Читать книгу MCSA Windows Server 2012 R2 Complete Study Guide - Panek William - Страница 8
Answers to the Assessment Test
Оглавление1. D. Based on the business needs of an organization, a Windows 2012 R2 Server computer can be configured in any of the roles listed. See Chapter 1 for more information.
2. A, B, C and D. All of the options listed are benefits of using Active Directory. See Chapter 3 for more information.
3. A, B, C and D. One of the major design goals for DNS was support for scalability. All of the features listed can be used to increase the performance of DNS. See Chapter 2 for more information.
4. A, B, C and D. Before beginning the installation of a domain controller, you should have all of the information listed. See Chapter 3 for more information.
5. D. The number of sites in an Active Directory environment is independent of the domain organization. An environment that consists of three domains may have one or more sites, based on the physical network setup. See Chapter 3 for more information.
6. E. All of the choices are valid types of Active Directory objects, and all can be created and managed using the Active Directory Users and Computers tool. See Chapter 5 for more information.
7. C. Permissions and security settings cannot be made on distribution groups. Distribution groups are used only for sending email. See Chapter 4 for more information.
8. A. In general, you can accommodate your network infrastructure through the use of Active Directory sites. All of the other options should play a significant role when you design your OU structure. Permissions and Group Policy can both be applied at the domain or OU level. See Chapter 4 for more information.
9. B. Printer and Shared Folder objects within Active Directory can point to Windows Server 2012 R2 file and printer resources. See Chapter 4 for more information.
10. B. Delegation is the process by which administrators can assign permissions on the objects within an OU. This is useful when administrators want to give other users more control over administrative functions in Active Directory. See Chapter 4 for more information.
11. C. The name of the server and the name of the share make up the Universal Naming Convention (UNC) information required to create a Shared Folder object. See Chapter 4 for more information.
12. D. Applications cannot be published to computers, but they can be published to users and assigned to computers. See Chapter 5 for more information.
13. A. MSI files (.msi) are native Windows Installer files used with Windows Installer setup programs. The other file types do not apply to this situation. See Chapter 5 for more information.
14. E. To allow this permission at the OU level, the system administrator must create a GPO with the appropriate settings and link it to the OU. See Chapter 5 for more information.
15. A. Assuming that the default settings are left in place, the Group Policy setting at the OU level will take effect. See Chapter 5 for more information.
16. D. In Windows Server 2012 R2, you can create GPOs only by using the Group Policy Management Console. See Chapter 5 for more information.
17. B. The nslookup tool allows you to look up name and address information. See Chapter 2 for more information.
18. C. The TTL indicates how long the record may be safely cached; it may or may not be modified when the record is created. See Chapter 2 for more information on TTL.
19. B. DDNS works with BIND 8.2 and later. See Chapter 2 for more information on DDNS.
20. D. A round-robin configuration uses all of the available active paths and will distribute I/O in a balanced round-robin fashion. Failover uses only the primary and standby paths, allowing for link failure. Weighted path assigns requests to the path with the least weight value. Dynamic Least Queue Depth routes requests to the path with the least number of outstanding requests. See Chapter 2 for more information.
21. D. All of the applications that are running on the Windows Server 2012 R2 machine will show up under the Details tab. Right-click the application and end the process.
22. A. If you use MBSA from the command-line utility mdsacli.exe, you can specify several options. You type mdsacli.exe/hf (from the folder that contains Mdsacli.exe) and then customize the command execution with an option such as /ixxxx.xxxx.xxxx.xxxx, which specifies that the computer with the specified IP address should be scanned.
23. C. Server Manager is the one place where you install all roles and features for a Windows Server 2012 R2 system.
24. A. The Sharing tab contains a check box that you can use to list the printer in Active Directory.
25. B, E, G and H. The Active Directory Users and Computers tool allows system administrators to change auditing options and to choose which actions are audited. At the file system level, Isabel can specify exactly which actions are recorded in the audit log. She can then use Event Viewer to view the recorded information and provide it to the appropriate managers.
26. B. Offline files give you the opportunity to set up files and folders so that users can work on the data while outside the office.
27. A, B, C and D. Improved security, quotas, compression, and encryption are all advantages of using NTFS over FAT32. These features are not available in FAT32. The only security you have in FAT32 is shared folder permissions.
28. D. File servers are used for storage of data, especially for users’ home folders. Home folders are folder locations for your users to store data that is important and that needs to be backed up.
29. A. GPOs at the OU level take precedence over GPOs at the domain level. GPOs at the domain level, in turn, take precedence over GPOs at the site level.
30. B. The Block Policy Inheritance option prevents group policies of higher-level Active Directory objects from applying to lower-level objects as long as the Enforced option is not set.
31. A, B, C and D. GPOs can be set at all of the levels listed. You cannot set GPOs on security principals such as users or groups.
32. D and E. Administrative templates are used to specify the options available for setting Group Policy. By creating new administrative templates, Ann can specify which options are available for the new applications. She can then distribute these templates to other system administrators in the environment.
33. B, C and E. The Account Lockout Duration setting states how long an account will be locked out if the password is entered incorrectly. The Account Lockout Threshold setting is the number of bad password attempts, and the Account Lockout Counter setting is the time in which the bad password attempts are made. Once the Account Lockout Counter setting reaches 0, the number of bad password attempts returns to 0.
34. D. When resources are made available to users who reside in domains outside the forest, Foreign Security Principal objects are automatically created. These new objects are stored within the Foreign Security Principals container.
35. B. The primary method by which systems administrators create and manage application data partitions is through the ntdsutil tool.
36. C. The NPS snap-in allows you to set up RADIUS servers and designate which RADIUS server will accept authentication from other RADIUS servers. You can do your entire RADIUS configuration through the NPS snap-in.
37. C. NPS allows you to set up policies on how your users could log into the network. NPS allows you to set up policies that systems need to follow, and if they don’t follow these policies or rules, they will not have access to the full network.
38. C. Windows Server 2012 R2 comes with EAP-Transport Level Security (TLS). This EAP type allows you to use public key certificates as an authenticator. TLS is similar to the familiar Secure Sockets Layer (SSL) protocol used for web browsers and 802.1x authentication. When EAP-TLS is turned on, the client and server send TLS-encrypted messages back and forth. EAP-TLS is the strongest authentication method you can use; as a bonus, it supports smart cards. However, EAP-TLS requires your NPS server to be part of the Windows Server 2012 R2 domain.
39. B and D. PEAP-MS-CHAP v2 is an EAP type protocol that is easier to deploy than Extensible Authentication Protocol with Transport Level Security (EAP-TLS). It is easier because user authentication is accomplished by using password-based credentials (user name and password) instead of digital certificates or smart cards. Both PEAP and EAP use certificates with their protocols.
40. C. One advantage of NPS is that you can use the accounting part of NPS so that you can keep track of what each department does on your NPS server. This way, departments pay for the amount of time they use the SQL server database.
41. D. Group Policy Updates have a high processing latency, because IPsec encryption is interrupted until updates to the Group Policies are complete. If the updates to Group Policy do not occur quickly, cluster heartbeat can be impacted (eg if the processing delay exceeds the heartbeat threshold).
42. C. In Windows Server 2012, the number of cluster nodes increased to 64. 8000 is the number of VMs/Clustered Roles. 1024 is the maximum amount of VMs or Clustered Roles per cluster node, and 1000 is the maximum amount of VMs or Clustered Roles per cluster node in Windows Server 2008 R2.
43. B. Witness Dynamic Weighting and Lower Quorum Priority Node are options in PowerShell to modify Dynamic Quorum, but they are not a good answer. Force quorum resiliency is completely incorrect.
44. A. NTLM is the only supported authentication mechanism that will utilize local security authorities (non-active directory integrated Windows Servers).
45. A. Prior to Windows Server 2012 R2, shared virtual hard disks did not exist. At release of Windows Server 2012 R2, shared virtual disks were supported for file server roles as well as Exchange Server and SQL Server workloads.
46. D. The iSCSI default port is TCP 3260. Port 3389 is used for RDP, port 1433 is used for MS SQL, and port 21 is used for FTP.
47. C. Windows Server 2012 R2 Features On Demand allows an administrator not only to disable a role or feature but also to remove the role or feature’s files completely from the hard drive.
48. C. After generating hashes on the Colorado Springs file server that will be preloading Tampa’s file server cache with file share data, the next logical step is to run the Export-BCCachePackage to get the data to FS02 from FS01.
49. A. The iscsicli addisnsserver server_name command manually registers the host server to an iSNS server. refreshisnsserver refreshes the list of available servers. removeisnsserver removes the host from the iSNS server. listisnsservers lists the available iSNS servers.
50. D. Since there is a classification rule that is currently configured and applied to company resources, you will be unable to delete the Contains Personal Information classification property manually because the classification rule controls the property. In this case, you have to delete the classification rule in order to be able to delete the classification property.
51. B. If you need to get a stalled computer up and running as quickly as possible, you should start with the Last Known Good Configuration option. This option is used when you’ve made changes to your computer’s hardware configuration and are having problems restarting but have not logged into the machine. The Last Known Good Configuration option will revert to the configuration used the last time the computer was successfully booted.
52. A. When you enable boot logging, the file created is \Windows\ntbtlog.txt. This log file is used to troubleshoot the boot process.
53. D. Using images allows you to back up and restore your entire Windows Server 2012 R2 machine instead of just certain parts of data.
54. B. Out of the tools listed, remember that Vssadmin gives you the ability to use Shadow Copies, which in turn provides backups and previous versions of shared data. Wbadmin is used for Windows Server Backups, Ntsdutil.exe is used for Active Directory maintenance, and the ADSI Editor is used for extended Active Directory attribute management.
55. B. When you run your computer in Safe Mode, you simplify your Windows Server 2012 R2 configuration. Only the drivers that are needed to get the computer up and running are loaded.
56. C. Conditional forwarding allows you to send a DNS query to different DNS servers based on the request. Conditional forwarding lets a DNS server on a network forward DNS queries according to the DNS domain name in the query.
57. D. The dnscmd /zoneexport command creates a file using the zone resource records. This file can then be given to the Compliance department as a copy.
58. D. An exclusion just marks addresses as excluded; the DHCP server doesn’t maintain any information about them. A reservation marks an address as reserved for a particular client.
59. D. Active Directory Integrated zones give you many benefits over using primary and secondary zones including less network traffic, secure dynamic updates, encryption, and reliability in the event of a DNS server going down. The Secure Only option is for dynamic updates to a DNS database.
60. C. The Secure Only option is for DNS servers that have an Active Directory Integrated zone. When a computer tries to register with DNS dynamically, the DNS server checks Active Directory to verify that the computer has an Active Directory account. If the computer that is trying to register has an account, DNS adds the host record. If the computer trying to register does not have an account, the record gets tossed away and the database is not updated.
61. D. By default, Connection objects are automatically created by the Active Directory replication engine. You can choose to override the default behavior of Active Directory replication topology by manually creating Connection objects, but this step is not required.
62. D. The NTDS settings for the site level are where you would activate and deactivate UGMC.
63. D. Remember that a shortcut trust is used to eliminate multiple hops to and from certain domains within a multiforest, multidomain infrastructure. By configuring a shortcut trust between the two domains, you will reduce the slowness and authentication latency between them.
64. A. The Directory Service event log contains error messages and information related to replication. These details can be useful when you are troubleshooting replication problems.
65. C. The Knowledge Consistency Checker (KCC) is responsible for establishing the replication topology and ensuring that all domain controllers are kept up-to-date.
66. A and B. Certutil – backup backs up the CA certificate including private key in the backup. Certutil – backupdb backs up only the certificate database and logs.
67. B and C. Under AD Sites and Services, navigate to Services ⇒ RightsManagementServices and remove the SCP object. This operation can also be done by using ADSI Edit.
68. D. The relying party is the organization that receives and processes claims from a resource partner. The resource partner issues claims-based security tokens that contains published web-based applications that users in the account partner can access. This is accomplished through a relying-party trust. See Chapter 22 for more details.
69. D. AD RMS contacts the global catalog through port 3268. See Chapter 22 for more details.