Term
| 4.1 How does the Remote Desktop Protocol (RDP) work to show the contents of a remote desktop? |
|
Definition
| • RDP sends the info from desktop on server to RDP client. Mouse & Keyboard actions are forwarded to server. Resulting changes are returned to client |
|
|
Term
| 4.1 Which role service enables access through the Internet past most firewalls? |
|
Definition
|
|
Term
| 4.1 What is the difference between a per-user license and a per-device license? When would a per-device license be a better choice? |
|
Definition
• Per user –grants licenses to users to connect to a session hosts regardless of computer used for logon
Per device – grants licenses to computers to connect to a session host regardless of user who is logged on |
|
|
Term
| 4.1 What client requirements are required to connect to a session host through a Web browser? |
|
Definition
|
|
Term
| 4.1 What ports are used by RD Web Access? |
|
Definition
|
|
Term
| 4.1 You want to enable RD Web Access on three session hosts. On which servers should you install the RD Web Access role service? |
|
Definition
| • Enterprise or Datacenter versions of Windows Server 2008 |
|
|
Term
| 4.1 What is the difference between the equal per user profile and the equal per session profile? How can a user overcome the restrictions enforced by the equal per session profile? |
|
Definition
• Per user –allocates resources evenly between users
Per session –allocates resources evenly between sessions.
A user could consume more system resources by opening multiple sessions |
|
|
Term
| 4.2 How does a user access applications through RemoteApp? |
|
Definition
| • Start Menu, Shortcut on desktop, Web access interface |
|
|
Term
| 4.2 How does RemoteApp improve security of session host servers? |
|
Definition
| • Administrators can make application available to a user without making entire session host desktop available |
|
|
Term
| 4.2 How many sessions are used if a user launches three applications on the same session host using RemoteApp? |
|
Definition
|
|
Term
| 4.2 How do you add RemoteApp support to a session host? |
|
Definition
| • Use Remote Desktop Connection Manager |
|
|
Term
| 4.2 What are the four ways you can make applications visible to remote desktop clients? Which method requires no configuration on the client computer? |
|
Definition
• .rdp Shortcut File
.msi Installer Package
RD Web Access Application List
RemoteApp & Desktop Connection |
|
|
Term
| 4.3 What advantage does using RD Connection Broker have over using network load balancing? |
|
Definition
|
|
Term
| 4.3 Why might you still use network load balancing when implementing the RD Connection Broker? |
|
Definition
|
|
Term
| 4.3 How can you unevenly distribute client sessions in a Remote Desktop server farm? |
|
Definition
|
|
Term
| 4.3 Which version of Remote Desktop Connection is required on the clients? |
|
Definition
|
|
Term
| 4.4 Which ports must be opened in the outer firewall to allow connections to the RD Gateway server? |
|
Definition
|
|
Term
| 4.4 Which servers can you allow access to using RD Gateway? |
|
Definition
| Servers running Windows Server 2008 R2 |
|
|
Term
| 4.4 What is the difference between a RD CAP and a RD RAP? Which restricts access to specific computers? |
|
Definition
• RD CAP identifies users who are allowed to establish a connection through the RD.
RD RAP identifies internal resources that users are allowed to access.
RD RAP restricts access |
|
|
Term
| 4.4 Why would you use a RADIUS server with RD Gateway? |
|
Definition
| To centralize RD CAP & RD RAP |
|
|
Term
| 4.4 How does RD Gateway integrate with NAP? |
|
Definition
| You can configure RD Gateway to enforce health policies defined by NAP |
|
|
Term
| 5.1 Which role service enables remote invocation of applications that are built on and hosted in COM+ and Enterprise Services components? |
|
Definition
|
|
Term
| 5.1 When might you use the TCP port sharing feature? |
|
Definition
| When firewall configurations and network restrictions allow only a limited number of open ports |
|
|
Term
| 5.1 What are the four methods you can use to start and stop applications remotely when you add the Windows Process Activation Service Support role service? |
|
Definition
| HTTP Activation; Messaging Queing Activation; TCP Activation; Name Pipes Activation |
|
|
Term
| 5.1 Which IIS role services are server-side scripting technologies? Which role services execute applications on the IIS server? |
|
Definition
| ASP - Scripting . ASP.NET, NET Extensibility, CGI - Execute |
|
|
Term
| 5.1 What is the difference between ISAPI extensions and ISAPI filters? When would you use each? |
|
Definition
• Extensions –identifies a complied program that runs on the web server when a document with a specific file extension is requested.
Filters –program that continually runs on the server. Filters every request looking for request it needs to process |
|
|
Term
| 5.1 Which file extensions are associated with a server-side include? |
|
Definition
|
|
Term
| 5.2 How is server virtualization different than network virtualization? |
|
Definition
• Server Virtualization –runs multiple instances of a server o/s on single CPU
Network Virtualization –allows multiple virtual servers to communication using network protocols as if they were attached to a physical network |
|
|
Term
| 5.2 How many parent partitions can you have on a server running Hyper-V? |
|
Definition
|
|
Term
| 5.2 Which operating system versions and architecture types support Hyper-V? What are the hardware requirements for installing Hyper-V? |
|
Definition
Hyper-V can be installed on 64-bit versions of Microsoft Windows Server 2008 or 2008 R2 running Enterprise, Standard, and Datacenter editions
Hyper-V can only be installed on 64-bit CPUs that support: hardware Assisted Virtualization and Data Execution Prevention. |
|
|
Term
| 5.2 What is disk pass-through? What does this allow you to do when configuring virtual machines? |
|
Definition
| A virtual machine that has exclusive use of a physical storage device that is attached to the physical computer. |
|
|
Term
| 5.2 Which virtual disk type offers the best performance? Which type minimizes disk space use? |
|
Definition
• Best Performance == Fixed Disk
Minimized disk space use == Dynamically Expanding |
|
|
Term
| 5.2 What is the difference between an internal virtual network and a private virtual network? |
|
Definition
• Internal –virtual machines can communicate with management o/s
Private –virtual machines cannot communicate with management o/s |
|
|
Term
| 5.2 When would you need to use a legacy virtual network adapter? |
|
Definition
| • If integration services cannot be added |
|
|
Term
| 5.2 How many virtual machines can you run on each Windows Server 2008 version without additional server licensing? |
|
Definition
| • Standard (1) Enterprise (4) Datacenter (Unlimited) |
|
|
Term
| 6.1 What is the difference between Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS)? How are they similar? |
|
Definition
• AD DS –creates and manages public key certificates used in software security
AD LDS –creates a directory store for use by directory enabled applications
Both are implemented by a Domain Controller |
|
|
Term
| 6.1 Which role would you implement to safeguard digital information from unauthorized use? |
|
Definition
|
|
Term
| 6.1 Which Active Directory role is required when implementing IPsec and EFS in a domain-wide environment? |
|
Definition
|
|
Term
| 6.1 Which server versions support Active Directory Federation Services (AD FS)? |
|
Definition
|
|
Term
| 6.2 What is the purpose of administrator role separation? |
|
Definition
• Provide a secure mechanism for granting non-administrative domain users right to log on to a domain controller without jeopardizing security of AD DS
Allows domain user to perform local administrative tasks |
|
|
Term
| 6.2 How does unidirectional replication protect your network? |
|
Definition
| Performs inbound replication |
|
|
Term
| 6.2 What are the steps within the RODC authentication process? |
|
Definition
• Workstation sends logon request to RODC
RODC forwards request to writable domain controller
RODC sends results to workstation
RODC asks writable domain controller to replicate user credentials
Writable domain controller checks password replication policy
RODC stores user credentials in the appropriate attributes of the user account in the Active Directory database |
|
|
Term
| 6.2 How does BitLocker increase the security of an RODC? |
|
Definition
| BitLocker encrypts all user and system files on a entire volume including the swap and hibernation files |
|
|
Term
| 6.3 What are the advantages of using an enterprise CA over a standalone CA? |
|
Definition
• Enterprise can issue certificates to users and computers in AD automatically
Enterprise uses certificate templates to simplify requesting and issuing certificates |
|
|
Term
| 6.3 How does Web enrollment differ from autoenrollment? |
|
Definition
| • Web enrollment allows users to connect to CA via Web Browser while Autoenrollment automatically downloads and manages certificates from AD |
|
|
Term
| 6.3 Which role service lets you centralize certificate revocation requests? What advantages does this service provide over clients using CRLs? |
|
Definition
| • Online Responder. Allows clients to check the status of a single certificate |
|
|
Term
| 6.3 What does the registration authority do when using NDES? |
|
Definition
| RA submits certificate request to CA |
|
|
Term
| 6.3 What is the advantage of taking the root CA offline? |
|
Definition
| Minimize attack exposure of root CA |
|
|
Term
| 6.3 Why shouldn't you take an enterprise CA offline? How can you use an offline root CA but still use enterprise CAs? |
|
Definition
• Enterprise CA Requires AD.
Using atleast two CA’s the root CA is offline and one or more enterprise subordinate CA’s are configured to support certificate templates & autoenrollment |
|
|
Term
| 6.4 How does inheritance affect Group Policy settings? |
|
Definition
| • Through Group Policy inheritance, settings in a GPO are applied to all objects below the container where the GPO is linked |
|
|
Term
| 6.4 How is the Block Inheritance setting affected by the No Override setting? |
|
Definition
| • No override takes precedence over block inheritance because it is enforced and will overwrite any conflicting settings |
|
|
Term
| 6.4 How can you apply Group Policy settings to specific users or groups? |
|
Definition
| • Remove the authenticated users group from the ACL then add specific objects and grant the allow read and apply group policy |
|
|
Term
| 6.4 How can you apply Group Policy settings to specific computers? |
|
Definition
|
|
Term
| 6.4 How does loopback processing affect computer settings? |
|
Definition
| • Computer settings are reapplied after user log in |
|
|
Term
| 6.4 What is the difference between deleting a GPO and deleting a GPO link? |
|
Definition
• Deleting a GPO removes GPO and removes all links
Deleting a GPO link removes GPO from linked object but does not delete GPO |
|
|
Term
| 6.4 What is the Administrative Template central store? What advantages do you gain by enabling the central store? |
|
Definition
• A special location starter GPO’s are saved to
Review |
|
|
Term
| 6.4 What is the difference between using a starter GPO and copying an existing GPO? |
|
Definition
• Starter GPO can be backed up and restored.
Copying an existing GPO you can back up and import GPO settings into a new GPO. |
|
|
Term
| 6.4 How can you copy a GPO from one domain to another? How can you copy starter GPOs? |
|
Definition
| • Export the starter GPO as a .cab file then import it in the other domain using the Group Policy Management Console |
|
|
Term
| 6.4 What is the difference between restore and import when working with GPO backups? |
|
Definition
• Starter GPO can be backed up and restored
You can back up and import GPO settings into a new GPO when target domain does not have trust relationship with source domain |
|
|
Term
| 6.5 What is the difference between assigned and published software? |
|
Definition
• Assigned –is installed automatically when user tries to run a program or when a document associated with the software is opened
Published –made available for installation by adding it to add/remove programs |
|
|
Term
| 6.5 Why should you use the UNC path to an installer package rather than the local path? |
|
Definition
If update is needed you can just slipstream to repackage?
Review |
|
|
Term
| 6.5 Which distribution method supports installing software during logon? Which option prevents software from being uninstalled by the user? |
|
Definition
Review
Install Automatically at log on/ Add-Remove Programs |
|
|
Term
| 6.6 What happens when you configure Account Policies settings in a GPO linked to an OU? |
|
Definition
| • Only the settings configured in a GPO linked to the domain take effect |
|
|
Term
| 6.6 How can you configure different account policy settings for different users? Which tool would you use to do so? |
|
Definition
• You can assign an exceptional PSO directly to particular user(s)
Fine Grained password policies |
|
|
Term
| 6.6 Which object types can you associate with a granular password policy? Which object type should you use in most cases? |
|
Definition
• Password Settings Container (PSC); Password Settings Object (PSO)
PSO used in most cases |
|
|
