Chapter 002 Implementing Active Directory in Windows Server 2008 R2

Card Set Information

Author:
pacheco2001usa
ID:
215979
Filename:
Chapter 002 Implementing Active Directory in Windows Server 2008 R2
Updated:
2013-04-29 21:58:10
Tags:
Chapter 002 Implementing Active Directory Windows Server 2008 R2
Folders:

Description:
Chapter 002 Implementing Active Directory in Windows Server 2008 R2
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user pacheco2001usa on FreezingBlue Flashcards. What would you like to do?


  1. What command can you use to run the Active Directory Installation Wizard?
    a) adpromo
    b) dcpromo
    c) domainpromo
    d) adcreate
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: The Active Directory Installation Wizard, dcpromo, will guide you through adding a domain controller to an existing environment, creating an entirely new forest structure, adding a child domain to an existing domain, adding a new domain tree to an existing forest, and demoting domain controllers and eventually removing a domain or forest.
  2. What shared folder exists on all domain controllers and is used to store Group Policy objects, login scripts, and other files that are replicated domain-wide?
    a) SYSVOL
    b) AD
    c) C$
    d) VOLMGR
    • Ans: a
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: The SYSVOL shared folder exists on all domain controllers and is used to store Group Policy Objects, login scripts, and other files that are replicated domain-wide.
  3. What is the minimum amount of storage space required for the Active Directory installation files?
    a) 100 MB
    b) 150 MB
    c) 200 MB
    d) 250 MB
    • Ans: c
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: 200 MB minimum free space is required for Active Directory database files.
  4. What is the process of replicating DNS information from one DNS server to another?
    a) replication
    b) DNS push
    c) zone transfer
    d) DNS update
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: A zone transfer is the process of replicating DNS information from one DNS server to another.
  5. __________ roles work together to enable the multimaster functionality of Active Directory.
    a) FSMO
    b) FMMO
    c) FMSO
    d) FOMO
    • Ans: a
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: The first domain controller installed in a new Active Directory forest will hold all of the Flexible Single Master Operation (FSMO) roles, which are specific server roles that work together to enable the multimaster functionality of Active Directory.
  6. __________ partitions are used to separate forest-wide DNS information from domain-wide DNS information to control the scope of replication of different types of DNS data.
    a) DNA record
    b) DNS type
    c) DNS data
    d) Application Directory
    • Ans: d
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: Application directory partitions are used to separate forest-wide DNS information from domain-wide DNS information to control the scope of replication of different types of DNS data.
  7. What processes can be used by Windows Server 2008 DNS to clean up the DNS database after DNS records become “stale” or out of date?
    a) searching and destroying
    b) aging and scavenging
    c) seeking and removing
    d) finding and deleting
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: Although not enabled by default, aging and scavenging are processes that can be used by Windows Server 2008 DNS to clean up the DNS database after DNS records become “stale” or out of date. Without this process, the DNS database would require manual maintenance to prevent server performance degradation and potential disk-space issues.
  8. What type of zone is necessary for computer hostname-to-IP address mappings, which are used for name resolution by a variety of services?
    a) primary lookup
    b) secondary lookup
    c) forward lookup
    d) reverse lookup
    • Ans: c
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: Forward lookup zones are necessary for computer hostname–to–IP address mappings, which are used for name resolution by a variety of services. For example, when a user requests access to a server based on its hostname, the request is passed to a DNS server to resolve the hostname to an IP address. Most queries are based on forward lookups.
  9. What SRV record information serves as a mechanism to set up load balancing between multiple servers that are advertising the same SRV records?a) priority
    b) time-to-live
    c) weight
    d) port
    • Ans: a
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: Priority is a mechanism to set up load balancing between multiple servers that are advertising the same SRV records. Clients will always use the record with the lower-numbered priority first.
  10. What new Windows Server 2008 feature is a special installation option that creates a minimal environment for running only specific services and roles?
    a) Minimal Installation Option
    b) Server Core
    c) Server Standard
    d) Minimal Server Environment (MSE)
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: One of the key new features of Windows Server 2008 is Server Core, a special installation option that creates a minimal environment for running only specific services and roles. Server Core runs almost entirely without a graphical user interface (GUI), which means that it needs to be administered exclusively from the command line.
  11. Read-Only Domain Controllers provide added security in the way passwords are stored through what feature?
    a) Password Integration Policy
    b) Password Caching Policy
    c) Password Storage Policy
    d) Password Replication Policy
    • Ans: d
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory ImplementationFeedback: A key feature of an RODC is that each RODC can be configured with its own Password Replication Policy for security purposes.
  12. What feature makes it possible to configure a user as the local administrator of a specific RODC without making the user a Domain Admins with far-reaching authority over all domain controllers in your entire domain and full access to your Active Directory domain data?
    a) Role Delegation
    b) Admin Role Separation
    c) New Administrative Security Groups
    d) Domain Functional Levels
    • Ans: b
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: Read-Only Domain Controllers also offer a feature that has been a top request of Active Directory administrators since the early days of Windows 2000: Admin Role Separation. This means that it is now possible to configure a user as the local administrator of a specific RODC without making the user a Domain Admins with far-reaching authority over all domain controllers in your entire domain and full access to your Active Directory domain data.
  13. Each class or attribute that you add to the schema should have a valid __________.
    a) username
    b) password
    c) OID
    d) SID
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: Each class or attribute that you add to the schema should have a valid Object Identifier (OID). As part of the X.500 structure on which Active Directory is based, OIDs must be globally unique, and they are represented by a hierarchical dotted-decimal notation string.
  14. When modifying the schema, Microsoft recommends adding administrators to what group only for the duration of the task?
    a) Schema Admins
    b) Enterprise Admins
    c) Global Admins
    d) Forest Admins
    • Ans: a
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: Microsoft recommends adding administrators to the Schema Admins group only for the duration of the administrative task at hand.
  15. What DLL must be registered to use the Schema Management snap-in?
    a) schmmgnt32.dll
    b) schemamanagement.dll
    c) schmmgmt.dll
    d) adschm.dll
    • Ans: c
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: The schmmgmt.dll DLL is not registered by default in Windows Server 2008 and needs to be added manually to run the Schema Management MMC snap-in.
  16. What role provides developers with the ability to store data for directory-enabled applications without incurring the overhead of extending the Active Directory schema to support their applications?
    a) AD LSD
    b) AD SLD
    c) AD DLS
    d) AD LDS
    • Ans: d
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: Windows Server 2008 includes a new Active Directory Lightweight Directory Services (AD LDS) role that provides developers with the ability to store data for directory-enabled applications without incurring the overhead of extending the Active Directory schema to support their applications.
  17. What type of trust allows you to configure trust relationships between Windows Server 2008 Active Directory and a UNIX MIT Kerberos realm?
    a) shortcut
    b) cross-forest
    c) external
    d) realm
    • Ans: d
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: Realm trusts allow you to configure trust relationships between Windows Server 2008 Active Directory and a UNIX MIT Kerberos realm, which is the UNIX equivalent to an Active Directory domain allowing centralized user and password administration on a UNIX network.
  18. What type of trust relationship allows you to create two-way transitive trusts between separate forests?
    a) shortcut
    b) cross-forest
    c) external
    d) real
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: Cross-forest trust relationships were introduced in Windows Server 2003; they allow you to create two-way transitive trusts between separate forests.
  19. What utility is used to manually create trust relationships?
    a) Active Directory Trust Console
    b) Active Directory Trust Wizard
    c) Active Directory Domains and Trusts MMC snap-in
    d) Active Directory Domains and Trusts control panel
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: Use the Active Directory Domains and Trusts MMC snap-in to establish manual trust relationships.
  20. What command-line tool is used to create, delete, verify, and reset trust relationships from the Windows Server 2008 command line?
    a) adtrust
    b) netdom
    c) csvde
    d) nslookup
    • Ans: b
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
    • Feedback: After you establish a manual trust, you can verify the trust using either Active Directory Domains and Trusts or the netdom command-line tool that is used to create, delete, verify, and reset trust relationships from the Windows Server 2008 command line.
  21. The default location for the Active Directory database and log files is C:WindowsSystem32
    • Ans: False
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
  22. You can launch the Active Directory Installation Wizard using the dcpromo.exe command-line tool or from the Server Manager utility that’s installed in the Administrative Tools folder of each Windows Server 2008 server.
    • Ans: True
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
  23. Aging is the process of removing records that were not refreshed or updated within specified time intervals, which will occur naturally with machines that are removed from the network.
    • Ans: False
    • Difficulty: Medium
  24. For domain controllers to register their records with DNS at startup, dynamic updates must be allowed.
    • Ans: True
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
  25. Because Server Core does not support graphical utilities, such as Server Manager and the Active Directory Installation Wizard, you need to run dcpromo from the command line using an unattended installation, which uses a specially formatted text file to specify the necessary installation options.
    • Ans: True
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
  26. When installing Active Directory, there must be at least __________ MB of free space for the transaction log files.
    • Ans: 50
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
  27. A(n) __________ transfer is the process of replicating DNS information from one DNS server to another.
    • Ans: zone
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
  28. You can launch the Active Directory Installation Wizard by using the dcpromo.exe command-line tool or from the __________ Manager utility that’s installed in the Administrative Tools folder of each Windows Server 2008 server.
    • Ans: Server
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
  29. The first domain controller installed in a new Active Directory forest will hold all of the Flexible Single __________ Operation roles, which are specific server roles that work together to enable the multimaster functionality of Active Directory.
    • Ans: Master
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
  30. __________ is the process of removing records that were not refreshed or updated within specified time intervals, which will occur naturally with machines that are removed from the network.
    • Ans: Scavenging
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
  31. Because Server Core does not support graphical utilities, such as Server Manager and the Active Directory Installation Wizard, you need to run dcpromo from the command line using an __________ installation, which uses a specially formatted text file to specify the necessary installation options.
    • Ans: unattended
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
  32. Admin Role __________ means that it is now possible to configure a user as the local administrator of a specific RODC without making the user a Domain Admins with far-reaching authority over all domain controllers in your entire domain and full access to your Active Directory domain data.
    • Ans: Separation
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
  33. In addition to simply running the Active Directory Installation Wizard from the console of a server that you want to designate as an RODC, you can perform a(n) __________ installation so that you begin the installation at a central location, such as a data center, and then allow a local administrator to complete the configuration.
    • Ans: staged
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
  34. As part of the X.500 structure on which Active Directory is based, OIDs must be globally __________, and they are represented by a hierarchical dotted-decimal notation string.
    • Ans: unique
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
  35. When modifying the schema, a certain amount of __________ can be expected before all domain controllers contain consistent schema information.
    • Ans: latency
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
  36. You can launch the Active Directory Installation Wizard by using the dcpromo.exe command-line tool or from what utility thatss installed in the Administrative Tools folder of each Windows Server 2008 server?
    • Ans: Server Manager
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
  37. What processes can be used by Windows Server 2008 DNS to clean up the DNS database after DNS records become “stale” or out of date?
    • Ans: aging and scavenging
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
  38. What type of zone is necessary for computer hostname-to-IP address mappings, which are used for name resolution by a variety of services?
    • Ans: forward lookup
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
  39. What special installation option creates a minimal environment for running only specific services and roles?
    • Ans: Server Core
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
  40. What is the name of the file that can be created to perform an unattended installation of Server Core?
    • Ans: unattend.txt
    • Difficulty: MediumSection Ref: Designing an Active Directory Implementation
  41. In addition to simply running the Active Directory Installation Wizard from the console of a server that you want to designate as an RODC, what can you perform so that you begin the installation at a central location, such as a data center, and then allow a local administrator to complete the configuration?
    • Ans: staged installation
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
  42. Each class or attribute that you add to the Active Directory schema should have a valid what?
    • Ans: Object Identifier, OID
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
  43. What role does Windows Server 2008 include that provides developers the ability to store data for directory-enabled applications without incurring the overhead of extending the Active Directory schema to support their applications?
    • Ans: AD LDS
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
  44. What is the purpose of the SYSVOL directory? When is it created?
    • Ans: The SYSVOL shared folder exists on all domain controllers and is used to store Group Policy Objects, login scripts, and other files that are replicated domain-wide. It is created when a computer is promoted to a domain controller.
    • Difficulty: Easy
    • Section Ref: Designing an Active Directory Implementation
  45. When installing Active Directory from Server Manager, what three prerequisite server components are installed?
    • Ans: DFS Namespace, DFS Replication, File Replication Service
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
  46. What is scavenging?
    • Ans: Scavenging is the process of removing records that were not refreshed or updated within specified time intervals, which will occur naturally with machines that are removed from the network.
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
  47. What is Server Core, and why is its use advantageous?
    • Ans: Server Core is a special installation option that creates a minimal environment for running only specific services and roles. Server Core runs almost entirely without a Graphical User Interface (GUI), which means that it needs to be administered exclusively from the command line. Where Active Directory is concerned, Server Core provides a useful way to deploy a domain controller with an extremely small security footprint, improving the security of domain controllers in branch offices or other remote environments.
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation
  48. What is Admin Role Separation?
    • Ans: Admin Role Separation means that it is now possible to configure a user as the local administrator of a specific RODC without making the user a Domain Admin with far-reaching authority over all domain controllers in your entire domain and full access to your Active Directory domain data.
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
  49. What tool can be used to make modifications to the Active Directory Schema, and what group must you be in to make changes?
    • Ans: The Active Directory Schema snap-in should be installed on the domain controller holding the Schema Operations Master role, and you must be a member of the Schema Admins group.
    • Difficulty: Hard
    • Section Ref: Designing an Active Directory Implementation
  50. What are the four types of trust available in Windows Server 2008?
    • Ans: shortcut, cross-forest, external, and realm
    • Difficulty: Medium
    • Section Ref: Designing an Active Directory Implementation

What would you like to do?

Home > Flashcards > Print Preview