1. | When a group of admins has control over resources that are all located at one location, what type of administrative model is this?
|
|
2. | What type of administrative model is in place when the administrators are located close to the resources for which they are responsible, and those resources are spread out at each of the company s locations?
|
|
3. | Terry is developing an Active Directory design and is in the process of interviewing some of the upper-level management from the company. The manager of information technology (IT) has told Terry that the organization is divided into teams , with each team responsible for a specific task. His IT department has several individuals who are all working on different tasks , each one responsible for supporting the IT needs of the task. What type of business model is in use?
|
|
4. | Which of the following tools will allow you to analyze the resource usage on your servers and save the collected data within a SQL Server 7 database? (Choose all that apply.)
|
|
5. | Given the following statement, what priorities are identified? (Choose all that apply.) We need to make sure that the new system still allows us to follow the federal laws put into place to govern financial institutions. Of course, we also need to continue supporting a set of software packages that have been approved for use within the Savings and Loan associations.
|
|
6. | When designing an Active Directory forest structure, which of the following structures is usually created if all of the company s resources are controlled by a central administrative group even though the administration may be decentralized?
|
|
7. | Administrators who are identified as responsible for maintaining Active Directory are know as which of the following?
|
|
8. | Due to their level of administrative control, service admins also have what level of authority?
|
|
9. | Users are required to use 8 characters for their password. Research and Development requires that 10 characters be used and that the passwords meet complexity requirements. How will you implement this?
|
|
10. | When interoperating with a UNIX network, which of the trust relationships can be created between UNIX and Active Directory?
|
|
11. | Prior to bringing the first Windows 2003 Server domain controller online within a Windows 2000 Active Directory Domain, which utilities should be run? (Choose all that apply.)
|
|
12. | What are the three primary reasons for creating an OU?
|
|
13. | What is the definition of an OU owner?
|
|
14. | If an OU is created for the express purpose of administrative control over printer objects, what type of an OU is this considered to be?
|
|
15. | When identifying an organization s objectives for using Group Policies, where should the password policy setting be applied?
|
|
16. | Which of the following suggestions should be followed when designing the Group Policy structure? (Choose two.)
|
|
17. | Once identified, where should the GPOs that contain the setting for corporate standards be applied?
|
|
18. | What condition must be met in order to nest a Global security group into another Global security group?
|
|
19. | Which of the following is not an account type that can be created in Active Directory?
|
|
20. | Which of the following security group would be valid when a domain is in the Windows 2000 mixed mode functional level?
|
|
21. | You want to control when replication occurs between domain controllers that are located on each side of a WAN link. What do you need to create in order to control the replication? (Choose all that apply.)
|
|
22. | Which of the following server specifications will support a domain controller that needs to support 1800 users?
|
|
23. | In which of the following situations should you locate a Global Catalog server within a network location? (Choose all that apply.)
|
|
24. | When choosing IP allocations options, how would you configure a DNS server within a perimeter network?
|
|
25. | Your organization will only open IP addresses and ports for trusted systems on the Internet. You have clients who need to connect through a VPN connection to your RAS server, but you cannot guarantee the IP addresses they use when they connect. Where should you place your VPN server to support your users?
|
|
26. | You have several workstations and intranet web servers within your network. You would like to configure them so that IP addressing is streamlined, yet you want to make sure they can communicate on the network if the DHCP server is unavailable. Which address allocation method should you use?
|
|
27. | Which of the following WINS replication topologies is the most efficient?
|
|
28. | When an attacker is attempting to determine the servers and addresses of those servers within the internal network in order to perform other attacks on the network infrastructure, what type of attack is this known as?
|
|
29. | In order for DNS servers within the perimeter network to communicate with DNS servers on the internal network, you usually have to open port 53 on the firewall. Which of the following methods will allow you to keep port 53 closed and encrypt the data from an attacker trying to capture packets?
|
|
Answers
1. | A. When administrators are located with the resources that they are administering, and no resources are located at other offices, the centralized administrative with centralized resources administrative model is used. For more information, see Chapter 1. |
2. | C. When the resources are decentralized and the administrators that are responsible for those resources are located local to the resources, the decentralized administrative model is used. For more information, see Chapter 1. |
3. | D. Most companies that are employing the project/service-based model will have employees from different business units, such as accounting and manufacturing, all working on a project so that the resources are available to efficiently complete the project. For more information, see Chapter 1. |
4. | A, B. Windows NT 4 has the Performance Monitor utility that will allow an administrator to log the resource usage to a database so that the information can be parsed later to determine the resource usage pattern. Windows 2000 Server provides this functionality with Performance Logs And Alerts. See Chapter 2 for more information. |
5. | A, D. Due to the laws that govern the Savings and Loan associations, specific needs will have to be addressed. Part of this is the certification of the software that is used within the associations as well as the legal regulations that they have to follow to insure that they are operating within the legal statutes put in place by the federal government. See Chapter 2 for more information. |
6. | A. Organizational forests are used when all of the resources from the company are centrally controlled. If the administrative staff is decentralized, domains can be created within the forest to allow for autonomy, or OUs can be built to organize the resources and ease administrative overhead. See Chapter 3 for more information. |
7. | D. Service administrators are responsible for Active Directory and making sure that it is available and configured correctly so that users can gain access to the services it provides. See Chapter 3 for more information. |
8. | A. Service administrators have all of the required permissions to also perform the duties of a data administrator. Although these duties are usually separated so that administration of the service and data can be divided and made more efficient, small organizations will take advantage of having the same group of administrators performing both tasks. See Chapter 3 for more information. |
9. | B. Account restrictions are controlled at the domain level. Although a new forest would allow the Research and Development users to have their own password policies, it is a rather drastic step to take. Creating their own domain will suffice. See Chapter 4 for more information. |
10. | C. Active Directory can utilize realm trusts to interoperate with a UNIX Kerberos realm. See Chapter 4 for more information. |
11. | A, D. ADPrep/forestprep adds the additional schema and object changes to the Schema Master. ADPrep /domainprep adds the additional changes required for Active Directory to the domain controllers within the domain where it is run. See Chapter 4 for more information. |
12. | A, B, C. Password restrictions are controlled at the domain level. OUs are created to control the administrative needs of users within the domain, assign group policies to like objects, or control visibility of objects so that they are seen only by the appropriate users. See Chapter 5 for more information. |
13. | B. The OU owners have the ability to control every aspect of the OU including creating, deleting, and maintaining user, group, and computer accounts as well as OUs within the OU. Once the domain owner delegates full control over the OU to a group, any member of that group will become an OU owner. See Chapter 5 for more information. |
14. | B. A resource OU is created so that permissions can be delegated to administrators that need to control computer objects or shared folders or printers that have been published within the OU. See Chapter 5 for more information. |
15. | A. Password policies are applied with the Default Domain Policy and cannot be overridden by any other policy within the forest. See Chapter 6 for more information. |
16. | B, C. The OU structure of the company should be based on the administrative needs of the organization first and then enhanced for Group Policy use. Then by condensing the GPO settings into as few GPOs as possible, the application of GPOs will be streamlined. See Chapter 6 for more information. |
17. | D. The corporate standards should be set high in the hierarchy. If set at the domain level, the settings will apply to all users within the domain. If set at the OU level, too many links may need to be applied. See Chapter 6 for more information. |
18. | C. In order for Global security groups to be nested inside of other Global security groups, your domain or forest must be at a minimum of Windows 2000 native mode or Windows 2003 native mode. See Chapter 7 for more information. |
19. | C. Active Directory can contain any of the following account types: User, InetOrgPerson, Contact, Computer, and Group. See Chapter 7 for more information. |
20. | A, B, C. Because the domain is at the Windows 2000 native mode functional level, Universal security groups are not available for use. See Chapter 7 for more information. |
21. | A, C. A site will allow all domain controllers within the site to communicate with one another as soon as an object is changed and will not compress the replicated information. A site link will allow replication to pass from one site to another and will compress the data so that the WAN link is not burdened. See Chapter 8 for more information. |
22. | D. For 1500 or more users, 2GB RAM will be necessary for efficient authentication request processing. It is also recommended by Microsoft that, at a minimum, a Quad 899MHz processor system be used. See Chapter 8 for more information. |
23. | A, B, C, D. All of these options are good reasons to locate a Global Catalog server in a site. See Chapter 8 for more information. |
24. | A. With a DNS server, you only have the option of configuring a static address, you cannot use any of the dynamic address allocation methods. See Chapter 9 for more details. |
25. | A. Because the network engineers will not allow you to have the rules configured on the firewall that would allow users to connect from all addresses, you will have to place the VPN server in front of the firewall. Although this is not the most secure solution for the RAS server, the network policies will not be jeopardized. See Chapter 9 for more information. |
26. | D. If you configure your systems to use DHCP, then any changes to your infrastructure can be configured within the appropriate scopes in the DHCP server. If you apply alternate addressing at the client, the client can use the alternate address if the DHCP server is unavailable and the client s lease expires . See Chapter 9 for more information. |
27. | B. The hub-and-spoke replication topology allows WINS servers to pass replication data through a central server in order to deliver it to the other WINS servers and reduce the convergence time. See Chapter 10 for more information. |
28. | C. When an attacker is footprinting your network, they are attempting to determine what systems are used within your network by capturing name resolution data that specifies system names and IP addresses. See Chapter 10 for more information. |
29. | B. If you want to secure the DNS traffic that is sent through a firewall by DNS servers, you should configure the DNS server to use a VPN solution. Doing so will encrypt the DNS packets to keep them from prying eyes and allow you to close port 53 on the firewall. See Chapter 10 for more information. |