CNIT 242 Exam

According to lecture, ___ days is typically the optimal duration between password changes.

90

Match the characteristic to its associated virtualization architecture 1. Also known as workstation virtualization 2. Allows for the most efficient use of the underlying hardware 3. The virtualization layer is installed on top of an existing OS as an application 4. Virtualization layer is installed directly on the server hardware 5. Typically allows the best support for underlying peripherals (sound cards, USB ports) A. Client-Based (Hosted) Architecture B. Bare-Metal (Hypervisor) Architecture C. Both

A. Client-Based (Hosted) Architecture: 1,3,5 B. Bare-Metal (Hypervisor) Architecture: 4 C. Both: 2

Which of the following is not a reason to implement directory services rather than relying on individual machine accounts? A. Enable two-factor authentication B. Reduce the number of accounts and passwords to manage C. Provide a single point of administration D. Make it easier to assign/move permissions and rights to users

A. Enable two-factor authentication

GPO settings are set to which of the following by default A. Not Configured B. Enabled C. Disabled D. Enforced

A. Not Configured

Match the virtualization term to is associated definition A. Hypervisor B. Guest Operating System C. Virtual Machine (VM) D. Host Operating System 1. Each environment available for O/S installation 2. The operating system installed on a VM 3. In a hosted architecture the O/S in which the virtualization software runs 4. The software that provides the virtualization layer

A:4 B:2 C:1 D:3

The best way to resolve the issue of profile version differences (such as XP and Vista+) is to: A. Roaming Profiles B. Folder Redirection C. Offline Files D. Group policy to enforce compatibility settings E. A & C F. All of the above are equally effective in resolving profile version differences

B. Folder Redirection

Which of the following is NOT a way in which an administrator can control group policy inheritance A. Inheritance can be blocked for a GPO - forcing a child GPO to apply regardless of conflict B. Inheritance can be forced to override lower-level GPOs - forcing a parent GPO to apply regardless of conflict C. Inheritance can be disabled domain-wide D. All of these are ways in which an administrator can control group policy inheritance

C. Inheritance can be disabled domain-wide: Because inheritance can be blocked or forced, but not disabled throughout the domain

Your PC can communicate with a web server using the IP address, but not through fully qualified domain name (FQDN). What might be wrong A. The web server is malfunctioning B. The configured DNS server of the PC is malfunctioning C. Your PC is misconfigured to use a non-existing DNS server D. B & C E. All of the above could be the reason for the problem

D. B & C: The DNS server you are querying is nonexistent, malfunctioning, or misconfigured. Other issues could include network connectivity between the DNS server and the authoritative server, or an issue with an intermediate or authoritative server

Which of the following is not a built-in advantage of using a virtualized server architecture A. Provides a consistent hardware interface regardless of underlying physical hardware B. Increased capacity and scalability C. Lower infrastructure cost D. Reduced energy costs E. Increased reliability

E. Increased reliability: using virtualization will inherently create single points of failure. These can be addressed by adding redundancy in your virtual machine architecture

Which of the following best explains a domain that uses only local profiles

Each user will have a completely separate profile on each computer & Logging into a new computer will create a new local profile for the user on that machine

Which of the following is not contained in a user profile A. Desktop B. Application Settings C. My Documents D. Favorites E. A & B F. All of the above are in a user profile

F. All of the above are in a user profile

FSMO (Flexible Single Master Operation) roles are replicated to all domain controllers

False

Special characters. such as ?*"\ can be used in NetBIOS name

False

sysinit is a Windows utility that will clear all config settings

False

You can install Active Directory on Windows Server without having an existing DNS server or installing a new DNS server

False, A DNS server that supports dynamic updates is required to implement Active Directory

Active Directory is required to implement a DFS namespace.

False, AD is required to create a domain namespace, but a server namespace can be created in a non-domain environment

Access Control Lists provide one method of authentication

False, Access Control Lists provide a means of authorization

Authentication is the process of determining what users should be able to do

False, Authorization is the process of determining what users should be able to do

RADIUS is typically only used for authentication to network equipment for configuration purposes and terminal access

False, RADIUS is typically used to authenticate to network access devices to gain network access

A RAID (Redundant Array of Independent Disks) made up of four 250 GB drives will have 1 TB of available space

False, RAID five has a redundancy overhead of one's drive's capacity. A RAID 5 of four 250 GB dries would have 750 GB of available capacity

The default network printing protocol used in modern Windows implementation is LPR.

False, RAW is the protocol has replaced LPR in modern Windows network printing implementations

Solid state drives (SSD) offer better performance across all metrics than magnetic hard drives

False, SSDs offer significantly better seek time, but may not offer an improvement in sustained read or write time

Snapshots provide a complete VM backup solution

False, a snapshot only allows you to go back to a previous point in time. If the underlying disk is corrupted the snapshot will be corrupted as well

Virtualization is a fairly new technology that dates back to the late 90s

False, dates back to the 60s

File permissions can be directly assigned to organizational units (OU)

False, file permissions are to be assigned to users or user groups. OUs are used for group policy and attributes

In an enterprise environment, it is best to assign permissions to individual users

False, it is best to assign permissions to groups and place the applicable user(s) in the group

The best approach to implementing group policy is to create/modify one policy per OU that contains all of the applicable settings

False, the best approach is to create separate policies for each setting and link them to applicable OUs. This creates a single point of administration for each policy. By making a change to the policy it will affect all OUs linked to the policy

The server containing the actual files being shared is called the namespace server

False, the namespace server is the server containing the reference to the target

When using VMware's vMotion, the VM being moved must be shutdown prior to the move

False, the point of vMotion is to move a running VM

The two basic parts of authentication are usernames and passwords

False, the two basic parts of authentication are identity and proof of identity

The two most commonly used page description languages are PostScript and HPLC

False, the two most commonly used page description languages are PostScript and PCL

The terms SAN (Storage Area Network) and NAS (Network Attached Storage) are interchangeable

False, they are quite different. For one example, SAN accesses data as if it were a local hard drive and NAS accesses data as if it were a network attached drive

An advantage of Folder Redirection is that users can access their files even if they aren't connected to the network

False, using folder redirection users cannot access their desktop and my documents when they are not connected to the network

A server will be inherently more secure if installed in a virtual environment than if installed on physical hardware

False, while virtualization does not typically add security vulnerabilities, it also does not eliminate existing vulnerabilities

The order of scale, from smallest to largest, in an Active Directory is...

Subnet, Site, Domain, Forest

The tool used to rename a domain is:

There is none, you cannot rename a domain

A Windows Server 2008 or newer print server can be configured to automatically provide drivers to clients running any version of Windows.

True

A computer's NetBIOS name and DNS hostname are independent. However, they should be set to the same value

True

Business Class computers typically have more hardware consistency though time than consumer market machines

True

CUPS is commonly used to provide network print services for UNIX computers.

True

DFS replication can be configured to use only limited bandwidth and to sync only during specific times

True

Directories are hierarchical in nature

True

I/O systems suffer the biggest performance hit in virtualized systems

True

Modern network printing almost always includes the use of a print server

True

Read, write and execute are examples of file system permissions

True

Software can be pushed to Windows clients using GPO

True

The Kerberos protocol operates using a 6-step process. Steps 3 and 4 involve communication with a Ticket Granting Server

True

The cost of deploying and maintaining clients will typically cost more than the original system purchase

True

The number one rule of passwords is: Do not write them down

True

The top level 'share' in a DFS namespace is called the DFS Root

True

The two main services in DFS are namespaces and replication

True

The type of file system (FAT32, NTFS, VMFS, ext4) determines the max file size, naming convection, and max size of a partition/volume

True

WSUS is a solution that allows a sys admin to control updating of Microsoft software

True

Windows Active Directory can work with most DNS servers as long as they support dynamic updates

True, as long as the DNS server includes dynamic update capability it can be used with AD

A NAS (Network Attached Storage) is effectively the same as a network share on a server

True, from the perspective of the client, a NAS is exactly the same thing as a network share on a file server

By default, if an enabled GPO setting in the parent OU conflicts with an enabled GPO setting in the child OU. the GPO setting in the child OU wins

True, the GPOs are applied in order from the root to the object. If both the parent OU and the child OU have a setting applied, the parent setting will be applied, then the child setting will be applied. If effect, the child setting would "win" in this scenario

In an environment with a single ESXi server, vCenter provides limited benefit

True, the only benefits would be authentication against AD and access to the web client. The main benefits of vMotion, High Availability, fail-over, require multiple ESXi servers to implement in addition to vCenter

A VMs O/S clock should not be synchronized directly via NTP

True, the time will wander due to changes in the virtual CPU's clock. It is best to synchronize the VM server's clock via NTP and use VMware tools to sync the VM clock to the server

DNS, as currently deployed, has no formal security included

True, there is no authentication, authorization, non repudiation, or encryption in DNS

Modern Virtualization solution allow read-only memory holding common information to be addressed by multiple VMs

True, this approach is more efficient and allows more VMs per server than would be available otherwise

What are two components to a GPO

User & Computer

The Active Directory _____ is the blueprint for what attributes the AD can store

Schema

When placing users in groups for use in ACLs, the users should be placed in what type of group?

Security Group, because only these groups can be used in ACLs

Which of the following are problematic when using roaming profiles A. Login and logout times can be significantly increased B. Files and settings are left behind on every computer that is not connected to the network C. A user cannot log into a computer that is not connected to the network D. A & B E. All of the above are problematic when using roaming profiles

D. A & B: Log in and logout times are extended and files are left behind on every computer the user has logged into

A location in a directory can be either absolute or relative. If a location is relative, the starting location is known as the___

Context

Active Directory supports this ISO standard for directory access

LDAP(Lightweight Directory Access Protocol): This is an ISO/IETF standard for accessing directory information. Active Directory's support for LDAP enable it to be used by many third party applications for user lookup and authentication