Server2012 final

What function does the CSVDE tool perform?

If a single domain controller's AD database becomes corrupt, which type of restore should you perform on it?

To perform an authoritative restore, into what mode must you reboot the domain controller?

What is a GUID?

What utility first appeared in Windows Server 2008 R2 that allows you to undelete Active Directory containers and objects?

By default, how often does Active Directory "garbage collection" occur

After you undelete a user account with the LDP utility, what action do you need to perform

In interactive mode, what aspect of AD can you check with the ntdsutil integrity command?

What is the proper procedure for removing a domain controller from Active direcotry

Which ntdsutil commands cleans up metadata?

to perform an authoritative restore of an object or subtree, what bit of information do you need to know about the object?

When you do an authoritative restore process, a back-links file is created. What is the back-links file?

Before you can use the Active Directory recycle bin, what two actions do you have to perform?

Windows Server 2012 introduces a new time-saving feature when performing tasks such as AD Defragmentation. What is that feature?

What utility do you use to defragment Active Directory

Why is backup of the Active Directory database so important?

Why is backing up the Windows system state necessary?

An Active Directory snapshop is actually what kind of backup

Why can you not modify snapshots

What is the name of the physical database file in which all directory data is stored?

Which file is used to track the point up to which transactions in the log file have been committed

What is the name of the file into which directory transactions are written before being committed to the database file

Which file is used as a scratch pad to store information about in-progress large transactions and to hold pages pulled out of ntds.dit during maintenance operations

Name 4 examples of password policies

Why primarily are account lockout policies put into place?

What is the default setting for password history?

What is the default minimum password length in characters

What account setting can you give for account lockout duration that requires an administrator to manually unlock the account?

By default, who has read/write capability to the default domain policy?

How should you assign Password Settings objects (PSOs) to users?

What is the primary advantage of using group policies in a domain environment

What is the secpol.msc utility for?

What does the minimum password age setting control?

Why should administrator passwords change more often than user passwords?

What is the range of password history settings?

What is an easy method of creating a strong password?

Why is a setting of 0 for maximum password age not a good idea?

Account policies contain various subsets, which 3 are legitimate subsets of account policies?

Which password is considered complex? M!croS0ft or candybar01

What character length for a password generally accepted as a minimum

The default maximum password age is how long?

This setting defines a default password filter that is enabled by default

This setting defines the number of days that a password can before a user must change it

This setting defines the number of unique, new passwords that must be associated with a user account before an old password can be reused

This setting defines the minimum number of characters that a user's password must contain

What policy will affect all users in the domain, including domain controllers

In which order are group policy objects processed?

What is the default timeout value for GPOs to process on system startup

GPOs are processed on computer startup and after logon. Why is the user never aware of the processing

What is the first step in the GPO processing order?

The downward flow of group policies is known as what feature of GPOs?

If a site, domain, or OU has multiple GPOs, how are the group policies processed

Which two filters can you use to control who or what receives a group policy?

For users to receive GPO settings, they must have which two permissions to the GPO

By default, which GPO permissions are all authenticated users given?

At what point are WMI filters evaluated

To use WMI filters, you must have one domain controller running which version of Windows Server or higher

How many WMI filters can be configured for a GPO?

What kind of group policies should you enable for student computers?

What is the primary purpose of running the Group Policy Results Wizard?

Which utility do you use to set up loopback policies?

How are client-side extensions applied

What is the best method of dealing with slow-link processing?

Where would using Replace mode GPOs be appropriate?

What feature uses a security access list (ACL) to determine who can modify or read a policy and who or what a GPO is applied to?

What component extends the Windows Driver Model to provide an interface to the operating system to provide information and notification on hardware, software, operating systems, and services

How do group policy settings flow down into the lower containers and objects?

What feature configures a GPO to be applied to certain users or computers based on specific hardware, software, operating systems, and services?

Which operating systems can have its security setting managed by using security templates?

Which two methods can you use to deploy security templates

What is an ADMX file?

What is the central store?

Name two legitimate Administrative Template Property filters?

What is the name of the software component used for installation, maintenance, and removal of software on Windows?

What is the filename extension for the files in which installation information is stored?

What are MST files used for?

Windows Installer cannot install .exe files. To distribute a software package that installs with an .exe file, what must you do to it?

The Security Template allows you to configure which 3 settings?

Where is the default location for ADMX files?

Identify the 3 possible states of an Administrative Template

What language are ADMX files based on?

Unlike ADM files, ADMX files are NOT stored where ?

Where is the Central Store located

An application cannot be published to a

When configuring Group Policy to deploy applications, the applications must be mapped to where?

What happens when an application deployed via group policies becomes damaged or corrupted?

If you, as an administrator, change an installed application, how do you update your users?

Which node contains only one node, Software installation, which allows you to install and maintain software within your organization?

Which node contains settings that are applied when the user logs on?

Which node contains settings that are applied to the computer regardless of who logs on to the computer

Which node allows you to configure settings such as Name Resolution Policy, Security Settings, Policy-Based QoS nodes?

Which domain users are automatically granted permissions to perform Group Policy Management tasks?

Name two reasons for resetting the domain policy and the domain controller policy to the default settings?

A user must have which two existing permissions for new permissions to be applied to their accounts for GPO delegation

If you don't want a GPO to apply, which group policy permission do you apply to a user or a group

When you're about to reset domain policy and domain policy and domain controllers policy back to default with the dcgpofix.exe command, what final warning are you given before you accept the change?

To give someone permission to manage a particular GPO, you use the ___tab of the individual GPO

What is a collection of files stored in the SYSVOL (%SYSTEMROOT%SYSVOLPolicies) of each domain controller?

What is a file that maps references to users, groups, computers, and UNC paths in the source GPO to new values in the destination GPO?

What is an Active Directory object stored in Group Policy Objects container with the domain naming content of the directory that defines basic attributes of the GPO but does not contain any of the settings

What process grants permissions to other users to manage group policies?

Which utility do you use to create GPO preferences?

For GPP editing states, which key do you use to toggle Enable Content

How do you stop processing a preference if an error occurs?

Which Windows extension allows you to copy registry settings and apply them to other computers' create,replace, or delete registry settings

Which Windows extension allows you to add, replace, or delete sections or properties in configuration settings or setup information files

To copy, replace, update, or delete files, you can use wildcard characters. Which wildcard characters can you use? Select all that apply

If you need to provide users access to a common network location, which GPP would you use? name 2

To support GPPs on older Windows versions (Server and Workstation), you have to install what component from microsoft

Which component allows you to create multiple Registry preference items based on registry settings that you select

Name two possible targets for individual preferences?

Which term describes changing the scope of individual preferences items so that the preference items apply only to selected users or computers

Which items can you configure shortcuts to in performing GPP deployments? Name 4

Identify at least 4 Window Settings multiple preference extensions

When working with Network Drive Mapping Preferences, which preference behaviors delete drive mappings?

What 3 server versions can GPP be configured on domain controllers running Windows Server

What is the key difference between preferences and policy settings?

GPPs are divided into which two sections

Windows Settings are common configuration settings used in Windows but now used where?

What object can you create to organize Registry preference items?

Normally, preferences are refreshed at the same interval as Group Policy settings. If this option is selected, this option will be applied only once on logon or startup

When this option is selected, if an error occurs while processing a preference, no other preferences in this GPO will process

This option determines which users or computers will receive a preference based on a a criterion such as computer name, IP address range, operating system, security group, user, or Windows Management Instrumentation (WMI) queries

By default, this option runs as the System account. If this option is selected, the logged-on user context is used

What kind of Radius server is placed between the Radius Server and RADIUS clients?

What process determines what a user is permitted to do on a computer or network

What is a RADIUS server known as in Microsoft parlance

What ports to Microsoft RADIUS servers use officially

When an access client contacts a VPN server or wireless access point, a connection request is sent to what system

Which system in a RADIUS infrastructure handles the switchboard duties of relaying requests to the RADIUS server and back to the client

What is the final step in the authentication, authorization, and accounting scenario between an access client and the radius server

To configure RADIUS service load balancing you must have more than one kind of what system per remote RADIUS server group

Which parameter specifies the order of importance of the RADIUS server to the NPS proxy server

Using what feature can streamline the creation and setup of RADIUS servers

What kind of information does the Accounting-Start message contain?

Which system is the destination for Accounting-Start messages?

What type of NPS authentication is recommended over password authentication

Why is password-based authentication not recommended

Where do you get certificates for authentication purposes

When setting up authentication to NPS services for Microsoft-only clients, what type of authentication should you use

What would be the biggest problem with configuring text files for accounting logging?

You would create a radius server template so you could do what with it?

Which non-recommended method of user authentication is considered to insecure because usernames and passwords are sent in plain text

If you decide to use this method for authentication, you will need certificates that include the client authentication purpose

Which authentication method encompasses the largest number of clients (Microsoft and Non-Microsoft) but only has a moderate level of security

An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity

Which variable can be set to authorize or deny a remote connection

The default connection policy uses NPS as what kind of server

Where is the default connection policy set to process all authentication requests

What is the last setting in the Routing and Remote Access IP settings

What command line utility is used to import and export NPS templates

To which type of file do you export an NPS configuration

When should you not use the command-line utility method of exporting and importing the NPS configuration

Network policies determine what two important connectivity restraints

When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _____ that have been configured for the policy

If a remote connection attempt does not match any configured constraints, that does the remote server to with the connections

Identify the 3 correct NPS templates

Which two of the following are Routing and Remote Access IP settings

What Routing and Remote Access IP setting is the default setting

Which is the strongest type of encryption

RADIUS Access-Request messages are processed or forwarded by NPS only if the settings match what on the NPS server?

Why is there a No Encryption option for network connections

Network Access Policy is part of which larger scope policy

What character string makes up the telephone number of the network access server (NAS)

What character string attribute designates the phone number used by the access client

What is used to restrict the policy only to clients what can be identified through the special mechanism such as the NAP statement of health

What is the name of the RADIUS client computer that requests authentication

Network Access Protection (NAP) is Microsoft's software for controlling network access for computers based on what?

Because NAP is provided by _____, you need to install _____ to install NAP

DHCP enforcement is not available for what kind of clients

Identify two remediation server types

What type of active directory domain controller is recommended to minimize security risks for remediation servers

When you fully engage NAP for remediation enforcement, what mode do you place the policy in

To verify a NAP client's configuration, which command would you run?

Which two components must a nap client have enabled in order to use nap

Why do you need a web server as part of your NAP remediation infrastructure?

Where do you look to find out which computers are blocked and which are granted access via NAP

Health policies are in pairs, what are the members of the pair, select two

You should restrict access only for clients that don't have all available security updates installed if what situation exists

What happens to a computer that isn't running windows firewall

Health policies are connected to what two other policies

To use the NAP-compliant policy, the client must do what?

Which computers are not affected by VPN enforcement

When enabling NAP for DHCP scopes, how should you roll out the service

What is the purpose of the System Health Agent (SHA)

Why is monitoring system health so important?

Why would you setup a monitor-only NAP policy on your network

These computers don't typically move much and are part of the domain

These Windows computers are not usually connected directly to the network but connect through a VPN connection. Because they are usually home computers, they might not have up-to-date software

These computers are unmanaged computers used by consultants or vendors who need to connect to your network

These window computers move often but are typically part of the domain, but might not always get the newest updates

What is the default authentication protocol for non-domain computers

What does the acronym NTLM stand for

NTLM uses a challenge-response mechanism for authentication without doing what

What kind of protocol is Kerberos

Kerberos security and authentication are based on what type of o technology

What is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly

Which three components make up a service principal name (SPN)

What happens if a client submits a service ticket request for an SPN that does not exist in the identity store

Which tool can you use to add SPNs to an account

What are two restrictions for adding SPNs to an account

Identify another utility that you can use to add SPNs to an account

What type of account is an account under which an operating system, process, or service runs

When creating accounts for operating systems, processes, and services, you should always configure them with what two things in mind?

Name two benefits to using Managed Service Accounts (MSAs)

By default, which service accounts with the Windows Powershell cmdlets manage?

What is the default authentication protocol for contemporary domain computers

What is the name by which a client uniquely identifies an instance of a service

Before you create an MSA object type, you must create what?

What service right does an MSA account automatically receive upon creation

Which kerberos setting defines the maximum time skew that can be tolerated between a ticket's timestamp and the current time at the KDC

Which Kerberos setting defines the maximum lifetime ticket for a Kerberos TGT ticket

Which Kerberos setting defines the maximum lifetime for a Kerberos ticket

Which Kerberos setting defines how long a service or user ticket can be renewed

The domain controllers are the computers that store and run the ____

How many PDC emulators are required, if needed, in a domain?

You do not place the infrastructure master on a global catalog server unless what situation exists

When you add attributes to an Active Directory object, what part of the domain database are you actually changing?

Which active directory object is defined as a specialized domain controller that performs certain tasks so that the multi-master domain controllers can operate and synchronize properly

How many global catalogs are recommended for every organizations

What two things must you do to a Windows Server to convert it to a domain controller?

Beginning with which server version can you safely deploy domain controllers in a virtual machine

What utility must you run on a cloned system to ensure that the clone receives its own SID

Which type of system must you connect to and use to make changes to Active Directory

Which version of Windows Server introduced incremental universal group membership replication

What are the three types of groups in a domain

The global catalog stores a partial copy of all objects in the forest. What are the reasons for keeping that partial copy? 3

Although the changes are easy to make, why is changing the AD Schema such a big deal

Where in the forest is a global catalog automatically created?

Which utility do you use to manage Active Directory from the command line

Which command-line command do you use to allow Windows Server 2003 domain controllers to replicate to RODCs?

Which term describes a collection of domains grouped together in hierarchical structures that share a common root domain?

Which term describes an administrative boundary for users and computers, which are stored in a common directory database?

Which term describes a collection of domain trees that share a common Active Directory Domain Services (AD DS)?

Which term describes containers in a domain that allow you to organize and group resources for easier administration, including providing and delegating administrative rights