Ie140 Final

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Ryanbecker24
R
Ryanbecker24
Community Contributor
Quizzes Created: 7 | Total Attempts: 6,267
Questions: 50 | Attempts: 733

SettingsSettingsSettings
Ie140 Final - Quiz

.


Questions and Answers
  • 1. 

    Your network contains in Active Directory domain. The domain contains 1000 desktop computers and 500 laptops. An organizational unit (OU) named OU1 contains the computer accounts for the desktop computers and the laptops. You create a Windows PowerShell script named PScript1.ps1 that removes temporary files and cookies. You create a Group Policy object (GPO) named GPO1 to OU1. You want to run the script once a week on only the laptops. What should you do?

    • A.

      Add Script1.ps1 as a startup in GPO1 and attached a WMI filter

    • B.

      Create a File preference that uses item-level targeting in GPO1

    • C.

      Configure the File system security policy in GPO1 and attach a WMI filter

    • D.

      Create a Scheduled Tasks preference that uses item-level targeting in GPO1

    Correct Answer
    D. Create a Scheduled Tasks preference that uses item-level targeting in GPO1
    Explanation
    Creating a Scheduled Tasks preference that uses item-level targeting in GPO1 is the correct answer because it allows you to schedule the execution of the PowerShell script on specific computers (in this case, the laptops) within the OU. By using item-level targeting, you can specify that the script should only run on laptops, ensuring that the script is not executed on the desktop computers. This provides a targeted and efficient way to run the script once a week on only the laptops in the domain.

    Rate this question:

  • 2. 

    Your network contains an Active Directory domain. You need to create a central store for Group Policy administrator templates. What should you use?

    • A.

      File Explorer

    • B.

      Dcgpofix.exe

    • C.

      Server Manage

    • D.

      Group Policy Management Console (GPMC)

    Correct Answer
    D. Group Policy Management Console (GPMC)
    Explanation
    The Group Policy Management Console (GPMC) is the correct answer because it is the primary tool used to manage Group Policy in an Active Directory domain. It provides a centralized and organized interface for creating, editing, and managing Group Policy Objects (GPOs). The GPMC allows administrators to easily create a central store for Group Policy administrator templates, which are used to define policy settings for specific applications or configurations. Using the GPMC, administrators can ensure consistency and efficiency in managing Group Policy across the domain.

    Rate this question:

  • 3. 

    Windows Server 2016 group policies are designed to provide system administrators with the ability to customize end-user settings and to place restrictions on the type of actions that users can perform. Group policies can be easily created by system administrators and then laater applied to one or more users or computers within the environment

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Group policies in Windows Server 2016 are indeed designed to allow system administrators to customize end-user settings and impose restrictions on user actions. These policies can be created by administrators and applied to multiple users or computers in the environment. Therefore, the given answer "True" is correct.

    Rate this question:

  • 4. 

    Most Group Policy items have three different settings options. They are: A) Configured B) Not Configured C) Enabled D) Disabled

    • A.

      B, C, D

    • B.

      A, B, D

    • C.

      A, B, C

    • D.

      A, C, D

    Correct Answer
    A. B, C, D
    Explanation
    Group Policy items can have three different settings options: Not Configured, Enabled, and Disabled. "Not Configured" means that no specific policy is applied, and the default behavior will be followed. "Enabled" means that the policy is applied and enforced, while "Disabled" means that the policy is applied but not enforced. Therefore, the correct answer is B, C, D.

    Rate this question:

  • 5. 

    Group Policy settings take effect immediately, so there is no need to run the gpupdate command prompt or wait for the regular update cycle in order for the policy changes to take effect

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Group Policy settings take effect immediately, meaning that once a policy change is made, it is applied to the targeted computers or users without any delay. This eliminates the need to run the gpupdate command prompt or wait for the regular update cycle to see the changes take effect. Therefore, the answer "True" is correct as it accurately reflects the immediate impact of Group Policy settings.

    Rate this question:

  • 6. 

    What command-line utility allows an administrator the ability to display information about policies and also to perform some functions to manipulate audit policies?

    • A.

      Ipconfig/all

    • B.

      GPUpdate

    • C.

      Auditpol.exe

    • D.

      Chkdsk

    Correct Answer
    C. Auditpol.exe
    Explanation
    Auditpol.exe is a command-line utility that allows an administrator to display information about policies and perform functions to manipulate audit policies. This utility is specifically designed for managing audit policies and provides the necessary tools to configure and control auditing on a Windows system. It enables administrators to view and modify audit settings, such as enabling or disabling auditing for specific events or objects, and configuring audit options for different security categories. By using Auditpol.exe, administrators can effectively manage and monitor the auditing capabilities of their system.

    Rate this question:

  • 7. 

    A system administrator has the ability to force inheritance of a GPO?

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    A system administrator does not have the ability to force inheritance of a Group Policy Object (GPO). Inheritance of GPOs is controlled by the Active Directory hierarchy and cannot be overridden by individual administrators. The inheritance of GPOs follows a specific order and can be blocked or enforced at different levels of the hierarchy, such as the domain or organizational unit (OU). However, administrators can link or unlink GPOs to specific OUs to control their application to different parts of the network.

    Rate this question:

  • 8. 

    There may be a time when an administrator will need to reset the default GPO to its original settings. This can be done by using the DCGPOFix command-line utility. The following command will reset the default GPO to its original state: DCGPOFix [/target: {Domain | DC | Both} [/?]

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    The given correct answer is "True". The explanation for this is that the DCGPOFix command-line utility can indeed be used to reset the default Group Policy Object (GPO) to its original settings. This utility allows administrators to restore the default GPO if any changes or modifications have been made that need to be reverted. By running the DCGPOFix command with the appropriate parameters, the default GPO can be reset to its original state, ensuring that the original settings and configurations are applied.

    Rate this question:

  • 9. 

    What is the purpose of AppLocker?

    • A.

      It is a feature that allows you to configure nested virtualization

    • B.

      It is a feature that allows you to configure Storage Spaces Direct

    • C.

      It is a feature that allows you to configure a Denied List and an Accepted list for the applications

    • D.

      It is a feature that allows you to configure a Rejected List and a Recognized list for applications

    Correct Answer
    C. It is a feature that allows you to configure a Denied List and an Accepted list for the applications
    Explanation
    AppLocker is a feature that allows you to configure a Denied List and an Accepted list for applications. This means that you can specify which applications are allowed to run and which are blocked on a Windows computer. By creating rules and policies, administrators can control and restrict the execution of certain applications, providing added security and control over the system.

    Rate this question:

  • 10. 

    There are two basic types of upgrades that are available for administrators to provide to the users. Which one forces everyone who currently has an existing version of the program to upgrade according to the GPO?

    • A.

      Nonmandatory Upgrade

    • B.

      Required Upgrade

    • C.

      Discretionary Upgrade

    • D.

      Mandatory Updgrade

    Correct Answer
    D. Mandatory Updgrade
    Explanation
    A mandatory upgrade is the type of upgrade that forces everyone who currently has an existing version of the program to upgrade according to the Group Policy Object (GPO). This means that all users are required to upgrade to the new version, and it is not optional or discretionary. The GPO ensures that the upgrade is enforced and applied to all users, leaving no choice for them to continue using the older version.

    Rate this question:

  • 11. 

    The process of assigning permissions to set Group Policy for objects within an OU is known as:

    • A.

      Filtering

    • B.

      Promotion

    • C.

      Inheritance

    • D.

      Delegation

    Correct Answer
    D. Delegation
    Explanation
    Delegation is the process of assigning permissions to set Group Policy for objects within an OU. It allows administrators to grant specific users or groups the ability to manage and control certain aspects of Group Policy within a specific OU. This helps distribute administrative tasks and responsibilities, allowing different individuals or teams to have control over different aspects of Group Policy settings within the OU.

    Rate this question:

  • 12. 

    Which one of the following statements is true regarding the actions that occur when a software package is removed from a GPO that is an OU?

    • A.

      The current user may determine the effect

    • B.

      The application will be automatically uninstalled for all users within the OU

    • C.

      The system administrator may determine the effect

    • D.

      Current application installations will be unaffected by the change

    Correct Answer
    C. The system administrator may determine the effect
    Explanation
    When a software package is removed from a Group Policy Object (GPO) that is an Organizational Unit (OU), the system administrator has the authority to decide the effect of this action. This means that the administrator can choose whether the application will be uninstalled for all users within the OU or if the current application installations will remain unaffected by the change. The decision is in the hands of the system administrator, giving them control over the consequences of removing the software package from the GPO.

    Rate this question:

  • 13. 

    Which PowerShell cmdlet command would you use if you want a newly created GPO to take effect immediately?

    • A.

      GPResult

    • B.

      GPExecute

    • C.

      GPUpdate

    • D.

      GPForce

    Correct Answer
    C. GPUpdate
    Explanation
    The correct answer is GPUpdate. GPUpdate is a PowerShell cmdlet command that is used to update Group Policy settings immediately on a local computer or remote computer. When a new Group Policy Object (GPO) is created, using the GPUpdate command will ensure that the newly created GPO takes effect immediately, without having to wait for the next scheduled update or system restart.

    Rate this question:

  • 14. 

    Which of the following is not an option for item-level targeting?

    • A.

      Computer Name Targeting

    • B.

      CPU Speed Targeting

    • C.

      Battery Present Targeting

    • D.

      DVD Present Targeting

    Correct Answer
    D. DVD Present Targeting
    Explanation
    DVD Present Targeting is not an option for item-level targeting because it is not a relevant criterion for targeting specific items. Item-level targeting typically focuses on factors such as computer name, CPU speed, and battery presence, which are more directly related to the characteristics and functionality of the items being targeted. DVD presence, on the other hand, is not a common or significant factor in item-level targeting as it does not have a direct impact on the functionality or performance of the item.

    Rate this question:

  • 15. 

    You are the network administrator for a large organization that uses Windows Server 2012 R2 domain controllers and DNS servers. All of your client machines currently have the Windows XP operating system. You want to be able to have client computers edit the domain-based GPOs by using the ADMX files that are located in the ADMX Central Store. How do you accomplish this task? A) Upgrade your clients to Windows 8 B) Upgrade your clients to Windows 7 C) Add the client machines to the ADMX edit utility D) In the ADMX store, choose the box Allow All Client Privelages

    • A.

      B, C

    • B.

      A, B

    • C.

      C, D

    • D.

      A, D

    Correct Answer
    B. A, B
  • 16. 

    You have a single Windows Server 2016 Active Directory domain. The domain has OUs for IT, HR, Fiscal, and OPS. You need the users in the OPS OU only to get MS Office 2016 installed automatically onto their computers. You create a GPO named MSOffice2016. What is the next step in getting all of the OPS users Office 2016?

    • A.

      Edit the GPO and assign the Office application to the user's account. Link the GPO to the domain

    • B.

      Edit the GPO and assign the Office application to the computer acccount. Link the GPO to the OPS OU

    • C.

      Edit the GPO and assign the Office application to the computer account. Link the GPO to the domain

    • D.

      Edit the GPO and assign the Office application to the user's account. Link the GPO to the OPS OU

    Correct Answer
    B. Edit the GPO and assign the Office application to the computer acccount. Link the GPO to the OPS OU
    Explanation
    The next step in getting all of the OPS users Office 2016 is to edit the GPO and assign the Office application to the computer account. This will ensure that the Office application is installed automatically onto the computers in the OPS OU. The GPO should then be linked specifically to the OPS OU to apply the settings to the correct group of users.

    Rate this question:

  • 17. 

    You are a new network administrator and you are given a support ticket that an end user continues to receive a desktop wallpaper that he did not choose. You find out that there are at least 32 GPOs. How do you figure out which GPO is changing the end users'desktop wallpaper?

    • A.

      Run the RSoP utility against all domain computer accounts

    • B.

      Run the RSoP utility against the employee's computer account

    • C.

      Run the RSoP utility against all forest computer accounts

    • D.

      Run the RSoP utility against the employee's user account

    Correct Answer
    D. Run the RSoP utility against the employee's user account
    Explanation
    To figure out which GPO is changing the end user's desktop wallpaper, running the RSoP (Resultant Set of Policy) utility against the employee's user account is the correct approach. By running the RSoP utility against the user account, you can analyze the applied Group Policies and identify the specific GPO responsible for the wallpaper change. This will help in troubleshooting and resolving the issue for the end user. Running the utility against all domain or forest computer accounts would not provide specific information about the user's GPOs, and running it against the employee's computer account may not accurately reflect the user-specific policies.

    Rate this question:

  • 18. 

    You are the network administrator for a large organization that has multiple sites and multiple OUs. You have a site named NJITSite that is for the NJ IT building across the street. In the domain, there is an OU for all IT staff called IT. You set up a GPO for the NJITSite, and you need to be sure that it applies to the IT OU. The IT OU GPOs cannot override the NJITSite GPO. What do you do?

    • A.

      On the GPO, set the priorities to 1

    • B.

      On the GPO, disable the Block Child Inheritance setting

    • C.

      On the Sales OU, set the Inherit Parent Policy settings

    • D.

      On the GPO, set the Enforce setting

    Correct Answer
    D. On the GPO, set the Enforce setting
    Explanation
    Setting the Enforce setting on the GPO ensures that the GPO will be applied and cannot be overridden by any other GPOs. This means that even if there are GPOs applied to the IT OU, the NJITSite GPO will still take precedence and be applied to the IT OU.

    Rate this question:

  • 19. 

    You are the administrator for an organization that has multiple locations. You are running Windows Server 2012 R2, and you have only one domain with multiple OUs set up for each location. One of your locations, Boston, is connected to the main location by a 256 Kbps ISDN line. You configure a GPO to assign a sales application to all computers in the entire domain. You have to be sure that Boston users receive the GPO properly What should you do?

    • A.

      Change the properties of the eGPO to publish the applications to the Boston OU

    • B.

      Link the GPO to the Boston OU

    • C.

      Disable the Slow Link Detection setting in the GPO

    • D.

      Have the users in Boston run the GPResult/force command

    Correct Answer
    C. Disable the Slow Link Detection setting in the GPO
    Explanation
    By disabling the Slow Link Detection setting in the GPO, the administrator ensures that the GPO is applied to the Boston location without being hindered by the slow ISDN connection. Slow Link Detection is a feature that prevents GPO processing when the connection speed falls below a certain threshold. Since the Boston location has a slow 256 Kbps ISDN line, disabling this setting allows the GPO to be applied regardless of the connection speed, ensuring that Boston users receive the GPO properly.

    Rate this question:

  • 20. 

    Most Group Policy items have three different settings, they are ... 1. Enabled 2. Disabled 3. Not Configured

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Most Group Policy items have three different settings: Enabled, Disabled, and Not Configured. These settings allow administrators to control the behavior of Group Policy objects. When an item is set to Enabled, the policy is enforced and applied to the targeted objects. When set to Disabled, the policy is not applied. Not Configured means that no specific policy is defined, and the default behavior will be followed. This allows administrators to selectively apply policies to different objects based on their requirements. Therefore, the statement is true.

    Rate this question:

  • 21. 

    Which of the following is the proper term for associating a Group Policy to a set of AD objects?

    • A.

      Linking

    • B.

      Connecting

    • C.

      Granting

    • D.

      Implementing

    Correct Answer
    A. Linking
    Explanation
    Linking is the proper term for associating a Group Policy to a set of Active Directory (AD) objects. When a Group Policy is linked, it is applied to the specified AD objects, such as users, computers, or organizational units. This allows the Group Policy settings to be enforced on the linked objects, ensuring consistent configuration and management across the AD environment. The other options, connecting, granting, and implementing, do not accurately describe the process of associating a Group Policy to AD objects.

    Rate this question:

  • 22. 

    System Administrators can apply Group policy settings at four different levels. What is the GPO processing order and sequence? A) Local Computer B) Domain C) Site D) OU

    • A.

      A B C D

    • B.

      D C B A

    • C.

      D B C A

    • D.

      A C B D

    Correct Answer
    D. A C B D
    Explanation
    The GPO processing order and sequence is as follows: first, the Local Computer policies are applied, then the Site policies, followed by the Domain policies, and finally the policies for the Organizational Unit (OU). This means that the policies at the Local Computer level will take precedence over the policies at the Site level, which will take precedence over the policies at the Domain level, and so on.

    Rate this question:

  • 23. 

    The process by which Group Policy settings are applied to domains and the child objects beneath them is known as:

    • A.

      Inheritance

    • B.

      Relevance

    • C.

      Downward application

    • D.

      Linking

    Correct Answer
    A. Inheritance
    Explanation
    Inheritance refers to the process of applying Group Policy settings from a higher-level domain to its child objects. This means that any settings applied at the domain level will automatically be applied to all objects within that domain, unless they are specifically overridden at a lower level. Inheritance ensures consistency and simplifies the management of Group Policy settings across a domain hierarchy.

    Rate this question:

  • 24. 

    Within Active Directory, there are two main methods for making programs available to end users: A) Preparing Applications B) Assigning Applications C) Deploying Applications D) Publishing Applications

    • A.

      A C

    • B.

      B D

    • C.

      A D

    • D.

      B C

    Correct Answer
    B. B D
    Explanation
    The correct answer is B) Assigning Applications and D) Publishing Applications. These are the two main methods within Active Directory for making programs available to end users. Assigning applications involves directly assigning the application to specific users or groups, while publishing applications allows users to choose which applications they want to install from a list of available options. Both methods provide different ways to distribute and manage applications within an Active Directory environment.

    Rate this question:

  • 25. 

    The command-line utility gpresult.exe is included as part of the RSoP tool

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    The command-line utility gpresult.exe is indeed included as part of the RSoP (Resultant Set of Policy) tool. This tool is used to display the Resultant Set of Policy for a user or computer, which shows the group policies that are being applied to them. By running the gpresult.exe command, administrators can gather information about applied group policies, such as the policies' names, settings, and the source from which they are being applied. Therefore, the given answer, "True," is correct.

    Rate this question:

  • 26. 

    In order to log configuration chcanges of the Certification Authority role service, you must perform the following: A) enable auditing of object access B) enable auditing of process tracking C) enable auditing of privelage use D) enable logging

    • A.

      B C

    • B.

      C D

    • C.

      A D

    • D.

      A B

    Correct Answer
    C. A D
    Explanation
    To log configuration changes of the Certification Authority role service, you need to enable auditing of object access (option A) and enable logging (option D). By enabling auditing of object access, you can track any changes made to the configuration objects. Enabling logging will ensure that the changes are recorded and can be reviewed later. By selecting options A and D, you will have the necessary measures in place to effectively log configuration changes for the Certification Authority role service.

    Rate this question:

  • 27. 

    The certificate revocation list (CRL) polling begins to consume bandwidth. What steps should you consider to reduce network traffic?

    • A.

      You should consider implementing an online issuing CA and a root CA

    • B.

      You should consider publishing more CRLs

    • C.

      You should consider implementing an online responder

    • D.

      You should consider implementing the certificate enrollment Policy Web Server role and Certificate Enrollment role

    Correct Answer
    C. You should consider implementing an online responder
    Explanation
    Implementing an online responder can help reduce network traffic caused by certificate revocation list (CRL) polling. An online responder provides real-time responses to certificate status queries, eliminating the need for clients to constantly download and check CRLs. This reduces bandwidth consumption and improves network efficiency.

    Rate this question:

  • 28. 

    You set up an enterprise certification (CA) named CA1. You are planning to issue certificates based on the User certificate template. You need to make sure that the issued certificates are valid for three years and that they also support auto-enrollment. What is the first step that you should take?

    • A.

      Duplicate the User certificate template

    • B.

      Add a new certificate template for CA1 to issue

    • C.

      Modify the Request Handling settings for the CA

    • D.

      Run the cerutil.exe command and specify the resubmit parameter

    Correct Answer
    A. Duplicate the User certificate template
  • 29. 

    You plan to implement Active Directory Rights Management Services (AD RMS) across the enterprise. You need to plan the AD RMS cluster installations for the forest. Users in all domains will access AD RMS-protected documents. You need to minimize the number of AD RMS clusters. Which of the following will help you determine how many AD RMS root clusters you require?

    • A.

      You need at least one AD RMS root cluster per Active Directory site

    • B.

      You need at least one AD RMS root cluster for the enterprise

    • C.

      You need at least one AD RMS root cluster per domain

    • D.

      You need at least one AD RMS root cluster per forest

    Correct Answer
    D. You need at least one AD RMS root cluster per forest
    Explanation
    To determine how many AD RMS root clusters are required, it is necessary to consider the scope of the implementation. In this case, the requirement is to implement AD RMS across the entire enterprise, which typically spans multiple domains within a forest. Therefore, having at least one AD RMS root cluster per forest is necessary to ensure that all domains within the forest can access AD RMS-protected documents. This approach minimizes the number of AD RMS clusters needed while still providing the necessary coverage for the entire enterprise.

    Rate this question:

  • 30. 

    All certificates issued by a certification authority have a validity period?

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    All certificates issued by a certification authority have a validity period because certificates are used to verify the authenticity and integrity of digital information. To ensure that the certificate remains trustworthy, it is necessary to set a validity period within which the certificate is considered valid. This allows for regular updates and revocation of certificates to maintain security and prevent the use of outdated or compromised certificates.

    Rate this question:

  • 31. 

    Your network contains an Active Directory domain named PCAge.com. You plan to deploy a Windows 2016 Active Directory Federation Services (AD FS) farm that will contain eight federation servers. You need to identify which technology or technologies must be deployed on the network before you install the federation servers. Which technology or technologies should you identify?

    • A.

      Microsoft SQL Server 2016

    • B.

      Network Load Balancing

    • C.

      The Windows Identify Foundation 3.5 feature

    • D.

      Windows Internal Database feature

    Correct Answer
    A. Microsoft SQL Server 2016
    Explanation
    The technology that must be deployed on the network before installing the federation servers is Microsoft SQL Server 2016. This is because AD FS requires a SQL Server database to store configuration and operational data. Therefore, before installing the federation servers, you need to deploy Microsoft SQL Server 2016 to provide the necessary database functionality.

    Rate this question:

  • 32. 

    You can only have one AD RMS root cluster per AD forest

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    AD RMS (Active Directory Rights Management Services) is a Microsoft technology that allows organizations to protect their sensitive information by applying restrictions to how it is used and accessed. In an AD forest, there can only be one AD RMS root cluster, which serves as the central authority for managing rights and policies within the forest. This ensures consistency and centralized control over the rights management infrastructure. Having multiple root clusters in a single forest would lead to conflicts and inconsistencies in managing rights and policies, making it necessary to have only one AD RMS root cluster per AD forest.

    Rate this question:

  • 33. 

    Federation proxy services are installed through which of the following?

    • A.

      Separate Active Directory Federation Proxy install download

    • B.

      Server Manager > Active Directory Federation Services > Active Directory Proxy services

    • C.

      Windows Powershell > Install Windows-Feature Web Proxy

    • D.

      Server Manager > Remote Access > Web Proxy

    Correct Answer
    D. Server Manager > Remote Access > Web Proxy
    Explanation
    Federation proxy services are installed through Server Manager > Remote Access > Web Proxy. This option allows the installation of the necessary proxy services for federation. The other options mentioned are not correct as they do not involve the installation of federation proxy services.

    Rate this question:

  • 34. 

    The Certification Authority name must be the same as the computer name?

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    The Certification Authority name must be the same as the computer name because the Certification Authority (CA) is responsible for issuing digital certificates. The CA's name is included in the digital certificate as the issuer. To ensure the authenticity and trustworthiness of the certificate, it should match the name of the computer or server that is hosting the CA. This helps to establish a secure connection and verify the identity of the CA.

    Rate this question:

  • 35. 

    What PowerShell command would you use to see all of the location sets for the CRL distribution point (CDP)?

    • A.

      Add-CACrIDistributionPoint

    • B.

      See-CACrlDistributionPoint

    • C.

      Get-CACrlDistributionPoint

    • D.

      View-CACrlDistributionPoint

    Correct Answer
    C. Get-CACrlDistributionPoint
    Explanation
    The correct answer is "Get-CACrlDistributionPoint". This PowerShell command is used to retrieve and display all of the location sets for the CRL distribution point (CDP). It allows the user to view the CRL distribution points configured for a certification authority (CA) and provides information about the locations where the certificate revocation lists (CRLs) are stored.

    Rate this question:

  • 36. 

    You are the network administrator for a large organization. You need to add a certificate template to the Certificate Authority. What PowerShell command would you use?

    • A.

      Add-CATemplate

    • B.

      Add-CSTemplate

    • C.

      New-Template

    • D.

      Get-CSTemp late

    Correct Answer
    A. Add-CATemplate
    Explanation
    The correct answer is "Add-CATemplate." This PowerShell command is used to add a certificate template to the Certificate Authority. It allows the network administrator to easily manage and deploy certificates within the organization's network infrastructure.

    Rate this question:

  • 37. 

    You have set up an enterprise root certification authority (CA) named CA_Server1. Computers on the network have successfully enrolled and received certificates that will expire in one year. The certificates are based on a template named CA_Template1. You need to ensure that new certificates based on CA_Template1 are valid for four years. What should should you do to make sure they are valid for four years?

    • A.

      Instruct users to request certificates by running the certreq.exe command

    • B.

      Modify the validity period for the certificate template

    • C.

      Instruct users to request certificates by using the Certificate console

    • D.

      Modify the Validity period for the root CA certificate

    Correct Answer
    A. Instruct users to request certificates by running the certreq.exe command
    Explanation
    To ensure that new certificates based on CA_Template1 are valid for four years, you should instruct users to request certificates by running the certreq.exe command. This command allows users to generate and submit certificate requests to the CA. By using this method, users can specify the desired validity period for their certificates, in this case, four years. Modifying the validity period for the certificate template or the root CA certificate would not achieve the desired result as it would affect all certificates issued, not just those based on CA_Template1. Instructing users to request certificates through the Certificate console does not provide an option to specify the validity period.

    Rate this question:

  • 38. 

    Which of the following will you have to configure in order to make sure that certificate clients check the CRL at least every 25 minutes to see wheter a certificate has been revoked or not?

    • A.

      Certificate templates

    • B.

      Delta CRL publication interval

    • C.

      CRL publication interval

    • D.

      Key recovery agent

    Correct Answer
    B. Delta CRL publication interval
    Explanation
    To ensure that certificate clients check the CRL (Certificate Revocation List) every 25 minutes to determine if a certificate has been revoked or not, the Delta CRL publication interval needs to be configured. The Delta CRL contains only the changes or updates made to the CRL since the last publication, making it more efficient and faster to download and process. By configuring the Delta CRL publication interval, the CRL will be published at regular intervals, allowing clients to check for revocation more frequently.

    Rate this question:

  • 39. 

    You are system administrator at ABC_Corp. which hosts a web RMS aware application that the ABC_Corp forest and 123_Corp forest users need to access. You deploy a single AD FS server in the ABC_Corp forest. Which of the following is a true statement about your AD FS implementation? A) You will configure a relying party server on the ABC_Corp AD F5 server B) The AD FS server in the 123_Corp forest functions as the claims provider C) The AD FS server in the 123_Corp forest functions as the relying party server D) You will configure a claims provider trust on the ABC_Corp AD FS server 

    • A.

      C D

    • B.

      A B

    • C.

      A D

    • D.

      B C

    Correct Answer
    B. A B
    Explanation
    The correct answer is A) You will configure a relying party server on the ABC_Corp AD FS server and B) The AD FS server in the 123_Corp forest functions as the claims provider. This means that the ABC_Corp AD FS server will be responsible for authenticating users from both the ABC_Corp and 123_Corp forests, while the AD FS server in the 123_Corp forest will provide the claims (user attributes) to the ABC_Corp AD FS server for authentication.

    Rate this question:

  • 40. 

    AD RMS uses three databases in the database server

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    AD RMS does not use three databases in the database server. It uses two databases: the Configuration Database and the Logging Database. The Configuration Database stores information about the AD RMS server configuration, while the Logging Database stores logs and audit information. Therefore, the correct answer is False.

    Rate this question:

  • 41. 

    The new Workplace Join feature to supports the following: A) Allows Windows 8 clients to form claim-based trusts automatically with the home domain B) Allow Windows 8 clients to process claim-based trusts C) Federates an iPhone to the corportate internet D) None of the above

    • A.

      D

    • B.

      A B

    • C.

      A B C

    • D.

      A

    Correct Answer
    C. A B C
    Explanation
    The correct answer is A B C. This means that the new Workplace Join feature supports all of the following: allowing Windows 8 clients to form claim-based trusts automatically with the home domain, allowing Windows 8 clients to process claim-based trusts, and federating an iPhone to the corporate internet.

    Rate this question:

  • 42. 

    To use the Web Application Proxy and AD FS, you should set your firewall to allow for ports: A) 390 B) 49443 C) 443 D) 8443

    • A.

      A D

    • B.

      A B

    • C.

      C D

    • D.

      B C

    Correct Answer
    D. B C
    Explanation
    To use the Web Application Proxy and AD FS, you need to configure your firewall to allow for ports 49443 and 443. Port 49443 is used by AD FS for HTTPS communication, while port 443 is the standard port for HTTPS traffic. By allowing these ports, you ensure that the Web Application Proxy and AD FS can communicate securely and effectively.

    Rate this question:

  • 43. 

    You have a Windows Server 2016 AND need to configure IT as a Web Application Proxy. Which server role or role service should you install?  

    • A.

      Active Directory Federation Services

    • B.

      Remote Access

    • C.

      Web Server (IIS)

    • D.

      DirectAccess and VPN (RAS)

    Correct Answer
    B. Remote Access
    Explanation
    To configure Windows Server 2016 as a Web Application Proxy, you should install the "Remote Access" server role or role service. This role allows you to provide secure remote access to applications and resources on your network. It includes features such as VPN, DirectAccess, and Web Application Proxy, which is specifically designed for publishing web applications securely. Installing the "Remote Access" role will enable you to configure the server as a Web Application Proxy and ensure secure access to web applications.

    Rate this question:

  • 44. 

    A Certification Authority (CA) sends out a certificate request, verifies the requester's identity data according to the policy of the CA, and uses its private key to apply its digital signature to the certificate?

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    A Certification Authority (CA) is responsible for issuing digital certificates. To ensure the authenticity of the certificate, the CA verifies the identity data of the requester based on its policy. Once the verification is complete, the CA uses its private key to apply a digital signature to the certificate. This digital signature ensures the integrity and authenticity of the certificate, making it a valid and trusted document. Therefore, the statement is true.

    Rate this question:

  • 45. 

    What group do you need to be a part of in order to configure a Windows Server 2016 as a stand alone certification authority (CA) that is located in a forest that contains a single domain and a single server?

    • A.

      Cert Publisher group on the Server

    • B.

      Key Admin groups in the domain

    • C.

      Administrators Group on the Server

    • D.

      Domain Admins Group in the domain

    Correct Answer
    C. Administrators Group on the Server
    Explanation
    To configure a Windows Server 2016 as a stand-alone certification authority (CA) in a forest with a single domain and server, you need to be a part of the Administrators Group on the Server. This group has the necessary privileges and permissions to perform the configuration tasks for the CA. Being a member of the Administrators Group ensures that you have the authority and control required to manage and configure the CA effectively. The other mentioned groups, such as Cert Publisher group on the Server, Key Admin groups in the domain, and Domain Admins Group in the domain, do not have the specific authority to configure a stand-alone CA in this scenario.

    Rate this question:

  • 46. 

    You need to configure a CA server in the DMZ to issue certificates to remote users. How would you accomplish this? A) You should consider having the Certificate Enrollment Web Service included in the solution B) You should consider having the Certificate Enrollment Policy Web Server role included in the solution C) You should consider having the Web Enrollment service included in the solution D) You should consider having the web service included in the solution  

    • A.

      C D

    • B.

      A B

    • C.

      B C

    • D.

      A D

    Correct Answer
    A. C D
    Explanation
    To configure a CA server in the DMZ to issue certificates to remote users, you should consider having the Web Enrollment service included in the solution. This service allows remote users to request and obtain certificates from the CA server. Additionally, you should also consider having the Certificate Enrollment Web Service included in the solution, which provides a web service interface for certificate enrollment. By combining these two components, you can effectively issue certificates to remote users securely in the DMZ environment.

    Rate this question:

  • 47. 

    What PowerShell command would you use to see the list of templates set on the CA for the issuance of certificates?

    • A.

      Get-CATemplate

    • B.

      View-CATemplate

    • C.

      New-CATemplate

    • D.

      Add-CATemplate

    Correct Answer
    A. Get-CATemplate
    Explanation
    The correct answer is "Get-CATemplate". This PowerShell command is used to retrieve the list of templates that are set on the Certification Authority (CA) for the issuance of certificates. By using this command, administrators can view the available templates and their properties, such as the template name, version, and security settings. It allows for easy management and monitoring of certificate templates within the CA infrastructure.

    Rate this question:

  • 48. 

    You have 6 Servers configured as an AD FS Server Farm. You need to ensure that all servers in the AD FS farm will actively perform AD FS functions and continue to function in the event of an AD FS server failure. What should be included in your solution?

    • A.

      Web Proxy Server

    • B.

      Network Load Balancing

    • C.

      Windows Identity Foundation 3.5

    • D.

      Windows Failover Clustering

    Correct Answer
    B. Network Load Balancing
    Explanation
    To ensure that all servers in the AD FS farm actively perform AD FS functions and continue to function in the event of an AD FS server failure, the solution should include Network Load Balancing. Network Load Balancing allows for the distribution of incoming client requests across multiple servers, ensuring that the workload is evenly distributed and that if one server fails, the others can continue to handle the requests. This helps to provide high availability and fault tolerance for the AD FS farm.

    Rate this question:

  • 49. 

    You store AD FS servers in an OU named Federation Servers. You want to auto-enroll the certificates used for AD FS. Which certification should you add in the GPO?

    • A.

      The CA certificate of the forest

    • B.

      The Token Signing certificate assigned to the AD FS Servers

    • C.

      The third-party (VeriSign, Entrust) CA certificate

    • D.

      The SSL certificate assigned to the AD FS servers

    Correct Answer
    A. The CA certificate of the forest
    Explanation
    In order to auto-enroll the certificates used for AD FS, you should add the CA certificate of the forest in the GPO. This is because the CA certificate is responsible for issuing and managing certificates within the forest, including the certificates used by AD FS. By adding the CA certificate to the GPO, you ensure that the AD FS servers can automatically obtain and renew the necessary certificates from the CA without manual intervention.

    Rate this question:

  • 50. 

    For Workplace join to work, a Certificate is placed on the mobile device. AD FS challenges the device as a claims-based authentication to applications or other resources without requiring administrative control of the device.

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Workplace join is a feature in Active Directory Federation Services (AD FS) that allows users to join their personal devices to the corporate network. In order for Workplace join to work, a certificate is placed on the mobile device. This certificate enables AD FS to authenticate the device as a trusted entity when accessing applications or other resources. This process does not require administrative control of the device, as the authentication is based on claims rather than direct control. Therefore, the given answer, "True," is correct.

    Rate this question:

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.