Ad Overview Server 2008 Exam 70-640

Front 1

What are the two main server types in an NT domain?

Back 1

PDC and BDC

Front 2

Two types of domains in and NT - Multi-master domain topology?

Back 2

Master Domain
(trust)
Resource Domain

Front 3

3 Advantages of old NT over workgroups?

Back 3

Centralised Admin
Database replication
Could scale to 1000's of users

Front 4

4 Limitations of NT model?

Back 4

Didn't scale/work well for very/large org
Trust relationships needed a lot of work
Excessive replication BAD for low-bandwidth WAN links
Difficult to delegate admin duties

Front 5

3 Features of AD?

Back 5

LDAP for transferring information
Reliance on DNS for name resolution
Ability to extend the schema

Front 6

Functions of Domains

Back 6

Create security boundaries to protect resources and ease of administration
Ease admin of usrs, grps, comps etc
Provide central DB of NW obj's

Front 7

Type of server for remote locale with questionable security?

Back 7

Read-only domain Controller

Front 8

True or False:
Two objects can have the same relative distinguished name

Back 8

True.
Jane Doe can be in AD twice (or more) in different OU's

Front 9

True of False?:
Two objects can have the same distinguished name.

Back 9

False.
DN is unique to each AD object

Front 10

AD Trust Relationships - 3 truths

Back 10

1. Trusts are transitive
2. By default, trusts are two-way relationships.
3. Trusts are used to allow the authentication of users between domains.

Front 11

Protocol used to query AD

Back 11

LDAP

Front 12

Policy that allows for different password and account lockout policies for different sets of users in the same domain?

Back 12

Fine-grained password policy

Front 13

What is the Server role that allows/provides for single sign-on capability for multiple apps?

Back 13

AD Federation Services

Front 14

Advantages of using Server 2008 AD Certificate Services?

Back 14

Web enrollment
Network Device Enrollment Service
Online Responder

Front 15

Which role allows a user to secure an email while using Microsoft Office 2007 Outlook?

Back 15

AD Rights Management Services (AD RMS)

Front 16

Identity and access (IDA) has five distinct categories. What are they?

Back 16

Directory services,
strong authentication, Federated Identities, information protection,
and Identity Lifecycle Management

Front 17

Another administrator has changed a user's group settings. What is the easiest way to get the original setting back for the user?

Back 17

Perform Auditing.
Review logs.
Undo what he did - the dunce!

Front 18

What is the feature of AD that allows info to remain in sync between DC's?

Back 18

Replication

Front 19

Which component of AD should you implement at remote sites to improve the performance of searches conducted for objects in all domains?

Back 19

Global Catalog Server

Front 20

Name of the server that is a repository of Active Directory topology and schema information for Active Directory?

Back 20

Schema Master

Front 21

You need to install the Active Directory Federation Services. What application do you use to do the install?

Back 21

Server Manager

Front 22

What term is used to refer to the actual structure that contains the information stored within Active Directory?

Back 22

Data store

Front 23

NW admin for a 200-node network. Only 30 need a new app.
What can you do?

Back 23

Create an OU with the 30 in it.
Deploy app/update to the OU

Front 24

Used to create a logical structure in AD is an ______?

Back 24

Organisational Unit

Front 25

List 8 Advantages of AD

Back 25

Heirarchical Organisation
Extensible Schema
Centralised Data Storage
Replication - DNS & AD
Ease of Admin
Network Security
Scalability
Search

Front 26

3 Components of AD

Back 26

Datastore - central
Schema
Global Catalog

Front 27

2 Mechanisms of AD?

Back 27

Replication
Search

Front 28

3 Logical Structures of AD?

Back 28

Domains
Trees
and Forests

Front 29

What does the AD Schema Specify?

Back 29

Type of Info - Object classes & attributes
How the data is stored - structure

Front 30

The Global Catalog. What is it?

Back 30

Index database that contains a subset of all the information in the AD Forest.

Front 31

What does AD replication do?

Back 31

Provides fault tolerance and improved performance for remote sites by copying GPO's and other AD data between DC's

Front 32

A Domain is ______

Back 32

a logical security boundary that allows for the:
creation
administration &
management of related resources

Front 33

A Domain uses what resources?

Back 33

Uses resources exclusive to its domain but also shares and uses other resources from other domains who it trusts.

Front 34

Name 4 characteristics of Domain Objects.

Back 34

GP & Sec permissions
Hierarchical Obj Naming
Hierarchical Inheritance
Trust Relationships

Front 35

How can security be applied in a domain? (2 ways)

Back 35

Security can be applied via GPO or via the actual ACL of the Object (User, Group etc)

Front 36

What does Hierarchical Obj Naming provide for or allow?

Back 36

Allows for each object to have a unique Name

Front 37

What does a child Obj inherit from its parent Obj?

Back 37

Security and Configuration settings

Front 38

What does a Trust do?

Back 38

Allows two domains to share security and resources

Front 39

When are Trusts created?

Back 39

Automatically between domains in the
same Tree
same Forest
between Forests (W2k8 only)

Front 40

What is the default type of Trust?

Back 40

Two-way transitive

Front 41

A Tree in AD is _____

Back 41

a hierachical collection of one or more domains that share a contiguous namespace

Front 42

A Forest in AD is _____-

Back 42

one or more domains that share a non-contiguous namespace

Front 43

The first domain in the Forest is called the

Back 43

Forest Root Domain

Front 44

What is a GUID?

Back 44

Security ID placed on applications in AD. Huge but not unique.

Front 45

What is a SID?

Back 45

Security ID placed on each Object in AD. Guaranteed unique

Front 46

If you want Alice to become John in AD as a user, and retain all the same security and groups that John's user account had, what can you do?

Back 46

Rename John's user account to Alice.
SID remains the same

Front 47

If you deleted Steven's user account and Steven came back to work, would recreating Steven's account with the same name recreate all of Steven's old settings?

Back 47

No.
New account, same name but different SID

Front 48

What is a distinguished name?

Back 48

Uniquely ID's obj in domain.

Front 49

What do these parts of a distiguished name represent?
/O
/DC
/CN

Back 49

O = Organisation - company root domain
DC = Domain Component
CN = Common Name

Front 50

What can you do with the DN that you can't with the SID?

Back 50

The DN can change by re-organising OU structure.
The SID can't. Ever.

Front 51

What can you apply security and other configuration against?

Back 51

OU's

Front 52

What can you do if you don't want a child OU to inherit from its parent OU?

Back 52

Block inheritance.

Front 53

What are the 5 AD roles in Windows Server 2008?

Back 53

AD CS
AD DS
AD FS
AD LDS
AD RMS

Front 54

AD CS allows admins to

Back 54

Config SVCs for issuing and managing public key Certificates

Front 55

What can AD CS Certificates be used with?

Back 55

AD Obj's
Devices
Services

Front 56

What are the four components of AD CS?

Back 56

Web Enrollment
Certification Authorities
Network Device Enrollment
Online Responder Service

Front 57

AD CS Web Enrollment allows ___

Back 57

users to request and receive Certificate Revocation Lists (CRLs) from web browser

Front 58

What are the 3 types of CA's and what do the each do?

Back 58

EA - hold cert's for whole enterprise
SRA - standalone and provied cert's for Internet
SCA - sub ordinate to EA. Hand out certs on behalf of EA

Front 59

What does the AD CS NW Device Enrollment Service do?

Back 59

Allows NW devices to obtain a certificate even if it doesn't have an AD Account

Front 60

The AD CS Online Responder Service responds to _____

Back 60

Valid certification requests with signed/unsigned response

Front 61

An AD DS Fine-grained password policy allows ___

Back 61

Allows an Organisation to have different password and account policies for different sets of users in the same domain

Front 62

What is the improvement to Auditing in W2k8?

Back 62

Can see success/failure AND
what actions were done.

Front 63

AD services can now be _______ whilst allowing other services such as DNS and DHCP to run?

Back 63

Restarted or Stopped

Front 64

What is DSAMain.exe and what does it allow an Admin to do?

Back 64

Database Mounting Tool.
Allows viewing of AD data that has been backed up to find the actual backup set that is required.

Front 65

AD FS does what?

Back 65

Provides internet based clients a secure ID .
Also does Single sign-on

Front 66

AD LDS does what?

Back 66

AD-enabled apps and devices can store and retrieve data without the dependencies that AD DS requires

Front 67

AD RMS requires an _____ _____ ____ to enable _______________

Back 67

An AD RMS-enabled client to enable admins or users to determine who can open what type of files, even after they've left the organisation.

Front 68

What is IDA's purpose?

Back 68

Used to simplify securly the number of different credentials required to log-onto mutiple apps

Front 69

What are the five components of IDA?

Back 69

Directory Services (AD DS)
Strong Authentication (AD CS)
Federated Identities (AD FS)
Information Protection (AD RMS)
Identity Lifecycle Management

Front 70

What does IDA Identity Lifecycle Management do?

Back 70

Attempts to free up Admin's time by delegating simple tasks like password resets to other users