Shared Flashcard Set

Details

Active Directory Lesson 8
Microsoft Server 2008 AD
20
Computer Networking
Not Applicable
01/11/2017

Additional Computer Networking Flashcards

 


 

Cards

Term
In a case where multiple PSOs are configured for a particular user, Active Directory will determine which one to apply by using the PSO's ___.
Definition
precedence
Term
You can automatically add a technical support user to the local Administrators group of each domain workstation by using ___.
Definition
Restricted Groups
Term
The ___ command allows you to manually refresh Group Policy settings on a particular computer.
Definition
gpupate.exe
Term
___ refers to a Group Policy setting that is not removed when the GPO setting reverts to "Not Configured
Definition
Tattooing
Term
You would audit ___ to determine who is authenticating against your Active Directory domain controllers
Definition
Account Logon Events
Term
Each Active Directory domain controller acts as a(n) ___ to enable the distribution of Kerberos tickets.
Definition
Key Distribution Center (KDC)
Term
___ allows you to configure a user's Documents, Desktop, and other folders so that they are stored on a network drive rather than the local computer
Definition
Folder Redirection
Term
Settings in the ___ section of Group Policy allow you to configure the maximum allowable clock skew between a client and a domain controller
Definition
Kerberos Policies
Term
Auditing for ___ will alert you when a change is made to User Rights assignments, IPSec policies, or trust relationships
Definition
Policy Change events
Term
You can create a consistent service startup configuration for multiple computers by using the ___ node in Group Policy
Definition
System Services
Term
What type of object will you create to enable multiple password policies within a Windows Server 2008 domain?
a. msDS-MinimumPasswordLength
b. msDS-MultiplePasswordPolicies
c. PasswordSettingsObject (PSO)
d. msDS-PasswordObject
Definition
PasswordSettingsObject (PSO)

Windows Server 2008 introduces a new object type called a PasswordSettingsObject (PSO) that allows you to configure multiple password policies and account policies within a Windows Server 2008 domain
Term
Which configuration item has a default value of 90 minutes for workstations and member servers, with a random offset of 0 to 30 minutes to optimize network performance?
a. Refresh time
b. Refresh interval
c. Clock skew
d. Clock interval
Definition
Refresh Interval

The default Group Policy refresh interval for workstations and member servers in an Active Directory is 90 minutes; for domain controllers, the refresh interval is every 2 minutes.
Term
To determine which users are accessing resources on a particular member server in an Active Directory domain, which event type would you audit?
a. Account logon event
b. Policy change event
c. Account management event
d. Logon event
Definition
Logon Event

Logon events are logged when a user authenticates to a member server or workstation in an Active Directory domain. Account logon events are logged whenever a user authenticates against an Active Directory domain controller.
Term
Monitoring a system such as Active Directory for the success and/or failure of specific user actions is called
a. auditing
b. inspecting
c. scanning
d. sniffing
Definition
Auditing

You can audit numerous types of system events including account logon events, logon events, object access, directory service access, and account management events. Within each event category, you can audit success events, failure events, or both
Term
Which audit category includes events such as server startup and shutdown, time changes, and clearing the security log within the Windows Event Viewer?
a. Process tracking
b. Privileged use
c. System Events
d. Policy management
Definition
System Events

By default, the System Events audit category is set to log success events in the Default Domain Controllers Policy.
Term
Which feature allows you to control how much space a user can take on a particular hard drive volume, configurable via Group Policy?
a. Disk quotas
b. Folder redirection
c. Offline files
d. Object access auditing
Definition
Disk Quotas

Disk quotas can be configured at the volume level using Active Directory Group Policy Objects and can be more granularly controlled using the File Services role installed on a Windows Server 2008 member server. Additional information about managing the File Services role can be found in the MOAC 70-642 and MOAC 70-643 textbooks and lab manuals.
Term
To prevent users from re-using a certain number of network passwords, what can you configure as part of a domain-wide policy or as part of a Fine-Grained Password Policy?
a. Minimum password length
b. Minimum password age
c. Maximum password age
d. Enforce password history
Definition
Enforce Password History

By configuring the “Enforce password history” setting, you can configure all users who receive a particular password policy so that they cannot re-use a specified number of passwords. This means that users must create new network passwords rather than simply re-using old passwords when their passwords expire
Term
A PasswordSettingsObject (PSO) within Active Directory is also known as which type of object?
a. msDS-PasswordSettingsPrecedence
b. msDS-PasswordSettings
c. msDS-PasswordComplexityEnabled
d. msDS-MinimumPasswordLength
Definition
msDS-PasswordSettings

Windows Server 2008 introduces Fine-Grained Password Policies, which are enabled by the addition of a new object type within Active Directory referred to as a PasswordSettingsObject (PSO) or msDS-PasswordSettings object
Term
Which Group Policy feature allows users to access user files when the user is disconnected from the corporate network?
a. Folder redirection
b. Disk quotas
c. Offline files
d. Object access auditing
Definition
Offline files

When the Offline Files feature is enabled, users can access their network files as though they were still connected to the network; any changes made while offline will be applied when the user reconnects. Combining this feature with Folder Redirection creates a balanced solution between centralization of user data and enabling convenient access for remote and travelling users.
Term
Which audit event type is triggered when user or group accounts are created, deleted, renamed, enabled, or disabled?
a. Account logon events
b. Account management events
c. Privileged use events
d. Policy management events
Definition
Account management events

This policy is set to audit Success events by default in the Default Domain Controller Policy of Windows Server 2008.
Supporting users have an ad free experience!