MTA 98-365 Ch. 5 Part 2
domain Explanation: A Windows domain is a logical unit of computers and network resources that defines a security boundary. A domain uses a single Active Directory database to share its common security and user account information for all computers within the domain, allowing centralized administration of all users, groups, and resources on the network.
A ________ is a logical unit of computers and network resources that define a security boundary.
domain controller Explanation: A domain controller is a Windows server that stores a replica of the account and security information for the domain and defines the domain boundaries. To make a computer running Windows Server 2008 a domain controller, you must install the Active Directory Domain Services and execute the dcpromo (short for dc promotion) command.
A __________ is a Windows server that stores the Active Directory database.
security group Explanation: Windows Active Directory has two types of groups: security and distribution. A security group is used to assign rights and permissions and gain access to network resources. It can also be used as a distribution group.
To which type of group would you assign rights and permissions?
member server Explanation: A server that is not running as a domain controller is known as a member server. To demote a domain controller to a member server, you rerun the dcpromo program.
What Windows server attached to a domain is not a domain controller?
user rights Explanation: A right authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up files and directories on a system. User rights are assigned through local policies or Active Directory Group Policy.
What authorizes a user to perform a certain action on a computer?
A site Explanation: A site is one or more IP subnets that are connected by a high-speed link, typically defined by a geographical location. Suppose that you have a four-story office building. Although the building includes several subnets, all computers within the building use layer-2 and layer-3 switches to communicate with each other.
What do you call one or more IP subnets that are connected by a high-speed link?
forests Explanation: A forest is made of one or more trees (although most people think of a forest as two or more trees). A forest varies from a tree because it uses disjointed namespaces between the trees.
What do you call one or more trees with disjointed namespaces?
upgrade to the highest domain and forest functional levels Explanation: The functional level of a domain or forest depends on which Windows Server operating system versions are running on the domain controllers in that domain or forest. The functional level also controls which advanced features are available in the domain or forest. To get all the features available with Active Directory, you must have the latest version of the Windows Server operating system, and you have to use the highest forest and domain functional level.
What do you need to do with your forests and domains so that you can use all available features?
organizational units Explanation: To help organize objects within a domain and minimize the number of domains required, you can use organizational units (OUs). OUs can be used to hold users, groups, computers, and other organizational units.
What do you use to organize your users, computers, and other network resources within a domain?
hosts file Explanation: Early TCP/IP networks used hosts (used with domain/hostnames associated with DNS) and lmhost (used with NetBIOS/computer names associated with WINS) files, which were text files that listed a name and its associated IP address.
What file is used to translate host names to IP addresses?
Use the Delegate of Authority wizard. Explanation: By delegating administration, you can assign a range of administrative tasks to the appropriate users and groups. For instance, you can assign basic administrative tasks to regular users or groups and leave domain-wide and forest-wide administration to members of the Domain Admins and Enterprise Admins groups.
What is the best way to give managers a way to change passwords for the users they manage?
WINS Explanation: Windows Internet Name Service (WINS) is a legacy naming service that translates from NetBIOS (computer name) to specify a network resource. A WINS sever contains a database of IP addresses and NetBIOS names that update dynamically.
What legacy naming service is used to translate computer names to IP addresses?
LDAP Explanation: The Lightweight Directory Access Protocol, or LDAP, is an application protocol for querying and modifying data using directory services running over TCP/IP. Within the directory, the sets of objects are organized in a logical hierarchical manner so that you can easily find and manage them.
What protocol is used to query and modify data contained within a structure that reflect geographical or organizational structure?
global catalog Explanation: A global catalog replicates the information of every object in a tree and forest. However, rather than store the entire object, it stores just those attributes that are most frequently used in search operations, such as a user's first and last name, computer name, and so forth. By default, a global catalog is created automatically on the first domain controller in the forest, but any domain controller can be made into a global catalog.
What service replicates information of every object in a tree and forest so that you can quickly find those objects?
DNS Explanation: Domain Name System (DNS) is a hierarchical client/server-based distributed database management system that translates domain/hosts names to IP addresses. Your organization most likely has one or more DNS servers that provide name resolution for your company.
What system is used to translate www.microsoft.com to an IP address?
DHCP Explanation: It would take hours to configure every host IP configuration, including IP address, addresses of DNS and WINS servers, and any other parameters. Thus, most organizations use Dynamic Host Configuration Protocol (DHCP) services to automatically assign IP addresses and related parameters (including subnet mask, default gateway, and length of the lease) so that a host can immediately communicate on an IP network when it starts.
What technology automatically assigns IP addresses to clients?
group policies Explanation: One of Active Directory's most powerful features is Group Policy, which controls the working environment for user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and user settings in an Active Directory environment.
What technology is used to standardize the Windows environment on all client computers?
PTR Explanation: PTR (short for pointer) resolves an IP address to a hostname (reverse mapping) and is contained in the reverse lookup zone.
Which DNS resource records translate IP addresses to a host name?
PDC Emulator Explanation: The Primary Domain Controller (PDC) was the main domain controller used with Windows NT. The PDC Emulator provides backward compatibility for NT4 clients. It also acts as the primary server for password changes and as the master time server within the domain.
Which FSMO role is the master time server and password keeper?
A Explanation: A (host address) provides a hostname to an IPv4 address; AAA (host address) provides a hostname to an IPv6 address.
Which resource record used in DNS translates host names to IP addresses?
universal group Explanation: Universal group scope is designed to contain global groups from multiple domains. Universal groups can contain global groups, other universal groups, and user accounts. Because global catalogs replicate universal group membership, you should limit the membership to global groups.
Which type of group can contain any user or group in any domain and can be assigned to any resource in any domain?
Kerberos Explanation: Kerberos is a computer network authentication protocol that allows hosts to prove their identity securely over a non-secure network. It can also provide mutual authentication so that both the user and server can verify each other's identity.
___________ is the primary authentication protocol used in Active Directory.