Assessment Test

Previous page
Table of content
Next page

1.  

When a group of admins has control over resources that are all located at one location, what type of administrative model is this?

  1. Centralized/centralized

  2. Centralized/decentralized

  3. Decentralized

  4. Hybrid

  5. Outsourced

a. when administrators are located with the resources that they are administering, and no resources are located at other offices, the centralized administrative with centralized resources administrative model is used. for more information, see chapter 1.

2.  

What type of administrative model is in place when the administrators are located close to the resources for which they are responsible, and those resources are spread out at each of the company s locations?

  1. Centralized/centralized

  2. Centralized/decentralized

  3. Decentralized

  4. Hybrid

  5. Outsourced

c. when the resources are decentralized and the administrators that are responsible for those resources are located local to the resources, the decentralized administrative model is used. for more information, see chapter 1 .

3.  

Terry is developing an Active Directory design and is in the process of interviewing some of the upper-level management from the company. The manager of information technology (IT) has told Terry that the organization is divided into teams , with each team responsible for a specific task. His IT department has several individuals who are all working on different tasks , each one responsible for supporting the IT needs of the task. What type of business model is in use?

  1. Departmental

  2. Cost center

  3. Product-based

  4. Project/service-based

d. most companies that are employing the project/service-based model will have employees from different business units, such as accounting and manufacturing, all working on a project so that the resources are available to efficiently complete the project. for more information, see chapter 1.

4.  

Which of the following tools will allow you to analyze the resource usage on your servers and save the collected data within a SQL Server 7 database? (Choose all that apply.)

  1. Performance Monitor

  2. Performance Logs And Alerts

  3. System Monitor

  4. Network Monitor

a, b. windows nt 4 has the performance monitor utility that will allow an administrator to log the resource usage to a database so that the information can be parsed later to determine the resource usage pattern. windows 2000 server provides this functionality with performance logs and alerts. see chapter 2 for more information.

5.  

Given the following statement, what priorities are identified? (Choose all that apply.)

We need to make sure that the new system still allows us to follow the federal laws put into place to govern financial institutions. Of course, we also need to continue supporting a set of software packages that have been approved for use within the Savings and Loan associations.

  1. Legal regulations

  2. Autonomy of administration

  3. Security policies

  4. Software requirements

a, d. due to the laws that govern the savings and loan associations, specific needs will have to be addressed. part of this is the certification of the software that is used within the associations as well as the legal regulations that they have to follow to insure that they are operating within the legal statutes put in place by the federal government. see chapter 2 for more information.

6.  

When designing an Active Directory forest structure, which of the following structures is usually created if all of the company s resources are controlled by a central administrative group even though the administration may be decentralized?

  1. Organizational forest

  2. Resource forest

  3. Restricted-access forest

  4. Regional forest

a. organizational forests are used when all of the resources from the company are centrally controlled. if the administrative staff is decentralized, domains can be created within the forest to allow for autonomy, or ous can be built to organize the resources and ease administrative overhead. see chapter 3 for more information.

7.  

Administrators who are identified as responsible for maintaining Active Directory are know as which of the following?

  1. Data administrators

  2. Domain administrators

  3. Forest administrators

  4. Service administrators

d. service administrators are responsible for active directory and making sure that it is available and configured correctly so that users can gain access to the services it provides. see chapter 3 for more information.

8.  

Due to their level of administrative control, service admins also have what level of authority?

  1. Data administrators

  2. Domain administrators

  3. Forest administrators

  4. Schema administrators

a. service administrators have all of the required permissions to also perform the duties of a data administrator. although these duties are usually separated so that administration of the service and data can be divided and made more efficient, small organizations will take advantage of having the same group of administrators performing both tasks. see chapter 3 for more information.

9.  

Users are required to use 8 characters for their password. Research and Development requires that 10 characters be used and that the passwords meet complexity requirements. How will you implement this?

  1. Add the Research and Development users to their own forest and set their passwords accordingly .

  2. Add the Research and Development users to their own domain and set their passwords accordingly.

  3. Add the Research and Development users to their own OU and set their passwords accordingly.

  4. Add the Research and Development users to their own group and set their passwords accordingly.

b. account restrictions are controlled at the domain level. although a new forest would allow the research and development users to have their own password policies, it is a rather drastic step to take. creating their own domain will suffice. see chapter 4 for more information.

10.  

When interoperating with a UNIX network, which of the trust relationships can be created between UNIX and Active Directory?

  1. Forest trust

  2. Shortcut trust

  3. Realm trust

  4. External trust

c. active directory can utilize realm trusts to interoperate with a unix kerberos realm. see chapter 4 for more information.

11.  

Prior to bringing the first Windows 2003 Server domain controller online within a Windows 2000 Active Directory Domain, which utilities should be run? (Choose all that apply.)

  1. Run ADPrep /forestprep

  2. Run ADPrep /prepDNS

  3. Run DomainPrep /prepDNS

  4. Run ADPrep /domainprep

a, d. adprep/forestprep adds the additional schema and object changes to the schema master. adprep /domainprep adds the additional changes required for active directory to the domain controllers within the domain where it is run. see chapter 4 for more information.

12.  

What are the three primary reasons for creating an OU?

  1. Control administration

  2. Assignment of group policies

  3. Object visibility

  4. Password restrictions

a, b, c. password restrictions are controlled at the domain level. ous are created to control the administrative needs of users within the domain, assign group policies to like objects, or control visibility of objects so that they are seen only by the appropriate users. see chapter 5 for more information.

13.  

What is the definition of an OU owner?

  1. The administrative group that has the ability to control resource objects within an OU

  2. The administrative group that has been granted full control over an OU

  3. The administrative group that has the ability to control the user objects within an OU

  4. The administrative group that has the ability to create user, group, and computer accounts within an OU

b. the ou owners have the ability to control every aspect of the ou including creating, deleting, and maintaining user, group, and computer accounts as well as ous within the ou. once the domain owner delegates full control over the ou to a group, any member of that group will become an ou owner. see chapter 5 for more information.

14.  

If an OU is created for the express purpose of administrative control over printer objects, what type of an OU is this considered to be?

  1. Account OU

  2. Resource OU

  3. Security principle OU

  4. Task OU

b. a resource ou is created so that permissions can be delegated to administrators that need to control computer objects or shared folders or printers that have been published within the ou. see chapter 5 for more information.

15.  

When identifying an organization s objectives for using Group Policies, where should the password policy setting be applied?

  1. Default Domain Policy

  2. Default Domain Controller Policy

  3. At the site where the users are located

  4. The site where the computers are located

a. password policies are applied with the default domain policy and cannot be overridden by any other policy within the forest. see chapter 6 for more information.

16.  

Which of the following suggestions should be followed when designing the Group Policy structure? (Choose two.)

  1. Create a GPO for each unique setting and name it for the setting used.

  2. Create a GPO for like settings and name it based on its function.

  3. Create an OU structure based primarily on the administrative needs of the company.

  4. Create an OU structure based primarily on the Group Policy needs of the company.

b, c. the ou structure of the company should be based on the administrative needs of the organization first and then enhanced for group policy use. then by condensing the gpo settings into as few gpos as possible, the application of gpos will be streamlined. see chapter 6 for more information.

17.  

Once identified, where should the GPOs that contain the setting for corporate standards be applied?

  1. Linked to the top level OUs

  2. Linked at each of the child OUs where user and computer accounts are located

  3. At each forest within Active Directory

  4. At each domain within Active Directory

d. the corporate standards should be set high in the hierarchy. if set at the domain level, the settings will apply to all users within the domain. if set at the ou level, too many links may need to be applied. see chapter 6 for more information.

18.  

What condition must be met in order to nest a Global security group into another Global security group?

  1. The domain or forest must be at a minimum of Windows 2000 mixed mode, with no Windows NT 4.0 domain controllers on the network.

  2. The domain or forest must be at a minimum of Windows 2000 mixed mode with at least one Windows 2003 domain controller present.

  3. The domain or forest must be at a minimum of Windows 2000 native mode or Windows 2003 native mode.

  4. The domain must be at Windows 2003 native mode and the forest must be at a Windows 2003 forest functional level.

c. in order for global security groups to be nested inside of other global security groups, your domain or forest must be at a minimum of windows 2000 native mode or windows 2003 native mode. see chapter 7 for more information.

19.  

Which of the following is not an account type that can be created in Active Directory?

  1. Contact

  2. InetOrgPerson

  3. Resource

  4. Group

c. active directory can contain any of the following account types: user, inetorgperson, contact, computer, and group. see chapter 7 for more information.

20.  

Which of the following security group would be valid when a domain is in the Windows 2000 mixed mode functional level?

  1. L-Chi-HRFiles

  2. DL-Chi-RDPrint

  3. G-Miami-MedRecords

  4. U-Acct

a, b, c. because the domain is at the windows 2000 native mode functional level, universal security groups are not available for use. see chapter 7 for more information.

21.  

You want to control when replication occurs between domain controllers that are located on each side of a WAN link. What do you need to create in order to control the replication? (Choose all that apply.)

  1. Site

  2. Subnet

  3. Site link

  4. Subnet connector

a, c. a site will allow all domain controllers within the site to communicate with one another as soon as an object is changed and will not compress the replicated information. a site link will allow replication to pass from one site to another and will compress the data so that the wan link is not burdened. see chapter 8 for more information.

22.  

Which of the following server specifications will support a domain controller that needs to support 1800 users?

  1. Single 800MHz processor, 1GB RAM

  2. Single 800MHz processor, 2GB RAM

  3. Dual 1000MHz processor, 1GB RAM

  4. Quad 1000MHz processor, 2GB RAM

d. for 1500 or more users, 2gb ram will be necessary for efficient authentication request processing. it is also recommended by microsoft that, at a minimum, a quad 899mhz processor system be used. see chapter 8 for more information.

23.  

In which of the following situations should you locate a Global Catalog server within a network location? (Choose all that apply.)

  1. You have more than 100 users authenticating.

  2. You have an application that queries a Global Catalog server.

  3. The WAN link is not reliable.

  4. You have many roaming users.

a, b, c, d. all of these options are good reasons to locate a global catalog server in a site. see chapter 8 for more information.

24.  

When choosing IP allocations options, how would you configure a DNS server within a perimeter network?

  1. With a static IP address

  2. Using an automatic private IP address (APIPA)

  3. Using dynamic host control protocol (DHCP)

  4. Using dynamic host control protocol (DHCP) with an alternate address

a. with a dns server, you only have the option of configuring a static address, you cannot use any of the dynamic address allocation methods. see chapter 9 for more details.

25.  

Your organization will only open IP addresses and ports for trusted systems on the Internet. You have clients who need to connect through a VPN connection to your RAS server, but you cannot guarantee the IP addresses they use when they connect. Where should you place your VPN server to support your users?

  1. In front of the firewall

  2. Behind a bastion host

  3. In the perimeter network of a three- homed firewall

  4. In the perimeter network of a back-to-back firewall

a. because the network engineers will not allow you to have the rules configured on the firewall that would allow users to connect from all addresses, you will have to place the vpn server in front of the firewall. although this is not the most secure solution for the ras server, the network policies will not be jeopardized. see chapter 9 for more information.

26.  

You have several workstations and intranet web servers within your network. You would like to configure them so that IP addressing is streamlined, yet you want to make sure they can communicate on the network if the DHCP server is unavailable. Which address allocation method should you use?

  1. Static addressing

  2. Automatic private IP addressing

  3. Dynamic host configuration Protocol (DHCP)

  4. Dynamic host configuration protocol (DHCP) with alternate IP addressing

d. if you configure your systems to use dhcp, then any changes to your infrastructure can be configured within the appropriate scopes in the dhcp server. if you apply alternate addressing at the client, the client can use the alternate address if the dhcp server is unavailable and the client s lease expires. see chapter 9 for more information.

27.  

Which of the following WINS replication topologies is the most efficient?

  1. Cross-server

  2. Hub-and-spoke

  3. Linear

  4. Push-allocated

b. the hub-and-spoke replication topology allows wins servers to pass replication data through a central server in order to deliver it to the other wins servers and reduce the convergence time. see chapter 10 for more information.

28.  

When an attacker is attempting to determine the servers and addresses of those servers within the internal network in order to perform other attacks on the network infrastructure, what type of attack is this known as?

  1. Data modification

  2. Denial-of-service

  3. Footprinting

  4. Redirection

c. when an attacker is footprinting your network, they are attempting to determine what systems are used within your network by capturing name resolution data that specifies system names and ip addresses. see chapter 10 for more information.

29.  

In order for DNS servers within the perimeter network to communicate with DNS servers on the internal network, you usually have to open port 53 on the firewall. Which of the following methods will allow you to keep port 53 closed and encrypt the data from an attacker trying to capture packets?

  1. Allow the DNS server to perform WINS resolution with a WINS server on the internal network instead of using hostname resolution.

  2. Configure the DNS server to use a VPN technology through the firewall.

  3. Change the port that DNS uses and open that port on the firewall instead.

  4. Only specify DNS servers that the DNS server will send zone transfers to by IP address.

b. if you want to secure the dns traffic that is sent through a firewall by dns servers, you should configure the dns server to use a vpn solution. doing so will encrypt the dns packets to keep them from prying eyes and allow you to close port 53 on the firewall. see chapter 10 for more information.

Answers

1.  

A. When administrators are located with the resources that they are administering, and no resources are located at other offices, the centralized administrative with centralized resources administrative model is used. For more information, see Chapter 1.

2.  

C. When the resources are decentralized and the administrators that are responsible for those resources are located local to the resources, the decentralized administrative model is used. For more information, see Chapter 1.

3.  

D. Most companies that are employing the project/service-based model will have employees from different business units, such as accounting and manufacturing, all working on a project so that the resources are available to efficiently complete the project. For more information, see Chapter 1.

4.  

A, B. Windows NT 4 has the Performance Monitor utility that will allow an administrator to log the resource usage to a database so that the information can be parsed later to determine the resource usage pattern. Windows 2000 Server provides this functionality with Performance Logs And Alerts. See Chapter 2 for more information.

5.  

A, D. Due to the laws that govern the Savings and Loan associations, specific needs will have to be addressed. Part of this is the certification of the software that is used within the associations as well as the legal regulations that they have to follow to insure that they are operating within the legal statutes put in place by the federal government. See Chapter 2 for more information.

6.  

A. Organizational forests are used when all of the resources from the company are centrally controlled. If the administrative staff is decentralized, domains can be created within the forest to allow for autonomy, or OUs can be built to organize the resources and ease administrative overhead. See Chapter 3 for more information.

7.  

D. Service administrators are responsible for Active Directory and making sure that it is available and configured correctly so that users can gain access to the services it provides. See Chapter 3 for more information.

8.  

A. Service administrators have all of the required permissions to also perform the duties of a data administrator. Although these duties are usually separated so that administration of the service and data can be divided and made more efficient, small organizations will take advantage of having the same group of administrators performing both tasks. See Chapter 3 for more information.

9.  

B. Account restrictions are controlled at the domain level. Although a new forest would allow the Research and Development users to have their own password policies, it is a rather drastic step to take. Creating their own domain will suffice. See Chapter 4 for more information.

10.  

C. Active Directory can utilize realm trusts to interoperate with a UNIX Kerberos realm. See Chapter 4 for more information.

11.  

A, D. ADPrep/forestprep adds the additional schema and object changes to the Schema Master. ADPrep /domainprep adds the additional changes required for Active Directory to the domain controllers within the domain where it is run. See Chapter 4 for more information.

12.  

A, B, C. Password restrictions are controlled at the domain level. OUs are created to control the administrative needs of users within the domain, assign group policies to like objects, or control visibility of objects so that they are seen only by the appropriate users. See Chapter 5 for more information.

13.  

B. The OU owners have the ability to control every aspect of the OU including creating, deleting, and maintaining user, group, and computer accounts as well as OUs within the OU. Once the domain owner delegates full control over the OU to a group, any member of that group will become an OU owner. See Chapter 5 for more information.

14.  

B. A resource OU is created so that permissions can be delegated to administrators that need to control computer objects or shared folders or printers that have been published within the OU. See Chapter 5 for more information.

15.  

A. Password policies are applied with the Default Domain Policy and cannot be overridden by any other policy within the forest. See Chapter 6 for more information.

16.  

B, C. The OU structure of the company should be based on the administrative needs of the organization first and then enhanced for Group Policy use. Then by condensing the GPO settings into as few GPOs as possible, the application of GPOs will be streamlined. See Chapter 6 for more information.

17.  

D. The corporate standards should be set high in the hierarchy. If set at the domain level, the settings will apply to all users within the domain. If set at the OU level, too many links may need to be applied. See Chapter 6 for more information.

18.  

C. In order for Global security groups to be nested inside of other Global security groups, your domain or forest must be at a minimum of Windows 2000 native mode or Windows 2003 native mode. See Chapter 7 for more information.

19.  

C. Active Directory can contain any of the following account types: User, InetOrgPerson, Contact, Computer, and Group. See Chapter 7 for more information.

20.  

A, B, C. Because the domain is at the Windows 2000 native mode functional level, Universal security groups are not available for use. See Chapter 7 for more information.

21.  

A, C. A site will allow all domain controllers within the site to communicate with one another as soon as an object is changed and will not compress the replicated information. A site link will allow replication to pass from one site to another and will compress the data so that the WAN link is not burdened. See Chapter 8 for more information.

22.  

D. For 1500 or more users, 2GB RAM will be necessary for efficient authentication request processing. It is also recommended by Microsoft that, at a minimum, a Quad 899MHz processor system be used. See Chapter 8 for more information.

23.  

A, B, C, D. All of these options are good reasons to locate a Global Catalog server in a site. See Chapter 8 for more information.

24.  

A. With a DNS server, you only have the option of configuring a static address, you cannot use any of the dynamic address allocation methods. See Chapter 9 for more details.

25.  

A. Because the network engineers will not allow you to have the rules configured on the firewall that would allow users to connect from all addresses, you will have to place the VPN server in front of the firewall. Although this is not the most secure solution for the RAS server, the network policies will not be jeopardized. See Chapter 9 for more information.

26.  

D. If you configure your systems to use DHCP, then any changes to your infrastructure can be configured within the appropriate scopes in the DHCP server. If you apply alternate addressing at the client, the client can use the alternate address if the DHCP server is unavailable and the client s lease expires . See Chapter 9 for more information.

27.  

B. The hub-and-spoke replication topology allows WINS servers to pass replication data through a central server in order to deliver it to the other WINS servers and reduce the convergence time. See Chapter 10 for more information.

28.  

C. When an attacker is footprinting your network, they are attempting to determine what systems are used within your network by capturing name resolution data that specifies system names and IP addresses. See Chapter 10 for more information.

29.  

B. If you want to secure the DNS traffic that is sent through a firewall by DNS servers, you should configure the DNS server to use a VPN solution. Doing so will encrypt the DNS packets to keep them from prying eyes and allow you to close port 53 on the firewall. See Chapter 10 for more information.



Previous page
Table of content
Next page
MCSE
MCSE: Windows Server 2003 Active Directory and Network Infrastructure Design Study Guide (70-297)
ISBN: 0782143210
EAN: 2147483647
Year: 2004
Pages: 159
Authors: Brad Price, Sybex
BUY ON AMAZON
Java I/O
ERP and Data Warehousing in Organizations: Issues and Challenges
101 Microsoft Visual Basic .NET Applications
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Web Systems Design and Online Consumer Behavior
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy