WR7 – 1 Week Seven Homework No-Name Name: Writing Assignment Task WR7. 0 1. Knowledge Assessment: Lesson 8 – Managing Users and Computers (50 points). a. Fill in the Blank: Complete the following sentences by entering the correct word or words in the blanks: 1. In a case where multiple PSOs are configured for a particular user, Active Directory will determine which one to apply by using the PSO’s precedence . 2. You can automatically add a technical support user to the local Administrators group of each domain workstation by using Restricted groups . 3. The pupate. exe command allows you to manually refresh Group Policy settings on a particular computer. 4. Tattooing refers to a Group Policy setting that is not removed when the GPO setting reverts to “Not Configured. ” 5. You would audit account logon events to determine who is authenticating against your Active Directory domain controllers. 6. Each Active Directory domain controller acts as a(n) to enable the distribution of Kerberos tickets. 7. folder redirection Key distribution center allows you to configure a user’s Documents, Desktop, and other folders o that they are stored on a network drive rather than the local computer. 8. Settings in the kerberos poloicies section of Group Policy allow you to configure the maximum allowable clock skew between a client and a domain controller. 9. Auditing for Policy change events will alert you when a change is made to User Rights assignments, IPSec policies, or trust relationships. 10. You can create a consistent service startup configuration for multiple computers by using the system services node in Group Policy Knowledge assessment continues on the next page
IT222 Microsoft Network Operating System II b. Select the correct answer. c WR7 – 2 1. What type of object will you create to enable multiple password policies within a Windows Server 2008 domain? a. msDS-MinimumPasswordLength b. msDS-MultiplePasswordPolicies c. PasswordSettingsObject (PSO) d. msDS-PasswordObject b 2. Which configuration item has a default value of 90 minutes for workstations and member servers, with a random offset of 0 to 30 minutes to optimize network performance? a. Refresh time b. Refresh interval c. Clock skew d. Clock interval d . To determine which users are accessing resources on a particular member server in an Active Directory domain, which event type would you audit? a. Account logon event b. Policy change event c. Account management event d. Logon event a 4. Monitoring a system such as Active Directory for the success and/or failure of specific user actions is called a. auditing b. inspecting c. scanning d. sniffing c 5. Which audit category includes events such as server startup and shutdown, time changes, and clearing the security log within the Windows Event Viewer? . Process tracking b. Privileged use c. System Events d. Policy management Knowledge assessment continues on the next page WR7 – 3 Week Seven Assignments a 6. Which feature allows you to control how much space a user can take on a particular hard drive volume, configurable via Group Policy? a. Disk quotas b. Folder redirection c. Offline files d. Object access auditing d 7. To prevent users from re-using a certain number of network passwords, what can you configure as part of a domain-wide policy or as part of a Fine-Grained Password Policy? . Minimum password length b. Minimum password age c. Maximum password age d. Enforce password history b 8. A PasswordSettingsObject (PSO) within Active Directory is also known as which type of object? a. msDS-PasswordSettingsPrecedence b. msDS-PasswordSettings c. msDS-PasswordComplexityEnabled d. msDS-MinimumPasswordLength c 9. Which Group Policy feature allows users to access user files when the user is disconnected from the corporate network? a. Folder redirection b. Disk quotas c. Offline files d. Object access auditing b 10.
Which audit event type is triggered when user or group accounts are created, deleted, renamed, enabled, or disabled? a. Account logon events b. Account management events c. Privileged use events d. Policy management events IT222 Microsoft Network Operating System II 1. Knowledge Assessment: Lesson 9 – Software Distribution (50 points). a. Match the following definitions with the appropriate term. WR7 – 4 Definition a. This feature of Group Policy software installation will automatically reinstall critical application files if they are accidentally or maliciously deleted. . Group Policy software installations rely on this file type to create an installation package that can be cleanly Assigned and Published and that has self-healing capabilities. c. This Default Security Level in Software Restriction Policies will disallow any executable that requires administrative rights to run. d. This Group Policy software installation option is not available in the Computer Configuration node. e. When deploying software with Group Policy, you need to create one or more of these to house the installation files for the applications that you wish to eploy. f. his software restriction policy rule will prevent executables from running if they have been modified in any way by a user, virus, or piece of malware. g. If you need to deploy a software installation package that does not have an . msi file available, you can create one of these as an alternative. h. This describes a series of bytes with a fixed length that uniquely identifies a program or file. i. This software restriction policy rule will allow or prevent applications from running that are located within a particular folder or subfolder. j.
This GPO software installation method can be used to automatically install an application when a computer starts up or a user logs in. g j Term Zap file Assign Basic User Hash Path Rule Publish Self-healing Distribution Share Msi file Hash Rule c h i d a e b f WR7 – 5 Week Seven Homework b. Select the correct answer. c 1. Which of the following rule types apply only to Windows Installer packages? a. Hash rules b. Certificate rules c. Internet zone rules d. Path rules d 2. Which file type is used by Windows Installer? a. .inf b. .bat c. .msf d. .msi file c 3.
Which of the following is not one of the Default Security Levels that can be used with a software restriction policy? a. Basic User b. Unrestricted c. Restricted d. Disallowed d 4. As part of your efforts to deploy all new applications using Group Policy, you discover that several of the applications you wish to deploy do not include the necessary installer files. What can you use to deploy these applications? a. Software restriction policies b. .msi files c. .mdb files d. .zap files b 5. Which of the following describes the mathematical equation that creates a digital “fingerprint” of a particular file? . Hash rule b. Hash algorithm c. Software restriction policy d. Path rule IT222 Microsoft Network Operating System II d WR7 – 6 6. Which of the following rules will allow or disallow a script or a Windows Installer file to run on the basis of how the file has been signed? a. Path rule b. Hash rule c. Network zone rule d. Certificate rule c 7. You wish to deploy several software applications using Group Policy, such that the applications can be manually installed by the users from the Add/Remove Programs applet in their local Control Panel.
Which installation option should you select? a. Assign b. Disallowed c. Publish d. Unrestricted b 8. You have assigned several applications using GPOs. Users have complained that there is a delay when they double-click on the application icon, which you know is the result of the application being installed in the background. What option can you use to pre-install assigned applications when users log on or power on their computers? a. Uninstall when the application falls out of scope b. Install This Application At Logon c. Advanced Installation Mode d.
Path rule b 9. Which of the following is used to develop information systems software through a structured process that includes analysis, design, implementation, and maintenance? a. Hash algorithm b. System Development Life Cycle c. Software Restriction Policy d. Group Policy Object c 10. Which of the following Default Security Levels in Software Restriction Policies will disallow any executable from running that has not been explicitly enabled by the Active Directory administrator? a. Basic User b. Restricted c. Disallowed d. Power User