Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
67 Cards in this Set
- Front
- Back
|
What are the minimum hardware requirements for installing OS X Lion Server?
|
The minimum requirements are:
• Mac with an Intel Core 2 Duo, Core i3, Core i5, Core i7, or Xeon processor • 2 GB of RAM (more for high-demand servers running multiple services) • 10 GB of available disk space |
|
|
What tool do you use to configure Lion Server if you have an unconfigured Lion Server?
|
You use the Server app to configure an unconfigured Lion Server.
|
|
|
If you’re installing Lion Server on a Mac with Lion, what’s one configuration step you should take first?
|
You should configure your Mac with Lion to use a manually assigned IPv4 address.
|
|
|
What are three kinds of names associated with your Lion Server, and what are they used for?
|
You can use the Server app to configure these three names:
• Computer Name: What appears in the Finder sidebar if your server offers file-sharing services. • Bonjour name: Appended with .local and is used for services discovery. • DNS host name: Computers and devices can access services offered by your Lion Server by using its DNS host name, even if they’re not on its local network, as long as the host name corresponds with an IPv4 address that is reachable and not blocked by firewalls. |
|
|
How can you install the Server app on an administrator computer?
|
You can use the Mac App Store to download the Server app to an administrator computer, or just copy the Server app to an administrator computer.
|
|
|
What are three ways to keep Lion Server up to date with software?
|
You can:
• Log in to your Lion Server, and from the Apple menu, choose Software Update • Use the Alerts section of the Server app to install available software updates • Click Server Updates in the toolbar of Server Admin, select the update(s) to install, and then click Install |
|
|
What three applications can you use to display graphs of performance characteristics of your Lion Server?
|
The Server app, Server Admin, and the Server Status widget all display graphs.
|
|
|
What’s the difference between a root certificate authority (CA) and an intermediate CA?
|
An intermediate CA’s public key certificate is signed by another CA. A root CA’s public key certificate is signed by itself. Note that there is a set of root CAs that Lion and Lion Server trust.
|
|
|
What’s the problem with just using a self-signed SSL certificate?
|
Computers and devices that access services that use a self- signed SSL certificate will see a message that the SSL certificate is not trusted. It’s a security risk to teach users to just trust any SSL certificate that causes a warning.
|
|
|
Describe the difference between authentication and authorization, and give an example of each.
|
Authentication is the process by which the system requires you to provide information before it allows you to access a specific account. An example is entering a name and password while connecting to a Lion Server’s Apple Filing Protocol service. Authorization refers to the process by which permissions are used to regulate a user’s access to specific resources, such as files and shared folders, once the user has been authenticated.
|
|
|
What is the difference between user and administrator accounts on Lion Server?
|
User accounts provide basic access to a computer or server, whereas administrator accounts allow a person to administer the computer. On Lion Server, an administrator account is typically used for changing settings on the server computer itself, usually through the Server app, Server Admin, or Workgroup Manager.
|
|
|
Which applications can you use to configure Lion Server local user and group settings?
|
You can use the Users & Groups preferences, the Server app, and Workgroup Manager to create and configure local users and groups.
|
|
|
What tool can you use to import and export user accounts?
|
You can use Workgroup Manager to import and export user accounts. Additionally, you can use the Server app to import network users after you authenticate as a directory administrator.
|
|
|
Which two file formats can you use to import users with
Workgroup Manager? |
You can use Workgroup Manager to import a character- delimited text file with user information, but you need to use Workgroup Manager to define the characteristics of the information contained in the file. You can also import a text file that has a header line at the beginning of the file that defines its contents, such as a file exported from another OS X Server computer.
|
|
|
Can you export user passwords with Workgroup Manager?
|
No. You can only import user passwords; you can’t export user passwords when you export users with Workgroup Manager.
|
|
|
What tool can you use to authorize a nonadministrative user to administer or monitor specific services on Lion Server?
|
You can use Server Admin to give a nonadministrative user the ability to use Server Admin to administer or monitor specific services.
|
|
|
What’s the difference between service ACLs and limited administrator settings?
|
Service ACLs determine which users can use a given service, whereas limited administrator settings control which nonadministrative users can monitor or change a service with Server Admin.
|
|
|
What’s an easy way to help your users running Lion to quickly configure their computers to use your server’s VPN service?
|
Select VPN in the Server app sidebar, click Save Configuration Profile, and distribute the resulting .mobileconfig file to your users. When a user of a computer with Lion opens
the .mobileconfig file, the Profiles preferences automatically open and prompt the user to install the configuration profile. |
|
|
What’s the main function of directory services?
|
Directory services provide a central repository for information about the computers, applications, and users in an organization.
|
|
|
What standard is used for data access with Open Directory? What version and level of support is provided for this standard?
|
Open Directory uses OpenLDAP and the Lightweight Directory Access Protocol (LDAP) standard to provide a common language for directory access. Open Directory uses LDAPv3 to provide read and write access to the directory data.
|
|
|
In terms of Open Directory, what four roles can Lion Server play?
|
Lion Server can be an Open Directory master, a standalone server, connected to a directory system, and an Open Directory replica.
|
|
|
What are the two methods of applying password policies, and where are they located?
|
Per-user policies are defined in Workgroup Manager, and global policies are defined in Server Admin or the Server app.
|
|
|
When you create an Open Directory archive, is the sparse image created on the server that hosts the Open Directory service or on the administrator computer from which you run Server Admin?
|
The archive is created on the server that hosts the Open Directory service.
|
|
|
What criteria determines the Open Directory locale with which a Lion Open Directory client associates?
|
If a Lion computer’s IPv4 address is in the range of a subnet associated with an Open Directory locale, that computer should use any of the Open Directory servers associated with that locale. Otherwise, it will use the default locale.
|
|
|
What log shows successful and failed attempts to authenticate against the password service?
|
Password Service Server Log, located at /Library/Logs/ PasswordService/ApplePasswordServer.Server.log, shows successful and failed attempts to authenticate.
|
|
|
What tool can you use to confirm forward and reverse DNS records?
|
You should use Network Utility to confirm forward and reverse DNS records before configuring as an Open Directory master or replica, or binding to another directory service.
|
|
|
What tool can you use to check the ability to obtain a Kerberos ticket?
|
Ticket Viewer is in /System/Library/CoreServices, and you can use it to confirm the ability to obtain a Kerberos ticket.
|
|
|
What tool is used to create profiles?
|
The Profile Manager web app is used to create profiles.
|
|
|
Name at least three ways a profile can be delivered.
|
User portal, email, web page, manual delivery, or a push to enrolled devices via the Mobile Device Management capabilities of Profile Manager.
|
|
|
Why should a configuration profile be signed?
|
A configuration profile should be signed to validate the contents of the profile.
|
|
|
How is a profile removed from an OS X computer? From an iOS device?
|
In OS X Lion, the profiles are managed in the Profiles preference pane within System Preferences. On an iOS device, navigate to Settings > General > Profiles to view and remove installed profiles.
|
|
|
What is a configuration profile? An enrollment profile?
|
A configuration profile contains settings and preferences to manage the user experience in a controlled device. An enrollment profile allows the device to be remotely controlled, performing such tasks as remote wipe and lock, and installation of other configuration profiles.
|
|
|
What steps are involved with turning on the Profile Manager service?
|
You can click the On/Off switch in the Server app Profile Manager pane to turn on the Profile Manager service. To enable device management (also known as Mobile Device Management), click Configure next to Device Management, select a valid SSL certificate, and specify a verified Apple ID to obtain an Apple Push Notification service certificate.
|
|
|
What steps are involved with specifying that you want to sign your configuration profiles?
|
In the Server app Profile Manager pane, select the checkbox labeled “Sign configuration profiles,” then choose a valid code signing certificate. Then, when you create profiles with the Profile Manager web app, they’re automatically signed.
|
|
|
What three components comprise Profile Manager?
|
The Profile Manager includes the Profile Manager web app, the user portal, and the optional device management (Mobile Device Management) service.
|
|
|
What are the advantages of using NetBoot?
|
Because NetBoot unifies and centralizes the system software that NetBoot clients use, software configuration and maintenance are reduced to a minimum. A single change to a NetBoot image propagates to all client computers on the next startup. NetBoot also decouples the system software from the computer, decreasing potential software troubleshooting.
|
|
|
What are three ways to configure the network startup disk?
|
A client can select a network disk image from the Startup pane within System Preferences, by holding down the N key at startup to boot from the default NetBoot image, or by pressing the Option key.
|
|
|
Which network protocols are used during the NetBoot startup sequence? What components are delivered over each of these protocols?
|
NetBoot uses DHCP, TFTP, NFS, and HTTP during the NetBoot client startup sequence. DHCP provides the IP address, TFTP delivers the boot ROM (“booter”) file, and NFS or HTTP delivers the network disk image.
|
|
|
What is a NetBoot shadow file?
|
Because the NetBoot boot image is read-only, anything that the client computer writes to the volume is cached in the shadow file. This allows a user to change the boot volume, including setting preferences and storing files; however, when the computer is restarted, all changes are erased.
|
|
|
What are the major differences between NetBoot, NetInstall, and NetRestore?
|
NetBoot allows multiple machines to boot into the same environment. NetInstall provides a convenient way to install operating systems and packages onto multiple machines. NetRestore provides a way to clone an existing image to multiple machines.
|
|
|
Name three file-sharing protocols supported by Lion Server and their principal target clients.
|
AFP for Mac clients, SMB for Windows clients, and WebDAV for iOS devices are three file-sharing protocols supported by Lion Server.
|
|
|
How does Lion Server support browsing for Windows clients?
|
Lion Server uses NetBIOS to advertise its presence to Windows clients; Windows users see Lion Server in their Network Neighborhood or Network Places.
|
|
|
When does an access control entry (ACE) for a folder’s access control list (ACL) get propagated to items in the folder?
|
An ACE of a folder’s ACL is propagated to a new item that’s created in that folder, or copied into that folder from another volume, if the inheritance options for the ACE apply. Also, an administrator can select a folder in the Storage pane of the Server app, choose Propagate Permissions from the Action pop-up menu, select the Access Control List checkbox, and click OK. Finally, if you use the File Sharing pane to modify an ACL that has been inherited, the changes will be propagated.
|
|
|
What two actions are necessary to provide a network home folder for a network user?
|
You need to first edit a share point and select the checkbox “Make available for home directories.” Then you can edit a user, and select that share point in the Home Folder pop-up menu.
|
|
|
What permissions can you choose for an ACE in the File Sharing pane of the Server app?
|
In the File Sharing pane of the Server app, when you edit an ACE, you can choose Read & Write, Read, or Write.
|
|
|
What permissions can you specify for an ACE in the Storage pane of the Server app?
|
In the Storage pane of the Server app, when you edit an ACE, you can select checkboxes for 13 kinds of permissions. The categories include Administration, Read, and Write.
|
|
|
In the Storage pane of the Server app, what four rules for inheritance can you apply to an ACE?
|
There are four inheritance rules: folder, child folders, child files, and all descendants.
|
|
|
How do you remove an inherited ACE?
|
In the Storage pane of the Server app, navigate to the item that has an ACL, click the Action pop-up menu, choose Edit Permissions, click the Action pop-up menu, and choose Remove Inherited Entries.
|
|
|
What might it mean if you see a GUID rather than a user
name in an ACL? |
If you see a GUID instead of a user name, it could mean that you removed a user or a group from your Lion Server, and the ACE is displaying that user or group’s GUID because it can’t map the GUID to a user or a group.
|
|
|
What URL should you use from an iOS device to save to a WebDAV-enabled share point hosted by the Lion Server at server17.pretendco.com, if the web service on the Lion Server uses an SSL certificate?
|
In the iOS application that supports WebDAV, you would use the URL https://server17.pretendco.com/webdav. Depending on the application, you’ll see a list of share points that support WebDAV.
|
|
|
Do both the File Sharing and the Time Machine services need to be turned on to offer Time Machine services to your users?
|
Yes, both File Sharing and Time Machine need to be on to offer the Time Machine service to your users.
|
|
|
On what software is Lion Server’s web service based?
|
Lion Server’s web service is based on Apache, the open source web server software.
|
|
|
Which permissions are necessary on a web folder to ensure that visitors to the site can access the pages?
|
The everyone or www group must have read access to the web files.
|
|
|
What are access controls?
|
Access controls are paths to folders that can be restricted based on group.
|
|
|
Where is the default location for the Apache log files?
|
The default location for Apache log files is /var/log/apache2/ access_log and /var/log/apache2/error_log.
|
|
|
What is the advantage of using SSL on a website?
|
SSL helps protect the traffic traveling to and from the website by encrypting the data.
|
|
|
What protocol is used for the iChat service?
|
The iChat service uses the Extensible Messaging and Presence Protocol (XMPP).
|
|
|
How would you limit access to iChat service on Lion Server?
|
You can limit access through Service Access Control Lists, available per user in the Server app.
|
|
|
What tools can an administrator use to specify which users can create wikis? How does a network user specify which users and groups can edit a wiki?
|
Administrators can use the Wiki Creators list in the Wiki service settings in the Server app. When creating a wiki with a web browser, a user can specify permissions for users and groups to access and edit the wiki.
|
|
|
How would you enter the iChat name for the user Jet Dogg (short name: jet) on server17.pretendco.com?
|
The iChat name format for Jet Dogg on server17.pretendco.com is jet@server17.pretendco.com.
|
|
|
What application do you use to create resources and locations for use in iCal events?
|
The Server app is used to create resources and locations for use in iCal events.
|
|
|
What open source protocol does the Address Book service use?
|
he Address Book service uses CardDAV.
|
|
|
What is an open relay?
|
An open relay is a mail server that allows anyone on the Internet to anonymously send email messages through it. It’s the primary tool used by spammers on the Internet.
|
|
|
What is an MX record?
|
An MX record is a DNS record that indicates the priority and host name of a domain’s email server.
|
|
|
What is SMTP?
|
Simple Mail Transfer Protocol defines how messages travel from one computer to another on the Internet.
|
|
|
What are the main differences between POP and IMAP?
|
IMAP keeps a copy of the email message and its state on the server, maintains a persistent connection between the client and server, allows folder access, and supports higher security authentication methods. POP typically stores the message only until it’s downloaded by the client and requires fewer server resources than IMAP.
|
|
|
What method can be used to limit the amount of disk space used on a mail server?
|
The method to control disk consumption by users is user quotas.
|
