CIS 158 FINAL EXAM

True/False Indicate whether the statement is true or false. ____ ____ ____ 1. Explicit permissions never override inherited permissions. 2. All computers assigned an address in a subnet require a router to communicate with one another. 3. A security principal could allow an object to be assigned permissions or rights to Active Directory objects and network resources. A trust between two domains is the relationship that allow users from both domains resources in the other domain. ____ 5. Kerberos is an open-standard security protocol used to secure authentication and identification between parties in a network. ____ 6. A SID is a unique identifier for each Active Directory object.

____ 4. access to

____ ____

7. The first domain created also creates a new forest. 8. Settings in local GPOs that are inherited from domain GPOs cant be changed on the local computer; only settings that are undefined or not configured by domain GPOs can be edited locally. 9. A Group Policy Template is stored in Active directory.

____

____ 10. The account lockout threshold contains a value between 0 and 1,000 that determines how many times a users password can be entered incorrectly before the users password must be reset by an administrator. Multiple Choice Identify the choice that best completes the statement or answers the question. ____ 11. Which of the conditions below, when observed over the course of an hour, may signal a need for a processor upgrade? a. Processor use increases to 100% utilization for up to 10 seconds periodically, then levels off to below 20% b. Processor is consistently around 50% utilization, but does not spike above 75% more than twice per hour c. Processor utilization is consistently around 85-95%, never dropping below 70%

d. Processor never exceeds 10% utilization

____ 12. The Performance monitor, under the Monitoring Tools folder, uses these to track the performance of a variety of objects. a. daemons c. poll devices b. monitoring processes d. counters ____ 13. Which of the following groups can only perform manual backups, and cannot schedule backups? a. Administrators c. Backup Operators b. Backup Administrators d. Server Operators c ____ 14. In order to perform a nonauthoritative restore, you must restart the domain controller in what mode? a. Safe mode c. Directory Services Restore Mode b. Safe mode with command prompt d. Directory Services Recovery Mode

____ 15. As part of the documentation for the network you are in charge of, you want to take a baseline of the network with the focus on performance during peak usage hours. Some of the statistics you are interested in involve CPU utilization and network contention on Active Directory servers as well as disk utilization and page caching. You are particularly interested in AD authentication performance. When would be the ideal time to collect information for your baseline? a. During the hours in which the most users will log in and begin opening and starting applications b. During the afternoon when users are working c. During the night when no users are on the network d. Over the weekend

____ 16. A Discretionary access control list (DACL) ____. a. defines the settings for auditing access to an object b. only applies to users accessing resources from a dialup connection c. is a list of security principals, with each having a set of permissions that define access to the object d. can only be edited by the object owner ____ 17. The user TestUserA has been added to an objects DACL and assigned the Allow Full control permission. However, TestUserA has inherited the Deny Full Control permission for the object from its parent container. What is TestUserAs effective permissions? a. TestUserA has Full Control permissions b. TestUserA has no permissions due to Deny Full Control c. TestUserA is given default permissions for the object because Full Control and Deny Full Control cancel each other out d. This cant be done because conflicting permissions are not allowed in an objects DACL ____ 18. Inherited permissions cant be changed or removed without ____. a. using the Inherited Permissions Modify tool

b. having to recreate the object entirely c. knowing the objects password d. disabling permission inheritance first

____ 19. Each entry in the Discretionary access control list is referred to as an ACE. What does ACE stand for? a. Acceptable Control Extension c. Access Control Entry b. Access Control Extension d. Applied Control Entry

____ 20. Which of the conditions below, when observed over the course of an hour, may signal a need for a processor upgrade? a. Processor use increases to 100% utilization for up to 10 seconds periodically, then levels off to below 20% b. Processor is consistently around 50% utilization, but does not spike above 75% more than twice per hour c. Processor utilization is consistently around 85-95%, never dropping below 70% d. Processor never exceeds 10% utilization ____ 21. The Performance monitor, under the Monitoring Tools folder, uses these to track the performance of a variety of objects. a. daemons c. poll devices b. monitoring processes d. counters

____ 22. One of the answers below is not a valid scripting language supported by Scripts (Startup/Shutdown) subnode. Select the invalid answer. a. bash scripts c. JScript b. VBScript d. batch files

____ 23. Under Password policies, what is the default maximum password age? a. 30 days c. 42 days b. 2 months d. 100 days

____ 24. What is a major drawback to enabling the auditing of object access? a. decreased security c. not ideal for highly secure environments b. too much information is logged d. involves considerable overhead

____ 25. Fine-grained password policies are created by defining a.... a. Password Settings Object c. Password Selective Object b. Password Schema Object d. A normal GPO

EXTRA CREDIT:

____

. You work for the large Example.com corporation. Recently, Example.com has been adding new branch offices at a steady rate. Just last week, a new branch office was created and now you have been put in charge of configuring group policy settings for the branch office. Because this branch office will be fairly large, it will be set up as a separate domain. Since there are several branch offices with similar GPO requirements, you want to be able to make use of GPOs that have already proven to be useful. What is the easiest way to make the policies in this new branch office similar to those already in place? a. Manually recreate all GPO settings from the other domains and link them to the new domain b. Use GPO migration by adding the domains with the policies you want to GPMC, and then copy and paste them. c. Use CSVDE to import the GPOs via comma separated values in text files d. Backup the desired GPOs on the domains you want to mimic, then restore the GPOs in the new domain

____

. If a software package is assigned to a group of targeted computers via the Computer Configuration node, what happens? a. Next time a user logs in to one of the targeted computers, they are prompted to install the package b. The package is advertised in Add/Remove programs as an installation option c. The package is placed on the computers but is not installed until a member of the Administrators group installs it d. The package installation is mandatory and begins the next time the computer starts