A ____ trust is granted between several domains without creating explicit trust relationships between the different domains.

b. transitive Forest trusts are possible once the forest functional level has been raised to ____. b. Windows Server 2003 The ____ for Active Directory defines the objects that can be created in Active Directory. b. schema When you see the forest functional level is Windows Server 2008, you also know that every domain and domain controller in the forest must be running at least ____. b. Windows Server 2008 ____ prevents the risk of an attacker obtaining SID history data by blocking the use of any SIDs that did not originate in the same domain. d. SID filtering SID filtering should be disabled by an automated process. Answer: True False

You can disable SID filtering using the ____ command on the trusting domain. b. Netdom A ____ trust creates an explicit trust relationship between two domains and is not transferred to any other domains. a. non-transitive When selective authentication is implemented on a forest trust, you need to grant the ____ permission on each server or computer where access is granted. Choose one answer. d. Allowed to Authenticate ____ is an Active Directory preparation tool that can modify the schema by adding objects and properties needed to support Windows Server 2008 domain controllers. b. ADPrep

password policies can be implemented if the domain functional level is set to at least ____. b. Windows Server 2008 Access to any resource within the domain is controlled by a(n) ____. a. Discretionary Access Control List Fine-grained password and account ____ policies are a significant addition to Windows Server 2008. a. lockout The ADPrep switch ____ is used to prepare the forest for Windows Server 2008 or Windows Server 2008 R2 domain controllers. a. /ForestPrep A ____ is a group of well-connected computers or well-connected subnets. Choose one answer. a. site A domain functional level or forest functional level can be raised and then undone (or lowered) as necessary. Answer: True False

An Active Directory domain is hosted on a server called a ____. d. domain controller For most applications, a single-domain, single-forest design will work. Answer: True False

Its possible to create alternative UPN suffixes and assign these to users in the domain. Answer: True False

The ____ authentication option allows Windows to automatically authenticate any users in another forest to access resources in the local forest. b. forest-wide

Trusts within a forest are ____ trusts. d. transitive The ____ authentication option can be used to prevent users in another forest from automatically being authenticated. Choose one answer. a. selective You can easily determine what servers hold all the roles by opening a command prompt and entering the following command: ____ c. netdom query fsmo If you want users or groups to be able to access a resource using SID history, you must enable SID filtering. Answer: True False

In a ____, users in each domain can be granted access to resources in both domains. a. two-way trust

If your organization includes multiple locations, you can add the sites, subnets, and site links using ____. c. Active Directory Sites and Services Distributed File System (DFS) is not site-aware. Answer: True False

In Universal Group Membership Caching, cached data will expire in ____. b. 7 days The ____ manages the pool of available RIDs and issues banks of RIDs to other domain controllers. a. RID master The ____ command-line tool is used to seize a role. d. NTDSUtil

The ____ applies to all RODCs, and users in this group are not prevented from logging on to an RODC, but their passwords will not be stored on the RODC. d. Denied RODC Password Replication Group Replication between domain controllers within the same site occurs within ____ seconds for the original change. c. 15 Active Directory applications use ____ queries to query domain controllers, and these queries add to the load of a domain controller. a. Lightweight Directory Access Protocol Data replicated between domain controllers includes all the additions, changes, and modifications of objects, such as when a user is added or a password is changed. Answer: True False

You can use the ____ command to check the NIC settings. a. IPConfig /all To view how many RIDs are available in the current RID pool for a DC, execute the following command from the command prompt on the DC: ____. Choose one answer. a. dcdiag /test: ridmanager /v The DC hosting the ____ master role manages the addition and removal of domains, and the addition and removal of application directory partitions. c. domain naming The infrastructure master works most efficiently if it is on a DC designated as a global catalog server. Answer: True False

In Universal Group Membership Caching, the cached data is automatically renewed every ____ by default. b. 8 hours The ____ updates cross-domain group-to-user references. b. infrastructure master

The ____ option allows a server to get a copy of Active Directory from media (such as CD, DVD, or USB drive) instead of replicating the data over a WAN link. c. IFM A ____ is a computer account that is created in Active Directory and designated as an RODC. d. prestaged RODC Its common for a small business to have all of its computers and servers in the same building and connected via a single local area network (LAN). Answer: True False

To promote a server running Server Core to a domain controller and to an RODC, youll have to create a(n) ____. c. answer file RPC over IP uses ____ port mapping to communicate with domain controllers over the IP site link. a. dynamic NTDSUtil can be used to seize a role without the need to log on to the target DC. Answer: True False

The ____ manages time synchronization and password changes in the domain. d. PDC emulator To determine which server has been designated as the bridgehead server, you can execute the ____ command from the command prompt on a domain controller in the site. d. Repadmin /bridgeheads A ____ is created in Active Directory Sites and Services to represent the actual WAN links used to connect different sites. b. site link object Domain controllers work as ____ with loose convergence. c. multi-masters

2
If zone transfers are not authorized to the server where youre logged on, the response will be ____ when performing NSLookup. b. Query Refused The ____ property of the _ldap record identifies the server as a lightweight directory access protocol (LDAP) server, which will respond to LDAP queries. c. _ldap If a DNS server has a ____, it can authoritatively answer queries for hosts in that zone or with that common namespace. d. DNS zone If your organization has a DNS server hosting a standard primary server and you want to add more DNS servers in the zone, they must host ____. b. standard secondary DNS zones Both A and PTR records are often updated automatically in DNS using a process known as ____. c. Dynamic Update One easy way to check whether zone transfers are allowed to a server is to use the ____ command. c. NSLookup The full DNSCmd command for GlobalNames is ____. b. Dnscmd ServerName /config /Enableglobalnamessupport 1 The ____ file includes records to support name-to-IP address resolution. d. forward lookup zone A benefit of a secondary DNS server is the ability to provide ____ for clients in the network. d. fault tolerance A(n) ____ record is used to locate a server running specific services. c. service location (SRV)

The primary zone name is case sensitive. Answer: True False

A host name can be up to ____ characters, all of which are readable. a. 255 DNS zones are indirectly associated with Active Directory. Answer: True False

A(n) ____ is new in Windows Server 2008, and can be used to resolve single-label names. a. GlobalNames zone ____ dynamic updates require that the DNS server is hosted on a domain controller and that a primary ADI zone is being used. c. Secure The ____ property of the _ldap record identifies the server as a password change server. c. _kpasswd The primary records used with Active Directory are the ____ records. a. service location (SRV) DNS is the only type of name resolution in use. Answer: True False

A(n) ____ record is used to resolve a name to an IPv4 address. b. A ____ records are used for reverse lookups. a. Pointer (PTR) Stub zones are most commonly used to store information about a child zone associated with a child domain to reduce administrative effort. Answer: True False

____ introduced Active Directory partitions. b. Windows Server 2003 The ____ tab is used to specify which DNS servers can participate in zone transfers. b. Zone Transfers A NetBIOS name is ____ bytes long. d. 16 Its possible to create a delegated subdomain manually without running DCpromo. Answer: True When the ____ scope is selected, other TS servers in the domain can locate the TS licensing server as long as the server is in the same domain and the licensing server is on a domain controller. d. domain discovery Hosting a server on the Internet adds minimal risk. Answer: True False

A ____ is a Windows Server 2008 server with the Routing and Remote Access service installed and configured as a VPN server. d. VPN server Terminal Services Gateway allows clients to remotely connect to TS servers using the ____. b. Remote Desktop Protocol Access to remote networks is provided through either a dial-up connection or a(n) ____ connection. d. virtual private network (VPN) If a remote access server is hosted on the internal network with just a single firewall, the firewall often uses ____ to translate the public IP addresses from the Internet to private IP addresses on the internal network. d. network address translation (NAT)

Autoremediation is enabled by default when a ____ is created. b. network policy Terminal Services includes technologies that allow users to run applications or full-blown desktops on terminal servers. Answer: True False

The ____ condition in the network policy settings can be used to specify that the policy will only apply to clients that can be identified through a specific mechanism. d. identity type ____ is used to provide end users with access to individual applications or full desktop operating systems from almost any mobile device. b. Terminal Services (TS) ____ can be set to Allow or Deny within the policy to control access to the remote access server. d. Permissions The ____ service allows clients to connect to terminal servers through a Web browser. c. TS Web Access service The ____ condition in the network policy settings can be used to specify that only clients that have received a specific DHCP lease will meet the condition. a. MS-Service Class A(n) ____ server can be used for central authentication and logging. b. Remote Authentication Dial-in User Service (RADIUS) Its common to use a basic method of load balancing, such as DNS round robin, with TS Session Broker. Answer: True False

If NAP ____ is enabled, the SHV can direct the noncompliant client to enable a specific security solution to ensure that the client becomes compliant. c. autoremediation

____ servers are used to dynamically provide TCP/IP configuration information such as IP addresses, subnet masks, default gateways, the address of DNS, and more. c. Dynamic Host Configuration Protocol (DHCP) One or more conditions can be configured for any policy, and the condition(s) determine if the policy is used. Answer: True False

The ____ service can be used to balance the load when multiple TS servers are used. b. TS Session Broker service A full-blown server configured as a router is more efficient than a dedicated hardware router. Answer: True False

____ enforcement is used with managed switches and wireless access points to control access and ensure that traffic stays within a limited network. c. 802.1x ____ specify other settings that must be met for the connection, including the authentication method used, idle timeout settings, session timeout settings, and more. a. Constraints The Terminal Services menu is available via the ____ menu. b. Administrative Tools ____ enforcement is used to ensure that a client is compliant prior to issuing TCP/IP configuration information. d. DHCP A Windows Server 2008 server can be used as a RADIUS server by adding the ____ service. b. NPS

The Network Device Enrollment service uses a(n) ____ to accept the registration requests. d. registration authority

A CA can be a company such as VeriSign that issues certificates for use on the Internet, or it can be a software component, such as Microsofts Certification Authority, that issues certificates. Answer: True False

Revoked certificates are published by the CA via a(n) ____ using an X.509 version 2 certificate. d. certificate revocation list (CRL) The ____ is the first CA in the hierarchy. c. root CA A ____ is used to issue and manage certificates. d. public key infrastructure A ____ is a number created by performing a hashing algorithm on data. c. hash When a ____ key pair is used, one key encrypts the data and the other key decrypts the data. b. public/private ____ add advanced cryptographic settings to the certificate, and can be used with Windows Vista and later clients. c. V3 templates After installing certificate services, the name of the computer and the domain settings cannot be changed, or AD CS will no longer function correctly. Answer: True False

A ____ is approximately the size of a credit card, and includes a microprocessor and a user certificate. d. smart card The ____ is used to request certificates on behalf of a user and provides a signature. d. enrollment agent

The same public key can decrypt information encrypted with the public key. Answer: True False

When a public and private key are used for encryption, the process is called ____. a. asymmetric encryption AD CS publishes a delta CRL once a ____ by default. b. day ____ involves the creation, issuing, managing, and revoking of certificates. d. Certificate life cycle management The ____ can be added to a Microsoft Management Console (MMC) and used to request certificates from an enterprise CA. a. Certificates snap-in Users in the ____ role are granted the Manage Auditing and Security Log permissions. b. Auditor A PKI may appear complex on the surface but is actually rather simple. Answer: True False

Using ____, you can execute command-line commands from one server against a remote server. Choose one answer. a. WinRM You can use the ____ to view and manage all of the certificate stores used by the computer, users, or services on a computer. c. Certificates MMC Once the CA is created, it can be used to issue certificates. Answer: True False

A(n) ____ is a complete listing of all certificates revoked by the CA. d. new CRL

The first time a user encrypts data using EFS, a ____ key pair is generated. c. public/private

____ allows an administrator to configure certificates to be issued to clients without them having to request the certificates. d. Autoenrollment AD CS publishes the full CRL once a ____ by default. b. week

7 ____ can be used to track the actions of users and record the details of these actions in the Windows Security log. c. Auditing When hardening a system, start by making sure that only the needed services and protocols are installed and enabled. Answer: True False

The scwcmd command ____ can be used to extend the SCW database by adding roles, tasks, services, and port definitions. b. register ____ are software components designed to support hardware. c. Drivers ____ are a group of updates used to target a specific area such as security, or a specific component or application. b. Update rollups ____ audits user logon events when a user is authenticated from a local computer (not a domain controller). a. Audit logon events A ____ system starts with a reduced attack surface; it is regularly audited to ensure that it remains secure and is kept up to date. b. hardened ____ checks include possible security issues such as whether the Guest account is enabled, the file system isnt NTFS, or whether there are excessive members of the Administrators group. a. Windows administrative vulnerabilities

A scheduled ____ provides automation and streamlines an administrators job. d. script The SCW GUI version can be used to perform compliance auditing on a system. Answer: True False

When two WSUS servers are working as upstream/downstream servers in ____ mode, the upstream server sends all the updates it receives to the downstream server. a. autonomous You can use Server Manager to create a security policy that can be applied to any system to reduce the attack surface. Answer: True False

Regularly checking systems to ensure that they havent been changed is called ____. a. compliance auditing The value of any command-line tool is that it can be ____. a. scripted ____ if enabled, logs events when a user exercises most user rights. b. Audit privilege use You can perform the compliance audit with the following command: ____ a. scwcmd analyze /p:PolicyPathandName ____ provides updates for all supported versions of Windows operating systems. a. Windows Update The scwcmd command ____ is used to apply the security policy to the system. a. configure When MBSA is installed, the ____ command-line utility is also installed, which can be used to run MBSA from the command line. b. MBSACLI WSUS includes the ability to export and import updates to and from media.

Answer: True False

A perimeter network is provided by using two firewalls; this arrangement is often referred to as a(n) ____. c. demilitarized zone

____ logs tracking information events such as program activation and process exits. b. Audit process tracking Within a domain environment, ____ can be used as a central location to download and approve updates. b. Windows Server Update Services ____ logs an event when a user account or group is added, deleted, or modified, or when a password is set or modified. c. Audit account management
The scwcmd command transform is used to roll back the settings of the last applied SCW security policy.

Answer: True 8 ___ is when one node in a failover cluster fails, another instance will take over for the failed node. d. Failover With ____, server load is balanced across each of the servers and progressively more clients can be added without degrading the service. b. scale out The ____ is traditional disk storage format for Windows, but it has a 2 Terabyte (TB) maximum size, which can sometimes be a concern for failover clusters. b. master boot record The ____ feature of Windows Server 2008 can increase stability and provide scalability for applications and services. False

b. Network Load Balancing Theres no difference between fault tolerance at the disk level and at the server level. Answer: True False

If you want to back up only system state data using the Wbadmin command-line tool, you can use the following command: a. Wbadmin start systemstatebackup -backuptarget:x: ____ means that a service is available when its needed. b. High availability ____ is when a failed node comes back online, services that moved to another node in the cluster can be returned to the original node. d. Failback When using NLB, you should obtain a certificate using the ____ of the cluster as the common name in the certificate. a. fully qualified domain name If the user account is located in an OU, the OU is not included in the DN. Answer: True False

The ____ can be used to validate the hardware used in the failover cluster and the configuration of a cluster. b. Validate a Configuration wizard Servers within a failover cluster are referred to as ____. d. nodes One percent downtime equates to more than ____ of downtime in a year. b. 87 hours 36 minutes ____ includes all the methods and technologies used to ensure that a business can continue to operate even after a failure occurs. d. Business continuity

Active Directory uses ____ to identify the most current version of all objects. b. Update Sequence Numbers The primary tool youll use to create and configure NLB clusters is the ____. d. Network Load Balancing Manager

The choice of quorum model largely depends on ____. b. the number of nodes in the cluster Failover clusters can be used to provide fault tolerance at the disk level. Answer: True False

In an NLB Cluster, ____ is the most common mode used, and is recommended in Microsoft documentation. d. unicast ____ is the standard or traditional method used to connect to disk storage solutions. d. Fibre Channel An authoritative restore can mark a single object (such as the CEOs account), an entire OU, or the entire Active Directory database as authoritative. Answer: True False

The Windows Server Backup feature isnt installed by default. Answer: True False

The ____ console is used to validate the hardware configuration of nodes and to create and manage clusters. c. Failover Cluster Management During normal operation, any changes, modifications, and deletions that occur on one domain controller are replicated to all other domain controllers in the same site in approximately ____. c. one minute

When performing an authoritative restore with NTDSUtil, you use the ____ of the object. b. distinguished name

A ____ namespace would be created when the Windows Server 2008 server is not in a domain. b. stand-alone AD RMS works by ____ a document and embedding the usage rights within the document itself. b. encrypting An important element to monitor on an SQL Server is the state of the ____ log. a. transaction HTTP uses port ____ by default. c. 80 SCOM includes the ____ Shell, which is a customized interface of Windows PowerShell. b. Command The command-line tool ____ is used to manage the Server for NFS and Client for NFS components in a UNIX system. b. Nfsadmin The command-line tool ____ removes NFS-mounted drives on UNIX systems. c. unmount The command-line tool ____ shows statistics for calls or requests to the Server for NFS component in a UNIX system. a. Nfsstat The ____ is the top-level folder for the DFS namespace. c. DFS root The ____ mode provides full support by encrypting entire hard drives and performing a system validation check. a. BitLocker with a TPM The ____ security element of data security is protected using standard methods such as locked

doors and cipher locks. b. physical ____ are groups of servers that participate in DFS replication and hold copies of the data. d. Replication groups ____ can be used as a digital rights management (DRM) technology to protect access to documents created in various Microsoft applications. d. AD RMS ____ can be used to copy and synchronize the content of DFS namespace folders from one DFS server to another. a. DFS replication ____ gives UNIX client computers that do not support SMB communications access to files on a Windows Server 2008 server, and allows Windows Server 2008 servers to access data stored with the Network File System (NFS) on UNIX systems. d. Services for Network File System ____ is a group of folders replicated to all domain controllers in the domain. b. SYSVOL ____ is an add-on server product that can assess, deploy, and update large numbers of client computers or servers in an enterprise. c. Microsoft System Center Configuration Manager 2007 ____ is an add-on server product that can be used to monitor servers and client computers in an enterprise. d. Microsoft System Center Operations Manager 2007 ____ is an advanced implementation of WSS that includes two versions a. Microsoft Office SharePoint Server 2007 ____ is most commonly used to support single sign-on with Web-based applications. b. AD FS Before you can add DFS role services, you must add the DFS namespaces, which are part of the File Services role. Answer:

True

False

DFS replication is used to group shared folders stored on different servers into a single Universal Naming Convention (UNC) path. Answer: True False

SCOM builds on the basic philosophy that an administrator wants to know about problems before they happen. Answer: True False

The implementation of AD FS is complex and detailed, but the result is that users in a separate forest can access the SharePoint server with SSO. Answer: True False

With SCOM, administrators can use a single centralized server to monitor all servers in the organization. Answer: True False

____ includes wizards that can help consolidate underutilized physical servers. d. SCVMM The Hyper-V Manager includes the ____, which can be used to create additional virtual networks or reconfigure the existing virtual network. c. Virtual Network Manager Any application that is configured to be served as a SoftGrid application using the SoftGrid Sequencer is referred to as a ____ application. b. SoftGrid-enabled SCVMM includes wizards that help identify the best location of a physical server when its migrated to a virtual server. Answer: True False

Hyper-V can be added to a virtual server using Microsoft Virtual PC or Windows Virtual PC. Answer: True False

SoftGrid-enabled applications are created or sequenced on a server running the ____. c. Microsoft Application Virtualization Sequencer The ____ setting in the Virtual Network Manager ensures that the virtual machines remain completely isolated. d. internal only ____ is called Intel VT for Intel-based systems and AMD-V for AMD-based systems. b. Hardware-assisted virtualization With application virtualization, terminal services can be used to host entire desktops or applications. Answer: True False

App-V applications are designed to provide a seamless user experience. Answer: True False

The ____ setting in the Virtual Network Manager allows the virtual machines to have full connectivity on the network using the selected network adapter. d. external ____ occurs when multiple physical servers are added for a specific purpose but are highly underutilized. d. Server sprawl Virtual applications have to be prepared using a(n) ____ so that the virtual application server knows what data to stream to the client. d. virtual application sequencer Terminal Services can be used to host entire desktop sessions or to host individual applications using ____. d. TS RemoteApp In application streaming, the entire application is eventually streamed to the client. Answer: True False

____ can be used to create virtual machines from scratch, import virtual machines over the network, remove virtual servers, and modify the properties of an existing virtual server. c. Hyper-V Manager ____ can allow users to run legacy applications in a virtual environment on a newer operating system. c. Desktop virtualization