Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
MCSE 70-290: Ch. 3-5
"MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced"
| Question | Answer |
|---|---|
| Less common attributes of user accounts can be managed programmatically with code, script, or tools like ADSI Edit. | True |
| The Log On To button in the Account tab of the properties of a user account allows an administrator to configure the days and hours when this user is allowed to log on to the network. | False |
| One domain controller in an Active Directory environment is specified to be the Key Distribution Center for Kerberos v5 authentication. | False |
| If an NTLM authentication is successful, the domain controller generates a token for the user process to enable network access. | True |
| If changes are made to a user’s roaming profile, the changes are saved at the central server where the profile is maintained. | True |
| Roaming user profiles cannot be configured as mandatory profiles. | False |
| Active Directory Users and Computers allows you to configure the properties of a single user object at a time. | False |
| The DSMOD USER command can be used to change settings associated with multiple user accounts simultaneously. | True |
| DSMOVE can only be used to move objects within the same domain. | True |
| The DSRM command is used only when deleting a single object from memory. | False |
| Any group that will ultimately be assigned permissions or rights must be a security group. | True |
| A group’s scope refers to the types of domain controllers present in the environment. | False |
| A domain local group can be assigned rights and permissions to any resource within the same domain only. | True |
| If an administrator needs to create or manage the properties of multiple groups simultaneously, the command-line utilities DSADD, DSMOD, etc. are not suitable for this purpose. | False |
| The functional level of a domain can be raised in Active Directory Users and Computers by right-clicking the domain and clicking Raise Domain Functional Level. | True |
| If a global group is a member of another global group, you cannot change its scope to universal. | True |
| The DSMOD GROUP command is used primarily to create new group accounts. | False |
| The DSQUERY command returns a list of distinguished names. | True |
| The DSMOVE command allows you to move objects between domains. | False |
| The first steps in a general strategy for implementing groups in an environment is to create user accounts and organize them into domain local groups. | False |
| The main reason for implementing a network is to allow users to access shared resources. | True |
| Windows Server 2003 supports three types of file and folder permissions. | False |
| One advantage of NTFS over FAT32 is that it offers support for recovery logging of disk activities. | True |
| Windows Explorer indicates a shared folder by placing a basket icon underneath it. | False |
| Computer Management is a predefined Microsoft Management Console application. | True |
| The “Use custom share and folder permissions” option for shared folders allows both share and NTFS permissions to be defined manually. | True |
| The Open Files node in Computer Management provides information about the users currently connected to a server. | False |
| The Read shared folder permission allows the abilities to add and delete files in a folder as well as read and edit the contents of existing files. | False |
| Windows Server 2003 includes a No Access share permission used to deny a user or group access to a shared folder. | False |
| NTFS permissions are configured via the Permissions tab of a resource’s properties. | False |
| How many different types of user profiles does Windows Server 2003 support? | 3 |
| Which of the following user account properties is used to add the account to an existing group of users that have the same security and access requirements? | Member Of |
| Under which of the user account properties tabs can you find the user logon name and the domain name? | Account |
| In an Active Directory environment, a server configured as a(n) ____ authenticates a user. | domain controller |
| When using smart card authentication for user accounts, the user inserts their card into a reader and then must do which of the following? | supply a PIN number |
| ____ refers to the process of supplying a user name and password via the Log On to Windows dialog box? | Interactive authentication |
| ____ is the primary authentication protocol used in Active Directory domain environments. | Kerberos v5 |
| Under the Kerberos v5 authentication protocol, when a user tries to access a network resource, it presents a TGT to the KDC and requests a(n) ____ for the server on which the resource resides. | service ticket |
| Refers to operating systems running Windows NT 4.0 or earlier with respect to user authentication. | down-level |
| In NTLM authentication, the domain controller generates a 16-bit random number known as a ____ and sends it back to the client | challenge |
| An administrator can configure a ____ user profile that cannot be modified by the user. | mandatory |
| Which task related to user accounts can only be performed by an administrator? | Change Type |
| What is the tool you would use to create a new user profile? | Active Directory Users and Computers |
| Roaming profiles are configured from the ____ page of a user account’s properties in Active Directory Users and Computers. | Profiles |
| Changing a user profile to be mandatory requires that the .dat file extension of the ntuser.dat file be changed to which of the following? | .man |
| If an administrator was editing the properties of multiple user accounts, which of the following utilities would be the most logical one to use? | DSMOD |
| What is the command that will run Active Directory Users and Computers from the command line? | dsa.msc |
| When configuring user accounts, you can use the variable ____ to automatically create an individual’s folders. | %username% |
| The distinguished name used to identify a user account being created with the DSADD command is in ____ format. | LDAP |
| What is the switch used with the DSADD command that indicates groups that the user should be added to? | -memberof |
| Look for the DSADD topic in Windows Server 2003 ____ to get a complete list of switches and options available with the DSADD command. | Help and Support |
| Typing ____ at the command line will allow you to view the complete list of switches and options available with the DSMOD USER command. | DSMOD USER /? |
| What command line utility can be used to query for directory objects from the command line? | DSQUERY |
| What command supports the wildcard character ()? | DSQUERY |
| The ____ command can have its output piped as input to another command-line utility. | DSQUERY |
| What command-line utility can be used to rename an object? | DSMOVE |
| What command can be used to delete an object from the directory? | DSRM |
| What switch can be used with the DSRM command-line utility to keep the system from asking for confirmation from the user? | -noprompt |
| When data is exported from Active Directory using CSVDE, the first line of the file contains the name of each attribute being exported, separated by | commas (,) |
| What is a common use of the LDIFDE command-line utility and the LDIF file format? | extending Active Directory schema |
| The Default Domain Policy object has what type? | Group Policy |
| What password policy item defines the number of days that a password can be used before the user is required to change it? | maximum password age |
| What account lockout policy item defines the number of failed logon attempts that results in the user account being locked? | account lockout duration |
| What Kerberos policy item determines the amount of time, in days, that a user’s TGT may be renewed? | maximum lifetime for user ticket renewal |
| To enable the auditing of failure account logon events, you must access the ____ setting to check the Failure check box. | Audit account logon events |
| A(n) ____ is a group defined by a Security Identifier. | security group |
| Groups are similar to ____ in that both organize other objects into logical containers. | organizational units |
| Unlike security groups, distribution groups do not have a(n) ____ associated with them. | SID |
| The ____ of an environment is determined by the operating systems of the domain controllers in the environment. | domain functional level |
| There are ____ possible group scopes. | 3 (global, domain local, universal) |
| What is true for global groups when a domain is configured to the Windows 2000 mixed domain functional level? | they can be added to domain local groups in any domain |
| What refers to a type of group that is typically created for the purpose of aggregating users or groups in different domains throughout an Active Directory forest? | universal group |
| What is the primary graphical tool used for creating and managing group accounts? | Active Directory Users and Computers |
| To create a group using Active Directory Users and Computers, you should right-click the particular container or OU, select ____, and then click Group. | New |
| Under which tab in a properties dialog box for a group account in Active Directory Users and Computers could you add or remove this group from other groups? | Member Of |
| You can change the type of a group from the ____ tab of the properties of the group account in Active Directory Users and Computers. | General |
| In order to change the scope of a group, the domain functional level must be at least at the ____ level. | Windows 2000 native |
| It is possible to change the scope of Group A to universal unless Group A has a(n) ____ scope and it has a domain local group as a member. | domain local |
| Changing the scope of a group account can be done from the ____ tab of the properties of the account in Active Directory Users and Computers. | General |
| What command-line utility can be used to create a new group account? | DSADD |
| What is the required argument for the DSADD GROUP command-line utility? | distinguished name |
| What is a switch that would commonly be used with the DSADD command-line utility? | -members |
| The command dsadd group “cn=XXX” -scope g would create a group account with a(n) ____ scope. | global |
| One way to get a list of options and switches available for the DSADD GROUP command would be to type ____ at the command line. | DSADD GROUP /? |
| The DSMOD GROUP command requires that you specify values for at least ____ switch(es). | 1 |
| To remove a member from a group account using the DSMOD GROUP command, you specify the member to remove with the ____ switch. | -member |
| The term ____ refers to directing the output of one command to the input of a second command. | piping |
| If you wish to move an existing group account into a new container, you could use the DSMOVE command with the ____ switch. | -newparent |
| What is a utility that allows you to move objects between domains? | MOVETREE |
| What command-line utility can be used to delete group accounts? | DSRM |
| What is the last step in the A G U DL P strategy? | assign permissions to domain local groups |
| The easiest method of determining the groups that a user belongs to is via the ____ tab in the properties of their user account. | Member Of |
| The ____ command-line utility provides a method of determining a user’s group membership. | DSGET |
| Which of the following switches would return information about all of the members of a group when used with the DSGET GROUP command-line utility? | -members |
| What feature(s) do built-in local security groups have? | pre-assigned rights |
| Which of the following built-in containers holds built-in groups that are created automatically when Active Directory is installed? | Users |
| The Builtin Container holds a number of ____ group accounts that are allocated specific user rights. | domain local |
| The Users container contains a number of different domain local and ____ group accounts. | global |
| What built-in group in the Users container is able to administer DNS server settings and configuration? | DnsAdmins |
| What tool could you use to change the settings of an existing computer account? | DSMOD COMPUTER |
| Windows Server 2003 supports ____ main file systems. | 3 |
| The Windows Server 2003 FAT file system supports partitions up to ____ in size. | 4 GB |
| The Windows Server 2003 file system FAT32 supports partitions up to ____ in size. | 2 TB |
| The Windows Server 2003 NTFS file system, for practical purposes, supports partitions up to ____ in size. | 16 TB |
| Which of the following is the file system most highly recommended for a Windows Server 2003 system? | NTFS |
| All domain controllers must have at least one ____ partition or volume available to hold the Sysvol folder. | NTFS |
| What is the standard method used to create and share files since Windows 95? | Windows Explorer |
| Folders can be shared in Windows Server 2003 by accessing the ____ tab of a folder’s properties. | Sharing |
| To hide a shared folder, place a(n) ____ after its name. | dollar sign ($) |
| The Admin$ folder is a(n) ____ administrative share created by default during the installation process. | hidden |
| Which of the following is used to create shared folders in Computer Management? | Share a Folder Wizard |
| In the permission groups for shared folders in which administrators have full access, members of the Administrators group are given ____ permission. | Full Control |
| To open the Computer Management utility, click Start, right-click My Computer, and then click which of the following? | Manage |
| The command-line utility ____ can be used to share an existing folder. | NET SHARE |
| Which of the following tools is used to monitor shared folders on a Windows Server 2003 network? | Computer Management |
| The ____ node in Computer Management provides information about all of the files that users currently have open. | Open Files |
| A(n) ____ is an entry in a discretionary access control list. | access control entry |
| One way to view the discretionary access control list of a resource is by clicking the ____ button on the Sharing tab of a folder’s properties. | Permissions |
| The term ____ is used to describe the effect of getting shared folder permissions that are assigned to all groups of which you are a member as well as those that are directly assigned. | cumulative |
| NTFS permissions can be set at which of the following? | file and folder level |
| The ____ standard NTFS permission allows the user to make any changes to the file or folder. | Full Control |
| The ____ standard NTFS permission type gives permissions to create files and folders, write attributes and extended attributes, read permissions, and synchronize. | Write |
| To access the NTFS special permissions, click the ____ button in the Security tab on the Properties dialog box for the folder or file. | Advanced |
| Which of the following is the default inheritance method for special NTFS permissions? | this folder, subfolders, and files |
| What is the name of the hidden administrative share that provides an administrator with access to the root of the C drive on a computer? | C$ |
| What is it called when two operating systems are installed on the same computer? | dual-boot |
| Which of the following groups has the right to create shared folders within a domain? | Server Operators |
| What is the theoretical limit on the size of an NTFS partition? | 16 EB |
| When a user accesses a shared resource from a network and there are both NTFS and share permissions that apply, what permissions are actually used? | the most restrictive permissions |
| When a user accesses a file locally, and there are both NTFS and share permissions on the file, which permissions are actually used? | the NTFS permissions |
| The CONVERT utility allows you to convert from and to which of the following file systems? | FAT to NTFS |
| With what operating system was the Effective Permissions tab introduced? | Windows Server 2003 |
| Which of the following NTFS standard permissions is very similar to Read and Execute, except that the permissions are inherited only by folders and not by files? | List Folder Contents |
| Which of the following NTFS special permissions grants the user the ability to gain ownership of a file or folder? | Take Ownership |
| In which dialog box is the Effective Permissions tab found? | Advanced Security Settings |
| The ____________________ property of a user account holds information regarding the logon name, the domain name, account options, and account expiration date. | Account |
| The process called ____________________ validates a user’s identity and subsequently grants or denies access to network resources. | authentication |
| _________________________ is the primary authentication protocol used for older Microsoft operating systems like Windows NT 4.0 and Windows 98. | NT LAN Manager or NTLM |
| In NTLM authentication, the client system creates a cryptographic ____________________ of the password supplied by the user and then discards the password. | hash |
| In cases where an organization is trying to standardize a desktop environment for all users, the best type of user profile is a(n) ____________________ profile. | mandatory |
| A(n) _________________________ is an Active Directory container that is usually referred to by its abbreviation, OU. | organizational unit |
| A user account ____________________ is a user account that has been pre-configured with common settings associated with a particular type of user. | template |
| The ____________________ command allows various object types to be modified from the command line. | DSMOD |
| To import and export data to and from Active Directory using the LDAP Interchange Format, use the ____________________ command-line utility. | LDIFDE |
| The _________________________ node contains configuration settings that refer to the password lockout threshold and duration. | Account Lockout Policy |
| The primary purpose of a(n) ____________________ group is for use with e-mail applications. | distribution |
| The _________________________ domain functional level supports Windows Server 2003 domain controllers only. | Windows Server 2003 |
| A(n) ____________________ group can be assigned rights and permissions to any resource within a forest. | universal |
| The ____________________ tab of the properties dialog box for a group account in Active Directory Users and Computer allows a description and e-mail address to be configured for the group. | General |
| The type of a group cannot be converted if the domain is configured to the _________________________ domain functional level. | Windows 2000 mixed |
| In order to specify whether a new group account being created with the DSADD command-line utility is a security group or a distribution group, the ____________________ switch should be included in the command. | -secgrp or secgrp |
| To add a text description to a group account using the DSMOD GROUP command, you specify the description using the ____________________ switch. | -desc or desc |
| To rename a group account, you can use the ____________________ command-line utility. | DSMOVE |
| ____________________ is a switch that can be used with the DSRM command to suppress a confirmation request before an object is deleted. | -noprompt or noprompt |
| If you are working in a single domain, you can use _________________________ or universal groups interchangeably. | global groups |
| The FAT file system was originally used by the ____________________ operating system. | MS-DOS or DOS |
| A(n) ____________________ folder is a data resource that has been made available over the network to authorized network clients. | shared |
| One way to run Windows Explorer is to type ____________________ at the command line. | explorer.exe |
| One method for creating shared folders is to use the _________________________ console. | Computer Management |
| One permission configuration for shared folders is called “All users have read-only access” and this configuration grants the Read permission to the ____________________ group. | Everyone |
| Resources have security descriptors that contain a list, called a(n) ______________________________, of user or group references that have been allowed or denied permissions to that resource. | DACL or Discretionary Access Control List |
| The ____________________ group includes all users who have access to the network, regardless of whether they have been authenticated in the domain. | Everyone |
| The ____________________ utility can be used to change the file system of a partition from FAT to NTFS. | CONVERT |
| A(n) _________________________ is the permission that actually applies to a user or group based on the different permissions of the user or groups that they are members of for a particular resource. | effective permission |
| The NTFS file system provides support for _________________________, the ability to extend disk space using removable media. | Remote Storage |
| may be caused by a Global Catalog server not being available and configured | UPN logon issues |
| synchronization settings more than five minutes apart may be prohibiting a client from logging on due to Kerberos policies | client time setting issues |
| may be preventing a user from logging on from certain workstations | workstation restrictions |
| for workstations running Windows XP/2000/2003, may be caused by incorrect DNS settings that prevent them from contacting a domain controller | domain controller issues |
| logon hour restrictions may not be properly configured for the user account | logon hour restriction issues |
| evidenced by logon problems for client workstations running Windows 95/98 or Windows NT | down-level client issues |
| the user account may not be configured to allow access on the Dial-up tab in the properties of their account | remote access logon issues |
| evidenced by a user having trouble logging on locally to specific servers or domain controllers | users unable to log on locally |
| this can occur after multiple incorrect logon attempts | account lockout issues |
| resolved by using the DSMOD USER command to explicitly enable the user’s account | account disabled issues |
| a group that is able to change TCP/IP settings on domain controllers within the domain | Network Configuration Operators |
| a group that is able to share disk resources, back-up and restore files, and shut down or restart the server | Server Operators |
| a group that is assigned complete unrestricted access to the domain | Administrators |
| a group that is able to remotely access servers to monitor performance | Performance Monitor Users |
| a group that has all print administration rights | Print Operators |
| a group that is able to log on to domain controllers within the domain remotely | Remote Desktop Users |
| a group that is able to override security restrictions for the purpose of backing up or restoring files | Backup Operators |
| a group that has no default permissions except those assigned by the administrator | Users |
| a group that has no default permissions or rights except those assigned to the Everyone group | Guests |
| a group that allows members to query user accounts for the group membership information of a user | Windows Authorization Access Group |
| the NTFS special permission that controls the ability to view the attributes of a file or folder | Read Attributes |
| controls the ability to take ownership of a file or folder | Take Ownership |
| the NTFS special permission that provides the same level of access as the standard permission, and includes all of the other special NTFS permissions | Full Control |
| the NTFS special permission that controls the ability to change the extended attributes of a file or folder | Write Extended Attributes |
| the NTFS special permission that controls the ability to change the security permissions of a file or folder | Change Permissions |
| the NTFS special permission that controls the ability to delete a file or folder | Delete |
| the NTFS special permission that controls the ability to change the attributes of a file or folder | Write Attributes |
| the NTFS special permission that controls the ability to delete subfolders and files, even if the standard delete permission has not been granted | Delete Subfolders and Files |
| the NTFS special permission that controls the ability to view the contents of folders and read data files with a folder | List Folder/Read Data |
| the NTFS special permission that controls the ability to read the security permissions of a file or folder | Read Permissions |
Created by:
biz_kid1