How often is the password for a computer account changed by Active Directory?​
30 days

Which special identity group specifically includes any user account (except the Guest) logged into a computer or domain with a valid username and password?
​Authenticated Users

Which of the following statements is not true regarding the built-in Administrator account?​
​The Administrator account can't be renamed, but it can be deleted.

How can an administrator make a user template account easily recognizable?​
add a special character to the beginning of the template account name

Information within an OU can be hidden using permissions, and administration of an OU can be delegated to a non-administrative account.​

What special identity group is used when a user accesses an FTP server that doesn't require user account logon?​
​Anonymous logon

What are the two different ways that responsibility for an OU can be delegated to a non-administrator user?
delegation of control wizard or AD users and computers

The default location for computer accounts that are created automatically after joining the domain can be changed using which command?​

How can the output of a command be redirected to a file instead of being displayed on screen?​
Type the > character followed by the file name at the end of the command

How can an administrator enable or disable accounts using the command line?​
​Use the dsmod user command

What is a downlevel user logon name used for?​
​Logging into older Windows OSs or using older Windows applications

​Select below the built-in group that facilitates anonymous access to web resources by Internet Information Services

Which of the following statements is true regarding the built-in Guest account?
​The Guest account should be renamed if it will be used

A valid comma separated value file that can be imported using csvde must have what option below on the first line?
​A header record

How does piping work on the command line?​
it's a way to send information to another command so it is easier to read

​An explicit "allow" permission will override an inherited "deny" permission.

​What different types of objects can be members of a distribution group?
regular user accounts and contacts

When creating a new user, the "User cannot change password" option can't be used in conjunction with what other option?​
​User must change password at next logon

The _____________ cmdlet within PowerShell can be used to rename an object in Active Directory.​

If a user is created without a password and the domain's password policy requires a non-blank password, what is the result?​
the user account is disabled

​A local account is stored in the __________________ database on the local computer.
Security Accounts Manager (SAM)

​The _____________ determines the reach of a group's application in a domain or forest: which security principals in a forest can be group members and to which forest resources a group can be assigned rights or permissions.
group scope

Select the special character below that can't be used within a username:​

How are Active Directory objects added to special identity groups?​
membership in these groups is controlled dynamically by Windows, can't be viewed or changed manually, and depends on how an account accesses the OS

What components make up an object's distinguished name (DN)?
common name; common name; organizational unit; domain component

What is the potential security risk of utilizing a naming standard for user accounts?​
attackers can guess usernames easily and gain unauthorized access to the network

​A group type that's the main Active Directory object administrators use to manage network resource access and grant rights to users.
security groups

​An Active Directory object that usually represents a person for informational purposes only, much like an address book entry.

​Sending the output of one command as input to another command

​A group scope that can contain users from any domain in the forest and be assigned permission to resources in any domain in the forest
universal group

A group scope that's the main security principal recommended for assigning rights and permissions to domain resources​
domain local group

A group type used when you want to group users together, mainly for sending e-mails to several people at once with an Active Directory integrated e-mail application, such as Mcirsoft Exchange.​
distribution group

A group created in the local SAM database on a member server or workstation or a stand-alone computer​
local group

​A userr account that's copied to create users with common attributes
user template

​A group scope used mainly to group users from the same domain who have similar access and rights requirements.
global group

The process of a user with higher security privileges assigning authority to perform certain tasks to a user with lesser security privileges.​
delegation of control

When creating a new user, the "User must change password at next logon" option is enabled by default.​

Which statement is true regarding the use of the Logon Hours option under a user's account?
The Logon Hours forces a user to log off during "Logon denied" periods
​Logon Hours can't be changed during weekends
The Logon Hours can't be used to disconnect a user that has already logged in
Logon hours can be set for specific days of the month, as well as holidays
​The Logon Hours can't be used to disconnect a user that has already logged in

Using ______________, a computer joining the domain doesn't have to be connected to the network when the join occurs.​
offline domain join

When a user leaves a company, why is it preferable to disable the user rather than delete the user?​
so that all the user's files are still accessible and all group memberships are maintained

​What is the most typically used group type conversion?
​Distribution group -> security group

​After a template account has been created, what can be done to ensure that the template account does not pose a security risk?
​The account should be disabled

A user's profile is stored in what directory on a local computer by default?​

By default, the Windows password policy requires a minimum password of what length?​
​7 characters

​How can an administrator force the use of a specific version of an application using a GPO?
WMI filters

Local GPOs can affect all computers within a local domain.

Settings in the Administrative Templates section of the User Configuration node affect what area of the registry?​

The Microsoft best practice recommendation is to modify the two default GPOs in a domain for making password policy changes.

The __________ command can be used to perform many of the same functions as the Security Configuration and Analysis snap-in, and can be used in conjunction with batch files and scripts to automate work with security templates.​

The _____________ policies determine what happens on a computer when a user attempts to perform an action that requires elevation.
User Account Control

​These XML format text files define policies in the Administrative Templates folder ina GPO.
administrative template files

A GPO component that's an Active Directory object stored in the SystemPolicies folder.​
group policy container (GPC)

A GPO template that can be used as a baseline for creating new GPOs, much like user account templates.
starter GPO

​A type of group policy setting whereby the setting on the user or computer account reverts to its original state when the object is no longer in the scope of the GPO containing the setting.
managed policy setting

A GPO filtering method that uses Windows Management Instrumentation (WMI), a Windows technology for gathering management information about computers.​
wmi filtering

A GPO component that's stored as a set of files in the SYSVOL share.​
group policy template (GPT)

A Windows feature for configuring each network connection on your computer with on of three settings, called profiles: Domain Profile, Private Profile, and Public profile.​
network location awareness

A process that occurs when a user attempts to perform an action requiring administrative rights and is prompted to enter credentials​

​Group Policy Objects stored in Active Directory on domain controllers. They can be linked to a site, a domain, or an OU and affect users and computers whose accounts are stored in these containers.
domain GPOs

What does a blue exclamation point next to a domain mean within the GPMC utility?
inheritance is blocked

In the New Connection Security Rule Wizard, what option can be used to set up a rule that requires authentication between two computers, between IP subnets, or between a specific computer and a group of computers in a subnet?​

In the New Connection Security Rule Wizard, which connection security rule restricts connections based on authentication criteria, such as domain membership or health status?

Security templates make use of the _________ file extension.​

​How can an administrator remove all audit policy subcategories so that auditing is controlled only by Group Policy?
​auditpol /clear

What is the difference between a managed policy setting and an unmanaged policy setting?​
a managed policy setting is applied to a user or computer when the object is in the scope of the GPO containing the setting. An unmanaged policy setting is persistent, meaning it remains even after the computer or user object falls out of the GPO's scope until it is changed by another policy or manually.

When utilizing roaming profiles, what should be done to minimize logon/logoff delays and reduce bandwidth used by uploading / downloading profile data?​
use folder redirection

​What Active Directory replication method makes use of remote differential compression (RDC)?
​Distributed File System Replication (DFSR)

By default, how many previous logons are cached locally to a computer?​

​A Group Policy Container (GPC) stores GPO properties and status information, but no actual policy settings.

When creating a custom Applocker rule, how does the file hash option work?
it creates a rule for an unsigned application

What folder is selected by default for scanning when using the Automatically Generate Rules option ​in creating AppLocker policies?
C:Program Files

What are the two different types of GPO filtering?​
Security filtering and WMI filtering

If a GPO's link status is "disabled", what affect does this have on the GPO?​
it disables the policy for the users in the domain who are in the scope of the GPO

GPOs linked to a site object can facilitate IP address based policy settings.​

Under the Computer Configuration of a GPO, what folder within the "Windows Settings" folder contains policies that can be used to manage network bandwidth use?​
​Policy-based QoS

How are Group Policy Objects linked to Active Directory?​
through AD containers

The ____________ file contains version information that is used to determine when a GPO has been modified, and is used during replication to determine if a local copy of a GPO is up to date.​

When applying GPOs in order, what policies take precedence?
1. local policies 2. site-linked GPOs 3. Domain-linked GPOs 4. OU-linked GPOs

​Where can all ADMX and ADML files be found on a Windows Server 2008 or Vista and later computer?

Using a "Deny Read" permission on a GPO enables the creation of an exception to normal GPO processing.​

After running the Security Configuration and Analysis snap-in with a template, what does an "X" in a red circle on a template policy indicate?
The template policy and current computer policy do not match

Which of the following is not one of the four different ways an application can be designated as an exception to a ​Software Restriction Policy?
Network zone

If the Windows Firewall is enabled, how are rules applied when multiple network connections are available?​
Network Location Awareness

Selecting the "Allow the connection if it is secure" option when creating a Windows firewall rule relies on what encryption protocol by default?

​Each Group Policy Object is assigned a globally unique identifier (GUID) of what length?
128 bits

The folders containing Group Policy Templates (GPTs) can be found under what folder on a domain controller?

​What tool within Windows Server 2012/R2 must be used in order to change the default auditing settings?

​Select the PowerShell cmdlet that can be used to create a new Active Directory integrated primary zone:

When data within a zone changes, what information in the SOA record changes to reflect that the zone information should be replicated?​
serial number

What command option for the dnscmd command lists all zones on the server?

DNS recursion is enabled on Windows DNS servers by default.​

A ____________ contains PTR records that map IP addresses to names and is named after the IP network address of the computers whose records it contains.
Reverse Lookup Zone

DNS servers maintain a database of information that contains zones.​

A DNS server with no zones. Its sole job is to field DNS queries, do recursive lookups to root servers, or send requests to forwarders, and then cache the results.​
cachine-only DNS server

​A primary or stub zone with the DNS database stored in an Active Directory partition rather than a text file.
Active Directory-integrated zone

A DNS server that holds a complete copy of a zone's resource records (typically a primary or secondary zone)​
authoritative server

A DNS zone containing a read/write master copy of all resource records for the zone; this zone is authoritative for the zone.​
primary zone

​An operation that copies all or part of a zone from one DNS server to another and occurs as the result of a secondary server requesting the transfer from another server.
zone transfer

An A record used to resolve the name in an NS record to its IP address.​
glue A record

​A response to an iterative query in which the address of another name server is returned to the requester

A DNS server to which other DNS servers send requests they can't resolve themselves.​

​A DNS zone containing a read-only copy of all resource records for the zone.
secondary zone

A DNS zone containing a read-only copy of only the zone's SOA and NS records and the necessary A records to resolve NS records.​
stub zone

___________ load balancing using DNS works by creating two A records with the same hostname, but different IP addresses, which point any queries for the hostname to multiple hosts running the same service.
round robin

What DNS record type is used for an IPv6 host record?​

How can a master server be configured to make a secondary server request zone transfers immediately after a zone change?
DNS notify

Which Windows command line utility below can be used to check for resource records on a server, verify delegations, verify resource records needed for AD replication, and perform e-mail connectivity tests?​

The use of WINS forward lookup is enabled by default.​

​What does a NS record specify?
they specify FQDNs and IP addresses of authoritative server for zone

The responsible person section of an SOA record contains what information?
The e-mail address of the responsible person

Why might an organization want a single DNS server to make all external queries?​
because network security can be enhanced by limiting exposure to the internet. Because a single server is making all the queries to internet domains, overall DNS performance can be enhanced because the server builds an extensive cache of internet names

​An internal DNS server with a forward lookup zone named "." is configured as a ___________.
root server

​Although the hosts file is no longer used for localhost name resolution, what else can the hosts file be used for?
as a sort of web filter

The default setting for a ​secondary zone's refresh interval is how many minutes?
15 minutes

​A valid reverse lookup zone consists of the network ID's octets in reverse order, with what at the end of the name?

What is a conditional forwarder used for?​
they are used to resolve IP addresses to the FQDN for DNS servers that are authoritative.

What type of DNS record is used to contain an alias for another record, allowing for the use of different names for the same host?​
CNAME record

Who is responsible for the management of the Internet root servers?
​Internet Assigned Numbers Authority (IANA)

How should an administrator test the functionality of DNS operation on a domain controller, as well as troubleshoot issues with DNS forwarders, delegation, dynamic updates, and record registration?​
​Using dcdiag /test:dns

​What RFC defines the DNS resource record types?
RFC 1183

​Of the three different zone types, what type of zone contains a read/write master copy of all resource records for the zone?
primary zone

A zone that is not integrated into Active Directory is referred to as a standard zone, and the zone data is stored in a text file.​

​In a zone's Properties dialog box, what option is unavailable under Dynamic updates for only standard zones?
​The Secure only option

Which of the following options can an administrator enable to improve DNS security?
​Do not allow dynamic updates

​What is the difference between static and dynamic DNS records?
​What is the difference between static and dynamic DNS records?

When DNS forwarders or conditional forwarders are configured, what order will a Windows DNS server use to attempt to resolve DNS queries?​
When DNS forwarders or conditional forwarders are configured, what order will a Windows DNS server use to attempt to resolve DNS queries?​

Computers can utilize _____________ to register or update their own DNS records, or DHCP can update DNS on behalf of the clients when the clients lease a new IP address.​
dynamic DNS (DDNS)

​The MX record type is used to designate mail exchangers, or mail servers for e-mail.

The hosts file is contained within what directory in Windows?​

Permission inheritance can be configured such that permissions are only inherited by specific types of child object types.