Lesson 5: Essential Services Flashcards

1
Q
  1. What system is used to translate www.microsoft.com to an IP address? a) DNS b) WINS c) DHCP d) ARP
A

Answer: a) DNS Difficulty: Easy Section Reference: Exploring DNS Explanation: Domain Name System (DNS) is a hierarchical client/server-based distributed database management system that translates domain/hosts names to IP addresses. Your organization most likely has one or more DNS servers that provide name resolution for your company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. What file is used to translate host names to IP addresses? a) hosts file b) lmhosts file c) dns file d) wins file
A

Answer: a) hosts file Difficulty: Medium Section Reference: Understanding HOSTS and LMHOSTS Files Explanation: Early TCP/IP networks used hosts (used with domain/hostnames associated with DNS) and lmhost (used with NetBIOS/computer names associated with WINS) files, which were text files that listed a name and its associated IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Which resource record used in DNS translates host names to IP addresses? a) SOA b) A c) PTR d) MX
A

Answer: b) A Difficulty: Medium Section Reference: Exploring DNS Explanation: A (host address) provides a hostname to an IPv4 address; AAA (host address) provides a hostname to an IPv6 address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which DNS resource records translate IP addresses to a host name? a) SOA b) A c) PTR d) MX
A

Answer: c) PTR Difficulty: Medium Section Reference: Exploring DNS Explanation: PTR (short for pointer) resolves an IP address to a hostname (reverse mapping) and is contained in the reverse lookup zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which DNS resource record is used to locate a domain controller? a) SOA b) A c) PTR d) SRV
A

Answer: d) SRV (service) records Difficulty: Medium Section Reference: Exploring DNS Explanation: SRV (service) records locate servers that host particular services, including LDAP servers or domain controllers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. What legacy naming service is used to translate computer names to IP addresses? a) DNS b) GlobalZones c) DHCP d) WINS
A

Answer: d) WINS Difficulty: Easy Section Reference: WINS Explanation: Windows Internet Name Service (WINS) is a legacy naming service that translates from NetBIOS (computer name) to specify a network resource. A WINS sever contains a database of IP addresses and NetBIOS names that update dynamically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What technology automatically assigns IP addresses to clients? a) DNS b) GlobalZones c) DHCP d) WINS
A

Answer: c) DHCP Difficulty: Easy Section Reference: DHCP Services Explanation: It would take hours to configure every host IP configuration, including IP address, addresses of DNS and WINS servers, and any other parameters. Thus, most organizations use Dynamic Host Configuration Protocol (DHCP) services to automatically assign IP addresses and related parameters (including subnet mask, default gateway, and length of the lease) so that a host can immediately communicate on an IP network when it starts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. What protocol is used to query and modify data contained within a structure that reflect geographical or organizational structure? a) LDAP b) DNS c) GlobalZones d) Kerberos
A

Answer: a) LDAP Difficulty: Easy Section Reference: Introducing Directory Services with Active Directory Explanation: The Lightweight Directory Access Protocol, or LDAP, is an application protocol for querying and modifying data using directory services running over TCP/IP. Within the directory, the sets of objects are organized in a logical hierarchical manner so that you can easily find and manage them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. What Windows server attached to a domain is not a domain controller? a) member server b) bridgehead server c) LDAP server d) Kerberos server
A

Answer: a) member server Difficulty: Easy Section Reference: Introducing Sites and Domain Controllers Explanation: A server that is not running as a domain controller is known as a member server. To demote a domain controller to a member server, you rerun the dcpromo program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which FSMO role is the master time server and password keeper? a) Schema Master b) Domain Naming Master c) PDC Emulator d) Infrastructure Master
A

Answer: c) PDC Emulator Difficulty: Hard Section Reference: Flexible Single Master Operations Explanation: The Primary Domain Controller (PDC) was the main domain controller used with Windows NT. The PDC Emulator provides backward compatibility for NT4 clients. It also acts as the primary server for password changes and as the master time server within the domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. What service replicates information of every object in a tree and forest so that you can quickly find those objects? a) LDAP server b) global catalog c) Infrastructure Master d) PDC Emulator
A

Answer: b) global catalog Difficulty: Medium Section Reference: Looking at Global Catalogs Explanation: A global catalog replicates the information of every object in a tree and forest. However, rather than store the entire object, it stores just those attributes that are most frequently used in search operations, such as a user’s first and last name, computer name, and so forth. By default, a global catalog is created automatically on the first domain controller in the forest, but any domain controller can be made into a global catalog.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What do you use to organize your users, computers, and other network resources within a domain? a) groups b) forest c) organizational units d) group policy
A

Answer: c) organizational units Difficulty: Easy Section Reference: Introducing Organizational Unites Explanation: To help organize objects within a domain and minimize the number of domains required, you can use organizational units (OUs). OUs can be used to hold users, groups, computers, and other organizational units.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What is the best way to give managers a way to change passwords for the users they manage? a) Make the manager a domain administrator. b) Make the manager an account operator. c) Make the manager a local administrator. d) Use the Delegate of Authority wizard.
A

Answer: d) Use the Delegate of Authority wizard. Difficulty: Medium Section Reference: Introducing Organizational Units Explanation: By delegating administration, you can assign a range of administrative tasks to the appropriate users and groups. For instance, you can assign basic administrative tasks to regular users or groups and leave domain-wide and forest-wide administration to members of the Domain Admins and Enterprise Admins groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. To which type of group would you assign rights and permissions? a) security group b) distribution group c) scoped group d) Global Domain group
A

Answer: a) security group Difficulty: Medium Section Reference: Comparing Group Types Explanation: Windows Active Directory has two types of groups: security and distribution. A security group is used to assign rights and permissions and gain access to network resources. It can also be used as a distribution group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Which type of group can contain any user or group in any domain and can be assigned to any resource in any domain? a) domain local group b) global group c) universal group d) distribution group
A

Answer: c) universal group Difficulty: Medium Section Reference: Comparing Group Scopes Explanation: Universal group scope is designed to contain global groups from multiple domains. Universal groups can contain global groups, other universal groups, and user accounts. Because global catalogs replicate universal group membership, you should limit the membership to global

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. What authorizes a user to perform a certain action on a computer? a) user rights b) permissions c) assignments d) certificates
A

Answer: a) user rights Difficulty: Medium Section Reference: Comparing Rights and Permissions Explanation: A right authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up files and directories on a system. User rights are assigned through local policies or Active Directory Group Policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Fill in the Blank 17. ___________ is the primary authentication protocol used in Active Directory.

A

Answer: Kerberos Difficulty: Hard Section Reference: Introducing Directory Services with Active Directory Explanation: Kerberos is a computer network authentication protocol that allows hosts to prove their identity securely over a non-secure network. It can also provide mutual authentication so that both the user and server can verify each other’s identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Fill in the Blank 18. A ________ is a logical unit of computers and network resources that define a security boundary.

A

Answer: domain Difficulty: Easy Section Reference: Introducing Directory Services with Active Directory Explanation: A Windows domain is a logical unit of computers and network resources that defines a security boundary. A domain uses a single Active Directory database to share its common security and user account information for all computers within the domain, allowing centralized administration of all users, groups, and resources on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Fill in the Blank 19. A __________ is a Windows server that stores the Active Directory database.

A

Answer: domain controller Difficulty: Easy Section Reference: Introducing Directory Services with Active Directory Explanation: A domain controller is a Windows server that stores a replica of the account and security information for the domain and defines the domain boundaries. To make a computer running Windows Server 2008 a domain controller, you must install the Active Directory Domain Services and execute the dcpromo (short for dc promotion) command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Short Answer 20. What do you call one or more trees with disjointed namespaces?

A

Answer: forests Difficulty: Easy Section Reference: Introducing Directory Services with Active Directory Explanation: A forest is made of one or more trees (although most people think of a forest as two or more trees). A forest varies from a tree because it uses disjointed namespaces between the trees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Short Answer 21. What do you call one or more IP subnets that are connected by a high-speed link?

A

Answer: A site Difficulty: Easy Section Reference: Introducing Sites and Domain Controllers Explanation: A site is one or more IP subnets that are connected by a high-speed link, typically defined by a geographical location. Suppose that you have a four-story office building. Although the building includes several subnets, all computers within the building use layer-2 and layer-3 switches to communicate with each other.

22
Q

Short Answer 22. What do you need to do with your forests and domains so that you can use all available features?

A

Answer: upgrade to the highest domain and forest functional levels Difficulty: Easy Section Reference: Defining Functional Levels Explanation: The functional level of a domain or forest depends on which Windows Server operating system versions are running on the domain controllers in that domain or forest. The functional level also controls which advanced features are available in the domain or forest. To get all the features available with Active Directory, you must have the latest version of the Windows Server operating system, and you have to use the highest forest and domain functional level.

23
Q

Short Answer 23. What technology is used to standardize the Windows environment on all client computers?

A

Answer: group policies Difficulty: Easy Section Reference: Introducing Group Policy Explanation: One of Active Directory’s most powerful features is Group Policy, which controls the working environment for user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and user settings in an Active Directory environment.

24
Q
  1. The file that is used to resolve hostnames to IP addresses is ______ .
A

Hosts

25
Q
  1. The resource record used in DNS to resolve IP address to hostnames is ______ .
A

PTR

26
Q
  1. The ______ automatically assigns IP addresses and other IP configuration to a host.
A

DHCP

27
Q
  1. ______ is a popular directory service with objects in a logical hierarchical manner.
A

LDAP (Lightweight Directory Access Protocol)

28
Q
  1. The ______ are roles that provide certain functions that can only be handled by one domain controller.
A

FSMO - FLEXIBLE SINGLE MASTER OPERATIONS role Active Directory uses multi-master replication, which means that there is no master domain controller, commonly referred to as a primary domain controller within Windows NT domains. However, because there are certain functions that can be handled by only one domain controller at a time, Active Directory uses Flexible Single Master Operations (FSMO) roles, also known as operations master roles ROLE NAME Schema Master; SCOPE 1 per forest DESCRIPTION Controls and handles updates/modifications to the Active Directory schema. ROLE NAME Domain Naming Master; SCOPE 1 per forest DESCRIPTION Controls the addition and removal of domains from the forest if present in root domain. ROLE NAME PDC Emulator; SCOPE 1 per domain DESCRIPTION PDC is short for Primary Domain Controller, which was the main domain controller used with Windows NT. The PDC emulator provides backwards compatibility for NT4 clients. It also acts as the primary server for password changes and as the master time server within the domain. ROLE NAME RID Master (Relative ID Master); SCOPE 1 per domain DESCRIPTION Allocates pools of unique identifiers to domain controlers for use when creating objects. ROLE NAME infrastructure Master; SCOPE 1 per domain DESCRIPTION Synchronizes cross-domain group membership changes. The infrastructure master cannot run on a global catalog server unless all DCs are also GCs.

29
Q
  1. A(n) ______ is used to organize the objects within a domain.
A

OU

30
Q
  1. Printers, users, and computers are examples of ______ in Active Directory.
A

Objects

31
Q
  1. The local security database found on a member server is known as the ______ .
A

Security Accounts Manager (SAM) The Security Accounts Manager (SAM) is a database file in Windows XP, Windows Vista and Windows 7 that stores users passwords. It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, Active Directory is used to authenticate remote users. SAM uses cryptographic measures to prevent forbidden users to gain access to the system.

32
Q
  1. A collection or list of users is known as _______.
A

Groups

33
Q
  1. The ______ built-in group is used to create, delete, and modify user accounts and groups.
A

Account Operators

34
Q
  1. The primary naming service used in Windows is ____________. a. AD b. WINS c. DNS d. DHCP
A

c. DNS

35
Q
  1. What is the resource record that translates from hostname to IP address in DNS? a. PTR b. H c. IP d. A
A

d. A host address IPv4 AAA host address IPv6

36
Q
  1. _______ is a legacy naming system used to translate Computer Names/NetBIOS names to IP addresses. a. AD b. WINS c. DNS d. DHCP
A

b. WINS

37
Q
  1. What is the master time server? a. Schema Master b. Domain Naming Master c. PDC Emulator d. RID Master
A

c. PDC Emulator

38
Q
  1. What holds replica information of every object in a tree and forest? a. Infrastructure Master b. Schema Master c. Global Catalog d. PDC Emulator
A

c. Global Catalog

39
Q
  1. Which group scope is meant to be used to assign permissions to a local resource? a. Distribution group b. Domain local c. Global d. Captured
A

b. Domain local

40
Q
  1. Which group scope can contain global groups from multiple domains? a. Emulation b. Domain local c. Global d. Universal
A

d. Universal

41
Q
  1. What can be used to specify how many times a user can enter a login with an incorrect password before the account is disabled? a. User profile b. Group policy c. Software policy d. User account collection
A

b. Group policy

42
Q
  1. To which of the following can a group policy not be directly applied? a. Group b. Site c. Domain d. OU
A

a. Group

43
Q
  1. What authorizes a user to perform certain actions on a computer? a. Permission b. UNC c. Right d. Task
A

c. Right

44
Q

True / False 1. A collection is two or more trees.

A

False

45
Q

True / False 2. A site and domain controllers are the physical aspects of the network.

A

True

46
Q

True / False 3. A member server is running Active Directory domain services.

A

False

47
Q

True / False 4. Higher domain and forest functional levels will enhance the functionality of Active Directory.

A

True

48
Q

True / False 5. Active Directory is closely tied to DNS.

A

True

49
Q

Competency Assessment Scenario 5-1: Designing Active Directory You have ten sites throughout the country and five major departments. How would you design your Active Directory structure?

A

You can use one domain with two different approaches (depending on your management needs). One approach is to have five OUs for each department with OUs for sites inside each department or to have an OU for each department with OUs for each site in the department OUs. When creating OUs, you should try not to make it two deep.

50
Q

Competency Assessment Scenario 5-2: Designing AD Physical Structure How do you define how the domain controllers will replicate data to the other domain controllers?

A

You need to first define sites based on your IP subnets and you should place two or more domain controllers on each site. For larger sites that may have additional domain controllers, you define bridgeheads that will be used as the central point of replication between the sites.

51
Q

What do you need to do with your forests and domains so that you can use all available features?

A

A domain or forest depends on witch Windows Server operating system version are running on the domain controllers in that domain or forest. To get all of the features available with Active Directory, you must have the latest version of the Windows Server operating system, and you have to use the highest forest and domain functional level.