CH3 Windows Server 2008 Administrator MOAC #70-646
What does AGULP stand for?
Accounts, Global Groups, Universal Groups, Domain Local Groups, and Permissions
What is an organizational unit?
An organizational unit (OU) is a container object that functions in a subordinate capacity to a domain. OUs can contain other OUs, as well as leaf objects. You can apply separate Group Policy to an OU and delegate the administration of an OU as needed.
By definition, how do domains function in Active Directory?
Domains function as the boundaries for virtually all directory functions including administration, access control, database management, and replication.
Active Directory is one of the easiest technologies to test because an isolated lab environment usually can emulate many of the factors that can affect the performance of a directory service. T/F
False
Subdomains in a tree inherit permissions and policies from their parent domains. T/F
False
When you want to grant a collection of users permission to access a network resource, such as a file system share or a printer, you can assign permissions to an organizational unit. T/F
False
__________ Policy is one of the most powerful administrative features of Active Directory.
Group
What component automatically creates replication links between domain controllers in the same site and schedules their replication activities?
Knowledge Consistency Checker, KCC
What are the two most common structural paradigms used in Active Directory designs?
The two most common structural paradigms are the geographic, in which the domain structure is representative of the organization's physical locations, and the political, in which the structure conforms to the divisions or departments within the organization.
Unlike organizational units, you cannot assign Group Policy settings to computer objects, nor can you delegate their administration. T/F
True
You can drag and drop leaf objects, such as users and computers, between OUs, but not between domains. T/F
True
Which of the following is not a reason why you should try to create as few domains as possible when designing an Active Directory infrastructure? a) A license must be purchased from Microsoft for each domain you create. b) Additional domains increase the overall hardware and maintenance costs of the deployment. c) Some applications might present security issues when working in a forest with multiple domains. d) Additional domains increase the number of administrative tasks that must be performed.
a) A license must be purchased from Microsoft for each domain you create. The overall objective in your Active Directory design process should be to create as few domains as possible. There are several reasons why this is so. Each domain in an Active Directory installation is a separate administrative entity. The more domains you create, the greater the number of ongoing administration tasks you have to perform. Every domain also requires its own domain controllers, so each additional domain you create increases the overall hardware and maintenance costs of the deployment.
What is the name of the communications protocol called for by the original X.500 standard? a) Directory Access Protocol b) Data Access Protocol c) Lightweight Directory Access Protocol d) Lightweight Data Access Protocol
a) Directory Access Protocol The original X.500 standard calls for the use of a communications protocol called Directory Access Protocol (DAP).
Active Directory was first introduced in which operating system? a) Windows 2000 Server b) Windows XP SP2 c) Windows 2003 Server d) Windows Vista
a) Windows 2000 Server Active Directory is the directory service that Microsoft first introduced in Windows 2000 Server and has been upgraded in each successive server operating system release, including Windows Server 2008.
Which group is used for nonsecurity-related functions, such as sending email messages to a collection of users? a) distribution b) universal c) global d) security
a) distribution Distribution groups are used for nonsecurity-related functions, such as sending email messages to a collection of users.
Which of the following is not a variable that can affect the performance of an Active Directory installation? a) length of the domain name you create b) hardware you select for your domain controllers c) capabilities of your network d) types of WAN links connecting your remote sites
a) length of the domain name you create A great many variables can affect the performance of an Active Directory installation including the hardware you select for your domain controllers, the capabilities of your network, and the types of WAN links connecting your remote sites.
Which of the following is a main group type found in Active Directory? a) security b) domain c) global d) universal
a) security There are two group types in Active Directory: security groups and distribution groups.
Each domain in an Active Directory installation is a separate __________ entity.
administrative
Every object consists of __________ that store information about the object.
attributes
DNS naming limitations call for a maximum of how many characters per domain name? a) 32 b) 63 c) 128 d) 255
b) 63 You can add as many domains to the tree as you need and use any number of levels as long as you conform to the DNS naming limitations, which call for a maximum of 63 characters per domain name and 255 characters for the fully qualified domain name (FQDN).
What is the primary difference between global and universal groups? a) Global groups decrease the amount of replication traffic between sites. b) Universal groups add more data to the global catalog. c) You can use universal groups across the board if your network consists of multiple sites. d) Global groups add more data to the universal catalog.
b) Universal groups add more data to the global catalog. The primary difference between global and universal groups is that universal groups add more data to the global catalog, thereby increasing the amount of replication traffic between sites.
There are two basic classes of objects in an Active Directory domain. Which of the following is an object? a) logical b) leaf c) tree d) attribute
b) leaf There are two basic classes of objects: container objects and leaf objects.
Every Active Directory domain should have a minimum of __________ domain controllers. a) one b) two c) three d) four
b) two Every Active Directory domain should have a minimum of two domain controllers.
A site topology consists of all of the following Active Directory object types except __________. a) Sites b) Subnets c) Subnet Links d) Site Links
c) Subnet Links A site topology consists of three Active Directory object types, as follows: Sites - a site object represents the group of subnets at a single location, with good connectivity Subnets - a subnet object represents an IP network at a particular site Site Links - a site link object represents a WAN connection between two sites.
What type of compatibility are functional levels designed to provide in Active Directory installations running domain controllers with various versions of the Windows Server operating system? a) functional b) forward c) backward d) existing
c) backward Functional levels are designed to provide backward compatibility in Active Directory installations running domain controllers with various versions of the Windows Server operating system.
Where do users log in when joining an Active Directory domain? a) application b) individual computer c) domain d) server
c) domain Users that are joined to an Active Directory domain log on to the domain, not to an individual computer or application, and are able to access any resources in that domain for which administrators have granted them the proper permissions.
Which of the following is not a reason for creating an organizational unit? a) assigning Group Policy settings b) duplicating organizational divisions c) implementing domains d) delegating administration
c) implementing domains The correct reasons for creating an OU include the following: duplicating organizational divisions, assigning Group Policy settings, and delegating administration.
To use a Windows Server 2008 computer as a domain controller, you must configure it to use a(n) __________. a) APIPA address b) address supplied by a DHCP server c) static IP address d) none of the above
c) static IP address To use a Windows Server 2008 computer as a domain controller, you must configure it to use static IP addresses, not addresses supplied by a Dynamic Host Configuration Protocol (DHCP) server.
A(n) __________ object is one that can have other objects subordinate to it.
container
When using the subzone method, you can leave the Internet DNS servers in place and use Windows Server 2008 DNS servers to host the zone for the subdomain. Which of the following is a configuration change that you must make? a) You must use your domain controllers as your DNS servers. b) You must use your Internet DNS servers to host your Active Directory domains. c) You must turn on dynamic updates on the DNS servers. d) You must configure Internet DNS servers to delegate the Active Directory subdomain to the Windows Server 2008 DNS servers.
d) You must configure Internet DNS servers to delegate the Active Directory subdomain to the Windows Server 2008 DNS servers. The only configuration changes you must make are the following: You must configure the Internet DNS servers to delegate the Active Directory subdomain to the Windows Server 2008 DNS servers. You must configure the Windows Server 2008 DNS servers to forward all client requests that they cannot resolve (that is, requests for names outside of the Active Directory domains) to the Internet DNS servers.
An Active Directory domain controller can verify a user's identity by which of the following methods? a) smart cards b) passwords c) biometrics d) all of the above
d) all of the above Users typically authenticate themselves by supplying a password, but Active Directory networks can also use smart cards and biometrics (such as fingerprint sc@Ans) to verify a user's identity.
Which of the following Active Directory elements provides a true security boundary? a) organizational units b) domains c) domain trees d) forests
d) forests A forest can function as a security boundary, not a domain.
The Read-Only Domain Controller (RODC) supports only incoming replication traffic. As a result, what is it possible to do when using a Read-Only Domain Controller? a) create Active Directory objects b) modify Active Directory objects c) delete Active Directory objects d) none of the above
d) none of the above One of the new Active Directory features in Windows Server 2008 is the ability to create a Read-Only Domain Controller (RODC), which is a domain controller that supports only incoming replication traffic. As a result, it is not possible to create, modify, or delete Active Directory objects using the RODC.
Which group is used most often when designing an Active Directory infrastructure? a) distribution b) universal c) global d) security
d) security The security group is the type used most often when designing an Active Directory infrastructure.
The process of designing an Active Directory infrastructure consists of which basic phases?
designing the domain namespace, designing the internal domain structure, designing a site topology, and designing a Group Policy strategy
The required and recommended attributes that each type of object can have, the type of information that can be stored in each attribute, and the object's place in the directory tree are all defined in what location?
directory schema
When you create your first domain on an Active Directory network, you are creating the root of what?
domain tree
The overall objective in your Active Directory design process should be to create as few __________ as possible.
domains
When beginning a new Active Directory installation, the first step is to create a new __________.
forest
What is the name of the list in each forest that contains the objects in the forest along with a subset of each object's attributes?
global catalog
When a user logs on to an Active Directory domain, what is involved in the elaborate authentication procedure that the client computer performs?
locating the nearest domain controller and exchanging a series of messages using Kerberos
The Schema Administrators group exists only in the forest root domain. What do the members of that group have the ability to do?
modify the Active Directory schema
What does Active Directory use, in which it is possible to make changes to domain objects on any domain controller, to replicate those changes to all other domain controllers?
multiple-master replication
What container object functions in a subordinate capacity to a domain but without the complete separation of security policies?
organizational unit
Each domain in a tree is a separate security entity. What does each domain's separate Group Policy settings include?
permissions and user accounts
The primary difference between global and universal groups is that universal groups add more data to the global catalog, thereby increasing the amount of __________ traffic between sites.
replication
To stay synchronized, domain controllers communicate by sending database information to each other, which is a process called __________.
replication
What is the name of the process used by Windows NT domains in which one primary domain controller (PDC) sends its data to one or more backup domain controllers (BDCs)?
single-master replication
If you plan to create domains corresponding to remote sites or organizational divisions, the most common practice is to make them all __________ in the same tree, with a single root domain at the top.
subdomains
Every Active Directory domain should have a minimum of __________ domain controllers.
two