microsoft 2 lessons 4,5,6
Which OU is created by default when Active Directory is installed? A) Domain Controllers B) Users C) Computers D) Member Servers
A) Domain Controllers
What provides a robust scripting method that supports a multitude of administrative tasks including creating Active Directory objects, mapping drives, connecting to printers, modifying environment variables, and modifying registry keys? A) Windows Script Host B) JavaScript C) Windows Powershell D) CMD.EXE
A) Windows Script Host
What types of certificates are generated by the enterprise CA and used to generate a smart card logon certificate for users in the organization? A) enrollment agent B) enrollment credential C) enrollment verification D) enrollment authority
A) enrollment agent
What describes the process of configuring one or more groups as members of another group? A) group nesting B) group hierarchy C) group leveling D) group forests
A) group nesting
What command-line tool can be used with a standard user account to reduce the risks associated with the Administrator account? A) runas B) su C) runadmin D) launchas
A) runas
What method of authentication requires a smart card and a PIN to provide more secure access to company resources? A) two-factor authentication B) dual authentication C) complex authentication D) strong authentication
A) two-factor authentication
Which of the following is a benefit of implementing a public key infrastructure (PKI)? A) Users no longer need to remember passwords. B) All information is stored on the smart card, making it difficult for anyone except the intended user to use or access it. C) Smart cards can be used from remote locations, such as a home office, to provide authentication services. D) All of the above
All of the above users no longer need to remember passwords; all information is stored on the smart card, making it difficult for anyone except the intended user to use or access it; security operations, such as cryptographic functions, are performed on the smart card itself rather than on the network server or local computer; smart cards can be used from remote locations, such as a home office, to provide authentication services; and the risk of remote attacks using a username and password is significantly reduced by smart cards.
What is used to uniquely identify an object throughout the Active Directory domain? A) security identifier B) relative identifier C) intermediate identifier D) domain identifier
Ans: a Difficulty: Easy Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles Feedback: A security identifier (SID) is used to uniquely identify an object throughout the Active Directory domain. Part of the SID identifies the domain to which the object belongs, and the other part is the RID.
How many RID Masters can a domain have? a) 1 b) 2 c) 3 d) 5
Ans: a Difficulty: Easy Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles Feedback: Each domain can have only one RID Master.
Each object's SID consists of two components: the domain portion and the __________. A) FSMO role B) global catalog C) subnet mask D) relative identifier
Ans: d Difficulty: MediumSection Ref: Understanding Flexible Single Master Operations (FSMO) RolesFeedback: The RID is a variable-length number that is assigned to objects at creation and becomes part of the object's security identifier (SID). A SID is used to uniquely identify an object throughout the Active Directory domain. Part of the SID identifies the domain to which the object belongs, and the other part is the RID.
How many FSMO roles does Active Directory support? A) 2 B) 5 C) 10 D) 12
B) 5 Active Directory supports five FSMO roles. Their functionality is divided between domain-wide and forest-wide FSMOs.
What tool allows you to utilize a simple interface to delegate permissions for domains, OUs, or containers? A) Delegation Wizard B) Delegation of Control Wizard C) Delegation of Administration Wizard D) Administration Wizard
B) Delegation of Control Wizard
What special identity group contains all authenticated users and domain guests? A) Power Users B) Everyone C) Batch D) Authenticated Users
B) Everyone
__________ groups are a collection of user accounts that are local to one specific workstation or member server. A) Distribution B) Local C) Built-in D) Security
B) Local
What typically consists of at least four characters or digits that are entered while presenting a physical access token, such as an ATM card or smart card? A) password B) PIN C) smart card D) RSA SmartID
B) PIN
What is a system of digital certificates, certification authorities (CAs), and other registration authorities (RAs) that verify and authenticate the validity of each party involved in an electronic transaction through the use of public key cryptography? A) CKI B) PKI C) DKI D) PCI
B) PKI
When a user logs on, what is created that identifies the user and all of the user's group memberships? A) access card B) access token C) access key D) access session
B) access token
What is the process of confirming a user's identity by using a known value, such as a password, pin number on a smart card, or user's fingerprint or handprint in the case of biometric authentication? A) authorization B) authentication C) administration D) allocation
B) authentication
Password-cracking can be accomplished by intelligent guessing on the part of the hacker or through the use of an automated __________ attack A) brute force B) dictionary C) cracking D) work
B) dictionary
What signifies an object's relative location within an Active Directory OU structure? A) common name B) distinguished name C) SAM account name D) AD name
B) distinguished name
What holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server's local domain with a partial copy of all objects from other domains within the same forest? A) domain controller B) global catalog C) DNS server D) DHCP server
B) global catalog The global catalog holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server's local domain with a partial copy of all objects from other domains within the same forest, called the partial attribute set (PAS).
When using CSVDE, what is the first line of the text file that uses proper attribute names? A) header row B) header record C) name row D) name record
B) header record
What tool is used to seize a FSMO role? A) ntosutil B) ntdsutil C) dcpromo D) adutil
B) ntdsutil The ntdsutil utility allows you to transfer and seize FSMO roles. When you use this tool to seize a FSMO role, the tool attempts a transfer from the current role owner first. Ntdsutil will only actually seize the role if the existing FSMO holder is unavailable.
A __________ is an alphanumeric sequence of characters that you enter with a username to access a server, workstation, or shared resource. A) PIN B) password C) SecureID D) biometric
B) password
What process is used when you move a FSMO role gracefully from one domain controller to another? A) role seizure B) role transfer C) role migration D) role separation
B) role transfer The role transfer process is used when you move a FSMO role gracefully from one domain controller to another. You can transfer FSMO roles from one domain controller to another to improve Active Directory performance or as a temporary measure when a domain controller will be taken offline for maintenance.
What dedicated workstation allows an administrator or another authorized user to preconfigure certificates and smart cards on behalf of a user or workstation? A) PKI server B) smart card enrollment station C) smart card verification station D) Certification Authority (CA)
B) smart card enrollment station
Passwords for Windows Server 2008, Windows Vista, Windows Server 2003, and Microsoft Windows XP clients can be __________ characters in length. A) 97 B) 68 C) 127 D) 142
C) 127
What port is used by Active Directory to direct search requests to a global catalog server? A) 3629 B) 3389 C) 3268 D) 3232
C) 3268 When a user initiates a search for an object in Active Directory, the request is automatically sent to TCP port 3268, which is used by Active Directory to direct these requests to a global catalog server. One of the SRV records used by Active Directory refers to the global catalog, or _gc, service, which listens on port 3268 to respond to these requests.
As a rule of thumb, you should estimate __________ percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server. A) 15 B) 25 C) 50 D) 70
C) 50 As a rule of thumb, you should estimate 50 percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server.
To implement PKI, what must be installed on your Windows 2008 Server? A) Active Directory Users and Computers B) Microsoft AdminPak C) Active Directory Certificate Services D) Microsoft Advanced Security Pack
C) Active Directory Certificate Services
What command-line utility is used to import or export Active Directory information from a comma-separated value (.csv) file? A) NETDIAG B) NSLOOKUP C) CSVDE D) DCPROMO
C) CSVDE
__________ groups are nonsecurity-related groups created for the distribution of information to one or more persons. A) Security B) Domain C) Distribution D) Local
C) Distribution
What special identity group is used as a reduced-privilege account to allow applications to run on a server without requiring administrative access? A) Network B) Dialup C) Network Service D) Restricted
C) Network Service
__________ name refers to each user's login name. A) Common B) Distinguished C) SAM account D) AD Name
C) SAM account
What special identity group is used by the system to allow permission to protected system files for services to function properly? A) Network Service B) Restricted C) Service D) Self
C) Service
Which of the following is not a characteristic of a strong password? A) at least eight characters in length B) contains uppercase and lowercase letters, numbers, and nonalphabetic characters C) contains your birth date D) differs significantly from other previously used passwords
C) contains your birth date
What procedure is used only when you have experienced a catastrophic failure of a domain controller that holds a FSMO role and you need to recover that role? A) role transfer B) role migration C) role seizure D) role separation
C) role seizure The role seizure procedure is used only when you have experienced a catastrophic failure of a domain controller that holds a FSMO role. Seizing a role can be defined as a forced, permanent transfer.
What can be defined as a password that follows guidelines that make it difficult for a potential hacker to determine the user's password? A) complex password B) encrypted password C) strong password D) RSA SecureID
C) strong password
Where is the certificate database located on a Certification Authority? A) C:\Windows\system\CertLog B) C:\Windows\system32\CertLog C) C:\Windows\CertLog D) C:\Windows\system32\CertLog32
C:\Windows\system32\CertLog
A password should be __________ characters in length to be considered a strong password. A) 6 B) 10 C) 12 D) 8
D) 8
What console must be used to move the Domain Naming Master FSMO role? A) Active Directory Users and Computers B) Active Directory Forests and Domains C) Active Directory Schema D) Active Directory Domains and Trusts
D) Active Directory Domains and Trusts The Active Directory Domains and Trusts console must be used to move the Domain Naming Master FSMO role.
What component issues and manages certificates for individuals, computers, and organizations? A) enrollment agent B) PKI server C) certificate server D) Certification Authority
D) Certification Authority
The two built-in user accounts that are created on a Windows Server 2008 computer are the Administrator account and the __________ account. A) Network B) Interactive C) Power User D) Guest
D) Guest
__________ groups are used to consolidate groups and accounts that either span multiple domains or the entire forest. A) Global B) Domain local C) Built-in D) Universal
D) Universal
Which of these design aspects should you consider when planning the appropriate location of FSMO role holders? A) number of domains that are or will be part of the forest B) physical structure of the network C) number of domain controllers that will be available in each domain D) all of the above
D) all of the above Planning the appropriate locations for FSMO role holders requires that you consider the following design aspects: the number of domains that are or will be part of the forest, the physical structure of the network, and the number of domain controllers that will be available in each domain.
Password-__________ is an attempt to discover a user's password. A) recovery B) tracing C) sniffing D) cracking
D) cracking
All default groups are __________ groups. A) distribution B) domain local C) built-In D) security
D) security
What is a credit card-sized or token-style device, such as a USB device, that is used with a PIN to enable logon to the enterprise? A) RSA SecureID B) password token C) smart chip D) smart card
D) smart card
What can be used to add, delete, or modify objects in Active Directory, in addition to modifying the schema if necessary? A) DCPROMO B) LDIFDE C) CSVDE D) NSLOOKUP
LDIFDE
What is the process of confirming that an authenticated user has the correct permissions to access one or more network resources? A) authorization B) authentication C) administration D) allocation
a) authorization
What is a partial copy of all objects from other domains within the same forest that is held on a global catalog server? a) partial attribute set b) partial domain set c) partial attribute listing d) partial domain listing
a) partial attribute set The global catalog holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server's local domain with a partial copy of all objects from other domains within the same forest, called the partial attribute set (PAS). This partial copy of forest-wide data includes a subset of each object's attributes. The attributes included in this subset are necessary to provide functionality such as logon, object searches, and universal group memberships.
The RID Master FSMO role distributes RIDs to domain controllers in what increments? A) 300 B) 500 C) 700 D) 1200
b) 500 Understanding Flexible Single Master Operations (FSMO) Roles Feedback: The RID Master FSMO distributes RIDs to domain controllers in increments of 500.
Which FSMO role is responsible for reference updates from its domain objects to other domains? A) Relative Identifier Master B) Infrastructure Master C) Domain Naming Master D) Schema Master
b) Infrastructure Master The Infrastructure Master Role is responsible for reference updates from its domain objects to other domains. This assists in tracking which domains own which objects.
What allows a user to be able to log on using a cached copy of his or her logon credentials that have been stored on his or her local workstation? A) cached login B) cached credentials C) stored login D) stored credentials
b) cached credentials If the user has successfully logged on in the past and you have enabled cached credentials in your environment, a user will be able to log on using a cached copy of his or her logon credentials that have been stored on his or her local workstation.
What types of memberships are stored in the global catalog? A) domain local B) universal C) global D) local workstation
b) universal Difficulty: Easy Section Ref: Understanding the Global Catalog Feedback: Domain local and global group memberships are stored at the domain level; universal group memberships are stored in the global catalog.
Which FSMO role has the authority to manage the creation and deletion of domains, domain trees, and application data partitions in the forest? a) Relative Identifier Master b) Infrastructure Master c) Domain Naming Master d) Schema Master
c) Domain Naming Master Understanding Flexible Single Master Operations (FSMO) RolesFeedback: The Domain Naming Master role has the authority to manage the creation and deletion of domains, domain trees, and application data partitions in the forest. When any of these is created, the Domain Naming Master ensures that the name assigned is unique to the forest.
Which of the following is not a function performed by a global catalog server? a) facilitating searches for objects in the forest b) maintaining universal group membership information c) maintaining a backup of all data stored on a domain controller d) maintaining a copy of all objects in the domain
c) maintaining a backup of all data stored on a domain controller Feedback: The global catalog has four main functions in an Active Directory environment. These are facilitating searches for objects in the forest, resolving user principal names (UPNs), maintaining universal group membership information, and maintaining a copy of all objects in the domain.
What Windows Server 2008 feature stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server? A) global group membership caching B) domain group membership caching C) local group membership caching D) universal group membership caching
d) universal group membership caching For sites that do not have a global catalog server available, Windows Server 2008 offers a feature called universal group membership caching. This stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server.
Which of the following is not a type of user account that can be configured in Windows Server 2008? A) local accounts B) domain accounts C) network accounts D) built-in accounts
network accounts
You cannot manually modify the group membership of or view the membership lists of __________ groups. A) distribution B) domain local C) special identity D) universal
special identity
