Chapter 008 Configuring the User and Computer Environment Using Group Policy in Windows Server 2008

Card Set Information

Author:
pacheco2001usa
ID:
217699
Filename:
Chapter 008 Configuring the User and Computer Environment Using Group Policy in Windows Server 2008
Updated:
2013-05-04 18:51:36
Tags:
Chapter 008 Configuring User Computer Environment Using Group Policy Windows Server 2008 R2
Folders:

Description:
Chapter 008 Configuring the User and Computer Environment Using Group Policy in Windows Server 2008 R2
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user pacheco2001usa on FreezingBlue Flashcards. What would you like to do?


  1. What Computer Configuration node setting includes three subcategories: Audit Policy, User Rights Assignment, and Security Options?
    a) Account Policies
    b) Local Policies
    c) Event Log Policies
    d) System Services Policies
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: The local policies category contains three subcategories that pertain to local computer policies. These subcategories include Audit Policy, User Rights Assignment, and Security Options.
  2. What policies can be applied to one or more users or groups of users, allowing you to specify a more or less stringent password policy for this subset than the password policy defined for the entire domain?
    a) Fine-Grained Password Policies
    b) Fine-Tuned Password Policies
    c) Restricted Password Policies
    d) Custom Password Policies
    • Ans: a
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: Fine-Grained Password Policies can be applied to one or more users or groups of users, allowing you to specify a more or less stringent password policy for this subset than the password policy defined for the entire domain.3. What is the default mechanism for authenticating domain users in Windows Server 2008, Windows Server 2003, and Microsoft Windows 2000?a) NTLMb) AESc) Kerberosd) Triple-DESAns: cDifficulty: EasySection Ref: Configuring Security Policies Using Group Policy ObjectsFeedback: Kerberos is the default mechanism for authenticating domain users in Windows Server 2008, Windows Server 2003, and Microsoft Windows 2000. Kerberos is a ticket-based system that allows domain access by using a Key Distribution Center (KDC), which is used to issue Kerberos tickets to users.
  3. What term refers to tracking events that take place on the local computer?
    a) tracking
    b) tracing
    c) spying
    d) auditing
    • Ans: d
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: Tracking events that take place on the local computer, a process referred to as auditing, is an important part of monitoring and managing activities on a Windows Server 2008 computer.
  4. What term refers to tracking events that take place on the local computer?
    a) tracking
    b) tracing
    c) spying
    d) auditing
    • Ans: d
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: Tracking events that take place on the local computer, a process referred to as auditing, is an important part of monitoring and managing activities on a Windows Server 2008 computer.
  5. What section of GPO Local Policies allows administrators to log successful and failed security events such as logon events, account access, and object access?
    a) Local Policy
    b) Security Policy
    c) Audit Policy
    d) None of the above
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: The Audit Policy section of GPO Local Policies allows administrators to log successful and failed security events such as logon events, account access, and object access. Auditing can be used to track user activities and system activities.
  6. What policy setting is set to audit successes in the Default Domain Controllers GPO?
    a) system events
    b) policy change events
    c) account management events
    d) logon events
    • Ans: c
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: The account management events policy setting is set to audit successes in the Default Domain Controllers GPO. This setting triggers an event that is written based on changes to account properties and group properties. Log entries written due to this policy setting reflect events related to user or group account creation, deletion, renaming, enabling, or disabling.
  7. What policy setting allows an administrator to specify group membership lists?
    a) Limited Groups
    b) Restricted Groups
    c) Strict Groups
    d) Confined Groups
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: The Restricted Groups policy setting allows an administrator to specify group membership lists. Using this policy setting, you can control membership in important groups, such as the local Administrators and Backup Operators groups. This policy setting allows you to configure the group members and the groups in which the specified group is nested.
  8. Settings available in the __________ area of Group Policy allow greater administrative control in establishing rules and governing the issuance, maintenance, and guidelines within a public key infrastructure (PKI).
    a) PKI Policies
    b) Secure Key Policies
    c) Public Key Policies
    d) Private Key Policies
    • Ans: c
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: The settings available in the Public Key Policies area of Group Policy allow greater administrative control in establishing rules and governing the issuance, maintenance, and guidelines within a public key infrastructure (PKI). Group Policy is not required to create a PKI, but like other Group Policy settings, the benefit lies in the ability to automate processes, provide consistency, and ease management across your network.
  9. What provides administrators with the ability to redirect the contents of certain folders to a network location or to another location on the user’s local computer?
    a) Folder Sharing
    b) Folder Redirection
    c) Desktop Redirection
    d) Profile Redirection
    • Ans: b
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: Folder Redirection is a Group Policy folder located within the User Configuration node of a Group Policy linked to an Active Directory container object. Folder redirection provides administrators with the ability to redirect the contents of certain folders to a network location or to another location on the user’s local computer. Contents of folders on a local computer located in the Documents and Settings folder can be redirected including the Documents, Application Data, Desktop, and Start Menu folders.
  10. What term means that the Group Policy setting continues to apply until it is reversed by using a policy that overwrites the setting?a) stamping
    b) confining
    c) tattooing
    d) defining
    • Ans: c
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: If the policy is changed to Not Configured, it will have no bearing on the redirection of user data. Data continues to be redirected until the policy removal setting is changed to redirect the folder to the user profile location. This is an example of tattooing with Group Policy. Tattooing means that the setting continues to apply until it is reversed using a policy that overwrites the setting.
  11. What separate Group Policy category allows files to be available to users, even when the users are disconnected from the network?
    a) Offline Mode Files
    b) Network Disconnected Files
    c) Offline Files
    d) Unavailable Files
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: Offline Files is a separate Group Policy category that can allow files to be available to users, even when the users are disconnected from the network. The Offline Files feature works well with Folder Redirection. When Offline Files is enabled, users can access necessary files as if they were connected to the network. When the network connection is restored, changes made to any documents are updated to the server.
  12. By implementing the __________ feature when Folder Redirection is also configured, administrators can control the amount of information that is stored on the server.
    a) Disk Caching
    b) Disk Quotas
    c) File System Quotas
    d) File System Caching
    • Ans: b
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: Use disk quotas to limit the amount of space available on the server for user data. By implementing disk quotas when folder redirection is also configured, administrators can control the amount of information that is stored on the server.
  13. If you set the refresh interval to zero, the system attempts to update the policy at what interval?
    a) every second
    b) every 7 seconds
    c) every minute
    d) every 7 minutes
    • Ans: b
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: The available period that each background refresh process can be set to ranges from 0 to 64,800 minutes (45 days). If you set the refresh interval to zero, the system attempts to update the policy every 7 seconds. This can cause a significant amount of traffic and overhead on a production network and should be avoided except in a lab or test environment.
  14. What command-line tool can be used to manually refresh group policy?
    a) gprefresh.exe
    b) adrefresh.exe
    c) adupdate.exe
    d) gpupdate.exe
    • Ans: d
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: When you modify settings that you wish to be immediately invoked without requiring a restart, a new logon session, or waiting for the next refresh period, you can force a manual refresh. This process uses the gpupdate.exe tool. This command-line tool was introduced in Windows Server 2003, and it is used in Windows Server 2003 and Windows Server 2008 to replace the secedit /refreshpolicy command that was used in Windows 2000.
  15. How often are Computer Configuration group policies refreshed by default?
    a) every 30 minutes
    b) every 60 minutes
    c) every 90 minutes
    d) every 120 minutes
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: The setting for the refresh interval for computers is located in the Computer Configuration\Administrative Templates\System\Group Policy node in the Group Policy Object Editor window for a GPO. By default, computer policies are updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.
  16. What policy can specify software that you wish to run on computers?
    a) Local Policies
    b) Event Log Policies
    c) Software Restriction Policies
    d) Account Policies
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: Software restriction policies can specify software that you wish to run on computers. Also, it can prevent applications from running that might pose a security risk to the computer or organization.
  17. Which of these is not an option when configuring Fine-Grained Password Policies?a) PasswordSettingsPrecedence
    b) PasswordCommonNameUsage
    c) PasswordHistoryLength
    d) LockoutThreshold
    • Ans: b
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: The settings available when configuring Fine-Grained Password Policies are PasswordSettingsPrecedence, PasswordReversibleEncryptionEnabled, PasswordHistoryLength, PasswordComplexityEnabled, MinimumPasswordLength, MinimumPasswordAge, MaximumPasswordLength, MaximumPasswordAge, LockoutThreshold, LockoutObservationWindow, and LockoutDuration.
  18. What setting logs events related to successful user logons to a domain?
    a) Account Logon Events
    b) Logon Events
    c) System Events
    d) Policy Change Events
    • Ans: a
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: The Account Logon Events setting logs events related to successful user logons to a domain. The event is logged to the domain controller that processes the request. The default setting is to log successes in the Default Domain Controllers GPO.
  19. What category is used to configure the startup and security settings for services running on a computer?
    a) Workstation Services
    b) System Services
    c) Account Services
    d) Domain Services
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: The System Services category is used to configure the startup and security settings for services running on a computer. The service startup options are Automatic, Manual, and Disabled.
  20. Where can you configure the Group Policy refresh interval?
    a) Computer Configuration\System\Group Policy
    b) User Configuration\Administrative Templates\System\Group Policy
    c) Computer Configuration\Administrative Templates\System\Group Policy
    d) Computer Configuration\Administrative Templates\Group Policy
    • Ans: c
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects
    • Feedback: The setting for the refresh interval for computers is located in the Computer Configuration\Administrative Templates\System\Group Policy node in the Group Policy Object Editor window for a GPO.
  21. Fine-Grained Password Policies can be applied to one or more users or groups of users, allowing you to specify a more or less stringent password policy for a subset account than the password policy defined for the entire domain.
    • Ans: True
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  22. Events that trigger a log entry in the Application Events category include system startups and shutdowns; system time changes; system event resources exhaustion, such as when an event log is filled and can no longer append entries; security log cleaning; or any event that affects system security or the security log.
    • Ans: False
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  23. The Limited Groups policy setting allows an administrator to specify group membership lists.
    • Ans: False
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  24. Use disk quotas to limit the amount of space available on the server for user data.
    • Ans: True
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  25. User Configuration policies are applied by default when a computer starts up.
    • Ans: False
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  26. Centralized management of security settings for users and computers can be accomplished by using __________ Policy.
    • Ans: Group
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  27. __________ Password Policies allow one or more users or groups of users to specify a more or less stringent password policy for a subset account than the password policy defined for the entire domain.
    • Ans: Fine-Grained
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  28. __________ is the default mechanism for authenticating domain users in Windows Server 2008, Windows Server 2003, and Microsoft Windows 2000.
    • Ans: Kerberos
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  29. When an audited event occurs, Windows Server 2008 writes an event to the __________ log on the domain controller or computer where the event took place.
    • Ans: security
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  30. Policy __________ audit log entries are triggered by events such as user rights assignment changes, establishment or removal of trust relationships, IPSec policy agent changes, and grants or removals of system access privileges.
    • Ans: change
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  31. The service startup options are Automatic, __________, and Disabled.
    • Ans: Manual
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  32. The Wireless Network Policy __________ is provided to enable administrators to specify appropriate settings for the corporate environment.
    • Ans: Wizard
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  33. Folder __________ provides administrators with the ability to redirect the contents of certain folders to a network location or to another location on the user’s local computer.
    • Ans: Redirection
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  34. Offline Files is configured on the __________ tab of a folder.
    • Ans: Sharing
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  35. The __________ command-line tool was introduced in Windows Server 2003, and it is used in Windows Server 2003 and Windows Server 2008 to replace the secedit /refreshpolicy command used in Windows 2000.
    • Ans: gpupdate.exe
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  36. Kerberos is a ticket-based system that allows domain access by using what?
    • Ans: Key Distribution Center
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  37. What setting logs events related to successful user logons to a domain?
    • Ans: Account Logon Events
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  38. What event category logs user access to files, folders, registry keys, and printers?
    • Ans: Audit Object Access
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  39. What policy setting allows an administrator to specify group membership lists?
    • Ans: Restricted Groups
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  40. What setting allows computers to automatically submit a request for a certificate from an Enterprise Certification Authority (CA) and install that certificate?
    • Ans: Automatic Certificate Request
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  41. What separate Group Policy category allows files to be available to users, even when the users are disconnected from the network?
    • Ans: Offline Files
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  42. The Disk Quota feature is only available on volumes formatted with what?
    • Ans: NTFS File System
    • Difficulty: Medium
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  43. Computer Configuration group policies are refreshed how often by default?
    • Ans: every 90 minutes
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  44. What are Account Policies, and what are the three subcategories of Account Policies?
    • Ans: Account Policies influence how a user interacts with a computer or domain. They are specified within the Computer Configuration node of a GPO that is linked to a particular domain, either the Default Domain Policy or one that you create manually. The three subcategories within the Account Policies category of the security settings are Password Policies, Account Lockout Policies, and Kerberos Policies.
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  45. What is the difference between logon events and account logon events?
    • Ans: The Logon Events setting logs events related to successful user logons on a computer. The event is logged to the Event Viewer Security Log on the computer that processes the request. The Account Logon Events setting logs events related to successful user logons to a domain. The event is logged to the domain controller that processes the request.
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  46. What are the three service startup options you can choose from when configuring items in the system services category?
    • Ans: Automatic, Manual, and Disabled.
    • Difficulty: EasySection Ref: Configuring Security Policies Using Group Policy Objects
  47. How is performance enhanced when using roaming profiles with Folder Redirection?
    • Ans: Only necessary information is transferred to the user’s desktop, and user data is not copied from the server during logon.
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  48. What is tattooing in reference to Group Policy settings?
    • Ans: Tattooing means that the setting continues to apply until it is reversed by using a policy that overwrites the setting.
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  49. When are Computer and User Configuration policies applied by default?
    • Ans: Computer Configuration policies are applied by default when a computer starts up. User Configuration policies are applied during user logon.
    • Difficulty: Easy
    • Section Ref: Configuring Security Policies Using Group Policy Objects
  50. What syntax of the gpupdate.exe tool can be used to refresh only the Computer Configuration policy?
    • Ans: gpupdate /target:computer
    • Difficulty: Hard
    • Section Ref: Configuring Security Policies Using Group Policy Objects

What would you like to do?

Home > Flashcards > Print Preview