Question 1

GPOs linked to a site object can facilitate IP address based policy settings.&#8203;

Accepted Answer

This is true. GPOs linked to site objects can be used to configure policy settings that apply specifically to computers located at a certain site or IP address range.

Question 2

&#8203;What Active Directory replication method makes use of remote differential compression (RDC)?&#10;A) &#8203;File Replication Service (FRS)&#10;B) &#8203;Distributed File System Replication (DFSR)&#10;C) &#8203;Active Directory Replication Services (ADRS)&#10;D) &#8203;Advanced System Replication (ASR)

Accepted Answer

Distributed File System Replication (DFSR) uses remote differential compression (RDC) to replicate changes in Active Directory. This method is more efficient than the previous replication method, File Replication Service (FRS), as it only transfers the changed data rather than replicating the entire file. Active Directory Replication Services (ADRS) and Advanced System Replication (ASR) are not actual replication methods and do not make use of RDC.

Question 3

Settings in the Administrative Templates section of the User Configuration node affect what area of the registry?&#8203;&#10;A) &#8203;HKEY_LOCAL_MACHINE&#10;B) &#8203;HKEY_CURRENT_USER&#10;C) &#8203;HKEY_MACHINE_USERS&#10;D) &#8203;HKEY_LOCAL_USER

Accepted Answer

Settings in the Administrative Templates section of the User Configuration node affect the HKEY_CURRENT_USER area of the registry, as they apply only to the currently logged-in user.

Question 4

&#8203;How can an administrator remove all audit policy subcategories so that auditing is controlled only by Group Policy?&#10;A) &#8203;auditpol /remove&#10;B) &#8203;auditpol /delete&#10;C) &#8203;auditpol /clear&#10;D) &#8203;auditpol /clean

Accepted Answer

The command "auditpol /clear" can be used to remove all audit policy subcategories, so that auditing is controlled only by Group Policy. It clears all audit policies and removes all of the auditing entries for a specified policy area.

Question 5

Selecting the &#34;Allow the connection if it is secure&#34; option when creating a Windows firewall rule relies on what encryption protocol by default?&#10;A) &#8203;AES&#10;B) &#8203;IPSec&#10;C) &#8203;MD5&#10;D) &#8203;SHA-1

Accepted Answer

Selecting the "Allow the connection if it is secure" option relies on the default encryption protocol of IPSec. This option allows the firewall to only allow traffic if it is encrypted with IPSec, ensuring a secure connection. AES, MD5, and SHA-1 are all encryption protocols that may be used within IPSec but are not the default protocol utilized with this firewall rule.

Question 6

If a domain consists of DCs that are running verions of Windows Server earlier than Windows Server 2008,what replication method is used?&#10;A) &#8203;Downlevel Server Replication (DSR)&#10;B) &#8203;Distributed File System Replication (DFSR)&#10;C) &#8203;File Replication Service (FRS)&#10;D) &#8203;NT Replication Service (NTRS)

Accepted Answer

If a domain consists of DCs that are running versions of Windows Server earlier than Windows Server 2008, the replication method used is File Replication Service (FRS).

Question 7

The folders containing Group Policy Templates (GPTs)can be found under what folder on a domain controller?&#10;A) &#8203;%systemroot%/SYSVOL/domain/Policies&#10;B) &#8203;&#8203;%systemroot%/SYSVOL/sysvol/&#8203;domain&#8203;/Policies&#10;C) &#8203;&#8203;%systemroot%/SYSVOL/Policies&#10;D) &#8203;&#8203;%systemroot%/&#8203;domain&#8203;/Policies

Accepted Answer

The correct location for GPTs on a domain controller is %systemroot%/SYSVOL/sysvol/domain/Policies. This is where the Group Policy objects (GPOs) are stored for replication across domain controllers. Option A is incorrect because it is missing the "sysvol" folder. Option C is incorrect because it does not include the "domain" folder. Option D is incorrect because it only includes the "domain" folder and not the necessary "sysvol" and "Policies" folders.

Question 8

What folder is selected by default for scanning when using the Automatically Generate Rules option &#8203;in creating AppLocker policies?&#10;A) &#8203;C:/Users/&#8203;user&#8203;/ProgramData&#10;B) &#8203;C:/System32&#10;C) &#8203;C:/Program Files&#10;D) &#8203;C:/Users/&#8203;user&#8203;/Program Files

Accepted Answer

The default folder selected for scanning when using the Automatically Generate Rules option in creating AppLocker policies is C:/Program Files. This is because it is a common location for installed applications and programs. The other options, such as C:/Users/user/ProgramData and C:/System32, may contain important system files and should be handled with caution. C:/Users/user/Program Files may also contain individual user-specific programs rather than system-wide installs.

Question 9

&#8203;Each Group Policy Object is assigned a globally unique identifier (GUID)of what length?&#10;A) &#8203;16 bits&#10;B) &#8203;32 bits&#10;C) &#8203;64 bits&#10;D) &#8203;128 bits

Accepted Answer

The GUID assigned to each Group Policy Object is of 128 bits in length, which provides a unique identifier to each GPO in the Active Directory domain. The 128-bit GUID ensures that no two GPOs have the same identifier, making it easier to manage and differentiate them.

Question 10

Under the Computer Configuration of a GPO,what folder within the &#34;Windows Settings&#34; folder contains policies that can be used to manage network bandwidth use?&#8203;&#10;A) &#8203;Name Resolution Policy&#10;B) &#8203;Scripts (Startup/Shutdown)&#10;C) &#8203;Security Settings&#10;D) &#8203;Policy-based QoS

Accepted Answer

The "Policy-based QoS" folder within the "Windows Settings" folder contains policies that can be used to manage network bandwidth use. This allows administrators to control network traffic flow based on factors such as port number, protocol, and source/destination IP address.

Question 11

In what order are Group Policy Objects applied?&#8203;&#10;A) &#8203;Local policies,site-linked GPOs,domain-linked GPOs,OU-linked GPOs&#10;B) &#8203;Site-linked GPOs,domain-linked GPOs,OU-linked GPOs,local policies&#10;C) &#8203;Domain-linked GPOs,OU-linked GPOs,local policies,site-linked GPOs&#10;D) &#8203;Site-linked GPOs,local policies,domain-linked GPOs,OU-linked GPOs

Accepted Answer

The answer of In what order are Group Policy Objects...

Question 12

Remote computers attempting to connect to the local computer are examples of what type of connection?&#10;A) &#8203;Inbound connections&#10;B) &#8203;Outbound connections&#10;C) &#8203;Concurrent connections&#10;D) &#8203;Firewalled connections

Accepted Answer

The answer of Remote computers attempting to connect to the...

Question 13

What are the two different types of GPO filtering?&#8203;&#10;A) &#8203;Security filtering and permissions filtering&#10;B) &#8203;SACL filtering and DACL filtering&#10;C) &#8203;Security filtering and WMI filtering&#10;D) &#8203;SACL filtering and security filtering

Accepted Answer

The answer of What are the two different types of...

Question 14

Using a &#34;Deny Read&#34; permission on a GPO enables the creation of an exception to normal GPO processing.&#8203;

Accepted Answer

The answer of Using a &#34;Deny Read&#34; permission on a...

Question 15

After running the Security Configuration and Analysis snap-in with a template,what does an &#34;X&#34; in a red circle on a template policy indicate?&#8203;&#10;A) The policy can't be found&#10;B) The policy is unavailable&#10;C) The template policy and current computer policy do not match&#10;D) &#8203;The local computer is vulnerable to an attack or known issue addressed by the policy

Accepted Answer

The answer of After running the Security Configuration and Analysis...

Question 16

Which of the following is not one of the four different ways an application can be designated as an exception to a &#8203;Software Restriction Policy?&#10;A) Hash&#8203;&#10;B) &#8203;Certificate&#10;C) &#8203;Developer&#10;D) &#8203;Network zone

Accepted Answer

The answer of Which of the following is not one...

Question 17

&#8203;When creating a new rule type in the New Inbound (or Outbound)rule Wizard,what rule type can be used for built-in Windows services?&#10;A) &#8203;Program&#10;B) &#8203;Port&#10;C) &#8203;Predefined&#10;D) Service-based

Accepted Answer

The answer of &#8203;When creating a new rule type in...

Question 18

&#8203;A Group Policy Container (GPC)stores GPO properties and status information,but no actual policy settings.

Accepted Answer

The answer of &#8203;A Group Policy Container (GPC)stores GPO properties...

Question 19

The Microsoft best practice recommendation is to modify the two default GPOs in a domain for making password policy changes.

Accepted Answer

The answer of The Microsoft best practice recommendation is to...

Question 20

Local GPOs can affect all computers within a local domain.

Accepted Answer

The answer of Local GPOs can affect all computers within...

Question 21

The _____________ policies determine what happens on a computer when a user attempts to perform an action that requires elevation.&#10;&#8203;

Accepted Answer

The answer of The _____________ policies determine what happens on...

Question 22

What happens when two conflicting GPOs have the Enforced option set?

Accepted Answer

The answer of What happens when two conflicting GPOs have...

Question 23

The __________ command can be used to perform many of the same functions as the Security Configuration and Analysis snap-in,and can be used in conjunction with batch files and scripts to automate work with security templates.&#8203;

Accepted Answer

The answer of The __________ command can be used to...

Question 24

Security templates make use of the _________ file extension.&#8203;

Accepted Answer

The answer of Security templates make use of the _________...

Question 25

If the Windows Firewall is enabled,how are rules applied when multiple network connections are available?

Accepted Answer

The answer of If the Windows Firewall is enabled,how are...

Question 26

&#8203;Where can all ADMX and ADML files be found on a Windows Server 2008 or Vista and later computer?&#10;A) &#8203;%systemroot%/PolicyFiles&#10;B) &#8203;%systemdrive%/&#8203;PolicyDefinitions&#10;C) &#8203;&#8203;%systemroot%/PolicyDefinitions&#10;D) &#8203;&#8203;%system%/PolicyFiles

Accepted Answer

The answer of &#8203;Where can all ADMX and ADML files...

Question 27

When utilizing roaming profiles,what should be done to minimize logon/logoff delays and reduce bandwidth used by uploading / downloading profile data?

Accepted Answer

The answer of When utilizing roaming profiles,what should be done...

Question 28

In the New Connection Security Rule Wizard,what option can be used to set up a rule that requires authentication between two computers,between IP subnets,or between a specific computer and a group of computers in a subnet?

A) Isolation
B) Authentication exemption
C) Server-to-server
D) Tunnel

Unlock Deck

Unlock for access to all 39 flashcards in this deck.

Unlock Deck

k this deck

Accepted Answer

The answer of In the New Connection Security Rule Wizard,what...

Question 29

By default,how many previous logons are cached locally to a computer?&#8203;&#10;A) &#8203;3&#10;B) &#8203;5&#10;C) &#8203;7&#10;D) &#8203;10&#10;Enter the appropriate word(s)to complete the statement.

Accepted Answer

The answer of By default,how many previous logons are cached...

Question 30

The settings in the Administrative Templates under the Computer Configuration node affect the _______________________ area of a computer's registry.&#8203;

Accepted Answer

The answer of The settings in the Administrative Templates under...

Question 31

What does a blue exclamation point next to a domain mean within the GPMC utility?

Accepted Answer

The answer of What does a blue exclamation point next...

Question 32

What is the difference between a managed policy setting and an unmanaged policy setting?

Accepted Answer

The answer of What is the difference between a managed...

Question 33

&#8203;What tool within Windows Server 2012/R2 must be used in order to change the default auditing settings?&#10;A) &#8203;auditpol.exe&#10;B) &#8203;secaudit.exe&#10;C) secpol.exe&#10;D) &#8203;auditpolicies.exe

Accepted Answer

The answer of &#8203;What tool within Windows Server 2012/R2 must...

Question 34

How are Group Policy Objects linked to Active Directory?

Accepted Answer

The answer of How are Group Policy Objects linked to...

Question 35

How can an administrator force the use of a specific version of an application using a GPO?

Accepted Answer

The answer of How can an administrator force the use...

Question 36

When creating a custom Applocker rule,how does the file hash option work?

Accepted Answer

The answer of When creating a custom Applocker rule,how does...

Question 37

In the New Connection Security Rule Wizard,what option can be used to set up a rule that requires authentication between two computers,between IP subnets,or between a specific computer and a group of computers in a subnet?

A) Isolation
B) Authentication exemption
C) Server-to-server
D) Tunnel

Accepted Answer

The answer of In the New Connection Security Rule Wizard,which...

Question 38

When applying GPOs in order,what policies take precedence?

Accepted Answer

The answer of When applying GPOs in order,what policies take...

Question 39

If a GPO's link status is &#34;disabled&#34;,what affect does this have on the GPO?

Accepted Answer

The answer of If a GPO's link status is &#34;disabled&#34;,what...

Deck 8: Configuring Group Policies