Chapter 004 Global Catalog and Flexible Single-Master Operations (FSMO) Roles in Windows Server 2008

Card Set Information

Author:
pacheco2001usa
ID:
216200
Filename:
Chapter 004 Global Catalog and Flexible Single-Master Operations (FSMO) Roles in Windows Server 2008
Updated:
2013-04-29 21:49:34
Tags:
Chapter 004 Global Catalog Flexible Single Master Operations FSMO Roles Windows Server 2008 R2
Folders:

Description:
Chapter 004 Global Catalog and Flexible Single-Master Operations (FSMO) Roles in Windows Server 2008 R2
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user pacheco2001usa on FreezingBlue Flashcards. What would you like to do?


  1. What holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest?
    a) domain controller
    b) global catalog
    c) DNS server
    d) DHCP server
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
    • Feedback: The global catalog holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest, called the partial attribute set (PAS).
  2. What is a partial copy of all objects from other domains within the same forest that is held on a global catalog server?
    a) partial attribute set
    b) partial domain set
    c) partial attribute listing
    d) partial domain listing
    • Ans: a
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
    • Feedback: The global catalog holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest, called the partial attribute set (PAS). This partial copy of forest-wide data includes a subset of each object’s attributes. The attributes included in this subset are necessary to provide functionality such as logon, object searches, and universal group memberships.
  3. What port is used by Active Directory to direct search requests to a global catalog server?
    a) 3629
    b) 3389
    c) 3268
    d) 3232
    • Ans: c
    • Difficulty: Hard
    • Section Ref: Understanding the Global Catalog
    • Feedback: When a user initiates a search for an object in Active Directory, the request is automatically sent to TCP port 3268, which is used by Active Directory to direct these requests to a global catalog server. One of the SRV records used by Active Directory refers to the global catalog, or _gc, service, which listens on port 3268 to respond to these requests.
  4. Which of the following is not a function performed by a global catalog server?
    a) facilitating searches for objects in the forest
    b) maintaining universal group membership information
    c) maintaining a backup of all data stored on a domain controller
    d) maintaining a copy of all objects in the domain
    • Ans: c
    • Difficulty: Medium
    • Section Ref: Understanding the Global Catalog
    • Feedback: The global catalog has four main functions in an Active Directory environment. These are facilitating searches for objects in the forest, resolving user principal names (UPNs), maintaining universal group membership information, and maintaining a copy of all objects in the domain.
  5. What Windows Server 2008 feature stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server?
    a) global group membership caching
    b) domain group membership caching
    c) local group membership caching
    d) universal group membership caching
    • Ans: d
    • Difficulty: Medium
    • Section Ref: Understanding the Global Catalog
    • Feedback: For sites that do not have a global catalog server available, Windows Server 2008 offers a feature called universal group membership caching. This stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server.
  6. As a rule of thumb, you should estimate __________ percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server.
    a) 15
    b) 25
    c) 50
    d) 70
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
    • Feedback: As a rule of thumb, you should estimate 50 percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server.
  7. How many FSMO roles does Active Directory support?
    a) 2
    b) 5
    c) 10
    d) 12
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
    • Feedback: Active Directory supports five FSMO roles. Their functionality is divided between domain-wide and forest-wide FSMOs.
  8. Which FSMO role is responsible for reference updates from its domain objects to other domains?
    a) Relative Identifier Master
    b) Infrastructure Master
    c) Domain Naming Master
    d) Schema Master
    • Ans: b
    • Difficulty: Medium
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
    • Feedback: The Infrastructure Master Role is responsible for reference updates from its domain objects to other domains. This assists in tracking which domains own which objects.
  9. Which FSMO role has the authority to manage the creation and deletion of domains, domain trees, and application data partitions in the forest?
    a) Relative Identifier Master
    b) Infrastructure Master
    c) Domain Naming Master
    d) Schema Master
    • Ans: c
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) RolesFeedback: The Domain Naming Master role has the authority to manage the creation and deletion of domains, domain trees, and application data partitions in the forest. When any of these is created, the Domain Naming Master ensures that the name assigned is unique to the forest.
  10. Which of these design aspects should you consider when planning the appropriate location of FSMO role holders?
    a) number of domains that are or will be part of the forest
    b) physical structure of the network
    c) number of domain controllers that will be available in each domain
    d) all of the above
    • Ans: d
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
    • Feedback: Planning the appropriate locations for FSMO role holders requires that you consider the following design aspects: the number of domains that are or will be part of the forest, the physical structure of the network, and the number of domain controllers that will be available in each domain.
  11. What process is used when you move a FSMO role gracefully from one domain controller to another?
    a) role seizure
    b) role transfer
    c) role migration
    d) role separation
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
    • Feedback: The role transfer process is used when you move a FSMO role gracefully from one domain controller to another. You can transfer FSMO roles from one domain controller to another to improve Active Directory performance or as a temporary measure when a domain controller will be taken offline for maintenance.
  12. What procedure is used only when you have experienced a catastrophic failure of a domain controller that holds a FSMO role and you need to recover that role?
    a) role transfer
    b) role migration
    c) role seizure
    d) role separation
    • Ans: c
    • Difficulty: Medium
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
    • Feedback: The role seizure procedure is used only when you have experienced a catastrophic failure of a domain controller that holds a FSMO role. Seizing a role can be defined as a forced, permanent transfer.
  13. What console must be used to move the Domain Naming Master FSMO role?
    a) Active Directory Users and Computers
    b) Active Directory Forests and Domains
    c) Active Directory Schema
    d) Active Directory Domains and Trusts
    • Ans: d
    • Difficulty: Medium
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
    • Feedback: The Active Directory Domains and Trusts console must be used to move the Domain Naming Master FSMO role.
  14. What tool is used to seize a FSMO role?
    a) ntosutil
    b) ntdsutil
    c) dcpromo
    d) adutil
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
    • Feedback: The ntdsutil utility allows you to transfer and seize FSMO roles. When you use this tool to seize a FSMO role, the tool attempts a transfer from the current role owner first. Ntdsutil will only actually seize the role if the existing FSMO holder is unavailable.
  15. The RID Master FSMO role distributes RIDs to domain controllers in what increments?
    a) 300
    b) 500
    c) 700
    d) 1200
    • Ans: b
    • Difficulty: Hard
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
    • Feedback: The RID Master FSMO distributes RIDs to domain controllers in increments of 500.
  16. What is used to uniquely identify an object throughout the Active Directory domain?
    a) security identifier
    b) relative identifier
    c) intermediate identifier
    d) domain identifier
    • Ans: a
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
    • Feedback: A security identifier (SID) is used to uniquely identify an object throughout the Active Directory domain. Part of the SID identifies the domain to which the object belongs, and the other part is the RID.
  17. Each object’s SID consists of two components: the domain portion and the __________.
    a) FSMO role
    b) global catalog
    c) subnet mask
    d) relative identifier
    • Ans: d
    • Difficulty: MediumSection Ref: Understanding Flexible Single Master Operations (FSMO) RolesFeedback: The RID is a variable-length number that is assigned to objects at creation and becomes part of the object’s security identifier (SID). A SID is used to uniquely identify an object throughout the Active Directory domain. Part of the SID identifies the domain to which the object belongs, and the other part is the RID.
  18. How many RID Masters can a domain have?
    a) 1
    b) 2
    c) 3
    d) 5
    • Ans: a
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
    • Feedback: Each domain can have only one RID Master.
  19. What types of memberships are stored in the global catalog?
    a) domain local
    b) universal
    c) global
    d) local workstation
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
    • Feedback: Domain local and global group memberships are stored at the domain level; universal group memberships are stored in the global catalog.
  20. What allows a user to be able to log on using a cached copy of his or her logon credentials that have been stored on his or her local workstation?
    a) cached login
    b) cached credentials
    c) stored login
    d) stored credentials
    • Ans: b
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
    • Feedback: If the user has successfully logged on in the past and you have enabled cached credentials in your environment, a user will be able to log on using a cached copy of his or her logon credentials that have been stored on his or her local workstation.
  21. When a user initiates a search for an object in Active Directory, the request is automatically sent to TCP port 3389, which is used by Active Directory to direct these requests to a global catalog server.
    • Ans: False
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
  22. The domain controller that hosts the global catalog must have enough space on the hard drive to house the global catalog. As a rule of thumb, you should estimate 75 percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server.
    • Ans: False
    • Difficulty: Medium
    • Section Ref: Understanding the Global Catalog
  23. The Infrastructure Master FSMO role is responsible for reference updates from its domain objects to other domains.
    • Ans: True
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  24. The PDC Emulator is responsible for managing time synchronization within an Active Directory domain.
    • Ans: True
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  25. The Domain Naming Master is responsible for managing changes to the Active Directory schema.
    • Ans: False
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  26. The global __________ holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest.
    • Ans: catalog
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
  27. Domain local and __________ group memberships are stored at the domain level.
    • Ans: global
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
  28. Each __________ should contain a global catalog server to facilitate user logons.
    • Ans: site
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
  29. Port __________ is used for Active Directory object searches.
    • Ans: 3268
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
  30. Active Directory supports __________ FSMO roles.
    • Ans: five, 5
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
  31. Password changes, account lockouts, and time synchronization for the domain are managed by the PDC __________.
    • Ans: Emulator
    • Difficulty: Medium
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  32. The __________ identifier is a variable-length number that is assigned to objects at creation and becomes part of the object’s security identifier.
    • Ans: relative
    • Difficulty: Medium
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  33. The Domain __________ Master has the authority to manage the creation and deletion of domains, domain trees, and application data partitions in the forest.
    • Ans: Naming
    • Difficulty: Medium
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  34. The role __________ process is used when you move a FSMO role gracefully from one domain controller to another.
    • Ans: transfer
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  35. __________ is used to perform a seizure of an FSMO role.
    • Ans: ntdsutil
    • Difficulty: Hard
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  36. What is a partial copy of all objects from other domains within the same forest?
    • Ans: partial attribute set
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
  37. What types of group memberships are stored in the global catalog?
    • Ans: universal group memberships
    • Difficulty: Medium
    • Section Ref: Understanding the Global Catalog
  38. Universal group membership caching is enabled on what type of basis?
    • Ans: per-site
    • Difficulty: Hard
    • Section Ref: Understanding the Global Catalog
  39. The Directory Services Event Viewer will display what event when the computer is ready to advertise itself as a global catalog server?
    • Ans: Event ID 1119
    • Difficulty: Hard
    • Section Ref: Understanding the Global Catalog
  40. What FSMO role is responsible for assigning relative identifiers to domain controllers in the domain?
    • Ans: Relative Identifier Master
    • Difficulty: Medium
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  41. What is a 128-bit hexadecimal number assigned to each object at the time that it is created in the Active Directory forest?
    • Ans: globally unique identifier, GUID
    • Difficulty: Medium
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  42. What tool can be used to check the status of update sequence numbers?
    • Ans: repadmin
    • Difficulty: Medium
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  43. What are assigned to domain controllers to perform single-master operations?
    • Ans: operations master roles
    • Difficulty: Hard
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  44. What does a global catalog server do?
    • Ans: The global catalog holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest.
    • Difficulty: Easy
    • Section Ref: Understanding the Global Catalog
  45. What is universal group membership caching?
    • Ans: It stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server.
    • Difficulty: Medium
    • Section Ref: Understanding the Global Catalog
  46. When planning for the installation of a new global catalog server, what should be taken into consideration in regard to storage space?
    • Ans: As a rule of thumb, you should estimate 50 percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server.
    • Difficulty: Medium
    • Section Ref: Understanding the Global Catalog
  47. What are the three domain-wide FSMOs?
    • Ans: Relative Identifier Master, Infrastructure Master, Primary Domain Controller Emulator
    • Difficulty: Medium
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  48. What is the relation of a relative identifier to a security identifier?
    • Ans: The RID is a variable-length number that is assigned to objects at creation and becomes part of the object’s security identifier.
    • Difficulty: Hard
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  49. What are the two forest-wide FSMOs?
    • Ans: Domain Naming Master and Schema Master
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles
  50. What is the difference between role transfer and role seizure?
    • Ans: Role transfer is used when you move a FSMO role gracefully from one domain controller to another. Role seizure is used only when you have experienced a catastrophic failure of a domain controller that holds a FSMO role.
    • Difficulty: Easy
    • Section Ref: Understanding Flexible Single Master Operations (FSMO) Roles

What would you like to do?

Home > Flashcards > Print Preview