Lesson 5: Essential Services Flashcards Preview

My Exam Review 2014 > Lesson 5: Essential Services > Flashcards

Flashcards in Lesson 5: Essential Services Deck (50):
1

1. What system is used to translate www.microsoft.com to an IP address?
a) DNS
b) WINS
c) DHCP
d) ARP

Answer: a) DNS

Difficulty: Easy
Section Reference: Exploring DNS
Explanation: Domain Name System (DNS) is a hierarchical client/server-based distributed database management system that translates domain/hosts names to IP addresses. Your organization most likely has one or more DNS servers that provide name resolution for your company.

2

2. What file is used to translate host names to IP addresses?
a) hosts file
b) lmhosts file
c) dns file
d) wins file

Answer: a) hosts file

Difficulty: Medium
Section Reference: Understanding HOSTS and LMHOSTS Files
Explanation: Early TCP/IP networks used hosts (used with domain/hostnames associated with DNS) and lmhost (used with NetBIOS/computer names associated with WINS) files, which were text files that listed a name and its associated IP address.

3

3. Which resource record used in DNS translates host names to IP addresses?
a) SOA
b) A
c) PTR
d) MX

Answer: b) A

Difficulty: Medium
Section Reference: Exploring DNS
Explanation: A (host address) provides a hostname to an IPv4 address; AAA (host address) provides a hostname to an IPv6 address.

4

4. Which DNS resource records translate IP addresses to a host name?
a) SOA
b) A
c) PTR
d) MX

Answer: c) PTR

Difficulty: Medium
Section Reference: Exploring DNS
Explanation: PTR (short for pointer) resolves an IP address to a hostname (reverse mapping) and is contained in the reverse lookup zone.

5

5. Which DNS resource record is used to locate a domain controller?
a) SOA
b) A
c) PTR
d) SRV

Answer: d) SRV (service) records

Difficulty: Medium
Section Reference: Exploring DNS
Explanation: SRV (service) records locate servers that host particular services, including LDAP servers or domain controllers.

6

6. What legacy naming service is used to translate computer names to IP addresses?
a) DNS
b) GlobalZones
c) DHCP
d) WINS

Answer: d) WINS

Difficulty: Easy
Section Reference: WINS
Explanation: Windows Internet Name Service (WINS) is a legacy naming service that translates from NetBIOS (computer name) to specify a network resource. A WINS sever contains a database of IP addresses and NetBIOS names that update dynamically.

7

7. What technology automatically assigns IP addresses to clients?
a) DNS
b) GlobalZones
c) DHCP
d) WINS

Answer: c) DHCP

Difficulty: Easy
Section Reference: DHCP Services
Explanation: It would take hours to configure every host IP configuration, including IP address, addresses of DNS and WINS servers, and any other parameters. Thus, most organizations use Dynamic Host Configuration Protocol (DHCP) services to automatically assign IP addresses and related parameters (including subnet mask, default gateway, and length of the lease) so that a host can immediately communicate on an IP network when it starts.

8

8. What protocol is used to query and modify data contained within a structure that reflect geographical or organizational structure?
a) LDAP
b) DNS
c) GlobalZones
d) Kerberos

Answer: a) LDAP

Difficulty: Easy
Section Reference: Introducing Directory Services with Active Directory
Explanation: The Lightweight Directory Access Protocol, or LDAP, is an application protocol for querying and modifying data using directory services running over TCP/IP. Within the directory, the sets of objects are organized in a logical hierarchical manner so that you can easily find and manage them.

9

9. What Windows server attached to a domain is not a domain controller?
a) member server
b) bridgehead server
c) LDAP server
d) Kerberos server

Answer: a) member server

Difficulty: Easy
Section Reference: Introducing Sites and Domain Controllers
Explanation: A server that is not running as a domain controller is known as a member server. To demote a domain controller to a member server, you rerun the dcpromo program.

10

10. Which FSMO role is the master time server and password keeper?
a) Schema Master
b) Domain Naming Master
c) PDC Emulator
d) Infrastructure Master

Answer: c) PDC Emulator

Difficulty: Hard
Section Reference: Flexible Single Master Operations
Explanation: The Primary Domain Controller (PDC) was the main domain controller used with Windows NT. The PDC Emulator provides backward compatibility for NT4 clients. It also acts as the primary server for password changes and as the master time server within the domain.

11

11. What service replicates information of every object in a tree and forest so that you can quickly find those objects?
a) LDAP server
b) global catalog
c) Infrastructure Master
d) PDC Emulator

Answer: b) global catalog

Difficulty: Medium
Section Reference: Looking at Global Catalogs
Explanation: A global catalog replicates the information of every object in a tree and forest. However, rather than store the entire object, it stores just those attributes that are most frequently used in search operations, such as a user’s first and last name, computer name, and so forth. By default, a global catalog is created automatically on the first domain controller in the forest, but any domain controller can be made into a global catalog.

12

12. What do you use to organize your users, computers, and other network resources within a domain?
a) groups
b) forest
c) organizational units
d) group policy

Answer: c) organizational units

Difficulty: Easy
Section Reference: Introducing Organizational Unites
Explanation: To help organize objects within a domain and minimize the number of domains required, you can use organizational units (OUs). OUs can be used to hold users, groups, computers, and other organizational units.

13

13. What is the best way to give managers a way to change passwords for the users they manage?
a) Make the manager a domain administrator.
b) Make the manager an account operator.
c) Make the manager a local administrator.
d) Use the Delegate of Authority wizard.

Answer: d) Use the Delegate of Authority wizard.

Difficulty: Medium
Section Reference: Introducing Organizational Units
Explanation: By delegating administration, you can assign a range of administrative tasks to the appropriate users and groups. For instance, you can assign basic administrative tasks to regular users or groups and leave domain-wide and forest-wide administration to members of the Domain Admins and Enterprise Admins groups.

14

14. To which type of group would you assign rights and permissions?
a) security group
b) distribution group
c) scoped group
d) Global Domain group

Answer: a) security group

Difficulty: Medium
Section Reference: Comparing Group Types
Explanation: Windows Active Directory has two types of groups: security and distribution. A security group is used to assign rights and permissions and gain access to network resources. It can also be used as a distribution group.

15

15. Which type of group can contain any user or group in any domain and can be assigned to any resource in any domain?
a) domain local group
b) global group
c) universal group
d) distribution group

Answer: c) universal group

Difficulty: Medium
Section Reference: Comparing Group Scopes
Explanation: Universal group scope is designed to contain global groups from multiple domains. Universal groups can contain global groups, other universal groups, and user accounts. Because global catalogs replicate universal group membership, you should limit the membership to global

16

16. What authorizes a user to perform a certain action on a computer?
a) user rights
b) permissions
c) assignments
d) certificates

Answer: a) user rights

Difficulty: Medium
Section Reference: Comparing Rights and Permissions
Explanation: A right authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up files and directories on a system. User rights are assigned through local policies or Active Directory Group Policy.

17

Fill in the Blank
17. ___________ is the primary authentication protocol used in Active Directory.

Answer: Kerberos

Difficulty: Hard
Section Reference: Introducing Directory Services with Active Directory
Explanation: Kerberos is a computer network authentication protocol that allows hosts to prove their identity securely over a non-secure network. It can also provide mutual authentication so that both the user and server can verify each other’s identity.

18

Fill in the Blank
18. A ________ is a logical unit of computers and network resources that define a security boundary.

Answer: domain

Difficulty: Easy
Section Reference: Introducing Directory Services with Active Directory
Explanation: A Windows domain is a logical unit of computers and network resources that defines a security boundary. A domain uses a single Active Directory database to share its common security and user account information for all computers within the domain, allowing centralized administration of all users, groups, and resources on the network.

19

Fill in the Blank
19. A __________ is a Windows server that stores the Active Directory database.

Answer: domain controller

Difficulty: Easy
Section Reference: Introducing Directory Services with Active Directory
Explanation: A domain controller is a Windows server that stores a replica of the account and security information for the domain and defines the domain boundaries. To make a computer running Windows Server 2008 a domain controller, you must install the Active Directory Domain Services and execute the dcpromo (short for dc promotion) command.

20

Short Answer
20. What do you call one or more trees with disjointed namespaces?

Answer: forests

Difficulty: Easy
Section Reference: Introducing Directory Services with Active Directory
Explanation: A forest is made of one or more trees (although most people think of a forest as two or more trees). A forest varies from a tree because it uses disjointed namespaces between the trees.

21

Short Answer
21. What do you call one or more IP subnets that are connected by a high-speed link?

Answer: A site

Difficulty: Easy
Section Reference: Introducing Sites and Domain Controllers
Explanation: A site is one or more IP subnets that are connected by a high-speed link, typically defined by a geographical location. Suppose that you have a four-story office building. Although the building includes several subnets, all computers within the building use layer-2 and layer-3 switches to communicate with each other.

22

Short Answer
22. What do you need to do with your forests and domains so that you can use all available features?

Answer: upgrade to the highest domain and forest functional levels

Difficulty: Easy
Section Reference: Defining Functional Levels
Explanation: The functional level of a domain or forest depends on which Windows Server operating system versions are running on the domain controllers in that domain or forest. The functional level also controls which advanced features are available in the domain or forest. To get all the features available with Active Directory, you must have the latest version of the Windows Server operating system, and you have to use the highest forest and domain functional level.

23

Short Answer
23. What technology is used to standardize the Windows environment on all client computers?

Answer: group policies

Difficulty: Easy
Section Reference: Introducing Group Policy
Explanation: One of Active Directory’s most powerful features is Group Policy, which controls the working environment for user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and user settings in an Active Directory environment.

24

1. The file that is used to resolve hostnames to IP addresses is ______ .

Hosts

25

2. The resource record used in DNS to resolve IP address to hostnames is ______ .

PTR

26

3. The ______ automatically assigns IP addresses and other IP configuration to a host.

DHCP

27

4. ______ is a popular directory service with objects in a logical hierarchical manner.

LDAP (Lightweight Directory Access Protocol)

28

5. The ______ are roles that provide certain functions that can only be handled by one domain controller.

FSMO - FLEXIBLE SINGLE MASTER OPERATIONS role

Active Directory uses multi-master replication, which means that there is no master domain controller, commonly referred to as a primary domain controller within Windows NT domains. However, because there are certain functions that can be handled by only one domain controller at a time, Active Directory uses Flexible Single Master Operations (FSMO) roles, also known as operations master roles

ROLE NAME Schema Master; SCOPE 1 per forest
DESCRIPTION Controls and handles updates/modifications to the Active Directory schema.

ROLE NAME Domain Naming Master; SCOPE 1 per forest
DESCRIPTION Controls the addition and removal of domains from the forest if present in root domain.

ROLE NAME PDC Emulator; SCOPE 1 per domain
DESCRIPTION PDC is short for Primary Domain Controller, which was the main domain controller used with Windows NT. The PDC emulator provides backwards compatibility for NT4 clients. It also acts as the primary server for password changes and as the master time server within the domain.

ROLE NAME RID Master (Relative ID Master); SCOPE 1 per domain
DESCRIPTION Allocates pools of unique identifiers to domain controlers for use when creating objects.

ROLE NAME infrastructure Master; SCOPE 1 per domain
DESCRIPTION Synchronizes cross-domain group membership changes. The infrastructure master cannot run on a global catalog server unless all DCs are also GCs.

29

6. A(n) ______ is used to organize the objects within a domain.

OU

30

7. Printers, users, and computers are examples of ______ in Active Directory.

Objects

31

8. The local security database found on a member server is known as the ______ .

Security Accounts Manager (SAM)

The Security Accounts Manager (SAM) is a database file in Windows XP, Windows Vista and Windows 7 that stores users passwords. It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, Active Directory is used to authenticate remote users. SAM uses cryptographic measures to prevent forbidden users to gain access to the system.

32

9. A collection or list of users is known as _______.

Groups

33

10. The ______ built-in group is used to create, delete, and modify user accounts and groups.

Account Operators

34

1. The primary naming service used in Windows is ____________.
a. AD
b. WINS
c. DNS
d. DHCP

c. DNS

35

2. What is the resource record that translates from hostname to IP address in DNS?
a. PTR
b. H
c. IP
d. A

d. A host address IPv4
AAA host address IPv6

36

3. _______ is a legacy naming system used to translate Computer Names/NetBIOS names to IP addresses.
a. AD
b. WINS
c. DNS
d. DHCP

b. WINS

37

4. What is the master time server?
a. Schema Master
b. Domain Naming Master
c. PDC Emulator
d. RID Master

c. PDC Emulator

38

5. What holds replica information of every object in a tree and forest?
a. Infrastructure Master
b. Schema Master
c. Global Catalog
d. PDC Emulator

c. Global Catalog

39

6. Which group scope is meant to be used to assign permissions to a local resource?
a. Distribution group
b. Domain local
c. Global
d. Captured

b. Domain local

40

7. Which group scope can contain global groups from multiple domains?
a. Emulation
b. Domain local
c. Global
d. Universal

d. Universal

41

8. What can be used to specify how many times a user can enter a login with an incorrect password before the account is disabled?
a. User profile
b. Group policy
c. Software policy
d. User account collection

b. Group policy

42

9. To which of the following can a group policy not be directly applied?
a. Group
b. Site
c. Domain
d. OU

a. Group

43

10. What authorizes a user to perform certain actions on a computer?
a. Permission
b. UNC
c. Right
d. Task

c. Right

44

True / False
1. A collection is two or more trees.

False

45

True / False
2. A site and domain controllers are the physical aspects of the network.

True

46

True / False
3. A member server is running Active Directory domain services.

False

47

True / False
4. Higher domain and forest functional levels will enhance the functionality of Active Directory.

True

48

True / False
5. Active Directory is closely tied to DNS.

True

49

Competency Assessment
Scenario 5-1: Designing Active Directory
You have ten sites throughout the country and five major departments. How would you design your Active Directory structure?

You can use one domain with two different approaches (depending on your management needs). One approach is to have five OUs for each department with OUs for sites inside each department or to have an OU for each department with OUs for each site in the department OUs. When creating OUs, you should try not to make it two deep.

50

Competency Assessment
Scenario 5-2: Designing AD Physical Structure
How do you define how the domain controllers will replicate data to the other domain controllers?

You need to first define sites based on your IP subnets and you should place two or more domain controllers on each site. For larger sites that may have additional domain controllers, you define bridgeheads that will be used as the central point of replication between the sites.