Start menu or desktop
After deploying software by GPO using the Assigned option, where is the package made available for the user?
Windows Control Panel
After deploying software by GPO using the Published option, where is the package made available for the user?
all its rules, including the preconfigured rules and the ones you have created or modified
By exporting the Windows Firewall policy, you have a file with a .wfw extension that contains _____.
Wireless Network Policies (IEEE 802.3)
Computer Configuration node security settings include several security areas. Which of the following is NOT one of them?
During the Windows Server 2012 installation, what account creation prompts you for the password?
At the refresh interval
How are most Group Policy settings applied or reapplied?
AppLocker blocks all by default, except for those specified in Allow rules.
How does AppLocker handle all executables, installer packages, and scripts by default?
If users have slow links between their workstations and the software distribution point
If a software package is set as Assigned, the option to Install This Application At Logon is available. This option enables the application to be installed immediately, rather than advertised on the Start menu. However, when should this method be avoided?
Public, private, and domain
If an administrator wants to enable the “Block all incoming connections, including those in the list of allowed apps” setting, to which of the firewall profiles does it apply?
Public is for servers accessible to temporary users. Private is for servers on an internal network. Domain is for servers in which users are all authenticated.
In Windows Firewall Customized Settings, there are three profiles (public, private, and domain). What differentiates these profiles from each other?
rule applies to all programs, to one specific program, or to a specific service
In the Windows Firewall With Advanced Security console, while creating a new rule, the Program page specifies whether the ______.
Computer ConfigurationWindows SettingsSecurity SettingsApplication Control PoliciesAppLocker
In what Group Policy objects container are AppLocker settings located?
Repackage the software for Windows Installer.
Not all software on the market provides .msi support. What is your best option to use Windows Installer to assign and publish the software?
Regarding security templates, a strategy plan should consider ______.
Software restriction relies on four types of rules to specify which programs can or cannot run. What type enables Windows Installer packages to be installed only if they come from a trusted area of the network?
Software restriction relies on four types of rules to specify which programs can or cannot run. What type identifies software by its directory where the application is stored in the file system?
Software restriction relies on four types of rules to specify which programs can or cannot run. What type relies on a value generated by an algorithm that creates a fingerprint of the file, which makes it impossible for another program to have the same value?
Software restriction relies on four types of rules to specify which programs can or cannot run. What type uses a digital certificate to confirm its legitimacy?
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsWindows Firewall with Advanced Security
What GPO node presents the interface with which to configure Windows Firewall properties?
Windows 7 and Windows Server 2008 R2 or later
What Windows versions support the use of AppLocker polices, which poses a disadvantage compared to using software restriction policies?
What account is created during Windows Server 2012 installation with the account disabled by default?
Apply consistent, scalable, and reproducible security settings throughout an enterprise.
What are the key benefits of security templates?
Unrestricted, Disallowed, and Basic User
What are the three default security levels within software restriction policies?
Application, Security, and System
What are the three primary event logs?
User AND Computer
What are the two categories of security settings within Group Policy? Select two answers.
User Accounts control panel and the Local Users and Groups snap-in for MMC
What are the two interfaces available for creating and managing user accounts in Windows Server 2012?
User Accounts control panel and the Local Users and Groups snap-in for MMC
What are the two interfaces for creating and managing local user accounts a computer joined to the domain?
Network intrusion attempts, such as a denial of service attack
What does a firewall protect your company against?
Application control policies
What is AppLocker also known as?
What is a collection of configuration settings stored as a text file with an .inf extension?
Nothing—the application is Windows Installer-enabled
What is required to prepare applications with an approval stamp from Microsoft on its packaging, including the Certified for Windows Server 2012 logo, for Windows Installer?
What is the default size for each of the three Event logs?
Linking Group Policy objects to Active Directory Domain Services containers, so that you can apply their policy settings to several computers simultaneously
What is the most common way to implement software restriction policies?
To permit traffic in and out for legitimate users, and to block the rest
What is the primary objective of a firewall?
Administrators can log successful and failed security events, such as loss of data, account access, and object access.
What is the purpose of the Audit Policy section of a local GPO?
Importing the security template into a GPO
What is the simplest way to deploy a security template on several computers simultaneously?
What is the typical incoming port number for a web server?
What parameter in the Windows Firewall New Inbound Rule Wizard specifies the IP address range of local and remote systems to which the rule applies?
Protocol and Ports
What parameter in the Windows Firewall New Inbound Rule Wizard specifies the exact type of traffic at the network or transport layer, which the firewall can block or allow?
What parameter in the Windows Firewall New Inbound Rule Wizard specifies what the firewall should do when a packet matches the rule?
What parameter in the Windows Firewall New Inbound Rule Wizard specifies whether the rule applies to all programs, to one specific program, or to a specific service?
Restricted Groups policy
What policy setting enables you to specify group membership lists, allowing you to control membership in important groups, such as the local Administrators and Backup Operators groups?
What service works with Group Policy to install, upgrade, patch, or remove software applications?
User Accounts Control Panel
What tool for creating new users is only valid while the Windows Server 2012 computer is part of a workgroup and not joined to an AD DS domain?
Windows Firewall With Advanced Security snap-in for the Microsoft Management console
What tool offers more flexibility in creating rules compared with the Windows Firewall interface under Control Panel?
Assigning forces the application, whereas publishing provides the option to install.
When configuring a GPO to deploy a software package, what is the difference between assigning and publishing the application?
File location rule
When configuring software restriction policies, there are four rules that help determine the programs that can or cannot run. Select which of the following is NOT one of those rules.
Allowing an application opens the specified port only while the program is running, and thus is less risky.
When creating a firewall exception, what is the difference between opening a port and allowing an application through?
When the computer starts up
When does Windows apply Computer Configuration policies by default?
As the user logs in
When does Windows apply User Configuration policies by default?
Windows Installer package files, or .msi files modifications to the package files require transform files, or .mst files. Further, patch files are designated as .msp files.
When installing software using Group Policy, what file or files does an administrator use?
When you join a computer to an AD DS domain, you can create new local user accounts with the Local Users and Groups snap-in. Control Panel is used when the computer is not a member of an AD DS domain.
When would you need to create a user account through Control Panel?
Windows Firewall allows an administrator to import and export firewall rules. What are the rules’ file extension?
You can create a new Group Policy Object and you can import settings from a policy file created earlier. Then deploy the GPO to other systems on the network.
Windows Firewall allows you to create inbound, outbound, and connection security rules for individual servers or systems. How can you do this for multiple systems?
Domain, private, and public
Windows Firewall uses three profiles to represent the type of network to which the server is connected. What are the three profiles?
ports, protocols, applications, users, and IP address ranges
You can configure the Windows Firewall to allow or block specific _________.
You can disable the setting area that is not configured for faster processing.
You create a GPO that contains computer settings, but not user settings. What can you do to quicken GPO processing?
You must create a distribution share, also called a software distribution point. Then create the Group Policy Object, specifying how to deploy the application.
You want to deploy software using Group Policy. What is necessary before assigning the software to a user account?
What impacts the types of logs and events logged on a server?
User Account Control (UAC)
What did Microsoft introduce in Windows Server 2012 to ensure users with administrative privileges still operate routine tasks as standard users?
Local Users and Groups snap-in
What tool for user creation provides full access to all local user and group accounts on the computer?
What service does AppLocker require running to function properly?
Inbound—block all. Outbound—permit all
Firewall rules function in two ways: admit all traffic, except that which conforms to the applied rules, and secondly, block all traffic, except that which conforms to the applied rules. How does the Windows Firewall work for inbound traffic and for outbound traffic?
The firewall does not block client-initiated network traffic by default.
If a user attempts to use an Internet-based e-mail account, how will Windows Firewall respond?