It220 Set 2

29 cards
It220 Set 2

It220 Final Exam ?s

Preview Flashcards

Front Back
The KCC is responsible for calculating intrasite replication partners.
During this process, what is the maximum number of hops that the KCC
will allow between domain controllers?
a. 2
b. 3
c. 4
d. 5
b. The maximum number of hops that the KCC will allow between domain controllers
is three. This allows a maximum replication latency of 15 minutes, since each
domain controller holds a change for five minutes before forwarding it.
Replication that occurs between sites is called ____________ replication.
a. Local
b. Remote
c. Intersite
d. Intrasite
c. Intersite replication occurs between sites.
Company XYZ is a national company with locations in Detroit, Minneapolis,
Phoenix, and Dallas. There are two connections between Detroit and
Minneapolis. The first is a T-1 link and the second is a 128-Kbps link.
When setting up the site links for replication, what should you do to
ensure that the 128-Kbps link is used only if the T-1 is unavailable?
a. Set a cost of 1 for the T-1 and a cost of 5 for the 128-Kbps link.
b. Set a cost of 5 for the T-1 and 1 for the 128-Kbps link.
c. Leave the costs at their default value of 100.
d. Manually change the schedule to disallow replication on the 128-Kbps
link until it is needed.
a. When setting costs, the lower number indicates a higher priority. Setting
the cost of 1 for the T-1 and 5 for the 128-Kbps link indicates that the T-1 is the
primary replication link. Answer b is the opposite of this, making it incorrect.
Answer c would make both links have the same priority. Answer d would cause
more administration than necessary.
You are a consultant working on a site plan for a medium-sized organization.
The organization consists of a main office and three branch offices.Two of the locations have standard IP links to the main office, while the
third branch office is a separate domain and uses an Internet connection
for e-mail. How should you configure the site links for the three branch
offices to the main office?
Configure RPC over IP for the two standard link branch offices and configure SMTP
for the remote office that is part of a separate domain. This solution follows the
guidelines that include using RPC over IP in most situations and SMTP when there
is an Internet-based connection from a separate domain.
Assuming the same scenario as in question 4, what information will be
replicated between the third branch office and the main office?
Global catalog, schema, and configuration information will be the only information
replicated because the third branch office is using SMTP for replication. SMTP only
replicates global catalog, schema, and configuration information.
You are the administrator for a network that has several sites. There is a
site link from the main headquarters to each remote site for file transfer
and replication purposes. You have been asked to create five new users
on the network, and several of the users need immediate access to network
applications. When asked by your manager how long replication of
these new accounts will take, you answer with which of the following
a. Replication occurs every 180 minutes by default.
b. Replication occurs at 15-minute intervals.
c. Replication occurs as soon as the account is added.
d. Replication occurs only between 12:00 A.M. and 6:00 A.M.
a. The default intersite replication schedule is set for every 180 minutes.
Modify the scenario in question 6 by placing all domain controllers in the
same site. How would you answer your manager’s question now?
a. Replication occurs every 180 minutes by default.
b. Replication occurs at 15-minute intervals.
c. Replication occurs as soon as the account is added.
d. Replication occurs only between 12:00 A.M. and 6:00 A.M.
c. When a new account is added to the Active Directory database, the account
information is immediately replicated to all domain controllers within the site. The
difference between this and the answer to question 6 is that this question deals
with intrasite replication instead of intersite replication.
What is the advantage of creating your sites and subnets prior to installing
subsequent domain controllers?
When your domain controllers are installed and an IP address is assigned, they will
automatically be placed in the site associated with their network address. This will
save you the step of moving them later.
What is the database that serves as a central repository for all Active
Directory objects called?
a. Main database
b. Central catalog
c. Global database
d. Global catalog
e. Enterprise catalog
d. Global catalog is the term used to refer to the central repository database
that contains all Active Directory objects. All other answers are not valid terms.
Which of the following roles are forest-wide roles?
a. PDC emulator
b. Infrastructure master
c. Domain naming master
d. Schema master
e. Global catalog
c and d. The two forest-wide roles are the domain naming master and schema
master role. The other choices are domain-wide roles.
Your single-domain company is planning to add a second location that
will access the domain via a frame relay connection. The frame relay service
that has been used in the past in your area is unreliable, but it is the
only choice you have for now. You have determined that the connection
will not need to be used very frequently if you set things up properly.
This location will have approximately 20 users. You plan to install a
domain controller for these users to log on to and share data. What
should you do at this site to allow users to log on to the network?
You can either make the site a global catalog server or you can enable universal
group membership caching for the site.
Contoso Pharmaceuticals is expanding to include several newly acquired
companies. Although they will each become part of the
forest, each of these companies wants to maintain their own decentralized
management strategy. To accommodate this request, you have installed
the subsidiaries as separate domain structures. One of them is named
a. Which roles will this new domain need to accommodate?
Since it is part of the forest, it will need to have all three domain-wide
roles, which include RID master, infrastructure master, and PDC emulator roles.
Which of the following two scripting languages are supported by WSH?
a. WSH
b. Java
c. Basic
d. Jscript
e. VBScript
d and e. Jscript and VBScript files are supported by Windows Script Host.
You work for a local school district as the district wide network administrator.
Currently the district has a UNIX database that contains all student
records. The district board of educators would like you to use the same
user names on the Windows Server 2003 network that are currently are
being used on the UNIX server. They have asked you how you intend to
accomplish this task. What will you tell them?
The best strategy for this is to export the UNIX database information to a file.
This file can be edited and used either with CSVDE, LDIFDE, or WSH. As an administrator
you should consider that some of the accounts may need to be modified
or deleted at a later date. LDIFDE or WSH provide this flexibility.
Your company network consists of four domains that include Windows
NT Server 4.0, Windows 2000, and Windows Server 2003 servers. Each
domain has a group of managers that need access to the same resource.
You are trying to create a universal group to nest the managers’ global
groups, but the universal group option is dimmed out. What is most likely
the cause for this condition?
Your domain is in mixed mode due to the Windows NT Server 4.0 servers. Mixed
mode does not offer universal group support.
What is the difference between a security group and a distribution group?
Distribution groups cannot be assigned resource access permissions. Security
groups offer both distribution list capabilities and security permission assignments.
What is the difference between a domain local group and a local group?
Domain local groups are stored in Active Directory. They can be centrally managed
and can be given permission to access domain resources. Local groups are stored
on the computer in which they are created, cannot
You have just finished joining a newly installed Windows XP workstation
into your domain. To which group will this computer be a member by
a. Domain Controllers
b. Local Computers
c. Everyone
d. Domain Computers
e. Domain Workstations
The correct answer is d. All computers that are joined to an Active Directory
domain are automatically made members of the Domain Computers group.
You are preparing to implement smart cards into your organization for all
users. Which Windows Server 2003 service must you install in order to
support smart card authentication?
a. Secondary Logon Service
b. Certificate Service
c. Domain Name Service
d. PKI Service
b. Certificate Services are required for smart card functionality. Answer a, Secondary
Logon Service, is required for Run As; answer c, Domain Name Service, is required
for name resolution; and answer d, PKI Service, is not a service, but rather a system
of digital signing entities, such as CAs, used to verify the identity of a user.
One of your employees is unable to gain access to the network because
she left her smart card at home. Keeping in mind that your network has
fairly high security guidelines, which of the following choices is the most
secure solution for this situation?
a. In Active Directory Users And Computers, reset her account so that it
does not require the use of a smart card, and assign her a password
that does not expire.
b. In Active Directory Users And Computers, reset her account to not
require the use of a smart card and assign her a password that
expires at the end of the business day.
c. Create a temporary user account and password for this user and
assign all necessary permissions for her to access her resources.
d. Create a temporary smart card for her with a certificate that expires at
the close of the business day.
d. Issuing a temporary smart card will provide the benefits of maintaining the
security of the network, without username/password combinations. All other
options are valid, but not as secure. In addition, they require that the administrator
remembers to reset the account so the user can gain entry using a smart
card on the next business day.
Which tool must you use to move a user object from one domain to
another domain?
a. Active Directory Users And Computers
b. Drag and drop
c. Movetree
d. Dsmove
c. Movetree must be used to move objects between domains. All other options can
be used to move objects within the same domain structure.
You are attempting to use the Run As program to open Active Directory
Users And Computers, but you receive an error message and are unable
to do this. What should you check?
a. Check to make sure you are logged on locally.
b. Check to make sure certificate services is functioning properly.
c. Check to make sure that the Log On Locally policy has not been
d. Check to make sure the Secondary Logon service is running.
d. The Secondary Logon service must be running for you to create a second
connection using another set of credentials.
What must you have in order to be able to create a smart card on behalf
of a user in your organization?
a. An enrollment certificate
b. A token-style card
c. An administrator user account
d. Full control in the Active Directory domain
a. You must have an enrollment certificate in order to create smart cards on
behalf of users in your organization.
Which of the following statements should be considered most important
when planning your OU structure?
a. Delegation of administrative tasks
b. Group Policy implementation
c. User access to resources
d. Ease of user navigation
a. Delegation of administration should be the most important consideration when
planning your OU structure.
You are a new administrator taking over for an employee who has just
retired. You have recently created several policies that are being used to
configure workstations throughout the network. Several users complain
that their desktop wallpaper seems to be correct only when they log on
locally. What do you suspect is the problem?
A nonlocal GPO is processed after the local Group Policy, and it is modifying the
wallpaper setting that is part of the workstation.
What is the default order in which policies are processed?

a. site, domain, OU, local
b. domain, site, OU, local
c. local, domain, site, OU
d. local, site, domain, OU
d. Local policies are processed first, followed by site, domain, and then OU policies.
1. Which of the following event categories should you audit if you want to
find out if an unauthorized person is trying to access a user account by
entering random passwords or by using password-cracking software?
Choose all that apply.
a. Logon Events – success events
b. Logon Events – failure events
c. Account Logon – success events
d. Account Logon – failure events
b and d.
Which of the following rule types apply only to Windows Installer
a. Hash rules
b. Certificate rules
c. Internet zone rules
d. Path rules
c. Internet zone rules apply only to Windows Installer packages.
List the order of precedence from highest to lowest for software restriction
policy rules.
The order of precedence for software restriction policies is: hash, certificate,
Internet zone, and path rules.