Jesse Collins
Quiz by , created more than 1 year ago

Brought to you by late night industries!

113
1
0
Jesse Collins
Created by Jesse Collins about 8 years ago
Close

CIT 214 Microsoft Server Configuration - Final Exam Part 2 - Basic Edition

Question 1 of 71

1

What can be used to add, delete, or modify objects in Active Directory, in addition to modifying the schema if necessary?

Select one of the following:

  • DCPROMO

  • LDIFDE

  • CSVDE

  • NSLOOKUP

Explanation

Question 2 of 71

1

When using CSVDE, what is the first line of the text file that uses proper attribute names?

Select one of the following:

  • header row

  • header record

  • name row

  • name record

Explanation

Question 3 of 71

1

Which of the following utilities do you use to perform an offline domain join?

Select one of the following:

  • net join

  • join

  • djoin

  • dconnect

Explanation

Question 4 of 71

1

Which of the following is not a type of user account that can be configured in Windows Server 2012?

Select one of the following:

  • local accounts

  • domain accounts

  • network accounts

  • built-in accounts

Explanation

Question 5 of 71

1

Which of the following are the two built-in user accounts created automatically on a computer running Windows Server 2012 R2?

Select one or more of the following:

  • Network

  • Interactive

  • Administrator

  • Guest

Explanation

Question 6 of 71

1

What is the PowerShell cmdlet syntax for creating a new user account?

Select one of the following:

  • New-ADUser

  • New-User

  • New-SamAccountName

  • There is no PowerShell cmdlet for user creation.

Explanation

Question 7 of 71

1

What is the PowerShell cmdlet syntax for creating a new computer object?

Select one of the following:

  • New-Computer -Name <computer name> –path <distinguished name>

  • New-ADComputer -Name <computer name> –path <distinguished name>

  • New-ComputerName <computer name> –path <distinguished name>

  • There is no PowerShell cmdlet for creating computer objects.

Explanation

Question 8 of 71

1

When using Netdom.exe to join an account, you may add the parameter [/OU:OUDN]. If this parameter is left out, where is the object placed?

Select one of the following:

  • In the same organizational unit (OU) as the administrator running Netdom.exe

  • In the Users container

  • In the Computers container

  • Without the OU specified, the program will fail.

Explanation

Question 9 of 71

1

Who may join a computer to the domain?

Select one of the following:

  • No one, the computer does this itself when authenticating.

  • The computer joins the domain as part of the object creation process.

  • Only the domain administrator may join the computer to the domain.

  • Members of the computer’s local Administrators group may join the computer to the domain.

Explanation

Question 10 of 71

1

What is the primary means by which people access resources on an Active Directory Domain Service (AD DS) network?

Select one of the following:

  • By having a computer account

  • Being within the proper site and domain

  • By having elevated privileges

  • By having a user account

Explanation

Question 11 of 71

1

What differences matter most in creating a single user versus multiple users?

Select one of the following:

  • Single user creation is often done from the graphical user interface (GUI), whereas creating multiple users typically requires using command-line tools.

  • Creating a single user is simple, but manual work.

  • Time does not permit automating the creation of a single user.

  • When creating multiple users, not as many parameters are involved.

Explanation

Question 12 of 71

1

What two graphical tools will help create either user or computer objects?

Select one of the following:

  • Server Manager and PowerShell

  • Active Directory Administrative Center and Active Directory Users and Computer

  • Server Core and PowerShell

  • LDIFDE.exe and CSVDE.exe

Explanation

Question 13 of 71

1

What is a key benefit to using ADAC or the Active Directory Users and Computers console?

Select one of the following:

  • ADAC allows you to modify the properties of both multiple users and multiple computers at once.

  • ADAC allows you to import multiple objects at once.

  • ADAC allows you to modify the properties of multiple users or multiple computers at once.

  • ADAC not only helps create user and computer objects, but it helps join them to a domain.

Explanation

Question 14 of 71

1

Are typical, authenticated users able to create computer objects in an Active Directory?

Select one of the following:

  • No, it requires administrative rights to create a computer object.

  • Yes, if they are specially granted the Add Workstations To The Domain right.

  • No, users are not able to do so by default.

  • Yes, by default, users who are successfully authenticated to Active Directory are permitted to join up to 10 workstations to the domain, thus creating up to 10 associated computer objects.

Explanation

Question 15 of 71

1

You are planning an Active Directory implementation for a company that currently has sales, accounting, and marketing departments. All department heads want to manage their own users and resources in Active Directory. What feature will permit you to set up Active Directory to allow each manager to manage his or her own container but not any other containers?

Select one of the following:

  • Delegation of control

  • Read-only domain controller

  • Multimaster replication

  • SRV records

Explanation

Question 16 of 71

1

If the user named Amy is located in the sales OU of the central.cohowinery.com domain, what is the correct syntax for referencing this user in a command line utility?

Select one of the following:

  • amy.cohowinery.com

  • cn=amy.ou=sales.dc=cohowinery.com

  • cn=amy,ou=sales,dc=central,dc=cohowinery,dc=com

  • dc=com,dn=cohowinery,ou=sales,cn=amy

Explanation

Question 17 of 71

1

Which of the following is a container object within Active Directory?

Select one of the following:

  • Folder

  • Group

  • User

  • OU

Explanation

Question 18 of 71

1

Which of the following groups do you use to consolidate groups and accounts that either span multiple domains or the entire forest?

Select one of the following:

  • Global

  • Domain

  • Built-in

  • Universal

Explanation

Question 19 of 71

1

Which of the following is not a correct reason for creating an OU?

Select one of the following:

  • To create a permanent container that cannot be moved or renamed

  • To duplicate the divisions in your organization

  • To delegate administration tasks

  • To assign different Group Policy settings to a specific group of users or computers

Explanation

Question 20 of 71

1

Which of the following group scope modifications are not permitted? (Choose all answers that are correct.)

Select one of the following:

  • Global to universal

  • Global to domain local

  • Universal to global

  • Domain local to universal

Explanation

Question 21 of 71

1

In a domain running at the Windows Server 2012 domain functional level, which of the following security principals can be members of a global group? (Choose all answers that are correct.)

Select one or more of the following:

  • Users

  • Computers

  • Universal groups

  • Global groups

Explanation

Question 22 of 71

1

You are attempting to delete a global security group in the Active Directory Users and Computers console, and the console will not let you complete the task. Which of the following could possibly be causes for the failure? (Choose all answers that are correct.)

Select one or more of the following:

  • There are still members in the group.

  • One of the group’s members has the group set as its primary group.

  • You do not have the proper permissions for the container in which the group is located.

  • You cannot delete global groups from the Active Directory Users and Computers console.

Explanation

Question 23 of 71

1

Select the best reasons for using organizational units (OUs)?

Select one of the following:

  • Organizing by geography, assigning Group Policy settings, and applying security boundaries

  • Applying security boundaries, assigning Group Policy settings, and organizing by geography

  • Duplicating organizational divisions, assigning Group Policy settings, and delegating administration

  • Assigning Group Policy settings, administering delegation, and delegating administration

Explanation

Question 24 of 71

1

What is the primary difference between universal groups and global groups in Windows Server 2012 R2?

Select one of the following:

  • Global groups use less data in the global catalog. So, in considering replication traffic, universal groups should be within a site.

  • Universal groups use less data in the global catalog. So, in considering replication traffic, global groups should be within a site.

  • Universal groups use more data in the global catalog. However, global groups are best in general, both within a site and across sites.

  • Global groups use less data than universal groups, but not significantly.

Explanation

Question 25 of 71

1

Generally, how do groups differ from OUs?

Select one of the following:

  • Groups are security principals, meaning you assign access permissions to a resource based on membership to a group. OUs are for organization and for assigning Group Policy settings.

  • Groups are created by the Server Manager, but you create OUs by scripts.

  • OUs are security principals, meaning you assign access permissions to a resource based on membership to an organizational unit. Groups are for organization and for delegating permissions.

  • Organizational units are container objects made from the Active Directory Users and Computers console.

Explanation

Question 26 of 71

1

What are the different kinds of groups?

Select one of the following:

  • There are two types: security and distribution.

  • There are two types: security and distribution, and three group scopes: domain local, global, and universal.

  • There are three group scopes: domain local, global, and universal.

  • There are three group types: domain local, global, and universal.

Explanation

Question 27 of 71

1

What command-line utility allows administrators to modify groups’ type and scope as well as add or remove members?

Select one of the following:

  • PowerShell and the applicable cmdlet

  • Active Directory Users and Computers console

  • Active Directory Administrative Center

  • Dsmod.exe

Explanation

Question 28 of 71

1

Which of the following types of files do Group Policy tools access from a Central Store by default?

Select one of the following:

  • ADM files

  • ADMX files

  • Group Policy objects

  • Security templates

Explanation

Question 29 of 71

1

Which of the following local GPOs takes precedence on a system with multiple local GPOs?

Select one of the following:

  • Local Group Policy

  • Administrators Group Policy

  • Nonadministrators Group Policy

  • User-specific Group Policy

Explanation

Question 30 of 71

1

Which of the following techniques can you use to apply GPO settings to a specific group of users in an OU?

Select one of the following:

  • GPO linking

  • Administrative templates

  • Security filtering

  • Starter GPOs

Explanation

Question 31 of 71

1

Which of the following best describes the function of a starter GPO?

Select one of the following:

  • A starter GPO functions as a template for the creation of new GPOs.

  • A starter GPO is the first GPO applied by all Active Directory clients.

  • Starter GPOs use a simplified interface for elementary users.

  • Starter GPOs contain all of the settings found in the default Domain Policy GPO.

Explanation

Question 32 of 71

1

When you apply a GPO with a value of Not Configured for a particular setting to a system on which that same setting is disabled, what is the result?

Select one of the following:

  • The setting remains disabled.

  • The setting is changed to not configured.

  • The settings is changed to enabled.

  • The setting generates a conflict error.

Explanation

Question 33 of 71

1

Local GPOs are stored ________, whereas Domain GPOs are stored _________.

Select one of the following:

  • in Active Directory; in Active Directory

  • in Active Directory; on the local computer

  • on the local computer; in Active Directory

  • on the local computer; on the local computer

Explanation

Question 34 of 71

1

By default, linking a GPO to a container causes all the users and computers in that container to receive the GPO settings. How can you modify the default permission assignments so that only certain users and computers receive the permissions and, consequently, the settings in the GPO?

Select one of the following:

  • You cannot separate or divide permission assignments within the linked container.

  • You can create and link a different GPO to the applicable objects, overriding the previous GPO.

  • You remove the applicable objects and place in a new container.

  • You apply security filtering in the Group Policy Management console.

Explanation

Question 35 of 71

1

When multiple GPOs are linked to a container, which GPO in the list has the highest priority?

Select one of the following:

  • The last

  • The first

  • The most permissive

  • The most restrictive

Explanation

Question 36 of 71

1

Group Policy settings are divided into two subcategories: User Configuration and Computer Configuration. Each of these two settings is further organized into three subnodes. What are the three subnodes?

Select one of the following:

  • Software Settings, Windows Settings, and Delegation Templates

  • Software Settings, Windows Settings, and Administrative Templates

  • Security Settings, Windows Settings, and Delegation Templates

  • Security Settings, Windows Settings, and Administrative Templates

Explanation

Question 37 of 71

1

What is the order in which Windows systems receive and process multiple GPOs?

Select one of the following:

  • LSOUD (local, site, OU, and then domain)

  • LOUDS (local, OU, domain, and then site)

  • SLOUD (site, local, OU, and then domain)

  • LSDOU (local, site, domain, and then OU)

Explanation

Question 38 of 71

1

What are the different types of Group Policy objects (GPOs)?

Select one of the following:

  • Computer, user, and organizational unit

  • Local, domain, and starter

  • Local, domain, and universal

  • Site, domain, and organizational unit

Explanation

Question 39 of 71

1

Installing Windows Server 2012 Active Directory Domain Services (AD DS) installs two default policies: Default Domain Policy and Default Domain Controller Policy. As an administrator, you need different policy settings than the default. What is the best approach to make those changes?

Select one of the following:

  • Add new settings in the default policies as needed.

  • Create new GPOs to augment or override the existing default settings.

  • Change existing ones in the default policies as needed.

  • Link a new GPO using the AD DS role.

Explanation

Question 40 of 71

1

If creating a local GPO, then a secondary GPO, then a tertiary GPO, what policy settings are included in each GPO?

Select one of the following:

  • The first GPO contains both Computer Configuration and User Configuration settings, whereas the secondary and tertiary GPOs contain only Computer Configuration settings.

  • Each GPO contains both Computer Configuration and User Configuration settings.

  • All GPOs contain User Configuration settings.

  • The first GPO contains both Computer Configuration and User Configuration settings, whereas the secondary and tertiary GPOs contain only User Configuration settings.

Explanation

Question 41 of 71

1

Group Policies applied to parent containers are inherited by all child containers and objects. What are the ways you can alter inheritance?

Select one of the following:

  • Using the Enforce, Block Policy Inheritance, or Loopback settings.

  • Using Active Directory Administrative Center (ADAC) to block inheritance.

  • Inheritance can be altered by making the applicable registry settings.

  • Using the Enforce or Block Policy Inheritance settings.

Explanation

Question 42 of 71

1

You are an administrator in a mixed environment of Windows Server 2012, Server 2008 R2 and desktops running Vista. You need different settings for users, based on their identities. Can you achieve this through multiple local GPOs?

Select one of the following:

  • All these operating systems support for multiple local GPOs. However, some servers are standalone (non-AD DS) systems.

  • Yes, this is achievable through support by all OSs, regardless of whether standalone or whether members of an AD DS domain.

  • No, this is not achievable given the current environment.

  • No, this is not achievable until software is added.

Explanation

Question 43 of 71

1

Which of the following tools would you use to deploy the settings in a security template to all of the computers in an Active Directory Domain Services domain?

Select one of the following:

  • Active Directory Users and Computers

  • Security Templates snap-in

  • Group Policy Object Editor

  • Group Policy Management console

Explanation

Question 44 of 71

1

Which of the following are local groups to which you can add users with the Windows Control Panel?

Select one or more of the following:

  • Users

  • Power Users

  • Administrators

  • Nonadministrators

Explanation

Question 45 of 71

1

Which of the following tools would you use to modify the settings in a security template?

Select one of the following:

  • Active Directory Users and Computers

  • Security Templates snap-in

  • Group Policy Object Editor

  • Group Policy Management console

Explanation

Question 46 of 71

1

The built-in local groups on a server running Windows Server 2012 receive their special capabilities through which of the following mechanisms?

Select one of the following:

  • Security options

  • Windows Firewall rules

  • NTFS permissions

  • User rights

Explanation

Question 47 of 71

1

After configuring and deploying the Audit Directory Service Access policy, what must you do before a computer running Windows Server2012 begins logging Active Directory access attempts?

Select one of the following:

  • You must select the Active Directory objects you want to audit in the Active Directory Users and Computer console.

  • You must wait for the audit policy settings to propagate to all of the domain control- lers on the network.

  • You must open the Audit Directory Service Access Properties sheet and select all of the Active Directory objects you want to audit.

  • You must add an underscore character to the name of every Active Directory object you want to audit.

Explanation

Question 48 of 71

1

What is the purpose of the Audit Policy section of a Local Group Policy objects (GPO)?

Select one of the following:

  • Administrators can log successful and failed security events, such as logon events, database errors, and system shutdown.

  • Administrators can log successful and failed security events, such as loss of data, account access, and object access.

  • Administrators can log successful and failed events, forwarded from other systems.

  • Administrators can log events related specifically to domain controllers.

Explanation

Question 49 of 71

1

What are the three primary event logs?

Select one of the following:

  • Application, Forwarded, and System

  • Application, Security, and Setup

  • Application, Security, and System

  • Application, System, and Setup

Explanation

Question 50 of 71

1

After you create a GPO that contains computer or user settings, but not both, what can you do for faster GPO processing?

Select one of the following:

  • Set the priority higher for the configured setting area.

  • Manually refresh the GPO settings.

  • Disable the setting area that is not configured.

  • Regardless of whether part or all of a GPO is configured, the GPO is processed at the same speed.

Explanation

Question 51 of 71

1

What are the two interfaces for creating and managing local user accounts for a computer joined to the domain?

Select one of the following:

  • Control Panel and ADAC

  • User Accounts control panel and the Local Users and Groups snap-in for MMC

  • ADAC and the Active Directory of Users and Computers snap-in for MMC

  • Server Manager and PowerShell

Explanation

Question 52 of 71

1

What did Microsoft introduce in Windows Server 2012 to ensure users with administra- tive privileges still operate routine tasks as standard users?

Select one of the following:

  • New Group Policy and Local Security Policy

  • Secure desktop

  • User Account Control (UAC)

  • Built-in administrator account

Explanation

Question 53 of 71

1

When would you need to create a user account through the Control Panel?

Select one of the following:

  • You can create users through the Control Panel or with the Local Users and Groups snap-in.

  • You can create users through the Control Panel when the Windows Server 2012 computer is part of a workgroup.

  • When you join a computer to an Active Directory Domain Services (AD DS) domain, you can create only new local user accounts with the Local Users and Groups snap-in. Control Panel is while the computer is not a member of an AD DS domain.

  • Creating users through the Control Panel is not possible.

Explanation

Question 54 of 71

1

What is the best approach for planning a security template strategy?

Select one of the following:

  • Plan according to the needs of individual computers, not users.

  • Plan according to the needs of computer roles, and also company locations.

  • Plan according to the needs of computer roles, but not individual computers.

  • Plan according to the needs of users.

Explanation

Question 55 of 71

1

What are the key benefits of security templates?

Select one of the following:

  • Apply consistent, scalable, and reproducible security settings throughout an enterprise.

  • Deploy alongside with group policies.

  • Although a text editor is possible, Windows Server 2012 enables the use of a graphical interface.

  • Simple deployment as configuration files are text (.inf extension) and uses a graphical and unified interface.

Explanation

Question 56 of 71

1

How are most Group Policy settings applied or reapplied?

Select one of the following:

  • Every time a computer starts up

  • At the refresh interval

  • Whenever a user logs on

  • Whenever the domain controller is restarted

Explanation

Question 57 of 71

1

What are the two interfaces available for creating and managing user accounts in Windows Server 2012?

Select one of the following:

  • Control Panel and the MMC snap-in

  • Server Manager and Control Panel

  • Control Panel and Active Directory Users and Computers

  • User Accounts control panel and the Local Users and Groups snap-in for MMC

Explanation

Question 58 of 71

1

Which of the following rule types apply only to Windows Installer packages?

Select one of the following:

  • Hash rules

  • Certificate rules

  • Internet zone rules

  • Path rules

Explanation

Question 59 of 71

1

Which file type is used by Windows Installer?

Select one of the following:

  • .inf

  • .bat

  • .msf

  • .msi file

Explanation

Question 60 of 71

1

Which of the following is not one of the Default Security Levels that can be used with a software restriction policy?

Select one of the following:

  • Basic User

  • Unrestricted

  • Restricted

  • Disallowed

Explanation

Question 61 of 71

1

As part of your efforts to deploy all new applications using Group Policy, you discover that several of the applications you wish to deploy do not include the necessary installer files. What can you use to deploy these applications?

Select one of the following:

  • Software restriction policies

  • .msi files

  • .mdb files

  • .zap files

Explanation

Question 62 of 71

1

Which of the following describes the mathematical equation that creates a digital “fingerprint” of a particular file?

Select one of the following:

  • Hash rule

  • Hash algorithm

  • Software restriction policy

  • Path rule

Explanation

Question 63 of 71

1

Which of the following rules will allow or disallow a script or a Windows Installer file to run on the basis of how the file has been signed?

Select one of the following:

  • Path rule

  • Hash rule

  • Network zone rule

  • Certificate rule

Explanation

Question 64 of 71

1

You want to deploy several software applications using Group Policy, such that the applications can be manually installed by the users from the Add/Remove Programs applet in their local Control Panel. Which installation option should you select?

Select one of the following:

  • Assign

  • Disallowed

  • Publish

  • Unrestricted

Explanation

Question 65 of 71

1

You have assigned several applications using GPOs. Users have complained that there is a delay when they double-click on the application icon, which you know is the result of
the application being installed in the background. What option can you use to pre-install assigned applications when users log on or power on their computers?

Select one of the following:

  • Uninstall when the application falls out of scope

  • Install This Application At Logon

  • Advanced Installation Mode

  • Path rule

Explanation

Question 66 of 71

1

Which of the following Default Security Levels in Software Restriction Policies will disallow any executable from running that has not been explicitly enabled by the Active Directory administrator?

Select one of the following:

  • Basic User

  • Restricted

  • Disallowed

  • Power User

Explanation

Question 67 of 71

1

When installing software using Group Policy, what file or files does an administrator use?

Select one of the following:

  • Windows Installer package files, or .msi files. Modifications to the package files are transform files, or .mst files. Further, patch files are designated as .msp files.

  • Any approved software from Microsoft, including the Certified for Windows Server 2012 logo on the packaging.

  • Windows Installer package files, or .mst files. Modifications to the package files are instruction files, or .msi files.

  • Windows Installer packages that contain all the information about the software.

Explanation

Question 68 of 71

1

You want to deploy software using Group Policy. What is necessary before deciding to Assign the software to your user accounts?

Select one of the following:

  • You must create a Group Policy object (GPO) or modify an existing GPO. As part of configuring the GPO, you decide whether to Assign or Publish the application.

  • You create the GPO. Whether to Assign or Publish is decided elsewhere.

  • You must create a distribution share, also called a software distribution point. Then create the GPO, specifying how to deploy the application.

  • You decide whether to Assign or Publish the application. If using .zap files, you might need user intervention.

Explanation

Question 69 of 71

1

If a software package is set as Assigned, the option to Install This Application At Logon is available. This option enables the application to be installed immediately, rather than advertised on the Start menu. However, when should you avoid this method?

Select one of the following:

  • If users have slow links between their workstations and the software distribution point

  • If computers are already under a very strict security policy and computer configuration

  • If users often take their computer home

  • If computers require administrative logon for each new package

Explanation

Question 70 of 71

1

What does file-activated installation mean, and where is it utilized?

Select one of the following:

  • When a user opens a file associated with an application that does not currently exist on the user’s workstation, the application is installed. It is used for both Publishing and Assigning an application to a user.

  • When a user logs on and the local computer has a file associated with an application that does not exist, the application is installed. It is used when Assigning an applica- tion to a user.

  • When a user opens a file associated with an application that does not currently exist on the user’s workstation, the application is installed. It is used when Assigning an application to a user.

  • When a user logs on and the local computer has a file associated with an applica- tion that does not exist, the application is installed. It is used when Publishing an application to a user.

Explanation

Question 71 of 71

1

What is the most common way to implement software restriction policies?

Select one of the following:

  • By configuring software restriction policies on individual computers by using Local Security Policy

  • Through Active Directory Users and Computers

  • Through GPOs linked to Active Directory Domain Services (AD DS) containers, so that you can apply their policy settings to several computers simultaneously

  • By using AppLocker, provided you apply to a computer running Windows 7 and Windows Server 2008 R2 or later

Explanation