2000528
Description
Flashcards by maxwell3254, updated more than 1 year ago
|
Created by maxwell3254
over 9 years ago
|
|
| Question | Answer |
| A method of controlling settings across your network | Group Policy |
| contain all the Group Policy settings that you wish to implement to user and computer objects within a site, domain, or OU. | Group Policy Object (GPO) |
| MMC snap-in that is used to create and modify Group Policies and their settings | Group Policy Management Console (GPMC) |
| Administrative Templates are files with the ______ extension | .admx |
| Config this setting on an individual GPO link forces a particular GPO's settings to flow down through the AD, without being blocked by any child OUs | Enforce |
| directory object includes subcontainers that hold GPO policy information | Group Policy Container (GPC) |
| Administrators find that _____ ______ implementation helps them to achieve centralized management | Group Policy |
| 3 subnodes within the Computer Configuration and User Configuration nodes | Software Settings, Windows Settings, and Administrative Templates |
| Config this setting on a container object will block all policies from parent containers from flowing to this container | Block Policy Inheritance |
| Allows you to specify a more or less stringent password policy for this subset than the password policy defined for the entire domain | Fine-Grained Password Policies (FGPP) |
| The default mechanism for authenticating domain users in Windows Server 2008, 2003, and 2000 | Kerberos Policy |
| 3 Subcategories of Local Policies | User Rights Assignment Security Options Audit Policy |
| allows the admins to log successful and failed security, such as logon events, account access, and object access | Audit Policy |
| allows an admin to specify group membership lists | Restricted Groups |
| This is a Group Policy option that provides an alternative method of obtaining the ordered list of GPOs to be processed for the user | Loopback Processing |
| Configured on the Sharing tab of a folder | Offline Files |
| By default, computer policies are updated in the background every ___ minutes | 90 |
| System Development Life Cycle contain 4 phases : | Planning Implementation Maintenance Removal |
| Helpful when you are deploying required applications to pertinent users and computers | Assign Option |
| allows users to install the applications that they consider useful to them | Publish Option |
| Use this option to provide all installation messages and screens for users during the installation of all packages in the GPO | Maximum |
| By default, the Software Restriction Policies are has an ____ value in the Default Security Level setting | Unrestricted |
| a series of bytes with a fixed length that uniquely identifies a program or file. Using a ___ ___ on an app executable will check the file's hash value and prevent the app from running if the hash value is not correct | Hash; Hash Rule |
| identifies software by specifying the directory path where the application is stored in the file system | Path Rule |
| This info includes hardware, Group Policy Software Installation settings, Internet Explorer Maintenance settings, scripts, Folder Redirection settings, and Security settings | Common Information Management Object Model (CIMOM) |
| use command _______ to obtain RSoP info on computer and user policies that will affect Sseely | gpresult /user sseely /v |
| a command-line tool that allows you to create and display an RSoP query from the command line | GPResult |
| Using the __ ___ ___ policy setting, you can prevent policy settings from applying to all child objects at the current level and all subordinate levels | Block Policy Inheritance |
| Uses the signing cert of an app, can be used to allow software from a trusted source to run or prevent software that does not come from a trusted source from running | Certificate Rule |
| Only __ WMI filter can be configured per GPO | one |
| method that uses filters written in the WMI Query Language (WQL), similar to SQL, to control GPO application | WMI Filtering |
| Windows Server Backup supports the use of __ and __ drives as backup destinations, but doesn't support ___ ___ as backup media | CD, DVD Magnetic Tapes |
| Apply only to Windows Installer packages that attempt to install from a specified zone, such as a loyal comp, a local intranet, trusted sites, restricted sites, or the Internet | Network Zone Rules |
| If you find yourself in a position where you need to restore an object or container within Active Directory that has been deleted, you perform an.... | Authoritative restore |
| these are the specific processes or events that you want to track | Performance Counters |
| to assist you with obtaining more detailed info in the event logs, you can set the event logs to record diagnostic info specific to processes related to ___ ____ | Active Directory |
| this command-line tool can analyze the state of the domain controllers in the forest or enterprise and reports any problems to assist in troubleshooting | Dcdiag |
| ___ backup will reformat the target drive that hosts the backup files, and thus can only be performed on a loyal physical drive that does not host any critical volumes | Scheduled |
| the ___ command-line utility allows you to perform an authoritative restore | Ntdsutil |
| a ____ restore will restore the Active Directory objects with their original Update Sequence Number (USN), which is the number that each DC assigns to every transaction that is either originated on the DC or replicated from another DC | Nonauthoritative |
| the ___ database is used through WMI and contains information that is gathered when a computer starts and becomes part of the network | Common Information Management Object Model (CIMOM) |
| resource record is the functional opposite of the A record, providing an IP address-to-name mapping for the system identified in the Name field using the in-addr.arpa domain name | Pointer (PTR) |
| Windows Server 2008 Active Directory clients rely on the __ ___ to locate the domain controllers they need to validate logon requests | Service Record (SRV) |
| At the top of the domain hierarchy are the__ ___ ___, which are the highest level DNS servers in the entire namespace | Root Name Servers |
| in a __ query, the DNS server receiving the name resolution request takes full responsibility for resolving the name | Recursive |
| a DNS server that contains no zones and hosts no domains | Caching-only server |
| Contains the master copy of the zone database, in which admins make all changes to the zone's resource records | Primary Zone |
| Resource record identifies which name server is the authoritative source of info data within this domain | Start of Authority (SOA) |
| ACL allows a user to perform any action against a particular template; should be reserved for CA admins only | Full Control |
| ACL allows users or computers to manually request a cert based on the template | Enroll |
| in an ___ query, the server that receives the name resolution request immediately responds to the requester with the best info it possesses | Iterative |
| A ___ is a DNS server that receives queries from other DNS servers that are explicitly configured to send them | Fowarder |
| forwards queries selectively based on the domain specified in the name resolution request | Conditional Forwarder |
| a read-only of the data that contains a backup copy of the primary master zone database file, stored as a identical text file on the server's local drive | Secondary Zone |
| A copy of a primary zone that contains SOA and NS resource records, plus the Host (A) resource records that identify the authoritative servers for the zone | Stub Zone |
| is an entity, such as Windows Server 2008 server running the AD CS server role, that issues and manages digital certificates for use in a PKI | Certification Authority (CA) |
| These are templates used by a CA to simplify the administration and issuance of digital cerificates | Certificate Templates |
| small physical devices, usually the size of a credit card or keychain fob, have a digital cert installed on them | Smart Cards |
| Not integrated with Active Directory and requires administrator intervention to respond to certificate requests | Standalone CA |
| Integrates with an Active Directory domain, can use certificate templates to allow autoenrollment of digital certs, as well as store the certs themselves within the AD database | Enterprise CA |
| this ACL allows users or computers to be automatically issued certs based on this template | Autoenroll |
| these are used to request certificates on behalf of a user, computer, or service if self-enrollment is not practical or is otherwise an undesirable solution for reasons of security, auditing, and so on | Enrollment Agents |
Want to create your own Flashcards for free with GoConqr? Learn more.