NOS 230 Final Questions And Answers With Verified
Study Solutions
Having heard the data theft suffered by a competing company by a man-in-the-middle attack, Finn asks Talia, his
server administrator, to implement measures to prevent such attacks in his company.
Which of the following should Talia do to ensure that Finn's company is protected from such attacks?
a. Hire the services of a third-party Certification Authority
b. Configure the Block Inheritance setting at OU-level GPOs
c. Run the gpupdate /force command in a Command Prompt window.
d. Run the gpresult /r command in Windows PowerShell. ANS a. Hire the services of a third-party Certification
Authority
Analysis:
a. Correct. To ensure that Finn's company is protected from man-in-the-middle attacks, Talia should hire the
services of a third-party Certification Authority (CA). CAs endorse the public keys before they are used for secure
technologies, such as HTTPS.
b. Incorrect. Configuring the Block Inheritance setting at OU-level GPOs will prevent the domain-level GPO settings
from applying to user accounts in those OUs. This is not relevant to man-in-the-middle hacking attacks.
c. Incorrect. Running the gpupdate /force command in a Command Prompt window forces the client computer to
check the SYSVOL shared folder on their domain controller for new GPO settings and apply them, if necessary.
d. Incorrect. Running the gpresult /r command in Windows PowerShell helps troubleshoot GPO configuration
issues.
Which of the following is true of Group Policy Objects (GPOs)?
a. They do not apply to Active Directory groups.
b. They are not strictly enforced.
c. They allow users to configure settings that are applied by GPOs.
,d. They are limited to 500 or less users or computers. ANS a. They do not apply to Active Directory groups.
Analysis:
a. Correct. GPOs do not apply to Active Directory groups. To function, they must be linked to a site, domain, or OU
object that contains the user or computer accounts that they apply to.
b. Incorrect. GPOs are strictly enforced.
c. Incorrect. Users cannot configure or override the settings that are applied by GPOs.
d. Incorrect. A single GPO can be applied to thousands of users and computers in an organization to reduce the
time and effort that it takes to administer a large domain.
Amber is a hacker who steals information when people enter their personal details on specific websites. She
intercepts the public key as it is sent from the Web server to the Web browser and substitutes her own public key
in its place. This enables her to intercept the communication and decrypt the symmetric encryption key using her
private key.
Which type of hacking attack is Amber perpetrating?
a. A denial-of-service attack
b. A man-in-the-middle attack
c. A drive-by attack
d. A malware attack ANS b. A man-in-the-middle attack
Analysis:
a. Incorrect. A denial-of-service attack prevents a system from responding to service requests. It is not associated
with information theft.
b. Correct. Amber is perpetrating a man-in-the-middle attack. This type of attack is often used by hackers when
redirecting HTTPS traffic to a malicious website for the purposes of stealing information.
c. Incorrect. A drive-by attack is used to spread malware rather than to steal information.
,d. Incorrect. A malware attack is associated with installation of unwanted software without consent. In the given
scenario, the attack is most likely to redirect HTTPS traffic to a malicious website.
Alonso, a system administrator, has configured and deployed a new GPO at the domain level in his organization.
However, when he checks after a few hours, two of the OUs in the Active Directory do not reflect the change.
What is the most likely reason the new GPO configuration did not apply to the two OUs?
a. The OUs were under another domain.
b. The Block Inheritance setting prevented the OUs from applying the GPOs.
c. The users under the OUs declined the domain-level setting when prompted.
d. The GPO link was configured with the Enforced setting. ANS b. The Block Inheritance setting prevented the
OUs from applying the GPOs.
Analysis:
a. Incorrect. For the OUs to apply the GPO, they must be linked to the domain in which the new GPO was deployed.
b. Correct. The Block Inheritance setting on the OUs can prevent domain-level GPO settings from being applied to
user accounts in those OUs.
c. Incorrect. When GPO settings are applied, users are not prompted to decline or accept them.
d. Incorrect. If the GPO link was configured with the Enforced setting, the GPO would have been applied to the
accounts within the two OUs.
Yosef has configured Windows Server 2019 as an enterprise CA and deployed a GPO to enroll all the users for
certificates. He chooses the setting that will enroll the users when they boot their computers. When he checks
whether all users and computers have been enrolled, he finds that five users were not enrolled for the certificate.
Yosef was able to manually enroll those users for certificates.
Which of the following permissions to the certificate template is most likely to be missing for the five users who did
not get enrolled?
, a. Read
b. Write
c. Enroll
d. Autoenroll ANS d. Autoenroll
Analysis:
a. Incorrect. Without the Read permission, a computer or user cannot be enrolled manually. Yosef was able to
enroll the fiver users manually. This indicates that the users have the Read permission.
b. Incorrect. The Write permission is not required for enrollment for certificates.
c. Incorrect. Without the Enroll permission, a computer or user cannot be enrolled manually. Yosef was able to
enroll the fiver users manually. This indicates that the users have the Enroll permission.
d. Correct. The five users do not have the Autoenroll permission. For a GPO to auto-enroll users or computers for
certificates, those users or computers must have Read, Enroll, and Autoenroll permissions to the certificate
template.
Amina, who works for a pharmaceutical company, configures and issues the Smartcard Logon certificate template
with schema version 2. While most of the users get auto-enrolled, some of the users fail to obtain the certificate.
Identify the most likely reason auto-enrollment failed for these users.
a. Their operating system is Windows XP.
b. They have the Block Inheritance setting at the OU level.
c. The template did not have the Enforced setting.
d. Their operating system is Windows 2000. ANS d. Their operating system is Windows 2000.
Analysis:
a. Incorrect. Windows XP is compatible with the schema version 2 certificate template.
b. Incorrect. The Block Inheritance setting at the OU level will prevent domain-level GPO settings from applying to
user accounts in those OUs. It will not affect the auto-enrollment for the certificate.
Study Solutions
Having heard the data theft suffered by a competing company by a man-in-the-middle attack, Finn asks Talia, his
server administrator, to implement measures to prevent such attacks in his company.
Which of the following should Talia do to ensure that Finn's company is protected from such attacks?
a. Hire the services of a third-party Certification Authority
b. Configure the Block Inheritance setting at OU-level GPOs
c. Run the gpupdate /force command in a Command Prompt window.
d. Run the gpresult /r command in Windows PowerShell. ANS a. Hire the services of a third-party Certification
Authority
Analysis:
a. Correct. To ensure that Finn's company is protected from man-in-the-middle attacks, Talia should hire the
services of a third-party Certification Authority (CA). CAs endorse the public keys before they are used for secure
technologies, such as HTTPS.
b. Incorrect. Configuring the Block Inheritance setting at OU-level GPOs will prevent the domain-level GPO settings
from applying to user accounts in those OUs. This is not relevant to man-in-the-middle hacking attacks.
c. Incorrect. Running the gpupdate /force command in a Command Prompt window forces the client computer to
check the SYSVOL shared folder on their domain controller for new GPO settings and apply them, if necessary.
d. Incorrect. Running the gpresult /r command in Windows PowerShell helps troubleshoot GPO configuration
issues.
Which of the following is true of Group Policy Objects (GPOs)?
a. They do not apply to Active Directory groups.
b. They are not strictly enforced.
c. They allow users to configure settings that are applied by GPOs.
,d. They are limited to 500 or less users or computers. ANS a. They do not apply to Active Directory groups.
Analysis:
a. Correct. GPOs do not apply to Active Directory groups. To function, they must be linked to a site, domain, or OU
object that contains the user or computer accounts that they apply to.
b. Incorrect. GPOs are strictly enforced.
c. Incorrect. Users cannot configure or override the settings that are applied by GPOs.
d. Incorrect. A single GPO can be applied to thousands of users and computers in an organization to reduce the
time and effort that it takes to administer a large domain.
Amber is a hacker who steals information when people enter their personal details on specific websites. She
intercepts the public key as it is sent from the Web server to the Web browser and substitutes her own public key
in its place. This enables her to intercept the communication and decrypt the symmetric encryption key using her
private key.
Which type of hacking attack is Amber perpetrating?
a. A denial-of-service attack
b. A man-in-the-middle attack
c. A drive-by attack
d. A malware attack ANS b. A man-in-the-middle attack
Analysis:
a. Incorrect. A denial-of-service attack prevents a system from responding to service requests. It is not associated
with information theft.
b. Correct. Amber is perpetrating a man-in-the-middle attack. This type of attack is often used by hackers when
redirecting HTTPS traffic to a malicious website for the purposes of stealing information.
c. Incorrect. A drive-by attack is used to spread malware rather than to steal information.
,d. Incorrect. A malware attack is associated with installation of unwanted software without consent. In the given
scenario, the attack is most likely to redirect HTTPS traffic to a malicious website.
Alonso, a system administrator, has configured and deployed a new GPO at the domain level in his organization.
However, when he checks after a few hours, two of the OUs in the Active Directory do not reflect the change.
What is the most likely reason the new GPO configuration did not apply to the two OUs?
a. The OUs were under another domain.
b. The Block Inheritance setting prevented the OUs from applying the GPOs.
c. The users under the OUs declined the domain-level setting when prompted.
d. The GPO link was configured with the Enforced setting. ANS b. The Block Inheritance setting prevented the
OUs from applying the GPOs.
Analysis:
a. Incorrect. For the OUs to apply the GPO, they must be linked to the domain in which the new GPO was deployed.
b. Correct. The Block Inheritance setting on the OUs can prevent domain-level GPO settings from being applied to
user accounts in those OUs.
c. Incorrect. When GPO settings are applied, users are not prompted to decline or accept them.
d. Incorrect. If the GPO link was configured with the Enforced setting, the GPO would have been applied to the
accounts within the two OUs.
Yosef has configured Windows Server 2019 as an enterprise CA and deployed a GPO to enroll all the users for
certificates. He chooses the setting that will enroll the users when they boot their computers. When he checks
whether all users and computers have been enrolled, he finds that five users were not enrolled for the certificate.
Yosef was able to manually enroll those users for certificates.
Which of the following permissions to the certificate template is most likely to be missing for the five users who did
not get enrolled?
, a. Read
b. Write
c. Enroll
d. Autoenroll ANS d. Autoenroll
Analysis:
a. Incorrect. Without the Read permission, a computer or user cannot be enrolled manually. Yosef was able to
enroll the fiver users manually. This indicates that the users have the Read permission.
b. Incorrect. The Write permission is not required for enrollment for certificates.
c. Incorrect. Without the Enroll permission, a computer or user cannot be enrolled manually. Yosef was able to
enroll the fiver users manually. This indicates that the users have the Enroll permission.
d. Correct. The five users do not have the Autoenroll permission. For a GPO to auto-enroll users or computers for
certificates, those users or computers must have Read, Enroll, and Autoenroll permissions to the certificate
template.
Amina, who works for a pharmaceutical company, configures and issues the Smartcard Logon certificate template
with schema version 2. While most of the users get auto-enrolled, some of the users fail to obtain the certificate.
Identify the most likely reason auto-enrollment failed for these users.
a. Their operating system is Windows XP.
b. They have the Block Inheritance setting at the OU level.
c. The template did not have the Enforced setting.
d. Their operating system is Windows 2000. ANS d. Their operating system is Windows 2000.
Analysis:
a. Incorrect. Windows XP is compatible with the schema version 2 certificate template.
b. Incorrect. The Block Inheritance setting at the OU level will prevent domain-level GPO settings from applying to
user accounts in those OUs. It will not affect the auto-enrollment for the certificate.
