Upgrade to remove ads
Only $2.99/month

Microsoft testbanks week 1

Terms in this set (94)

d
Why are phone lines and ISDN not used today for remote access services (RAS)?
a. They're too expensive.
b. They're not secure enough.
c. They create dedicated access.
d. They no longer supply acceptable bandwidth.
a
What special hardware configuration should a RAS server have?
a. two network interface cards
b. a dedicated phone line
c. a dedicated Internet connection
d. secure access to the Internet
a
Why would you set Verify Caller ID on a remote dial-up connection for a user?
a. for enhanced security
b. because you don't trust the user
c. because you want users to call in only from specific numbers
d. because it's the default setting
b
. What is the most efficient way to deploy VPN (virtual private network) configurations to hundreds of users?
a. Create and distribute a document that explains all the settings.
b. Create and distribute an executable file that contains all the settings.
c. Configure all the client systems manually.
d. Have the users bring in their systems individually for configuration.
c
When would you want to use a split tunnel for users?
a. if your users work only from the office
b. if your users might compromise security by browsing to insecure sites
c. if your users have laptop computers and work from home or office
d. if your users often need remote assistance
c
. What term is defined as private data placed in a packet with a header containing routing information that allows the data to traverse a transit network, such as the Internet?
a. routing
b. VPN
c. encapsulation
d. tunneling
b
What is the result of enabling security on the RRAS interface in your RAS server?
a. You can't connect to the Internet on that interface.
b. You can't ping that interface.
c. You can't provide network address translation (NAT) services to a local-area network.
d. You can't use DHCP.
b
Why use a VPN for client-to-server connections over the Internet?
a. VPN traffic is protected by a firewall.
b. VPN traffic is encrypted.
c. VPN traffic goes undetected on the Internet.
d. VPN traffic is proxy-proof.
a
. How is data verified when transferred through the Internet?
a. by cryptographic checksum
b. by RAS callback options
c. by correct firewall settings
d. by using PPTP for VPN connections
d
10. Of the four VPN tunneling protocols, which has the weakest encryption?
a. L2TP
b. IKEv2
c. SSTP
d. PPTP
a
Which authentication method is weakest (least secure)?
a. PAP
b. CHAP
c. MS-CHAPv2
d. EAP-MS-CHAPv2
c
Which authentication protocol allows you to change an expired password during the connection process?
a. PAP
b. CHAP
c. MS-CHAPv2
d. EAP-MS-CHAPv2
b
Which VPN protocol provides constant connectivity?
a. L2TP
b. IKEv2
c. SSTP
d. PPTP
d
. When is it appropriate to use Windows Server 2012 as a router between two networks?
a. for heavy traffic on large networks
b. for heavy traffic on small networks
c. for light traffic on large networks
d. for light traffic on small networks
a
How are routing tables created dynamically?
a. through the use of RIP
b. with static routes
c. by using the routing table protocol (RTP)
d. by using a layer 2 switch
b
Which Windows Server 2012 R2 server role is used to install the Web Application proxy for AD FS?
a. AD FS
b. Remote Access
c. Remote Desktop
d. Web Services
a
In Windows Server 2012 R2, what is used as a reverse proxy?
a. Web Application proxy
b. Reverse Lookup
c. AD FS proxy
d. Reverse Web
c
DirectAccess was introduced with which workstation/server pair?
a. Windows XP/Windows Server 2003
b. Windows Vista/Windows Server 2008
c. Windows 7/Windows Server 2008 R2
d. Windows 8/Windows Server 2012
b
What kind of connectivity does DirectAccess establish between workstation and server?
a. uni-directional
b. bi-directional
c. PPTP
d. virtual private network (VPN)
b
What type of server is the network location server (NLS)?
a. DNS
b. DHCP
c. web
d. AD
c
What does the acronym ISATAP stand for?
a. Industry Standard Architecture Tunnel Addressing Protocol
b. Industry Standard Architecture Tunnel Access Protocol
c. Intra-Site Automatic Tunnel Addressing Protocol
d. Inter-Site Automated Tunnel Addressing Protocol
c
What utility do you use to configure DirectAccess?
a. DNS Console
b. Active Directory Console
c. Remote Access Management Console
d. DirectAccess Console
b
Windows Server 2012 varies from the Windows Server 2008 R2 implementation in that it does not require which one of the following?
a. SQL Server
b. two consecutive public IP addresses
c. Hyper-V and a single virtual machine
d. a dedicated Internet connection
d
What is the most basic requirement for a DirectAccess implementation?
a. The DirectAccess server must be part of a cluster.
b. The DirectAccess server must be highly available.
c. The DirectAccess server must also run DNS services.
d. The DirectAccess server must be part of an Active Directory domain.
a
If the client cannot reach the DirectAccess server using 6to4 or Teredo tunneling, the client tries to connect using what protocol?
a. IP-HTTPS
b. HTTP
c. DHCP
d. HTTPS
c
What does the netsh namespace show policy command do?
a. shows the DNS search order
b. displays the static routing table for a namespace
c. shows the NRPT rules as configured on the group policy
d. displays local DirectAccess security policy
d
What does the netsh namespace show effectivepolicy command do?
a. shows the effective NRPT rules as configured on the group policy
b. shows the effective group rights for DirectAccess
c. explicitly displays the effective group policy rights for each user that has access to DirectAccess
d. determines the results of network location detection and the IPv6 addresses of the intranet DNS servers
b
. What kind of connectivity does DirectAccess provide between client computers and network resources?
a. stable but limited
b. seamless and always on
c. active and firewalled
d. firewalled and passive
b
DirectAccess is for clients connected to which network?
a. intranet
b. Internet
c. wired LAN
d. wireless LAN
c
How do the DirectAccess server and DirectAccess client authenticate each other?
a. IPSec and PAP
b. PPTP and username/password
c. computer and user credentials
d. encrypted secret channel handshake
b
Which one of the following operating systems may not act as a DirectAccess client?
a. Windows 7 Enterprise
b. Windows Server 2008
c. Windows Server 2008 R2
d. Windows 8
a
In addition to meeting operating system requirements, a DirectAccess client must be a member of what?
a. a DirectAccess client group
b. a NAP group
c. an AD domain
d. a fault-tolerant network segment
c
What kind of RADIUS server is placed between the RADIUS server and RADIUS clients?
a. a RADIUS client server
b. a RADIUS engine server
c. a RADIUS proxy server
d. a RADIUS relay server
b
. What process determines what a user is permitted to do on a computer or on a network?
a. access
b. authorization
c. authentication
d. permission
b
What is a RADIUS server known as in Microsoft parlance?
a. Network Access Server
b. Network Policy Server
c. Network Authentication Server
d. Network Remote Access Server
c
. Which ports do Microsoft RADIUS servers use officially?
a. 1511 and 1512
b. 1612 and 1613
c. 1812 and 1813
d. 2012 and 2013
a
. When an access client contacts a VPN server or wireless access point, a connection request is sent to what system?
a. the NPS server
b. the 802.1X switch
c. an authorization relay
d. an access client
d
Which system, in a RADIUS infrastructure, handles the switchboard duties of relaying requests to the RADIUS server and back to the client?
a. the NPS server
b. the access client
c. the wireless access point
d. the access server
d
What is the final step in the authentication, authorization, and accounting scenario between an access client and the RADIUS server?
a. a log entry that the connection is established
b. an Access-Reject message to the access server
c. a final credential check with the domain controller
d. an Accounting-Response to the access server
b
To configure RADIUS service load balancing, you must have more than one kind of what system per remote RADIUS server group?
a. proxy server
b. RADIUS server
c. relay server
d. domain controller
d
Which parameter specifies the order of importance of the RADIUS server to the NPS proxy server?
a. relay link number
b. weight
c. precedence
d. priority
c
. Using what feature can streamline the creation and setup of RADIUS servers?
a. build guidelines
b. documentation
c. templates
d. wizards
b
What information does the Accounting-Start message contain?
a. the RADIUS server name and IP address
b. the type of service and the user it's delivered to
c. the list of permissions granted to the user
d. the list of services provided to RADIUS access servers
c
Which system is the destination for Accounting-Start messages?
a. the RADIUS proxy server
b. the RADIUS relay server
c. the RADIUS accounting server
d. the RADIUS web server
a
What type of NPS authentication is recommended over password authentication?
a. certificate
b. complex
c. biometric
d. PAP2
b
Why is password-based authentication not recommended?
a. Passwords are too easy to guess.
b. Usernames and passwords are sent in plain text.
c. Usernames are too easy to guess.
d. Username and password authentication is too slow.
c
Where do you get certificates for authentication purposes?
a. Microsoft
b. the computer manufacturer
c. a certificate authority
d. a certificate broker
b
. An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?
a. who, what, and where
b. who, when, and how
c. who, when, and where
d. who, how, and how long
a
Which variable can be set to authorize or deny a remote connection?
a. group membership
b. bandwidth limitations
c. corporate status
d. job role
d
The default connection request policy uses NPS as what kind of server?
a. DNS
b. Active Domain controller
c. RRAS
d. RADIUS
c
Where is the default connection policy set to process all authentication requests?
a. on the domain controller
b. at the RADIUS proxy server
c. locally
d. in a separate database
d
What is the last setting in the Routing and Remote Access IP settings?
a. the number of assigned IP addresses
b. which DHCP server will supply the requests
c. which NPS server to connect to
d. how IP addresses are assigned
b
What command-line utility is used to import and export NPS templates?
a. dnscmd
b. netsh
c. msconfig
d. net
c
To which type of file do you export an NPS configuration?
a. TXT
b. DOC
c. XML
d. NPS
b
When should you not use the command-line method of exporting and importing the NPS configuration?
a. when the source NPS server and target NPS servers are on different IP subnets
b. when the source NPS database has a higher version number than the version number of the destination NPS database
c. when the source NPS server and target NPS servers are different revisions of Windows Server
d. when your network policy forbids the export of the NPS configuration
a, d
Network policies determine what two important connectivity constraints?
a. who is authorized to connect
b. the DHCP server for the connection
c. the DNS server for the connection
d. the connection circumstances for connectivity
b
When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _______________ that have been configured for the policy.
a. realms
b. constraints
c. options
d. permissions
c
If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?
a. retries
b. accepts
c. denies
d. locks
a,c,d
Identify the correct NPS templates. Select all that apply.
a. Shared Secrets
b. NPS Filters
c. Health Policies
d. RADIUS Clients
b, c
Which two of the following are Routing and Remote Access IP settings?
a. Server Must Request an IP Address
b. Client May Request an IP Address
c. Server Must Supply an IP Address
d. Client Must Supply an IP Address
a
Which Routing and Remote Access IP setting is the default setting?
a. Assign a Static IP Address
b. Server Settings Determine IP Address Assignment
c. Server Must Connect to the Assigned Realm
d. Client May Request a Specific DNS Server
c
Which of the following is the strongest type of encryption?
a. MPPE 40-Bit
b. MPPE 56-Bit
c. MPPE 128-Bit
d. No Encryption
b
Network Access Protection (NAP) is Microsoft's software for controlling network access of computers based on what?
a. a computer's IP address and VLAN
b. a computer's overall health
c. a computer's Windows version
d. a computer's network functionality (role)
a
Because NAP is provided by _________, you need to install _________ to install NAP.
a. NPS, NPS
b. DNS, NPS
c. DHCP, NPS
d. AD, NPS
d
DHCP enforcement is not available for what kind of clients?
a. mobile
b. remote dial-up
c. noncompliant
d. IPv6
a,b
Identify two remediation server types.
a. Anti-virus/anti-malware servers
b. Software update servers
c. Terminal servers
d. RRAS servers
c
. What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?
a. Windows Server 2012
b. Windows Server 2008 R2
c. read-only
d. updated and compliant
b
When you fully engage NAP for remediation enforcement, what mode do you place the policy in?
a. enforcement
b. isolation
c. assessment
d. compliance
b
To verify a NAP client's configuration, which command would you run?
a. netsh nap show state
b. netsh nap client show state
c. netsh nps nap show state
d. netsh nps nap agent state
c,d
Which two components must a NAP client have enabled in order to use NAP?
a. DHCP client
b. Windows Update
c. Security Center
d. NAP Agent
a
. Why do you need a web server as part of your NAP remediation infrastructure?
a. to provide user information in case of a compliance failure
b. to provide Internet access to users who fail compliance
c. to redirect user requests for restored network access
d. to further assess how far out of compliance a user system is
d
Where do you look to find out which computers are blocked and which are granted access via NAP?
a. the local system's Event Viewer
b. the AD Event Viewer
c. the RADIUS Server Event Viewer
d. the NAP Server Event Viewer
a,c
Health policies are in pairs. What are the members of the pair? Select two.
a. NAP-compliant
b. NAP-remedial
c. NAP-noncompliant
d. NAP-quarantined
c
. You should restrict access only for clients that don't have all available security updates installed if what situation exists?
a. the computers are running NAP
b. the computers are running SHA
c. the computers are running Windows Update
d. the computers are running anti-virus software
a
What happens to a computer that isn't running Windows Firewall?
a. The computer is isolated.
b. The computer is powered off.
c. A server message is sent to the computer.
d. An event is logged.
b,c
Health policies are connected to what two other policies?
a. compliance policies
b. network policies
c. connection request policies
d. performance policies
d
To use the NAP-compliant policy, the client must do what?
a. pass 75% of the SHV checks
b. fail no more than 10% of the SHV checks
c. pass one of the SHV checks
d. pass all SHV checks
d
Which computers are not affected by VPN enforcement?
a. newly deployed computers
b. computers that access the LAN remotely
c. isolated computers
d. locally connected computers
A
What is the default authentication protocol for non-domain computers?
a. NTLM
b. PAP
c. CHAP
d. Kerberos
C
What does the acronym NTLM stand for?
a. NT Link Messenger
b. NT Link Manager
c. NT LAN Manager
d. NT LAN Messenger
C
NTLM uses a challenge-response mechanism for authentication without doing what?
a. revealing the client's operating system to the server
b. revealing the protocol to the server
c. sending a password to the server
d. sending an encrypt/decrypt message to the server
A
What type of protocol is Kerberos?
a. a secure network authentication protocol
b. a simple Microsoft-only protocol
c. a uni-directional authentication protocol
d. a certificate-based authentication protocol
B
Kerberos security and authentication are based on what type of technology?
a. secure transmission
b. secret key
c. challenge-response
d. legacy code
B
What is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly?
a. 1 minute
b. 5 minutes
c. 15 minutes
d. 45 minutes
D
. Which three components make up a service principal name (SPN)?
a. service name, IP address, and port number
b. service name, URL, and host name
c. service name, host name, and IP address
d. service class, host name, and port number
B
What happens if a client submits a service ticket request for an SPN that does not exist in the identity store?

a. An event is written to the Kerberos server's event log.
b. The client receives an access denied error.
c. The Kerberos server receives an access denied error.
d. The Kerberos ticket for that service is destroyed.
D
Which tool can you use to add SPNs to an account?
a. Notepad
b. LDAP
c. Microsoft Word
d. ADSI Edit
A,D
What are the two restrictions for adding SPNs to an account?
a. Domain Administrator privileges
b. full control permissions for the folder
c. local administrator privileges
d. the editor runs from the domain controller
C
Identify another utility that you can use to add SPNs to an account.
a. dnscmd
b. spnedit
c. setspn
d. netsh
C
What type of account is an account under which an operating system, process, or service runs?
a. user
b. system
c. service
d. network
A,C
When creating accounts for operating systems, processes, and services, you should always configure them with what two things in mind?
a. using strong passwords
b. using cryptic user names
c. granting the least rights possible
d. using built-in accounts
B,C
. Name two benefits to using Managed Service Accounts (MSAs).
a. Microsoft technology
b. automatic password management
c. simplified SPN management
d. simplified account troubleshooting
C
By default, which service accounts will the Windows PowerShell cmdlets manage?
a. standalone MSAs
b. standard local service accounts
c. group MSAs
d. domain user accounts designated as service accounts
C
Which of the following is the format for a virtual account used with Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?
a. domainname\servicename
b. computername\servicename
c. NT Service\servicename
d. NT Service\servicename$
THIS SET IS OFTEN IN FOLDERS WITH...