412-6

1.

1 point

Which of the following statements are true concerning Kerberos armoring? (Choose all that apply)

a. Allows Kerberos to create service tickets to devices

b. Fully encrypts Kerberos messages

c. Increases Kerberos processing time

d. Uses Flexible Authentication Secure Tunneling (FAST)

2.

1 point

Claims authorization relies on what?

a. The Kerberos KDC

b. The Server service

c. The Rights Management Service

d. The Flexible Authentication Secure Tunneling protocol

3.

1 point

What must you specify to create a claim type?

a. A specific attribute in Active Directory

b. A specific user in Active Directory

c. A specific group in Active Directory

d. A specific domain in Active Directory

4.

1 point

After you create claim types, what is the next step you must perform to allow the claim to function
properly?

a. Create a claim replication policy

b. Configure resource properties

c. Enable claims enforcement points

d. Create a claims refresh policy

5.

1 point

What is created so that files are automatically scanned and classified based on their content?

a. Scanning rules

b. Classification filters

c. Classification rules

d. Scanning filters

6.

1 point

From what locations in Windows Server 2012 R2 can you set classifications on files and folders?
(Choose all that apply

a. On the folder Properties dialog box

b. In the File and Folder Classification Manager console

c. In the File Server Resource Manager console

d. At the command line using the dism.exe utility

7.

1 point

What should you configure if you want to limit access to files with certain classifications within a
folder to a specific security group’s members?

a. A Central Access Policy

b. A Discretionary Access Control List

c. Role-Based Access Control

d. Access-Based Enumeration

8.

1 point

Before you attempt to implement a Central Access Policy, which of the following tasks should you first
complete?

a. Translate the authorization policies into expressions

b. Identify the resources you want to protect

c. Define the authorization policies

d. All of the above

9.

1 point

Before you attempt to implement file classification, which of the following tasks should you not first
determine?

a. The method you will use to identify documents for classification

b. The classifications you wish to apply

c. The schedule of the classification to occur

d. The schedule of disk defragmentation

10.

1 point

What does Windows Server 2012 R2 provide that allows you to verify that proposed Dynamic Access
Control changes accomplish what you intend them to do before actually deploying the changes?

a. RSOP

b. Auditing

c. Profiling

d. Staging

11.

1 point

What Windows Server 2012 R2 feature allows you to define computer-wide auditing of the file
system or the registry?

a. Discretionary Access Control Lists

b. System Audit Preferences

c. Global Object Access Auditing

d. Universal Group Auditing Control

12.

1 point

What Windows Server 2012 R2 feature helps users determine why they cannot access a folder or a
file?

a. Access Request Wizard

b. Permissions Analysis Assistance

c. Request Access Wizard

d. Access-Denied Assistance

13.

1 point

Which of the listed PowerShell cmdlets would be correctly used to modify a Central Access Policy in
Active Directory?

a. Set-ADCentralAccessPolicy

b. Update-ADCentralAccessPolicy

c. Modify-ADCentralAccessPolicy

d. Change-ADCentralAccessPolicy

14.

1 point

Which of the following would you skip in your planning for deploying Access-Denied Assistance?

a. The recipients for the Access Request email messages

b. The share size where Access-Denied Assistance will be used

c. The email text that users use to request access

d. The message that users will see when they are denied when accessing a resource

15.

1 point

After you have deployed a proposed Dynamic Access Control policy in staging mode, how do you
check to see what is happening?

a. Look in the Security logs for Event ID 4818

b. Look in the Application logs for Event ID 8418

c. Look in the DacStage.log file

d. Look in the DacResults.xml file