Midterm Flashcards
Which functional level only allows Windows Server 2003 and Windows 2008 domain controllers?
Windows Server 2003
What type of trust relationship allows you to create two-way transitive trusts between separate forests?
cross-forest
What type of trust is new to Windows Server 2008 and is only available when the forest functionality is set to Windows Server 2008?
cross-forest trust
What type of zone is necessary for computer hostname-to-IP address mappings which are used for name resolution by a variety of services?
forward lookup
Active Directory uses __________ relationships to allow access between multiple domains and/or forests either within a single forest or across multiple enterprise networks
trust
When configuring a site link object which attribute allows the administrator to define the path that replication will take?
cost
Domain controllers located in different sites will participate in __________ replication
intersite
What is the minimum amount of storage space required for the Active Directory installation files?
200 MB
Read-Only Domain Controllers provide added security in the way passwords are stored through what feature?
Password Replication Policy
What holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host servers local domain with a partial copy of all objects from other domains within the same forest?
global catalog
What new Windows Server 2008 feature is a special installation option that creates a minimal environment for running only specific services and roles?
Server Core
What tool is used to seize a FSMO role?
ntdsutil
The RID Master FSMO role distributes RIDs to domain controllers in what increments?
500
Active Directory __________ provide the means by which administrators can control replication traffic
sites
What process is used when you move a FSMO role gracefully from one domain controller to another?
role transfer
Replication within Active Directory will occur when which of the following conditions is met?
Replication within Active Directory will occur when an object is added or removed from Active Directory the value of an attribute has changed or the name of an object has changed
Which FSMO role has the authority to manage the creation and deletion of domains domain trees and application data partitions in the forest?
Domain Naming Master
A __________ is defined as one or more IP subnets that are connected by fast links
Site
What SRV record information serves as a mechanism to set up load balancing between multiple servers that are advertising the same SRV records?
priority
The ISTG automatically assigns one server in each site as the bridgehead server unless you override this by establishing a list of __________ bridgehead servers
preferred
What console must be used to move the Domain Naming Master FSMO role?
Active Directory Domains and Trusts
When replicating information between sites Active Directory will designate a __________ server in each site to act as a gatekeeper in managing site-to-site replication
bridgehead
All default groups are __________ groups
security
If the domains within a forest are separated by slow WAN links and the tree-walking process takes an exceedingly long time to allow user authentication across domains you can configure a __________ trust
shortcut
The largest container object within Active Directory is a(n) __________
forest
For both intrasite and intersite replication what protocol does Active Directory use for all replication traffic?
RPC over IP
What allows a user to be able to log on using a cached copy of his or her logon credentials that have been stored on his or her local workstation?
cached credentials
When a child domain is created it automatically receives a __________ trust with its parent domain
two-way transitive
A __________ name references an object in the Active Directory directory structure by using its entire hierarchical path starting with the object itself and including all parent objects up to the root of the domain
distinguished
Which FSMO role is responsible for reference updates from its domain objects to other domains?
Infrastructure Master
Which of the following is not a benefit of Active Directory Domain Services?
personalized desktops
What shared folder exists on all domain controllers and is used to store Group Policy objects login scripts and other files that are replicated domain-wide?
SYSVOL
__________ partitions are used to separate forest-wide DNS information from domain-wide DNS information to control the scope of replication of different types of DNS data
Application Directory
The KCC is responsible for calculating intrasite replication partners. During this process what is the maximum number of hops that the KCC will allow between domain controllers?
3
What role provides developers with the ability to store data for directory-enabled applications without incurring the overhead of extending the Active Directory schema to support their applications?
AD LDS
What is an alternative solution for intersite replication when a direct or reliable IP connection is not available?
SMTP
What master database contains definitions of all objects in the Active Directory?
schema
What feature makes it possible to configure a user as the local administrator of a specific RODC without making the user a Domain Admins with far-reaching authority over all domain controllers in your entire domain and full access to your Active Directory domain data?
Admin Role Separation
A Windows Server 2008 computer that has been configured with the Active Directory DS role is referred to as a __________
domain controller
How often does intersite replication occur by default?
15 minutes
Each objects SID consists of two components: the domain portion and the __________
relative identifier
__________ roles work together to enable the multimaster functionality of Active Directory
FSMO
Certain operations such as a password change or an account lockout will be transmitted by using __________ replication which means that the change will be placed at the beginning of the line and applied before any other changes that are waiting to be replicated
urgent
When modifying the schema Microsoft recommends adding administrators to what group only for the duration of the task?
Schema Admins
What contains the rules and definitions that are used for creating and modifying object classes and attributes within Active Directory?
Schema NC
What types of memberships are stored in the global catalog?
universal
What special identity group is used by the system to allow permission to protected system files for services to function properly?
Service
What Windows Server 2008 feature stores universal group memberships on a local domain controller that can be used for logon to the domain eliminating the need for frequent access to a global catalog server?
universal group membership caching
How many FSMO roles does Active Directory support?
5
The primary goal of intersite replication is to minimize the usage of __________
bandwidth
What can be defined as a password that follows guidelines that make it difficult for a potential hacker to determine the users password?
strong password
What utility is used to manually create trust relationships?
Active Directory Domains and Trusts MMC snap-in
What is the process of confirming that an authenticated user has the correct permissions to access one or more network resources?
authorization
What command-line utility is used to import or export Active Directory information from a comma-separated value (.csv) file?
CSVDE
The __________ Domain Controller contains a copy of the ntds.dit file that cannot be modified and does not replicate its changes to other domain controllers within Active Directory
Read-Only
What process is responsible for selecting a bridgehead server and mapping the topology to be used for replication between sites?
Intersite Topology Generator
What command can you use to run the Active Directory Installation Wizard?
dcpromo
What is used to uniquely identify an object throughout the Active Directory domain?
security identifier
As a rule of thumb you should estimate __________ percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server
50
Which of these design aspects should you consider when planning the appropriate location of FSMO role holders?
- Number of domains that are or will be part of the forest
- Physical structure of the network
- Number of domain controllers that will be available in each domain
__________ is the highest available forest functional level
Windows Server 2008
What locator records within DNS allow clients to locate an Active Directory domain controller or global catalog?
SRV records
The process of keeping each domain controller in synch with changes that have been made elsewhere on the network is called __________
replication
What processes can be used by Windows Server 2008 DNS to clean up the DNS database after DNS records become stale or out of date?
aging and scavenging
Interoperability with prior versions of Microsoft Windows is available in Windows Server 2008 through the use of __________
functional levels
What signifies an objects relative location within an Active Directory OU structure?
distinguished name
What command-line tool can be used to manually create a replication topology if site link bridging is disabled if the network is not fully routed?
Repadmin
When you install the forest root domain controller in an Active Directory forest the Active Directory Installation Wizard creates a single site named __________
Default-First-Site-Name
What command-line tool is used to create delete verify and reset trust relationships from the Windows Server 2008 command line?
netdom
What procedure is used only when you have experienced a catastrophic failure of a domain controller that holds a FSMO role and you need to recover that role?
role seizure
What is the process of confirming a users identity by using a known value such as a password pin number on a smart card or users fingerprint or handprint in the case of biometric authentication?
authentication
Each class or attribute that you add to the schema should have a valid __________
OID
What command-line tool used for monitoring Active Directory provides functionality that includes performing connectivity and replication tests?
dcdiag
How many RID Masters can a domain have?
1
What special identity group contains all authenticated users and domain guests?
Everyone
Active Directory creates a __________ with the idea that all writeable domain controllers in a domain should communicate Active Directory information to each other in addition to communicating forest-wide information with other domains
replication topology
What type of trust allows you to configure trust relationships between Windows Server 2008 Active Directory and a UNIX MIT Kerberos realm?
realm
What allows businesses to define manage access and secure network resources including files printers people and applications?
Directory service
What port is used by Active Directory to direct search requests to a global catalog server?
3268
How often does replication occur in intersite replication?
180 minutes
To raise the functional level of a forest you must be logged on as a member of the __________ group
Enterprise Admins
Which of the following is not a function performed by a global catalog server?
maintaining a backup of all data stored on a domain controller
How many FSMO roles does Active Directory support?
5
What protocol has become an industry standard that enables data exchange between directory services and applications?
LDAP
What is the process of replicating DNS information from one DNS server to another?
zone transfer
What is a partial copy of all objects from other domains within the same forest that is held on a global catalog server?
partial attribute set
When a user logs on what is created that identifies the user and all of the users group memberships?
access token
What DLL must be registered to use the Schema Management snap-in?
schmmgmt.dll
What describes the amount of time that it takes for all domain controllers in the environment to contain the most up-to-date information?
convergence
What defines a chain of site links by which domain controllers from different sites can communicate?
site link bridge
