Configuring security policys can be some what confusing but from my studying experience in the case of server it seems very similar in theroy
to configuring GP other than the concepts of building and maintaining PKIs. I didnt find this chapter to be overflowing with info but at the
same time it wasnt completely inadequate as an introductory and im sure even with that I probably missed a few things.
Please read the header for this post
regarding the answer key situation for these chapters.
1. Which of the following tools would you use to deploy the settings in a security template to all of the computers
in an Active Directory Domain Services domain?
A. Active Directory Users and Computers
B. Security Templates snap-in
C. Group Policy Object Editor
D. Group policy Management console
Answer: D, any way here’s a video explaining all of this. The narrator meanders a little but hes precise and to the point.
Wait am I describing myself or the guy the in video :0
2. Which of the following are local groups to which you can add users with the Windows Control Panel?
B. Power Users
Answer: C, A this has been a windows standard for quiet a while & a question that is much more basic than what you might
see other places
3. Which of the following tools would you use to modify the settings in a security template?
A. Active Directory users and computers
B. Security Template snap-in
C. Group Policy Object Editor
D. Group Policy Management console
Answer: B, sec templates are modified and created in the security template snap-in in serv 12. Hopefully it will be the
same in 16 but a better solution could be in place, haven’t seen it yet.
4. The build-in local groups on a server running Windows Server 2012 receive their special capabilities through which of the following
A. Security options
B. Windows Firewall rules
C. NTFS permissions
D. User rights
5. After configuring and deploying the Audit Directory Service Access policy, what must you do before a computer running Windows
Serv 12 begins logging AD access attempts?
A. You must select the AD objects you want to audit in the ADU&C console
B. You must wait for the audit pol settings to propagate to all of the domain controllers on the network
C. You must open the Audit Directory Service Access Properties sheet and select all of the AD objects you want to audit.
D. You must add an underscore character to the name of every Active Directory object you want to audit.
6. What is the purpose of the Audit Policy section of a Local Group Policy objects (GPO)?
A. Admins can log successful and failed sec events, such as logon events, database errors & system shutdown.
B. Admins can log successful and failed security events, such as loss of data, account access and object access.
C. Admins can log successful and failed events forwarded from other systems.
D. Admins can log events related specifically to domain controllers.
Answer: B, loss of data kind of throws me off here but according to google this is the correct answer. Database errors
seems slightly more sketchy but the TechNet
article mentions neither.
Also here is a video demoing how to create an auditpol, I went through a couple including a 19 minute silent film
that I decided it was fun to narrate my self but you might not be as easily amused as I am so heres one that might
be slightly more helpful.
7. What are the three primary event logs?
A. Application, Forwarded, and System
B. Application, Security, and Setup
C. Application, Security, and System
D. Application, System, and Setup
8. After you create a GPO that contains computer or user settings, but not both, what can you do for faster GPO processing?
A. Set the priority higher for the configured setting area.
B. Manually refresh the GPO settings.
C. Disable the setting area that is not configured.
D. Regardless of weather part of all of a GPO is configured, the GPO is processed at the same speed.
9. What are the two interfaces for creating and managing local user accounts for a computer joined to the domain.
A. Control Panel and ADAC
B. User Accounts control panel and the Local Users and Groups snap-in for MMC
C. ADAC and the Active Directory of Users and Computers snap-in for MMC
D. Server Manager and PowerShell
Answer: B, this one is confusing as it is absolutely possible to create and manage user accounts in PowerShell. Perhaps
local being the keyword here leading this to be more of a client question as opposed to a server question.
10. What did Microsoft introduce in Windows Server 2012 to ensue users with administrative privileges still operate routine
tasks as a standard user?
A. New Group Policy and Local Sec Pol
B. Secure desktop
C. User Account Control (UAC)
D. Built-in admin account
Answer: C, I didnt know this as I assumed it came with 8 because its origin is in vista, I believe.