Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
19 Cards in this Set
- Front
- Back
|
The active directory database is stored on each domain controller in a file called ___________. |
ntds.dit |
|
|
The AD __________ is considered the security boundary for an AD environment.
|
forest
|
|
|
To provide fault tolerance and redundancy, AD utilizes a _______________ replication model.
|
multimaster |
|
|
To create a trust relationship with an NT4 domain, you will configure an __________ trust. |
external trust
pg 17 |
|
|
The dist__________ n_________ of an AD object identifies its location within the directory structure. |
distinguished name |
|
|
A cross-forest ___________ provides a two-way transitive trust relationship between all domains within two forests.
|
trust
|
|
|
Each domain in an AD forest has a ___________ trust relationship with every other domain in the forest.
|
2-way transitive
|
|
|
Universal gr________ c________ allows a user at a remote site to be able to log into active directory without needing to contact a global catalog server. |
universal group caching
|
|
|
Which of the following is a valid leaf object in AD?
a - domain b - user c - application partition d - OU |
b |
|
|
In planning a deployment of active directory at your company, you need to take into consideration the needs of the department heads, all of whom want to manage their own users and resources on the network. What feature will permit you to set up AD to allow each manager to control his or her own container but not any others?
a - delegation of control b - RODC c - multimaster replication d - SRV records |
A
Administration of an OU can be delegated to a departmental supervisor or manager and thus can allow that person to manage day-to-day resource access or more mundane tasks, such as resetting passwords. pg 7 |
|
|
What does DNS require for active directory to function?
a - dynamic update support b - DHCP forwarding support c - SRV records support d - AD integration |
c
SRV records are the locator records within DNS that allow clients to locate an AD DC or global catalog. Without this, clients would be unable to authenticate against AD. pg 10 |
|
|
If the user named Amy is located in the sales OU of the central.cohowinery.com domain, what is the correct syntax for referencing this user in a command-line utility?
|
each dot requires a dc:
cn=amy,ou=sales,dc=central,dc=cohowinery,dc=com |
|
|
RODCs do not participate in which of the following?
a - replication b - cross-forest trusts c - outbound replication d - external trusts |
C
|
|
|
Which of the following is a container object in AD?
a - folder b - group c - user d - OU |
D
|
|
|
What is the first domain installed in a new AD forest called?
a - forest root domain b - parent root domain c - domain tree root d - domain root |
A
|
|
|
Which of the following is the security boundary within AD?
a - forest b - domain c - domain tree d - OU |
A |
|
|
(practice exam) Your company has a main office that consists of a single AD domain. All servers on the network run Server 08 R2. A server named SRV1DC is configured as a DC.
The company opens a new branch office at a different location. You configure a RODC named SRV2RODC in the branch office but you must ensure that sensitive information is not replicated between the two servers. What should you do?
a - configure the RODC filtered attribute set b - implement bitlocker on SRV1DC c - disable the replicator user group on SRV2RODC d - configure the password replication policy on SRV2RODC. |
a - You should configure the RODC filtered attribute set. A RODC hosts read-only partitions of the AD database and holds all the AD DS objects and attributes that a writable DC holds, except for account passwords. By default, a RODC does not store user or computer credentials except for its own computer account and the Krbtgt account (a unique account used for Kerberos authentication).
When you want to prevent replication of sensitive data, you should configure the RODC filtered attribute set, which is a set of attributes configurable in the schema that do not get replicated to a RODC. |
|
|
(practice exam) Users in the bcdtrain.com domain need access to resources in meddev.com. The corp.bcdtrain.com and meddev.com domains are in different forests. Users in meddev.com do not need access to resources in corp.bcdtrain.com. What should you do in each domain? Options: 1. create incoming external trust 2. create outgoing external trust 3. create incoming forest trust 4. create outgoing forest trust 5. do nothing Domains to configure: meddev.com bcdtrain.com corp.bcdtrain.cpom |
meddev.com --- create outgoing external trust bcdtrain.com --- do nothing corp.bcdtrain.com --- create incoming external trust Explanation: - External trusts allow users in a domain in one AD forest to access resources in another AD forest domain. - Forest trusts are transitive to all domains in the forest, allowing users to access any domain in forests on both sides of the trust. - The trust incoming side is for the side of the trust where the users who need access exist. - The trust outgoing side is where the resources are located. |
|
|
1. Run dcpromo with the CreateDCAccount and DelegatedAdmin options
This pre-stages the DC and allows the delegated administrator to install it without requiring any other permissions.
2. Run dcpromo with the UseExistingAccount:Attach and UserName options
This part is run by John Smith on-site to promote the server to a DC. |
