MCTS - Net II - Midterm Review Questions

Question 1

Advantages of running a dedicated forest root domain:

Answer 1

Flexibility, security, more manageable

Question 2

What is a shortcut trust?

Answer 2

A shortcut trust is configured manually between domains in the same forest to bypass the normal referral process.

Question 3

How do you verify who is delegated control in a OU how would you do it?

Answer 3

AD Users & Computers > enable Advanced Features under View > right-click on OU > select Properties > Security tab > Advanced > Permissions tab (DACL) you can see ACEs lists or download DSrevoke Tool

Question 4

Name the Master roles:

Answer 4

Schema master, Infrastructure master, Domain naming master, RID (relative identifier) master, PDC emulator master

Question 5

What does a schema partition do?

Answer 5

Contains info needed to define AD objects and object attributes for all domains in the forest. Is replicated to all domain controllers inthe forest. One controller in the forest is designated as the schema master domain controller and holds the writeable copy of the schema.

Question 6

What does a directory partition do?

Answer 6

Contains all objects in a domain, including users, groups, computers, OUs, etc. There’s one domain directory partition for each domain in the forest. Changes made to objects in a domain directory partition s are replicated to each domain controller in the domain.

Some object attributes are also replicated to global catalog servers Changes to the domain directory partition can occur on any domain controller in the domain except read-only domain controllers.

Question 7

What does the infrastructure master do?

Answer 7

Responsible for updating references from objects in other domains. Compares its data with that of a global catalog which receive regular updates for objects in all domains through replication, so the global catalog will always be up-to-date.

Question 8

What is an external trust?

Answer 8

A one-way or two-way non-transitive trust between two domains that aren’t in the same forest.

Question 9

What is x.500?

Answer 9

A suite of protocols developed by ITU (International Telecommunications Union), is the basis for the hierarchical structure of AD information and for how AD objects are named and stored.

Question 10

What is the discretionary ACL?

Answer 10

A list of security principals, with each having a set of permissions that define access to the object. Each entry in the DACL is referred to as an ACE. If a security principal or a group the security principal belongs to isn’t in the DACL, the security principal has no access to the object.

Question 11

Know basic directory partition types:

Answer 11

domain directory partition - schema directory partition - global catalog partition - application directory partition - configuration partition

Question 12

Know the operation master roles:

Answer 12

schema master, infrastructure master, domain naming master, RID master, PDC emulator

Question 13

How do you change/remove inherent permissions?

Answer 13

• Make changes to the parent object, and the child will inherit these permissions
• Select the opposite permission (allow/deny) to override the inherited permission
• Clear the “Inherit from the parent the permission entries that apply to child objects. Include these with entries explicitly defined here” check box Then you can make changes to the permissions or remove users or groups from the Permissions list. However, the object will no longer inherit permissions from the parent object.

Question 14

Know some of the characters you can use when naming an account:

Answer 14

@$#%&!

Question 15

What is AGDLP?

Answer 15

Microsoft’s best practices recommended using these groups to aggregate users with similar access or rights requirements:

Accounts are made of members of
Global groups, which are made members of
Domain Local groups, which are assigned
Permissions to resources

Question 16

Know the benefits of using roaming profiles:

Answer 16

Consistent environment, easy mgmt.,ability to log on the profile from any pc since the profile is saved to the network share.

Question 17

What does DSGET do?

Answer 17

Displays an object’s properties onscreen by default, but he output can be redirected to a file.

Question 18

What does DSMOD do?

Answer 18

Modifies existing AD objects.

Question 19

How does setting up a mandatory profile affect user show login to the network?

Answer 19

To prevent certain users to have a profile that can’t be changed, or can be changed during the session but reverts to the original profile the next time the user logs on.

Question 20

What does a super mandatory profile do?

Answer 20

Prevents a user from logging on to the domain when the mandatory profile is unavailable.

Question 21

What is a Universal Group?

Answer 21

Membership info is stored only on domain controllers configured as global catalog servers. Second, they are the only type of group with a truly universal nature.

• User accounts, global groups and universal groups from any domain in the forest can be a member.
• They can be a member of other universal groups from any domain in the forest can be a member.
• They can be assigned permissions to resources in any domain in the forest.

Question 22

Where are user profiles stored by default in Server 2008?

Answer 22

C:Windows\Users\%SYSTEMDRIVE%

Question 23

When are user profiles created?

Answer 23

When a user logs in

Question 24

What are Enterprise Admins?

Answer 24

This group is automatically added to the Administrators group in every domain in the forest, providing complete access to the configuration of all domain controllers.

Question 25

What does DSRM do?

Answer 25

Removes or deletes objects from AD

Question 26

Why would you use a volume point?

Answer 26

To avoid using a drive letter, extend the apparent amount of free space on an existing volume, consolidate frequently accessed volumes, consolidate several shared volumes under a single network share.

Question 27

What is the maximum partition size supported by FAT16?

Answer 27

FAT16 is limited to 2 GB partitions in most implementations (although Windows NT permits partitions up to 4 GB).

Question 28

Whats is the default limit for the number of simultaneous users in Server 2008:

Answer 28

16,777,216

Question 29

Distributive file system roles:

Answer 29

Makes shared files more accessible and reliable by grouping shared folders from multiple servers into a single folder hierarchy and using replication for fault tolerance. A DFS hierarchy is referred to as a namespace. When you install the role, you can create a namespace that suits the shares in the hierarchy. DFS MMC is installed in Admin Tools and Server Manager.

Question 30

What file systems does Windows Server 2008 support:

Answer 30

NTFS/FAT

Question 31

What is the sizes limit of partitions for FAT32?

Answer 31

32 GB

Question 32

Methods you can access Windows shares:

Answer 32

Mapping a drive, browsing the network, AD search, UNC Path - \\server\share[\subfolder[]\file], \\server

Question 33

Know what a print queue is:

Answer 33

A storage location for print jobs awaiting printing. In Server 08 the print queue is implemented as a directory by default C:\Windows\System32\Spool\Printers

Question 34

Know what a print device is:

Answer 34

Physical printer containing paper, ink/toner to which print jobs are sent. * Local print device - A printer connected to I/O port on a pc. * Network print device - Printer attached directly to the network via a NIC.

Question 35

What is server message block (SMB)?

Answer 35

Protocol is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network. Can be used on top of its TCP/IP protocol or other network protocols. An application (or the user of the app) can access files or other resources on the remote server. It can also communicate with any server program that is set up to receive and SMB client request.

Question 36

If a file has compression on it what happens to the compression when copied to a new location what happens to the compression attribute? What happens if it’s moved within the volume?

Answer 36

* Files copied to a new location inherit the compression attribute from the parent container. Whether a file is compressed or not, if it’s copied to a folder or volume that has the compression attribute set, the file is compressed. If the destination’s compression attribute set, the file isn’t compressed. * Files moved to a new location on the same volume retain their current compression attributes. * Files moved to a different volume inherit the compression attribute from the parent container.

Question 37

Know permissions: read-only, modify, etc.

Answer 37

*Read - Users can view contents of files, copy files, run applications and script files, open folders and subfolders, and view file attributes. * Change- All permissions granted by Read, plus create files and folders, change contents and attributes of files and folders, and delete files and folders. * Full-Control- All permissions granted by Change, plus change file and folder permissions as well as take ownerships of files and folders. * Modify- Users can read, modify, delete and create files. Can’t change permissions or take ownership. Selecting this permission automatically selects Read & Execute, List folder contents, Read and Write. * Write- Users create and modify files and read file attributes and permissions. However, this permission does not allow users to read or delete files. In most cases, the Read or Read and execute permission should be given with Write permission.

Question 38

What does a valid EFS certificate do?

Answer 38

A user must have a valid EFS certificate to be added to an encrypted file’s access. EFS is set up to issue and EFS certificate automatically to any user who encrypts a file. Users can also be issued a certificate server. Recovery agents are identified by certificates, too, but recovery agent certificates can’t be used as EFS certificates and vice versa.

Question 39

Know what a Line Printer Daemon is

Answer 39

Allows Unix\Linux computers using the Line Printer Remote (LPR) service to print to Windows shared printers.