IST-258 Final Exam – Flashcards
Unlock all answers in this set
Unlock answersquestion
Carl works as a system administrator for a medium sized corporation. Recent green-awareness meetings and funding cutbacks within the corporation have increased the need for resource consolidation. With an increase in demand for a reduction in environmental impact, Carl is looking to virtualize five separate servers and host them on a single server running Hyper-V. Carl receives a volume license copy of Windows Server 2008 32-bit Enterprise Edition. He installs it on a machine with the following specifications: Processor: 64-bit Xeon Quad core 2.66 GHz Memory: 16 GB Available disk space: 50 GB Additional Drives: DVD-ROM During installation, default settings are accepted. After Carl has installed Windows Server 2008, he finds that he is unable to use Hyper-V. What is the problem?
answer
Hyper-V requires a 64-bit edition of Windows Standard or better
question
Which of the following tools is the basic application responsible for loading more useful management related snap-ins?
answer
Microsoft Management Console
question
Using this tool, administrators can create policies that require computers to have the latest anti-virus and OS updates, as well as compliant firewall settings.
answer
Network Access Protection (NAP)
question
When examining the Workgroup Model, a Windows Server 2008 server that participates in a workgroup is referred to as a ____.
answer
stand-alone server
question
Which is not a benefit of using virtual machines?
answer
Virtual machines have reduced hardware and software requirements
question
This server role provides automatic IP address assignment and configuration for client computers.
answer
Dynamic Host Configuration Protocol (DHCP)
question
The main purpose of Active Directory is to ____.
answer
Provide authentication and authorization to users and computers
question
A DNS Server is used to ____.
answer
Resolve names of Internet computers and domain computers to their assigned IP addresses
question
You work for a large corporation with several branch offices that have varying requirements in regards to security. Your boss has informed you that a new branch office is in need of a domain controller, but has stressed that due to security reasons, he doesn't want the server to have the ability to make changes to any domain related information. What can you install to satisfy the needs of the branch office?
answer
Read only domain controller (RODC)
question
One of your partner organizations currently has to provide logon credentials to access critical applications on your extranet's web site. While this has worked in the past, a recent meeting has brought to light the need for single sign-on capabilities for the website. After researching the issue, you discover that one of Windows Server 2008's new Active Directory roles can help solve the problem. Which of the following answers allows you to create a trust relationship between your extranet and your partner organization?
answer
Active Directory Federation Services (AD FS)
question
Which of the following is an important requirement for running Hyper-V?
answer
Must have at least Windows Server 2008 64-bit Standard edition
question
Your intern would like to know which of the following situations would be ideal for a Server Core installation:
answer
You want to install an RODC in a branch office
question
Pick the service below that is required by Active Directory:
answer
DNS
question
The core structural unit of Active Directory; contains OUs and represents administrative, security, and policy boundaries
answer
domain
question
An Active Directory container used to organize a network's users and resources into logical administrative units
answer
Organizational Unit
question
Used to create new objects in Active Directory from the command line
answer
dsadd
question
User accounts created by Windows automatically during installation
answer
A. built-in user accounts
question
Information that defines the type, organization, and structure of data stored in the Active Directory database
answer
Schema
question
A list of settings that administrators use to configure user and computer operating environments remotely through Active Directory
answer
Group Policy Object (GPO)
question
A person who is associated with the company but is not a network user
answer
Contact
question
Used to complete the installation of Active Directory and to make a domain controller fully functional
answer
dcpromo.exe
question
Used to set policies that apply to all users within the GPO's scope
answer
User Configuration
question
GPOs can be linked to all of the following except ____.
answer
groups
question
What are the two default GPOs that are created when Active Directory is installed?
answer
Default Domain Policy and Default Domain Controllers Policy
question
A ____ specifies the actions a user can perform on a Windows network.
answer
Right
question
You are in charge of a domain that contains several office rooms and one large computer commons area. In order to secure accounts in the domain, you want to apply separate account policies for the computers in the commons area, while maintaining the policies that are used in the office rooms. Currently, all computers are in the Computers folder. What is the most efficient way to accomplish this task?
answer
Create a new OU called "CommonsArea" and move the commons area computer accounts into it. Create a new GPO and configure the desired account policies. Link the new GPO to the CommonsArea OU.
question
When is the installation of the Global Catalog server option mandatory?
answer
It is required when adding the first domain controller in a forest
question
What boot mode is used to perform restore operations on Active Directory if it becomes corrupted or parts of it are deleted accidentally?
answer
Directory Services Restore Mode
question
A forest is ____.
answer
A collection of one or more Active Directory trees.
question
In what order are GPOs applied?
answer
Local computer, site, domain, OU
question
If a policy is defined in a GPO linked to a domain, and that policy is defined with a different setting in a GPO linked to an OU, which is true by default?
answer
The policy setting in the GPO linked to the OU is applied.
question
Which of the following is not a part of Active Directory's four organizing components?
answer
Users
question
How many domains can a single domain controller service?
answer
Only one
question
Which of the following defines the types of information stored in an Active Directory object?
answer
Schema attributes
question
Domain controller computer accounts are placed in what container by default?
answer
Domain Controllers OU
question
Which of the following statements about operations master roles is correct?
answer
There is only one domain naming master per forest, which must be available whenever domains are added, deleted, or renamed.
question
Which of the following is not a valid operations master role?
answer
User management master
question
A process called ____ runs on every domain controller to determine the replication topology which defines the domain controller path that Active Directory changes flow through.
answer
Knowledge Consistency Checker (KCC)
question
What is the name of the default site link that is created when Active Directory is first installed?
answer
DEFAULTIPSITELINK
question
A(n) ____ is a one-way or two-way nontransitive trust between two domains that aren't in the same forest
answer
External trust
question
The group "TestGroup" has been added to an objects DACL and assigned the Allow Full control permission. "TestUserA" is a member of "TestGroup", which has been assigned Deny Write permission for the object. What is "TestUserA"'s effective permissions?
answer
TestUserA can do anything that Full Control would allow him to do, except write to the object.
question
False
answer
Global groups can be members of any global group in the forest
question
What is Microsoft's best practices recommendation for the structure of group scope nesting?
answer
AGDLP
question
Where are local groups stored?
answer
In the local SAM database
question
A seasoned intern, Sally, has been given a new assignment. She must be able to log on locally to DCs, manage some services, manage shared resources, back up and restore files, shutdown DCs, format hard drives, and change the system time. In order to give her only the rights and permissions necessary to complete these tasks, what domain local group will you add her to?
answer
Server Operators
question
Which group matches the following description? This universal group is found only on DCs in the forest root domain. Members have full control over forestwide operations. This group is a member of the Administrators group on all DCs.
answer
Enterprise Admins
question
By default, a user's profile is created....
answer
When the user first logs on
question
Where are user profiles stored by default in Windows Server 2008?
answer
%SYSTEMDRIVE%Users
question
How do you change a profile into a mandatory profile?
answer
Rename Ntuser.dat to Ntuser.man
question
How would you access serverXX's administrative share for the C Drive?
answer
serverXX$C
question
What is the Windows file-sharing protocol?
answer
Server Message Block (SMB)
question
In a Windows environment, he physical printer containing paper and ink or toner to which print jobs are sent is called...
answer
a print device
question
If a file with the compression attribute set is copied to a new location, what happens?
answer
The file inherits the compression attribute settings from its parent container
question
If a file with the encryption attribute set is copied or moved within an NTFS volume, what happens?
answer
The file retains its encryption attribute, regardless of the parent container's settings
question
Vanessa has come to you asking for your help with a network share issue. She created a shared folder named ShareData on a member server with her account, vness1. However, she finds that she is unable to modify or make changes to any documents in the shared folder across the network. You have logged into the server, and checked the permissions set on ShareData: Share Permissions: Everyone - Read NTFS Permissions Creator owner - Implicit full control What should Vanessa do?
answer
She should set Everyone to Full Control in the share permissions
question
The settings in Administrative Templates under User Configuration affect what section of the computer's registry?
answer
HKEY_CURRENT_USER
question
What would you use to prevent GPOs linked to parent containers from affecting child containers?
answer
Inheritance blocking
question
How can you ensure that a GPO's settings are applied to all child objects, even if a GPO with conflicting settings is linked to a container at a deeper level?
answer
Enforcing inheritance
question
What can you use to restrict GPO inheritance to specific objects in an OU?
answer
GPO Filtering
question
True
answer
Settings in local GPOs that are inherited from domain GPOs can't be changed on the local computer; only settings that are undefined or not configured by domain GPOs can be edited locally.
question
False
answer
A published application is installed automatically.
question
A feature that makes shared files more accessible by grouping shared folders from multiple servers into a single folder hierarchy
answer
Distributed File System
question
An option on NTFS volumes that enables administrators to limit how much disk space a user can occupy with his or her files
answer
disk quotas
question
A feature that enables users to access a volume as a folder in another volume instead of by using a drive letter
answer
volume mount points
question
A feature on the Windows file system that allows users to access previous versions of files in shared folders and restore files that have been deleted or corrupted
answer
shadow copies
question
Defines the method and format an OS uses to store, locate, and retrieve files from electronic storage media
answer
file system
question
Permissions applied to shared folders that protect files accessed across the network. Share permissions are the only method for protecting files on FAT volumes
answer
share permissions
question
Hidden shares created by Windows that are available only to members of the Administrators group
answer
Administrative shares
question
Encrypting File System
answer
EFS
question
Permissions set on folders or files on an NTFS-formatted volume.
answer
NTFS permissions
question
A protocol that runs over TCP/IP and is designed to facilitate access to directory services and directory objects
answer
LDAP
question
Active Directory replication between domain controllers in the same site
answer
intrasite replication
question
A section of an Active Directory database stored on a domain controller's hard drive
answer
directory partition
question
A user logon name that follows the format username@domain
answer
user principal name (UPN)
question
An Active Directory object that can be assigned permissions or rights to Active Directory objects and network resources
answer
security principals
question
A domain controller with sole responsibility for certain domain or forestwide functions
answer
Operations master
question
A trust relationship in which one domain trusts another, but the reverse is not true
answer
One-way trust
question
The part of the SID that's unique for each Active Directory object
answer
relative identifier
question
The first domain created in a new forest
answer
Forest root domain
question
You have recently set up a new domain controller and DNS server responsible for a large network. Almost immediately, you notice that every time a user attempts to make use of a resource on a server in your partner organization's domain, Example.net, DNS requests end up performing a recursive query. Rather than continue to allow DNS requests to be processed this way, you would like to make use of a DNS server in Example.net's domain that you have access to via a LAN connection. What can you configure to have the DNS server in Example.net's domain receive DNS queries from your network, but only ones that are related to Example.net's domain?
answer
Conditional Forwarder
question
Last year you configured a conditional forwarder for a specific domain on your network. This year, after several major changes to the network, you notice that the conditional forwarder is no longer reachable. You find out that the conditional forwarder's address changed, and now to continue using a conditional forwarder, you must manually change the IP address on all servers that use it. What could you do instead of using conditional forwarders and still achieve the same functionality, while simultaneously allowing this process to be handled by Active Directory?
answer
Use a stub zone
question
Windows Internet Name Service (WINS) is a legacy name service used to resolve....
answer
NetBIOS names
question
If multiple servers are specified in the forwarders tab of a server's Properties, what happens if a query is made and none of the forwarders provide a response?
answer
A normal recursive lookup process is initiated, starting with a root server
question
Root hints data comes from what file?
answer
Cache.dns
question
What does round robin do?
answer
Creates a load sharing / balancing mechanism for servers that have identical services, such as two servers that host the same website
question
Which of the commands below can be used to test DNS queries with the default DNS server or a specific DNS server on a Windows computer?
answer
nslookup
question
What ipconfig option will display the contents of the hosts file, as well as the local DNS cache?
answer
/displaydns
question
What information does a resource record of type MX contain?
answer
Address of an e-mail server
question
Increased network usage has inspired your staff to install a new DNS server. After much consideration, you have decided to also make the new server a domain controller as well. One of your interns is curious as to what benefit this would provide to DNS over simply making the DNS server a member server.
answer
The AD-integrated domain DNS zones will be created automatically.
question
You will want to use a forward lookup zone when you need a zone that...
answer
contains records to translate names to IP addresses
question
Which MMC is used to transfer the RID master, PDC emulator master, and infrastructure master operations master roles?
answer
Active Directory Users and Computers
question
Which MMC is used to transfer the domain naming master operations role?
answer
Active Directory Domains and Trusts
question
What operations master role is needed when a domain or domain controller is added or removed from the forest?
answer
Domain naming master
question
You're taking an older server performing the PDC emulator master role out of service and will be replacing it with a new server configured as a domain controller. What should you do to ensure the smoothest transition?
answer
Transfer the PDC master role to the new domain controller, and then shut down the old server
question
Which of the following statements is true regarding RODC replication?
answer
The domain directory partition can be replicated only to an RODC from a Windows Server 2008 DC.
question
Under what MMC would you create new connection objects?
answer
Active Directory Sites and Services
question
Users of a new network subnet have been complaining that logons and other services are taking much longer than they did before being moved to the new subnet. You discover that many logons and requests for DFS resources from workstations in the new subnet are being handled by domain controllers in a remote site instead of local domain controllers. What can be done to fix this?
answer
Associate the new subnet with a site, then move a local domain controller into the site manually
question
You work at Example.com, and are in charge of a fairly large forest and multidomain structure consisting of Windows Server 2003 domain controllers running at the Windows Server 2003 functional level. One of your interns finished installing the forest's first Windows Server 2008 server, and has placed it in a branch office to act as a read only domain controller. The intern has already run the adprep /forestprep command. Unfortunately, for some reason, the RODC Server can't be installed. What is most likely the issue, based on the information provided?
answer
There must be at least one writeable DC running Windows Server 2008
question
The SMTP protocol is used primarily for e-mail, but can also be used for...
answer
Intersite replication
question
When using HTTPS, after the web client finds that a CA is trusted and the signature on a certificate is verified, the web client sends additional parameters to the server that are encrypted with the server's....
answer
Public key
question
An enterprise CA is...
answer
A Windows Server 2008 server with the Active Directory Certificate Services role installed
question
Select the answer below that is not a service a public key infrastructure provides to a network:
answer
Secure tunneling
question
What component of a PKI is held by a person or system and is unknown to anyone else?
answer
Private key
question
Your network uses Active Directory running on Windows Server 2008, and your company is about to install an application that integrates with directory services by using LDAP and will require major schema changes. Another application that integrates with a directory service might be installed next year, and it will also require many schema changes that are very different from those the first application requires. Which of the following should you use on your network?
answer
Which of the following is true about AD LDS? One AD LDS instance for each application
question
Which of the following is true about AD LDS?
answer
There's no global catalog. Multiple instances on the same server are supported.
question
You have been using AD LDS for a few months to support a directory-enabled application. This application has become a critical part of your operations, and theres concern about what might happen if the AD LDS server fails. What should you do?
answer
Install AD LDS on another server. Create an instance with the option to create a replica of an existing instance.
question
Which of the following isnt a part of a typical AD FS deployment?
answer
DHCP
question
Which of the following should be installed to prevent employees from printing security-sensitive e-mails?
answer
AD RMS
question
You and another company are engaging in a joint operation to develop a new product. Both companies must access certain Web-based applications in this collaborative effort. Communication between the companies must remain secure, and use of exchanged documents and e-mails must be tightly controlled. What should you use?
answer
AD FS and AD RMS
question
Which of the following is true about an RODC installation?
answer
A Windows Server 2008 DC is required.
question
You need to install an RODC in a new branch office and want to use an existing workgroup server running Windows Server 2008. The office is a plane flight away and is connected via a WAN. You want an employee at the branch office, Michael, to do the RODC installation because hes good at working with computers and following directions. What should you do?
answer
Create the computer account for the RODC in the Domain Controllers OU, and specify Michael's account as one that can join the computer to the domain.
question
You maintain an RODC at a branch office, and you want one employee with solid computer knowledge to perform administrative tasks, such as driver and software updates and backups. How can you do this without giving her broader domain rights?
answer
Use Dsmgmt.exe to add the user's domain account to the administrator role on the RODC
question
You have installed an RODC at a branch office that also runs the DNS Server role. All DNS zones are Active Directory integrated. What happens when a client computer attempts to register its name with the DNS service on the RODC?
answer
The DNS service sends a referral to the client. The client registers its name with the referred DNS server.
question
Which of the following is true about incremental backups? (Choose all that apply.)
answer
Files that have changed since the last incremental backup are backed up. Incremental backups take less storage space than full backups
question
True
answer
You can choose a full or incremental backup on a per-volume basis.
question
A junior administrator accidentally deleted an OU containing several dozen objects. You have three other domain controllers in the network. You have a backup of Active Directory created about 12 hours before the OU was deleted. What should you do to restore the OU and its objects?
answer
Restart the DC in DSRM. Run Wbadmin and restore the system state backup. Run Ntdsutil to mark the OU as authoritative, and then restart the server normally
question
You have been monitoring server performance for the past hour, viewing CPU, memory, disk, and network utilization. You counted 20 different occurrences of one or more of the performance indicators rising to near 100% for a few seconds and then settling down to between 0 and 30% utilization. What does this information indicate?
answer
Nothing. Spikes like that are normal
question
Which tool is used to manage processor and memory resources on a per-user and per-process basis?
answer
WSRM
question
Which of the following tools is used to monitor and manage Active Directory replication?
answer
Repadmin
question
Which command is best used to install AD DS on Server Core as a new domain controller in a new domain?
answer
Dcpromo /unattend /replicaOrNewDomain:domain
question
You want to create a data collector set that monitors changes to the Registry and system and application events. What should you include in the data collector set
answer
Event traces and system configuration
question
Which of the following is needed if a computer with IP address 172.31.210.10/24 wants to communicate with a computer with IP address 172.31.209.122/24?
answer
Router
question
True
answer
If you turn on printer sharing in the Network and Sharing Center, all printers on the computer are shared.
question
You have just completed a default installation of Windows Server 2008. You know that the TCP/IP protocol is installed. How does the server get assigned an IP address?
answer
DHCP
question
False
answer
The IP address 10.240.0.0/8 is invalid.
question
Which of the following IP addresses has 12 bits in the host ID?
answer
12.156.109.252/20
question
You have a server with two NICs, each attached to a different IP network. Youre having problems communicating with devices on remote networks that send packets to one of the interfaces. The server receives the packets fine, but the servers replies never reach the intended destination network. Replies to packets that come in through the other interface seem to reach their destination without any problems. What can you do that will most likely solve the problem?
answer
Use the Route command to add routes to the networks that aren't receiving replies.
question
You have just changed the IP address on a computer named Computer5 in your domain from 172.31.1.10/24 to 172.31.1.110/24. You were communicating with this computer from your workstation fine right before you changed the address. Now when you try the command ping computer5 from your workstation, you dont get a successful reply. Other computers on the network arent having a problem communicating with the computer. Which command might help solve the problem?
answer
ipconfig /flushdns
question
Which of the following is a valid IPv6 address? (Choose all that apply.)
answer
fe80:0:0:FEED::1 2001:DB8:BAD: F00D:0020:3344:0:e4
question
A resource record containing an alias for another record is which of the following record types?
answer
CNAME
question
What type of resource record is necessary to get a positive response from the command nslookup 192.168.100.10?
answer
PTR
question
True
answer
DNS ServerA forwards a query to ForwarderB, which replies with a not found message. DNS ServerA continues the lookup by querying a root server.
question
You want a DNS server to handle queries for a domain with a standard primary zone hosted on another DNS server. You dont want your server to be authoritative for that zone. How should you configure your server? (Choose all that apply.)
answer
Configure a stub zone on your DNS server. Configure a forwarder on your DNS server.
question
You manage the DNS structure on your network. The network security group has decided that only one DNS server should contact the Internet. Under no circumstances should other servers contact the Internet for DNS queries, even if the designated server is down. You have decided that the DNS server named DNS-Int should be the server allowed to contact the Internet. How should you configure your DNS structure to accommodate these requirements?
answer
On each DNS server except DNS-Int, configure a forwarder pointing to DNS-Int. Disable the use of root hints if no forwarders are available. No changes are necessary on DNS-Int.
question
You have a zone containing two A records for the same hostname, but each A record has a different IP address configured. The host records point to two servers hosting a high-traffic Web site, and you want the servers to share the load. After some testing, you find that youre always accessing the same Web server, so load sharing isnt occurring. What can you do to solve the problem?
answer
Enable the round robin option on the server.
question
Which is the correct order in which a DNS client tries to resolve a name
answer
Cache, Hosts file, DNS server
question
You want to verify whether a PTR record exists for the AHost.ADomain.com host, but you dont know the IP address. Which of the following commands should you use?
answer
Nslookup AHost.ADomain.com, and then Nslookup IPAddress returned from the first Nslookup
question
You have been communicating with ComputerB from your workstation for the past several hours. A colleague informs you that he has just made some changes to the IP addressing scheme on the network where ComputerB is located. You find that you can no longer communicate with ComputerB. What tool can you use on your workstation to solve the problem?
answer
Ipconfig
question
Which of the following is the default forest functional level for a Windows Server 2008 domain controller installed in a new forest?
answer
windows 2000
question
Youre going to introduce a Windows Server 2008 domain controller into a Windows Server 2003 forest. Which of the following should you do?
answer
First, prepare the forest by running adprep /forestprep on a Windows Server 2003 domain controller performing the schema operations master role. Then run adprep /domainprep in each domain that will have a Windows Server 2008 domain controller.
question
False
answer
If you configure a trust between ForestA and ForestB, and a trust exists between ForestB and ForestC, then ForestA trusts ForestC.
question
You have three sites: Boston, Chicago, and LA. You have created site links between Boston and Chicago and between Chicago and LA with the default site link settings. What do you need to do to make sure replication will occur between Boston and LA?
answer
Do nothing; replication will occur between Boston and LA with the current configuration.
question
Your network is configured in a hub and spoke topology. You want to control the flow of replication traffic between sites, specifically reducing the replication traffic traveling across network links between hub sites to reach satellite sites. What should you configure?
answer
Site link bridges
question
You want to decrease users logon time at SiteA but not increase replication traffic drastically. You have 50 users at this site with one domain controller. Overall, your network contains 3000 user and computer accounts. What solution can decrease logon times with the least impact on replication traffic?
answer
Enable universal group membership caching.
question
Which of the following configurations should you avoid?
answer
Infrastructure master configured as a global catalog server
question
User authentications are taking a long time. The domain controller performing which FSMO role will most likely decrease authentication times if its upgraded?
answer
PDC emulator
question
Which of the following is a service provided by a PKI? (Choose all that apply.)
answer
Confidentiality Nonrepudiation
question
Which of the following is used in both ends of the cryptography process (encrypt and decrypt) and must be known by both parties?
answer
Secret key
question
False
answer
A PKI is based on symmetric cryptography.
question
Camille and Sophie want to engage in secure communication. Both hold a public/private key pair. Camille wants to send an encrypted message to Sophie. Which of the following happens first?
answer
Sophie sends Camille her public key.