
| A Temporary Rights Account Certificate has a validity period of how long? | 15 minutes |
| Which of the following must be deleted when you have to recreate a new AD RMS cluster within an Active Directory domain? | Service Connection Point |
| What is the best reason you might choose to use RMS Templates when configuring RMS polices across your organization? | They allow you to standardize the implementation of AD RMS polices across the organization |
| The AD RMS certificate issued the first time a user attempts to access AD RMS-protected content is known as what? | Rights account certificate |
Created by:
TheGoldenCPU
Popular Computers sets