Term
In a case where multiple PSOs are configured for a particular user, Active Directory will determine which one to apply by using the PSO's ___. |
|
Definition
|
|
Term
You can automatically add a technical support user to the local Administrators group of each domain workstation by using ___. |
|
Definition
|
|
Term
The ___ command allows you to manually refresh Group Policy settings on a particular computer. |
|
Definition
|
|
Term
___ refers to a Group Policy setting that is not removed when the GPO setting reverts to "Not Configured |
|
Definition
|
|
Term
You would audit ___ to determine who is authenticating against your Active Directory domain controllers |
|
Definition
|
|
Term
Each Active Directory domain controller acts as a(n) ___ to enable the distribution of Kerberos tickets. |
|
Definition
Key Distribution Center (KDC) |
|
|
Term
___ allows you to configure a user's Documents, Desktop, and other folders so that they are stored on a network drive rather than the local computer |
|
Definition
|
|
Term
Settings in the ___ section of Group Policy allow you to configure the maximum allowable clock skew between a client and a domain controller |
|
Definition
|
|
Term
Auditing for ___ will alert you when a change is made to User Rights assignments, IPSec policies, or trust relationships |
|
Definition
|
|
Term
You can create a consistent service startup configuration for multiple computers by using the ___ node in Group Policy |
|
Definition
|
|
Term
What type of object will you create to enable multiple password policies within a Windows Server 2008 domain? a. msDS-MinimumPasswordLength b. msDS-MultiplePasswordPolicies c. PasswordSettingsObject (PSO) d. msDS-PasswordObject |
|
Definition
PasswordSettingsObject (PSO)
Windows Server 2008 introduces a new object type called a PasswordSettingsObject (PSO) that allows you to configure multiple password policies and account policies within a Windows Server 2008 domain |
|
|
Term
Which configuration item has a default value of 90 minutes for workstations and member servers, with a random offset of 0 to 30 minutes to optimize network performance? a. Refresh time b. Refresh interval c. Clock skew d. Clock interval |
|
Definition
Refresh Interval
The default Group Policy refresh interval for workstations and member servers in an Active Directory is 90 minutes; for domain controllers, the refresh interval is every 2 minutes. |
|
|
Term
To determine which users are accessing resources on a particular member server in an Active Directory domain, which event type would you audit? a. Account logon event b. Policy change event c. Account management event d. Logon event |
|
Definition
Logon Event
Logon events are logged when a user authenticates to a member server or workstation in an Active Directory domain. Account logon events are logged whenever a user authenticates against an Active Directory domain controller. |
|
|
Term
Monitoring a system such as Active Directory for the success and/or failure of specific user actions is called a. auditing b. inspecting c. scanning d. sniffing |
|
Definition
Auditing
You can audit numerous types of system events including account logon events, logon events, object access, directory service access, and account management events. Within each event category, you can audit success events, failure events, or both |
|
|
Term
Which audit category includes events such as server startup and shutdown, time changes, and clearing the security log within the Windows Event Viewer? a. Process tracking b. Privileged use c. System Events d. Policy management |
|
Definition
System Events
By default, the System Events audit category is set to log success events in the Default Domain Controllers Policy. |
|
|
Term
Which feature allows you to control how much space a user can take on a particular hard drive volume, configurable via Group Policy? a. Disk quotas b. Folder redirection c. Offline files d. Object access auditing |
|
Definition
Disk Quotas
Disk quotas can be configured at the volume level using Active Directory Group Policy Objects and can be more granularly controlled using the File Services role installed on a Windows Server 2008 member server. Additional information about managing the File Services role can be found in the MOAC 70-642 and MOAC 70-643 textbooks and lab manuals. |
|
|
Term
To prevent users from re-using a certain number of network passwords, what can you configure as part of a domain-wide policy or as part of a Fine-Grained Password Policy? a. Minimum password length b. Minimum password age c. Maximum password age d. Enforce password history |
|
Definition
Enforce Password History
By configuring the “Enforce password history” setting, you can configure all users who receive a particular password policy so that they cannot re-use a specified number of passwords. This means that users must create new network passwords rather than simply re-using old passwords when their passwords expire |
|
|
Term
A PasswordSettingsObject (PSO) within Active Directory is also known as which type of object? a. msDS-PasswordSettingsPrecedence b. msDS-PasswordSettings c. msDS-PasswordComplexityEnabled d. msDS-MinimumPasswordLength |
|
Definition
msDS-PasswordSettings
Windows Server 2008 introduces Fine-Grained Password Policies, which are enabled by the addition of a new object type within Active Directory referred to as a PasswordSettingsObject (PSO) or msDS-PasswordSettings object |
|
|
Term
Which Group Policy feature allows users to access user files when the user is disconnected from the corporate network? a. Folder redirection b. Disk quotas c. Offline files d. Object access auditing |
|
Definition
Offline files
When the Offline Files feature is enabled, users can access their network files as though they were still connected to the network; any changes made while offline will be applied when the user reconnects. Combining this feature with Folder Redirection creates a balanced solution between centralization of user data and enabling convenient access for remote and travelling users. |
|
|
Term
Which audit event type is triggered when user or group accounts are created, deleted, renamed, enabled, or disabled? a. Account logon events b. Account management events c. Privileged use events d. Policy management events |
|
Definition
Account management events
This policy is set to audit Success events by default in the Default Domain Controller Policy of Windows Server 2008. |
|
|