Windows Final

On which part of the maintenance cycle do server administrators spend the most time?

Monitoring

Many organizations store system documentation in help desk ticketing software.

True

Which of the following steps is not a common troubleshooting procedure?

Delegate responsibility

A baseline is a set of performance information for a system during normal times of operation.

True

Which of the following can be easily identified on the Processes tab of Task Manager? (Choose all that apply.)

Rogue processes & Memory Leaks

Committed memory refers to the memory that is used by the Windows kernel and device drivers.

False

Which task should you perform in Task Manager before stopping a problematic process for a program that was created by your organization?

Right-click the process and click Create dump file

Resource Monitor allows you to identify the storage devices and files that a single process is accessing.

True

Which of the following components represents a specific hardware device or software component that can be monitored?

Instance

Which of the following performance counters can be used to identify jabbering hardware?

% Interrupt Time

Each server role and feature that is added to a Windows Server 2019 system also adds additional performance objects and counters.

True

Which two tools are commonly used to create performance baselines? (Choose two answers.)

Performance Monitor & Data Collector Sets

Performance baselines are typically created only after installing a new Windows Server 2019 system.

False

Which of the following can be included in a data collector set? (Choose all that apply.)

Performance counter, Event trace provider, & Windows Registry key

There are five event levels available in an event log: Information, Warning, Error, Audit Success, and Audit Failure.

False

What can you create in Event Viewer to display specific types of events from one or more event logs?

Custom view

Reliability Monitor displays a system stability index value for each day based on the values of specific performance counters.

False

Which of the following actions can be performed to solve a performance problem? (Choose all that apply.)

All of the Above: Stop and disable unnecessary services, Move applications to other systems, Add additional hardware, & Upgrade hardware devices with bus mastering versions

Searching an event description or event ID online can generate a list of possible causes and associated solutions for a problem.

True

Which of the following options on the Advanced Boot Options menu can be used to start a system that failed to boot previously due to incorrect settings in the Windows Registry, or a recently added device driver?

Last Known Good Configuration (advanced)

Group Policy settings apply to which of the following objects? (Choose all that apply.)

Users & Computers

There are no GPOs created in an Active Directory domain by default.

False

You have created a new Group Policy Object (GPO). To which of the following objects can this GPO be linked? (Choose all that apply.)

OU, Site, & Domain

Group Policy preferences can be used to configure Windows features, but are only interpreted by Windows 7, Windows Server 2008, and later computers by default.

True

You wish to configure a GPO that allows users in your organization to install a package using the Programs and Features section of Control Panel. Which software deployment method should you choose when configuring the Software Settings section of a GPO?

Publish the software in the User Configuration

Which section of a GPO contains the most security-related settings for the Windows operating system?

Computer Configuration, Windows Settings

You can import administrative template files into a GPO to allow Group Policy to configure third-party software settings.

True

Which of the following is not included in a certificate?

Private key

Which term refers to the process whereby a user or computer obtains a certificate from a CA?

Enrollment

Group Policy can be configured to auto-enroll certificates for users and computers based on the permissions in a certificate template on an enterprise CA.

True

Which certificate template permissions must you grant to a user or computer before they are auto-enrolled for a certificate using Group Policy? (Choose all that apply.)

Read, Enroll, & Autoenroll

Only schema version 1 certificate templates can be configured for auto-enrollment.

False

In an 802.1X Wireless configuration, which component generates the encryption keys used for WPA?

RADIUS server

You must enroll each WAP for a certificate based on the RAS and IAS Server certificate template before they can be configured for 802.1X Wireless.

False

Which of the following statements regarding the functionality of WSUS are true? (Choose all that apply.)

All of the Above: WSUS prevents Microsoft Update traffic from saturating the bandwidth on an organization's Internet connection, Group Policy is used to direct domain computers to a WSUS server for updates, Updates can be manually or automatically approved for distribution on a WSUS server & A WSUS server can be configured to remove updates from computers that have installed them.

To reduce the amount of storage that is consumed by updates on a WSUS server, you should configure the WSUS server to only synchronize updates for products that are deployed in your organization.

True

Which of the following port numbers is used to obtain updates from a WSUS server using HTTPS?

8531

Firewall profiles contain a series of firewall rules that apply to a computer when it is connected to a particular type of network (public, private, domain).

True

Which of the following Windows Defender features can be used to limit the files, folders and processes that ransomware can modify?

Controlled folder access

What can you configure in the Windows Defender Firewall with Advanced Security tool to automatically protect network traffic between computers using IPSec?

Connection security rules

Which of the following cloud delivery models uses containers exclusively to run Web apps?

PaaS

Websites on a Web server provide the front end for most Web apps.

True

In a continuous deployment scenario, which software creates a container or virtual machine on a cloud server to test the functionality of a new Web app version?

Build Automation

Block storage is a cheaper alternative to object storage on public cloud providers.

False

To which of the following groups should you assign NTFS/ReFS permissions for Web app content in order to provide anonymous user access?

IIS_IUSRS

What must you configure in IIS Manager to allow users to access a help desk ticketing system Web app using the URL https://www.sample.com/helpdesk? (Choose all that apply.)

A helpdesk virtual directory & An HTTPS protocol binding

Which of the following IIS configuration features is used to specify the default webpage or Web app file that a client views?

Default Document

The docker command is also called the Docker daemon.

False

Which docker command displays container images available on Docker Hub?

docker search

Nano Server containers must be run as a Hyper-V container on Windows Server 2019.

True

Which command can you execute to create a container from the microsoft/iis container image that runs in the background and automatically maps port 80 in the container to a port above 32767 on the underlying operating system?

docker run -d -P microsoft/iis

After a container is running, you cannot configure its contents until the container is stopped.

False

Which of the following commands can be used to display containers that are no longer running?

docker ps -a

The Windows Subsystem for Linux (WSL) allows you to execute Web apps in a virtual machine on Windows Server 2019.

False

Which of the following Linux distributions are supported for use with WSL? (Choose all that apply.)

Fedora, Ubuntu, OpenSUSE Leap & Debian GNU/Linux

The Linux Containers on the Windows (LCOW) feature of Windows Server 2019 allows you to run Linux containers only if Docker EE was obtained using the DockerMsftProvider Windows PowerShell module.

False

Which of the following commands can be used to start the Apache Web server in a Linux container or WSL Linux distribution on a Windows Server 2019 system?

apachectl start

Each Linux container run on Windows Server 2019 using LCOW is automatically run as a Hyper-V container that executes on a Linux kernel provided by the LinuxKit component of Docker EE.

True

You are tasked with deploying a private cloud in your organization that needs to host both Windows and Linux Web apps using a SaaS delivery model on a single Windows Server 2019 system. What technology should you configure on the Windows Server 2019 system?

WSL

Your organization develops a containerized Linux Web app that is run on a public cloud provider. To minimize cloud costs, a continuous deployment process is not used. Instead, Web app developers must add new versions of their Linux Web app to a container and test its functionality locally before running it on the public cloud provider. What could you configure on an existing Windows Server 2019 system to allow the Web app developers in your organization to test new versions of their containerized Linux Web app? (Choose all that apply.)

Hyper-V, Docker EE & LCOW

Which of the following is not considered a remote access technology?

PPPoE

Split tunneling is used to ensure that all network traffic generated by a remote access client passes through a VPN to a remote access server.

False

Which of the following VPN protocols uses IPSec to encrypt network traffic? (Choose all that apply.)

IKEv2 & L2TP

What can you configure on a router to protect traffic destined for another network in the organization as it passes over the Internet?

Demand-dial interface

The Remote Access role service in Windows Server 2019 provides for DirectAccess and VPN remote access, as well as RADIUS.

False

You have configured a remote access server in your DMZ for IKEv2 VPN access. Which ports on your NAT router must you configure for port forwarding to this remote access server? (Choose all that apply.)

TCP port 1701, UDP port 500, & UDP port 4500

Which of the following VPN authentication methods is considered the most secure?

EAP

Remote access servers can be configured as RADIUS clients.

True

What features does RADIUS provide for remote access connections?

Centralized logging, Remote access policies, & Centralized authentication

The user permission necessary for VPN remote access can be granted in the properties of a user account or remote access policy.

True

What section of a remote access policy contains characteristics that must be met for remote access, such as Session Timeout?

Constraints

DirectAccess uses HTTPS to authenticate remote access users, and IPSec to create an encrypted tunnel for network traffic between the remote access client and server.

True

Which of the following network topologies should you choose if your DirectAccess remote access server is connected directly to the demarc, as well as to the DMZ?

Edge

DirectAccess supports Windows 7 and later remote access clients by default.

False

Which of the following Remote Desktop Services role services uses HTTPS to provide encryption for all RDP packets?

Remote Desktop Gateway

The Remote Desktop Licensing role service cannot be installed on the same computer as the Remote Desktop Session Host service.

False

Which of the following must you configure to ensure that a particular group of remote access servers grants Remote Desktop access only to members of the Accounting group?

Collection

At minimum, which Remote Desktop Services role services must you install to provide session-based desktop deployment across multiple remote access servers? (Choose all that apply.)

Remote Desktop Session Host, Remote Desktop Connection Broker, & Remote Desktop Licensing

As a server administrator, which of the following actions can you perform on a Remote Desktop connection to provide interactive user support for the user of the session?

Shadow

Organizations that allow Remote Desktop sessions from remote access clients that are not licensed by the organization should choose a Per Device licensing mode when configuring Remote Desktop Services.

False

Which of the following represents the maximum amount of time that a DNS server or resolver is allowed to cache the result of a forward lookup?

TTL

Windows computers contact their DNS server at boot time to create or update their host resource records. This feature is called zone transfer.

False

Which of the following are authoritative DNS server types? (Choose all that apply.)

Primary, Active Directory-integrated primary, & Secondary

If a DNS server does not contain a zone file that contains the resource records for a lookup, and is not configured as a conditional or default forwarder, it will use its root hints file to perform a recursive query.

True

Which resource record stores zone transfer settings?

SOA

You wish to provide access to Web resources in another organization. However, the associated A records for these resources are stored in a zone file on a DNS server in the other organization that is not publicly registered. What can you configure on your organization's DNS server to allow access to these resources? (Choose all that apply.)

A stub zone that forwards requests to the other organization's DNS server, A conditional forwarder that forwards requests to the other organization's DNS server, & A secondary zone that copies resource records from the zone on the other organization's DNS server.

Scavenging can be configured to remove stale resource records that were added to a zone using dynamic update.

True

A user complains that they are unable to contact a specific server in your organization. You remember that you recently modified the A record for this server on your organization's Active Directory-integrated DNS server. Which troubleshooting step should you try first to remedy the issue?

Clear the DNS cache on the user's computer

Which two resource records can you create in a zone to provide the FQDN of an email server for the zone, as well as associate this FQDN with an IPv6 address? (Choose two answers.)

MX & AAAA

Which of the following are valid reasons to deploy a WINS server? (Choose all that apply.)

To reduce NetBIOS name broadcasts on LANs in an organization & To allow computers in one LAN to resolve NetBIOS names in another LAN

NetBIOS name records are automatically created on a WINS server by computers that are configured to use the WINS server.

True

Your organization has two WINS servers to provide for NetBIOS name resolution. What can you do to ensure that each WINS server shares its NetBIOS name records with the other server?

Configure the two servers as replication partners

DHCP servers respond to DHCPDISCOVER packets received from DHCP clients or DHCP relay agents with a DHCPACK packet.

False

Which of the following are optional components of a DHCP scope?

IP address exclusions, DHCP options, DHCP policy, & Reservation.

The default lease time of 8 days for a DHCP scope is appropriate for networks that primarily contain mobile devices, but should be reduce for networks that primarily contain desktop PCs.

False

DHCP reservations must use the DHCP options from their scope.

False

Which DHCP option number provides a default gateway router?

003

DHCP servers can be configured to dynamically update host and PTR records for legacy DHCP clients and DHCP clients that do not use a Microsoft operating system.

True

Which two of the following tasks can you perform to provide fault tolerance for two DHCP servers in the DMZ? (Choose two answers.)

Ensure that DHCP relay agents in the organization are configured with the IP address of both DHCP servers & Configure DHCP failover in either load balance or hot standby mode for all scopes.

To prevent a DHCP server from leasing an IPv4 address that has been manually configured on a computer on the network, you can configure a DHCP server to send one or more ping requests to an IPv4 address before leasing it.

True