Author:
pacheco2001usa
ID:
216349
Filename:
Chapter 005 Active Directory Administration in Windows Server 2008 R2
Updated:
2013-04-29 21:45:17
Tags:
Chapter 005 Active Directory Administration Windows Server 2008 R2
Folders:

Description:
Chapter 005 Active Directory Administration in Windows Server 2008 R2
Show Answers:

  1. What is the process of confirming a user’s identity by using a known value, such as a password, pin number on a smart card, or user’s fingerprint or handprint in the case of biometric authentication?
    a) authorization
    b) authentication
    c) administration
    d) allocation
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
    • Feedback: Authentication is the process of confirming a user’s identity using a known value such as a password, the pin number on a smart card, or the user’s fingerprint or handprint in the case of biometric authentication.
  2. What is the process of confirming that an authenticated user has the correct permissions to access one or more network resources?a) authorizationb) authenticationc) administrationd) allocation
    • Ans: a
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
    • Feedback: Authorization is the process of confirming that an authenticated user has the correct permissions to access one or more network resources.
  3. Which of the following is not a type of user account that can be configured in Windows Server 2008?
    a) local accounts
    b) domain accounts
    c) network accounts
    d) built-in accounts
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
    • Feedback: Three types of user accounts can be created and configured in Windows Server 2008. They are local accounts, domain accounts, and built-in user accounts.
  4. The two built-in user accounts that are created on a Windows Server 2008 computer are the Administrator account and the __________ account.
    a) Network
    b) Interactive
    c) Power User
    d) Guest
    • Ans: d
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
    • Feedback: Built-in user accounts are created on a member server or a standalone server. However, when you install Windows Server 2008 as a domain controller, the ability to create and manipulate these accounts is disabled. By default, two built-in user accounts are created on a Windows Server 2008 computer: the Administrator account and the Guest account.
  5. When a user logs on, what is created that identifies the user and all of the user’s group memberships?
    a) access card
    b) access token
    c) access key
    d) access session
    • Ans: b
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
    • Feedback: When a user logs on, an access token is created that identifies the user and all of the user’s group memberships. This access token, like a club membership card, is used to verify a user’s permissions when the user attempts to access a local or network resource.
  6. What describes the process of configuring one or more groups as members of another group?
    a) group nesting
    b) group hierarchy
    c) group leveling
    d) group forests
    • Ans: a
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
    • Feedback: Users can be members of more than one group. In addition, groups can contain other Active Directory objects, such as computers, and other groups in a technique called group nesting. Group nesting describes the process of configuring one or more groups as members of another group.
  7. __________ groups are nonsecurity-related groups created for the distribution of information to one or more persons.
    a) Security
    b) Domain
    c) Distribution
    d) Local
    • Ans: c
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
    • Feedback: Distribution Groups are nonsecurity-related groups created for the distribution of information to one or more persons.
  8. 8. __________ groups are used to consolidate groups and accounts that either span multiple domains or the entire forest.
    a) Global
    b) Domain local
    c) Built-in
    d) Universal
    • Ans: d
    • Difficulty: Hard
    • Section Ref: Understanding User Accounts
    • Feedback: Universal groups, like global groups, are used to organize users according to their resource access needs. They can be used to organize users to facilitate access to any resource located in any domain in the forest through the use of domain local groups. Universal groups are used to consolidate groups and accounts that either span multiple domains or the entire forest.
  9. All default groups are __________ groups.
    a) distribution
    b) domain local
    c) built-In
    d) security
    • Ans: d
    • Difficulty: Hard
    • Section Ref: Understanding User Accounts
    • Feedback: All default groups are security groups. Active Directory does not include any default distribution groups.
  10. __________ groups are a collection of user accounts that are local to one specific workstation or member server.a) Distributionb) Localc) Built-ind) Security
    • Ans: b
    • Difficulty: Medium
    • Section Ref: Understanding User AccountsFeedback: A local group is a collection of user accounts that are local to one specific workstation or member server.
  11. You cannot manually modify the group membership of or view the membership lists of __________ groups.
    a) distribution
    b) domain local
    c) special identity
    d) universal
    • Ans: c
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
    • Feedback: You cannot manually modify the group membership of special identity groups, nor can you view their membership lists.
  12. What special identity group contains all authenticated users and domain guests?
    a) Power Users
    b) Everyone
    c) Batch
    d) Authenticated Users
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
    • Feedback: Windows Server 2008 uses special identity groups to represent a class of users or the system itself. The Everyone group is a special identity group that contains all authenticated users and domain guests.
  13. What special identity group is used as a reduced-privilege account to allow applications to run on a server without requiring administrative access?
    a) Network
    b) Dialup
    c) Network Service
    d) Restricted
    • Ans: c
    • Difficulty: Hard
    • Section Ref: Understanding User Accounts
    • Feedback: The network service account is used as a reduced-privilege account to allow applications to run on a server without requiring administrative access. It is similar to the Local Service account, but it can access network resources.
  14. What special identity group is used by the system to allow permission to protected system files for services to function properly?
    a) Network Service
    b) Restricted
    c) Service
    d) Self
    • Ans: c
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
    • Feedback: The service special identity group is used by the system to allow permission to protected system files for services to function properly. It includes all security principals: users, groups, or computers that are currently logged on as a service.
  15. What command-line utility is used to import or export Active Directory information from a comma-separated value (.csv) file?
    a) NETDIAG
    b) NSLOOKUP
    c) CSVDE
    d) DCPROMO
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Understanding User AccountsFeedback: The Comma-Separated Value Directory Exchange (CSVDE) command-line utility is used to import or export Active Directory information from a comma-separated value (.csv) file. These files can be created in any text editor. This command-line utility only imports or exports new objects; it cannot modify or delete existing objects.
  16. What can be used to add, delete, or modify objects in Active Directory, in addition to modifying the schema if necessary?
    a) DCPROMO
    b) LDIFDE
    c) CSVDE
    d) NSLOOKUP
    • Ans: b
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
    • Feedback: Like CSVDE, the LDAP Data Interchange Format Directory Exchange (LDIFDE) utility can be used to import or export Active Directory information. It can be used to add, delete, or modify objects in Active Directory, in addition to modifying the schema, if necessary. It also can be used to import data from other directory services, such as Novell NetWare.
  17. What signifies an object’s relative location within an Active Directory OU structure?
    a) common name
    b) distinguished name
    c) SAM account name
    d) AD name
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Understanding User AccountsFeedback: The distinguished name of an object signifies its relative location within an Active Directory OU structure.
  18. __________ name refers to each user’s login name.
    a) Common
    b) Distinguished
    c) SAM account
    d) AD Name
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
    • Feedback: The SAM account name refers to each user’s login name—the portion to the left of the ‘@’ within a User Principal Name.
  19. 19. When using CSVDE, what is the first line of the text file that uses proper attribute names?
    a) header row
    b) header record
    c) name row
    d) name record
    • Ans: b
    • Difficulty: Hard
    • Section Ref: Understanding User AccountsFeedback: The CSVDE command-line utility allows an administrator to import or export Active Directory objects. It uses a .csv file that is based on a header record, which describes each part of the data. A header record is simply the first line of the text file that uses proper attribute names.
  20. What provides a robust scripting method that supports a multitude of administrative tasks including creating Active Directory objects, mapping drives, connecting to printers, modifying environment variables, and modifying registry keys?
    a) Windows Script Host
    b) JavaScript
    c) Windows Powershell
    d) CMD.EXE
    • Ans: a
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
    • Feedback: Windows Script Host (WSH) supports Microsoft VBScript and JScript engines. It has the flexibility of running scripts from a Windows interface or a command prompt. WSH is built into Windows 98, Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. It provides a robust scripting method that supports a multitude of administrative tasks including creating Active Directory objects, mapping drives, connecting to printers, modifying environment variables, and modifying registry keys.
  21. Domain Accounts are automatically created when Microsoft Windows Server 2008 is installed.
    • Ans: False
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  22. Microsoft recommends using a non-administrative user account for normal work and using the Run As command when administrative tasks need to be performed.
    • Ans: True
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  23. Global groups are used to assign permissions to resources that reside only in the same domain as the domain local group.
    • Ans: False
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
  24. You can manually modify the group membership of special identity groups, but you cannot view their membership lists.
    • Ans: False
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  25. The CSVDE command-line utility allows an administrator to import or export Active Directory objects.
    • Ans: True
    • Difficulty: EasySection Ref: Understanding User Accounts
  26. __________ accounts are used to access the local computer only and are stored in the local Security Account Manager (SAM) database on the computer where they reside.
    • Ans: Local
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  27. By default, two built-in user accounts are created on a Windows Server 2008 computer: the __________ account and the Guest account.
    • Ans: Administrator
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  28. __________ are implemented to allow administrators to assign permissions to multiple users simultaneously.
    • Ans: Groups
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
  29. Group __________ defines how a group is to be used within Active Directory.
    • Ans: type
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
  30. Users with common resource needs should be placed in a(n) __________ group to facilitate the assignment of permissions to resources.
    • Ans: global
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  31. __________ groups are used to consolidate groups and accounts that either span multiple domains or the entire forest.
    • Ans: Universal
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  32. All default groups are __________ groups.
    • Ans: security
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  33. A(n) __________ group is a collection of user accounts that are local to one specific workstation or member server.
    • Ans: local
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
  34. The __________ Users special identity contains all users who log on with a valid username and password combination that is stored in the Active Directory database.
    • Ans: Authenticated
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  35. Like CSVDE, the __________ utility can be used to import or export Active Directory information.
    • Ans: LDIFDE
    • Difficulty: Hard
    • Section Ref: Understanding User Accounts
  36. What types of accounts are used to access Active Directory or network-based resources, such as shared folders or printers?
    • Ans: domain accounts
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  37. When a user logs on, what is created that identifies the user and all of the user’s group memberships?
    • Ans: access token
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  38. What types of groups are created for purposes of granting resource access permissions to multiple users?
    • Ans: security groups
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  39. You cannot manually modify the memberships of what type of special groups?
    • Ans: special identity
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
  40. What special identity group is used as a placeholder for the primary group of an object’s creator?
    • Ans: Creator Group
    • Difficulty: Hard
    • Section Ref: Understanding User Accounts
  41. What script engines run script files created by using Microsoft Visual Basic Scripting Edition (VBScript) or Jscript?
    • Ans: Windows Script Host
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
  42. What name of an object signifies its relative location within an Active Directory OU structure?
    • Ans: distinguished name
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  43. What is the practice of adding one group as a member of another group?
    • Ans: group nesting
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  44. What is the difference between authentication and authorization?
    • Ans: Authentication is the process of confirming a user’s identity by using a known value, such as a password, pin number on a smart card, or user’s fingerprint or handprint in the case of biometric authentication. Authorization is the process of confirming that an authenticated user has the correct permissions to access one or more network resources.
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  45. What are the three types of user accounts that can be created and configured in Windows Server 2008?
    • Ans: local accounts, domain accounts, built-in user accounts
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  46. Why should renaming the Administrator account be a consideration?
    • Ans: This will stave off attacks that are targeted specifically at the 'administrator' username on a server or domain.
    • Difficulty: Easy
    • Section Ref: Understanding User Accounts
  47. What three group scopes are available in an Active Directory domain?
    • Ans: domain local groups, global groups, and universal groups.
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
  48. What are special identity groups?
    • Ans: Special identity groups are groups whose membership lists you cannot manually modify or view.
    • Difficulty: Medium
    • Section Ref: Understanding User Accounts
  49. Name eight special identity groups.
    • Ans: Anonymous Logon, Authenticated Users, Batch, Creator Group, Creator Owner, Dial-Up, Digest Authentication, Enterprise Domain Controllers, Everyone, Interactive, IUSR, Local Service, Network, Network Service, Remote Interactive Logon, Restricted, Self, Service, System, Terminal Server User
    • Difficulty: Hard
    • Section Ref: Understanding User Accounts
  50. What are four of the most commonly used methods or tools for creating multiple users or groups in Active Directory?
    • Ans: batch files, CSVDE, LDIFDE, and Windows Script Host
    • Difficulty: Hard
    • Section Ref: Understanding User Accounts