What Is Active Directory

  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View What Is Active Directory as PDF for free.

More details

  • Words: 3,859
  • Pages: 13
1)

What is Active Directory?

2)

What is LDAP?

3)

Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.

4)

Where is the AD database held? What other folders are related to AD?

5)

What is the SYSVOL folder?

6)

Name the AD NCs and replication issues for each NC

7)

What are application partitions? When do I use them

8)

How do you create a new application partition

9)

How do you view replication properties for AD partitions and DCs?

10)

What is the Global Catalog?

11)

How do you view all the GCs in the forest?

12)

Why not make all DCs in a large forest as GCs?

13)

Trying to look at the Schema, how can I do that?

14)

What are the Support Tools? Why do I need them?

15)

What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?

16)

What are sites? What are they used for?

17)

What's the difference between a site link's schedule and interval?

18)

What is the KCC?

19)

What is the ISTG? Who has that role by default?

20)

What are the requirements for installing AD on a new server?

21)

What can you do to promote a server to DC if you're in a remote location with slow WAN link?

22)

How can you forcibly remove AD from a server, and what do you do later? • Can I get user passwords from the AD database?

23)

What tool would I use to try to grab security related packets from the wire?

24)

Name some OU design considerations.

25)

What is tombstone lifetime attribute?

26)

What do you do to install a new Windows 2003 DC in a Windows 2000 AD?

27)

What do you do to install a new Windows 2003 R2 DC in a Windows 2003 AD?

28)

How would you find all users that have not logged on since last month?

29)

What are the DS* commands?

30)

What's the difference between LDIFDE and CSVDE? Usage considerations?

31)

What are the FSMO roles? Who has them by default? What happens when each one fails?

32)

What FSMO placement considerations do you know of?

33)

I want to look at the RID allocation table for a DC. What do I do?

34)

What's the difference between transferring a FSMO role and seizing one? Which one should you NOT seize? Why?

35)

How do you configure a "stand-by operation master" for any of the roles?

36)

How do you backup AD?

37)

How do you restore AD?

38)

How do you change the DS Restore admin password?

39)

Why can't you restore a DC that was backed up 4 months ago?

40)

What are GPOs?

41)

What is the order in which GPOs are applied?

42)

Name a few benefits of using GPMC.

43)

What are the GPC and the GPT? Where can I find them?

44)

What are GPO links? What special things can I do to them?

45)

What can I do to prevent inheritance from above?

46)

How can I override blocking of inheritance?

47)

How can you determine what GPO was and was not applied for a user? Name a few ways to do that.

48)

A user claims he did not receive a GPO, yet his user and computer accounts are in the right OU, and everyone else there gets the GPO. What will you look for?

49)

Name a few differences in Vista GPOs

50)

Name some GPO settings in the computer and user parts.

51)

What are administrative templates?

52)

What's the difference between software publishing and assigning?

53)

Can I deploy non-MSI software with GPO?

54)

You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that?

55)

Tell me a bit about the capabilities of Exchange Server.

56)

What are the different Exchange 2003 versions?

57)

What's the main differences between Exchange 5.5 and Exchange 2000/2003?

58)

What are the major network infrastructure for installing Exchange 2003?

59)

What is the latest Exchange 2003 Service Pack? Name a few changes in functionality in that SP.

60)

What are the disk considerations when installing Exchange (RAID types, locations and so on).

61)

You got a new HP DL380 (2U) server, dual Xeon, 4GB of RAM, 7 SAS disks, 64-bit. What do you do next to install Exchange 2003? (you have AD in place)

62)

Why not install Exchange on the same machine as a DC?

63)

Are there any other installation considerations?

64)

How would you prepare the AD Schema in advance before installing Exchange?

65)

What type or permissions do you need in order to install the first Exchange server in a forest? In a domain?

66)

How would you verify that the schema was in fact updated?

67)

What type of memory optimization changes could you do for Exchange 2003?

68)

How would you check your Exchange configuration settings to see if they're right?

69)

What are the Exchange management tools? How and where can you install them?

70)

What types of permissions are configurable for Exchange?

71)

How can you grant access for an administrator to access all mailboxes on a specific server?

72)

What is the Send As permission?

73)

What other management tools are used to manage and control Exchange 2003? Name the tools you'd use.

74)

What are Exchange Recipient types? Name 5.

75)

You created a mailbox for a user, yet the mailbox does not appear in ESM. Why?

76)

You wanted to change mailbox access permissions for a mailbox, yet you see the SELF permission alone on the permissions list. Why?

77)

What are Query Based Distribution groups?

78)

What type of groups would you use when configuring distribution groups in a multiple domain forest?

79)

Name a few configuration options for Exchange recipients.

80)

What's the difference between Exchange 2003 Std. and Ent. editions when related to storage options and size?

81)

Name a few configuration options related to mailbox stores.

82)

What are System Public Folders? Where would you find them?

83)

How would you plan and configure Public Folder redundancy?

84)

How can you immediately stop PF replication?

85)

How can you prevent PF referral across slow WAN links?

86)

What types of PF management tools might you use?

87)

What are the differences between administrative permissions and client permissions in PF?

88)

How can you configure PF replication from the command prompt in Exchange 2003?

89)

What are the message hygiene options you can use natively in Exchange 2003?

90)

What are the configuration options in IMF?

91)

What are virtual servers? When would you use more than one?

92)

Name some of the SMTP Virtual Server configuration options.

93)

What is a Mail Relay? Name a few known mail relay software or hardware options.

94)

What is a Smart Host? Where would you configure it?

95)

What are Routing Groups? When would you use them?

96)

What are the types of Connectors you can use in Exchange?

97)

What is the cost option in Exchange connectors?

98)

What is the Link State Table? How would you view it?

99)

How would you configure mail transfer security between 2 routing groups?

100)

What is the Routing Group Master? Who holds that role?

101)

Explain the configuration steps required to allow Exchange 2003 to send

and receive email from the Internet (consider a one-site multiple server scenario). 102)

What is DS2MB?

103)

What is Forms Based Authentication?

104)

How would you configure OWA's settings on an Exchange server?

105)

What is DSACCESS?

106)

What are Recipient Policies?

107)

How would you work with multiple recipient policies?

108)

What is the "issue" with trying to remove email addresses added by

recipient policies? How would you fix that? 109)

What is the RUS?

110)

When would you need to manually create additional RUS?

111)

What are Address Lists?

112)

How would you modify the filter properties of one of the default address

lists? 113)

How can you create multiple GALs and allow the users to only see the one

related to them? 114)

What is a Front End server? In what scenarios would you use one?

115)

What type of authentication is used on the front end servers?

116)

When would you use NLB?

117)

How would you achieve incoming mail redundancy?

118)

What are the 4 types of Exchange backups?

119)

What is the Dial-Tone server scenario?

120)

When would you use offline backup?

121)

How do you re-install Exchange on a server that has crashed but with AD

intact? 122)

What is the dumpster?

123)

What are the e00xxxxx.log files?

124)

What is the e00.chk file?

125)

What is circular logging? When would you use it?

126)

What's the difference between online and offline defrag?

127)

How would you know if it is time to perform an offline defrag of your

Exchange stores? 128)

How would you plan for, and perform the offline defrag?

129)

What is the eseutil command?

130)

What is the isinteg command?

131)

How would you monitor Exchange's services and performance? Name 2

or 3 options. 132)

Name all the client connection options in Exchange 2003.

133)

What is Direct Push? What are the requirements to run it?

134)

How would you remote wipe a PPC?

135)

What are the issues with connecting Outlook from a remote computer to

your mailbox? 136)

How would you solve those issues? Name 2 or 3 methods

137)

What is RPC over HTTP? What are the requirements to run it?

138)

What is Cached Mode in OL2003/2007?

139)

What are the benefits and "issues" when using cached mode? How would

you tackle those issues? 140)

What is S/MIME? What are the usage scenarios for S/MIME?

141)

What are the IPSec usage scenarios for Exchange 2003?

142)

How do you enable SSL on OWA?

143)

What are the considerations for obtaining a digital certificate for SSL on

Exchange? 144)

Name a few 3rd-party CAs.

145)

What do you need to consider when using a client-type AV software on an

Exchange server? 146)

What are the different clustering options in Exchange 2003? Which one

would you choose and why. 147)

As the network administrator you have been requested to create a site link to join two sites together for replication. First you click Start, point to Programs, point to Administrative Tools, and then click to open Active Directory Sites and Services. What is the next step in creating this site link? A. B. C. D. E.

Click two or more sites to connect and click OK Right-click on Licensing Site Setting and then click on properties. Open Inter-Site Transport folder and then right-click IP or SMTP folder Enter a name for the site link bridge. In the New Object Link dialog box click New Site Link Bridge.

Answer: C  In any Active Directory forest there are five Operations Masters roles that must be assigned to one or more domain controllers. Which of the following answers correctly depicts these roles? A. Infrastructure Master, PDC Emulator, Relative ID master, SYSVOL, Root Domain B. Schema Master, Domain Naming Master, Infrastructure Master, PDC Emulator, Relative ID master. C. Root Master, Domain Name Master, Infrastructure Master, PDC Emulator, Relative ID master. D. Trust Master, Root Master, Infrastructure Master, PDC Emulator, Relative ID master. Answer: B  A hierarchical structure made up of multiple domains that trust each other is called a(n) _______? A. B. C. D. E.

Forest Schema Site Organizational Unit Tree

Answer: E

 You have been told that you need to track down the source of a breach in network security. As a network technician for your company's Windows 2000 network you quickly pull up Event Viewer and examine the security logs on the Domain Controllers. However upon viewing the security log you notice there are key and lock icon symbols you do not understand. What could these mean? A. The key icon represents that this event is locked with a normal password while the lock icon represents that this event is locked with an encryption. B. The key icon represents that the event is a key alert record while the lock icon indicates that this event can only be unlocked by its owner. C. The key icon represents that the event occurred successfully while the lock icon represents event occurred unsuccessfully. D. The key icon represents that this event contains errors, warnings, or vital information while the lock icon represents that this event is normal and within guidelines. Answer: C  As a network administrator you have been requested to move a printer from your company's Marketing OU to your company's Research OU. After the move you test the printer and find that the local administrator assigned to the Marketing OU still has access and can remove print jobs from it. What can you do to change this? A. B. C. D.

Remove the permissions for the local administrator from the printer. Remove printer permissions from the local administrator. Remove the Everyone group from the printer. Delete the printer object.

Answer: A  You recently been promoted to Network Administrator for DLM Shipping. When you took over this position the first thing you notice is this Windows 2000 environment using DNS naming convention, root domain is DIM.COM, with numerous child domains. User accounts are stored in the child domains. However your supervisor informs you that root domain is misspelled and should be DLM.COM. He explains this is causing tremendous problems with the users and customers. He wants you to rename the domain. What will happen if you rename this root domain server? A. When you rename the root domain server you will only have to rebuild the user accounts since the root domain holds the authentication (SAM) database. B. When you rename the root domain server you will simply rename the child domain also. C. When you rename the root domain server you will lose the entire network orphaning the child domains.

D. When you rename the root domain server you will not need to do anything else since domain names are inherited the child domains will acquire the new domain name. Answer: C  Windows 2000 Active Directory contains both logical and physical components. Which of the following are physical components of Active Directory? A. B. C. D. E.

Trees Organizational Units Sites Domains Domain Controllers

Answer: C, E  You are the network administrator for a company that has a Windows 2000 single domain with three sites containing two domain controllers in each. The company only has two IP site links: Atlanta_Detroit and Dallas_Detroit. You are contemplating on adding another domain controller within each site to handle all replication for each site. How should you configure this domain Controller? A. B. C. D.

Configure the new domain controller to be an IP preferred bridgehead server. Configure the new domain controller to be a site link. Configure the new domain controller to be a subnet. Configure the new domain controller to be a replication master.

Answer: A  You are requested to perform a transfer of the role of relative ID master for a domain within your company. Where would you begin this transfer? A. B. C. D.

Open the Active Directory Schema snap-in Open the Active Directory Sites and Services console Open the Active Directory Domains and Trusts console Open the Active Directory Users and Computers console

Answer: D  You have just assisted your company in migrating to Windows 2000 Active Directory. In addition you have installed an intranet server with Web hosting services for each department within your company. One department, the legal department, actually hosts both a web services and ftp services on its intranet server. You need to identify the legal department's intranet server as the host for

both ftp and web server within the DNS server's resource records. Which type of resource record should you create to identify this server? A. B. C. D. E. F.

Alias (CNAME) Mail Exchange (MX) Pointer (PTR) Service (SVR) Name Server (NS) Start of Authority (SOA)

Answer: D  As the network administrator you have just been informed that one of your authorized Power Users has deleted several local user accounts. You explain to this mortified employee that he needs to perform an authoritatively restore on the select portion of Active Directory data deleted. What must be done before he can use NTDSUTIL utility to authoritatively restore the data? A. B. C. D. E. F.

Republish the SYSVOL Bring down all domain controllers at the site and reboot Perform a Primary restore Synchronize Active Directory Services Nonauthoritatively restore the System State data Revoke and reissue orphaned certificates

Answer: E  Your company uses Windows 2000 IIS server and log files you have enabled a reverse lookup zone. This will assist in running troubleshooting tools. Because your company is experiencing trouble with a DNS server you decide to use NSLOOKUP to confirm that zone delegation was successful. At the command prompt on your DNS server, you type NSLOOKUP 10.0.0.25 command. What do you expect to see next? A. B. C. D.

Hostname Server zone DNS log file DNS queries

Answer: A  You have been requested to create a group Policy (GPO) linked to a domain. The GPO will be applied to all users in the domain. What is the first step in creating a GPO? A. Open the DispatchPolicy GPO console

B. Open Active Directory Users and Computers C. Add the Group Policy snap-in to the MMC console D. Open Active Directory Sites and Services Answer: B  You have been asked to troubleshoot a problem with your DNS servers that appears to not be making zone transfers between primary and secondary DNS servers. You begin to solve this problem by opening the DNS console tree, right click the name server, then click Properties. On the Logging tab, select the debug options and click OK. Which of the following are solutions for transfer problems between primary and secondary zones? (Choose all that apply). A. Make sure the serial numbers for the zones involved in the transfer are not the same on each server. B. Make sure a site-link server is properly configures between each zone. C. Delete the secondary DNS server from the primary and reboot. D. Eliminate the possibility of network connectivity between the two hosts. Use the PING command to ping each DNS host by its IP address from its remote counterpart. E. Verify that the primary and secondary DNS servers involved in the transfer are both started and that the zone is not paused. Answer: A, E  As the network administrator you have been asked to move a domain controller from one site to another existing site using Windows 2000 Active Directory. To accomplish this you begin by getting into the Active Directory Sites and Services console. Then you select the domain controller that you want to move. What do you do next? A. Right-click the domain controller, select Cut, navigate to the new site and Paste it there. B. Click Move on the Action menu, select the site to which you want to move the domain controller in the Move Server dialog box and click OK. C. Drag the domain controller to the new site and drop it there. D. Right-click the domain controller, select Advanced, select the site to which you want to move the domain controller in the Move Server dialog box, and click OK. Answer: B  As a network technician you have been requested to restore a mistakenly deleted organizational Unit from the Active Directory. You first perform a nonauthoritative restore of the System State data. After which you next chose to use the NTDSUTIL utility to authoritatively restore the organizational unit (OU) that has been

mistakenly deleted. The deleted OU is named "prepexams1" and was located in the knowledgeoasis.com domain. At the command prompt you type the utility command 'ntdsutil' and enter, then the type of restore command 'authoritative restore' and enter. Which of the following commands should you enter next to restore this OU? A. B. C. D.

Ntdsutil OU=prepexams1,DC=knowledgeoasis,DC=com Restore subtree OU=prepexams1,DC=knowledgeoasis,DC=com Restore database OU=prepexams1,DC=knowledgeoasis,DC=com Authoritative restore OU=prepexams1,DC=knowledgeoasis,DC=com

Answer: B  You need to create a reverse lookup zone to enable reverse lookup queries. To create a reverse lookup zone you will need to open DNS console and expand the DNS server. What should you do next? A. B. C. D.

Right-click the DNS server and click Properties. Right-click the Reverse Lookup Zone folder and click Advanced. Right-click the DNS server and select New Domain. Right-click the Reverse Lookup Zone folder and click New Zone.

Answer: D  As network administrator you have been asked to create an Active Directory structure to allow local administrators at your company's branch offices to control users and local resources. The local administrators should control only resources in branch offices. What should you do to accomplish this request? A. Create a child OU for each branch office, place users and resources in it, and delegate control of each OU to local administrators at each office. B. Create a schema that contains formal definition of administrative duties and structure over users and resources in each branch. C. Create an implicit trust object thast grants specific authority to the local administrator over their branch domain. D. Create an explicit one-way nontransitive trust between domains that allow the branch administrators to controller their users and resources. Answer: A  You are the backup operator of a Windows 2000 domain. The domain has 2 domain controllers and one certificate server at the central office and 1 domain controller at a branch office. You have been requested to add the domain controller in the remote branch office to your regular once a week backup at the central office. You schedule the backup job to include the system state data from both locations. What will be backed up from the branch office?

A. B. C. D. E. F.

SYSVOL Registry Certificate database COM+ Class Registration database System boot files None of the above

Answer: F  You are an Account Operator responsible for maintaining Windows 2000 Active Directory and the network directory infrastructure. You have been using Windows 2000 Group Policy objects to assign .msi packages to a group of Windows 2000 Professional workstations based on their membership in an organizational unit. Recently you added several new users to the OUs receiving the .msi packages. All seems to performing properly until you are contacted by one of the new users. This user states that an error message: The feature you are trying to install cannot be found in the source directory. What is the solution(s) to this problem? (Choose all that apply) A. You must ensure that the user has sufficient permissions for the SDP and the application. B. Make sure the network is operating correctly. C. You must ensure that the user has Apply Group Policy permission for the GPO. D. You must ensure that the user has READ permission for the GPO. Answer: A, B, C, D

Related Documents

Active Directory
June 2020 32
Active Directory
April 2020 36
Active Directory
June 2020 25
Active Directory
June 2020 24
Active Directory
June 2020 24