1.
Each object’s SID consists of two components: the domain portion and the __________.
Correct Answer
D. Relative identifier
Explanation
The RID is a variable-length number that is assigned to objects at creation and becomes part of the object’s security identifier (SID). A SID is used to uniquely identify an object throughout the Active Directory domain. Part of the SID identifies the domain to which the object belongs, and the other part is the RID.
2.
What types of memberships are stored in the global catalog?
Correct Answer
B. Universal
Explanation
Domain local and global group memberships are stored at the domain level; universal group memberships are stored in the global catalog.
3.
What tool is used to seize a FSMO role?
Correct Answer
B. Ntdsutil
Explanation
The ntdsutil utility allows you to transfer and seize FSMO roles. When you use this tool to seize a FSMO role, the tool attempts a transfer from the current role owner first. Ntdsutil will only actually seize the role if the existing FSMO holder is unavailable.
4.
What port is used by Active Directory to direct search requests to a global catalog server?
Correct Answer
C. 3268
Explanation
When a user initiates a search for an object in Active Directory, the request is automatically sent to TCP port 3268, which is used by Active Directory to direct these requests to a global catalog server. One of the SRV records used by Active Directory refers to the global catalog, or _gc, service, which listens on port 3268 to respond to these requests.
5.
How many FSMO roles does Active Directory support?
Correct Answer
B. 5
Explanation
Active Directory supports five FSMO roles. Their functionality is divided between domain-wide and forest-wide FSMOs.
6.
Which of these design aspects should you consider when planning the appropriate location of FSMO role holders?
Correct Answer
D. All of the above
Explanation
Planning the appropriate locations for FSMO role holders requires that you consider the following design aspects: the number of domains that are or will be part of the forest, the physical structure of the network, and the number of domain controllers that will be available in each domain.
7.
What Windows Server 2008 feature stores
universal group memberships on a local domain controller that can be
used for logon to the domain, eliminating the need for frequent access
to a global catalog server?
Correct Answer
D. Universal group membership caching
Explanation
For sites that do not have a global catalog server available, Windows Server 2008 offers a feature called universal group membership caching. This stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server.
8.
What holds a subset of forest-wide
Active Directory objects and acts as a central repository by holding a
complete copy of all objects from the host server’s local domain with a
partial copy of all objects from other domains within the same forest?
Correct Answer
B. Global catalog
Explanation
The global catalog holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest, called the partial attribute set (PAS).
9.
What process is used when you move a FSMO role gracefully from one domain controller to another?
Correct Answer
B. Role transfer
Explanation
The role transfer process is used when you move a FSMO role gracefully from one domain controller to another. You can transfer FSMO roles from one domain controller to another to improve Active Directory performance or as a temporary measure when a domain controller will be taken offline for maintenance.
10.
The Infrastructure Master FSMO role is responsible for reference updates from its domain objects to other domains.
Correct Answer
A. True
11.
What is used to uniquely identify an object throughout the Active Directory domain?
Correct Answer
A. Security identifier
Explanation
A security identifier (SID) is used to uniquely identify an object throughout the Active Directory domain. Part of the SID identifies the domain to which the object belongs, and the other part is the RID.
12.
The domain controller that hosts the
global catalog must have enough space on the hard drive to house the
global catalog. As a rule of thumb, you should estimate 75 percent of
the size of the ntds.dit file of every other domain in the forest when
sizing hardware for a global catalog server.
Correct Answer
B. False
13.
As a rule of thumb, you should estimate
__________ percent of the size of the ntds.dit file of every other
domain in the forest when sizing hardware for a global catalog server.
Correct Answer
C. 50
Explanation
As a rule of thumb, you should estimate 50 percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server.
14.
The Domain Naming Master is responsible for managing changes to the Active Directory schema.
Correct Answer
B. False
15.
When a user initiates a search for an
object in Active Directory, the request is automatically sent to TCP
port 3389, which is used by Active Directory to direct these requests
to a global catalog server.
Correct Answer
B. False