True/False
Indicate whether the sentence or statement is true
or false.
|
|
|
1.
|
Less
common attributes of user accounts can be managed programmatically with code, script, or tools like
ADSI Edit.
|
|
|
2.
|
The
Log On To button in the Account tab of the properties of a user account allows an administrator to
configure the days and hours when this user is allowed to log on to the network.
|
|
|
3.
|
One
domain controller in an Active Directory environment is specified to be the Key Distribution Center
for Kerberos v5 authentication.
|
|
|
4.
|
If an
NTLM authentication is successful, the domain controller generates a token for the user process to
enable network access.
|
|
|
5.
|
If
changes are made to a user’s roaming profile, the changes are saved at the central server where
the profile is maintained.
|
|
|
6.
|
Roaming user profiles cannot be configured as mandatory profiles.
|
|
|
7.
|
Active Directory Users and Computers allows you to configure the properties of a
single user object at a time.
|
|
|
8.
|
The
DSMOD USER command can be used to change settings associated with multiple user accounts
simultaneously.
|
|
|
9.
|
DSMOVE can only be used to move objects within the same domain.
|
|
|
10.
|
The
DSRM command is used only when deleting a single object from memory.
|
Multiple Choice
Identify the
letter of the choice that best completes the statement or answers the question.
|
|
|
11.
|
How
many different types of user profiles does Windows Server 2003 support?
|
|
|
12.
|
Which
of the following user account properties is used to add the account to an existing group of users
that have the same security and access requirements? a. | COM+ | c. | Remote
control | b. | Member Of | d. | Environment | | | | |
|
|
|
13.
|
Under
which of the user account properties tabs can you find the user logon name and the domain
name? a. | Account | c. | Organization | b. | Environment | d. | Member Of | | | | |
|
|
|
14.
|
In an
Active Directory environment, a server configured as a(n) ____ authenticates a user. a. | administrative
server | c. | domain
server | b. | member server | d. | domain controller | | | | |
|
|
|
15.
|
When
using smart card authentication for user accounts, the user inserts their card into a reader and then
must do which of the following? a. | log in to a local computer | b. | log in to a
domain controller | c. | supply a PIN number | d. | answer a
prespecified question | | |
|
|
|
16.
|
Which
of the following refers to the process of supplying a user name and password via the Log On to
Windows dialog box? a. | interactive authentication | c. | network authentication | b. | workgroup
authentication | d. | domain
authentication | | | | |
|
|
|
17.
|
____
is the primary authentication protocol used in Active Directory domain environments. a. | NTLM | c. | Kerberos
v5 | b. | KDC | d. | service
ticketing | | | | |
|
|
|
18.
|
Under
the Kerberos v5 authentication protocol, when a user tries to access a network resource, it presents
a TGT to the KDC and requests a(n) ____ for the server on which the resource
resides. a. | challenge | c. | access
ticket | b. | ticket-granting ticket | d. | service ticket | | | | |
|
|
|
19.
|
Which
of the following refers to operating systems running Windows NT 4.0 or earlier with respect to user
authentication? a. | down-level | c. | KDC | b. | Kerberos v5 | d. | challenge-response | | | | |
|
|
|
20.
|
In
NTLM authentication, the domain controller generates a 16-bit random number known as a ____ and sends
it back to the client. a. | service ticket | c. | cryptograph | b. | challenge | d. | ticket-granting
ticket | | | | |
|
|
|
21.
|
An
administrator can configure a ____ user profile that cannot be modified by the user. a. | roaming | c. | mandatory | b. | default | d. | key | | | | |
|
|
|
22.
|
Which
of the following tasks related to user accounts can only be performed by an
administrator? a. | Change Desktop
Wallpaper | c. | Change
Type | b. | Change
Favorites | d. | Create a
Shortcut | | | | |
|
|
|
23.
|
Which
of the following is the tool you would use to create a new user profile? a. | System, in
Control Panel | c. | Azul | b. | Kerberos | d. | Active Directory Users and Computers | | | | |
|
|
|
24.
|
Roaming profiles are configured from the ____ page of a user account’s properties
in Active Directory Users and Computers. a. | Profiles | c. | Sessions | b. | Environment | d. | Terminal
Services Profile | | | | |
|
|
|
25.
|
Changing a user profile to be mandatory requires that the .dat file extension of the
ntuser.dat file be changed to which of the following?
|
|
|
26.
|
If an
administrator was editing the properties of multiple user accounts, which of the following utilities
would be the most logical one to use? a. | Active Directory Computers and
Users | c. | DSQUERY | b. | DSADD | d. | DSMOD | | | | |
|
|
|
27.
|
Which
of the following will run Active Directory Users and Computers from the command
line? a. | ntuser.dat | c. | dsa.msc | b. | dsadd | d. | dsmod | | | | |
|
|
|
28.
|
When
configuring user accounts, you can use the variable ____ to automatically create an individual’s
folders. a. | username | c. | !username! | b. | %username% | d. | ^username^ | | | | |
|
|
|
29.
|
The
distinguished name used to identify a user account being created with the DSADD command is in ____
format. a. | UPN | c. | Active
Directory | b. | LDAP | d. | DNS | | | | |
|
|
|
30.
|
Which
of the following switches used with the DSADD command indicates groups that the user should be added
to? a. | -memberof | c. | -disabled
| b. | -profile | d. | -pwd | | | | |
|
|
|
31.
|
Look
for the DSADD topic in Windows Server 2003 ____ to get a complete list of switches and options
available with the DSADD command. a. | Catalog | c. | Help and Support | b. | Administrative
Tools | d. | Properties | | | | |
|
|
|
32.
|
Typing ____ at the command line will allow you to view the complete list of switches
and options available with the DSMOD USER command. a. | DSMOD USER
HELP | c. | DSMOD
? | b. | DSMOD HELP
USER | d. | DSMOD USER
/? | | | | |
|
|
|
33.
|
Which
of the following command line utilities can be used to query for directory objects from the command
line? a. | DSQUERY | c. | DSADD | b. | DSMOD | d. | CSVDE | | | | |
|
|
|
34.
|
Which
of the following commands supports the wildcard character (*)? a. | DSMOD | c. | DSMOVE | b. | DSRM | d. | DSQUERY | | | | |
|
|
|
35.
|
The
____ command can have its output piped as input to another command-line utility. a. | DSMOD | c. | DSADD | b. | DSQUERY | d. | DSMOVE | | | | |
|
|
|
36.
|
Which
of the following command-line utilities can be used to rename an object? a. | DSQUERY | c. | DSMOVE | b. | DSRM | d. | DSADD | | | | |
|
|
|
37.
|
Which
of the following commands can be used to delete an object from the directory? a. | DSRM | c. | DSMOVE | b. | DSMOD | d. | DSADD | | | | |
|
|
|
38.
|
Which
of the following switches can be used with the DSRM command-line utility to keep the system from
asking for confirmation from the user? a. | -subtree | c. | -noprompt | b. | -exclude | d. | -c | | | | |
|
|
|
39.
|
When
data is exported from Active Directory using CSVDE, the first line of the file contains the name of
each attribute being exported, separated by a. | commas. | c. | spaces. | b. | hyphens. | d. | asterisks. | | | | |
|
|
|
40.
|
Which
of the following is a common use of the LDIFDE command-line utility and the LDIF file
format? a. | changing account
policies | c. | auditing
authentication | b. | enforcing password policy | d. | extending Active Directory schema | | | | |
|
|
|
41.
|
The
Default Domain Policy object has which of the following types? a. | organizational
unit | c. | Account
Policy | b. | Group Policy | d. | system services | | | | |
|
|
|
42.
|
Which
of the following password policy items defines the number of days that a password can be used before
the user is required to change it? a. | enforce password history | b. | minimum password
age | c. | maximum password
age | d. | store passwords
using reversible encryption | | |
|
|
|
43.
|
Which
of the following account lockout policy items defines the number of failed logon attempts that
results in the user account being locked? a. | reset account lockout counter
after | c. | account lockout
threshold | b. | account lockout complexity | d. | account lockout duration | | | | |
|
|
|
44.
|
Which
of the following Kerberos policy items determines the amount of time, in days, that a user’s TGT
may be renewed? a. | maximum lifetime
for service ticket | c. | maximum lifetime
for user ticket | b. | maximum lifetime for user ticket
renewal | d. | enforce user
logon restrictions | | | | |
|
|
|
45.
|
To
enable the auditing of failure account logon events, you must access the ____ setting to check the
Failure check box. a. | Audit object access | c. | Audit account management | b. | Audit process
tracking | d. | Audit account
logon events | | | | |
|
Matching
|
|
|
Match each term with the correct statement below. a. | down-level
client issues | f. | UPN logon
issues | b. | workstation restrictions | g. | logon hour restriction issues | c. | users unable to
log on locally | h. | remote access
logon issues | d. | account disabled issues | i. | client time setting issues | e. | domain
controller issues | j. | account lockout
issues | | | | |
|
|
|
46.
|
may
be caused by a Global Catalog server not being available and configured
|
|
|
47.
|
synchronization settings more than five minutes apart may be prohibiting a client from
logging on due to Kerberos policies
|
|
|
48.
|
may
be preventing a user from logging on from certain workstations
|
|
|
49.
|
for
workstations running Windows XP/2000/2003, may be caused by incorrect DNS settings that prevent them
from contacting a domain controller
|
|
|
50.
|
logon
hour restrictions may not be properly configured for the user account
|
|
|
51.
|
evidenced by logon problems for client workstations running Windows 95/98 or Windows
NT
|
|
|
52.
|
the
user account may not be configured to allow access on the Dial-up tab in the properties of their
account
|
|
|
53.
|
evidenced by a user having trouble logging on locally to specific servers or domain
controllers
|
|
|
54.
|
this
can occur after multiple incorrect logon attempts
|
|
|
55.
|
resolved by using the DSMOD USER command to explicitly enable the user’s
account
|