Term
| Active Directory will tolerate a maximum of a 5-minute ___ between a client and the domain controller that authenticates it |
|
Definition
|
|
Term
| The ___ is responsible for managing time synchronization within a domain |
|
Definition
|
|
Term
| You can improve login times in a site that does not contain a global catalog server by implementing ___ |
|
Definition
| universal group membership caching |
|
|
Term
| To add or remove an application directory partition from Active Directory, the ___ needs to be accessible |
|
Definition
|
|
Term
| If a domain controller that holds a FSMO role fails and will not be returned to the network, you can ___ the FSMO role to another domain controller |
|
Definition
|
|
Term
| You can add additional attributes to the ___ by modifying the Active Directory schema |
|
Definition
| partial attribute set (PAS) |
|
|
Term
| The ___ uniquely identifies an object within an Active Directory domain, but will change if an object is moved from one domain to another |
|
Definition
| security identifier (SID) |
|
|
Term
| The ___ FSMO role should not be housed on a domain controller that has been configured as a global catalog |
|
Definition
|
|
Term
| You can transfer the ___ FSMO from one domain controller to another using the Active Directory Domains and Trusts MMC snap-in |
|
Definition
|
|
Term
| Membership information for a(n) ___ is stored on the global catalog |
|
Definition
|
|
Term
What is the Active Directory component that contains a reference to all objects within Active Directory called?
a. Main database
b. Central catalog
c. Global database
d. Global catalog |
|
Definition
Global Catalog
The Global Catalog server contains a reference to each object within an Active Directory forest, regardless of which domain the GC belongs to or how many domains are configured within the forest |
|
|
Term
Which of the following roles is a forest-wide FSMO role?
a. PDC Emulator
b. Infrastructure Master
c. Schema Master
d. Global catalog |
|
Definition
Schema Master
The Schema Master and the Domain Naming Master are the forest-wide FSMO roles.
Each Active Directory domain also has three domain-wide FSMOs: the PDC Emulator, the Infrastructure Master, and the RID Master |
|
|
Term
To which port does the _gc SRV record listen?
a. TCP 445
b. UDP 137
c. TCP 3268
d. UDP 445 |
|
Definition
TCP 3268
The Global Catalog answers queries on TCP port 3268. Normal domain controller LDAP
queries take place on TCP port 389 |
|
|
Term
You are the administrator of an Active Directory forest that contains a forest root domain with three child domains. How many of each FSMO does this forest contain?
a. 1 Domain Naming Master, 1 Schema Master, 3 PDC Emulators, 3 Infrastructure
Masters, 3 RID Masters
b. 3 Domain Naming Masters, 3 Schema Masters, 3 PDC Emulators, 3 Infrastructure Masters, 3 RID Masters
c. 1 Domain Naming Master, 1 Schema Master, 4 PDC Emulators, 4 Infrastructure Masters, 4 RID Masters
d. 1 Domain Naming Master, 1 Schema Master, 1 PDC Emulator, 1 Infrastructure Master, 1 RID Master |
|
Definition
1 Domain Naming Master, 1 Schema Master, 4 PDC Emulators, 4 Infrastructure Masters, 4 RID Masters
There is only one forest-wide Domain Naming Master and Schema Master per forest. Because there are four total domains in this example (the forest root domain and the three child domains), there will be four of each domain-wide FSMO role |
|
|
Term
The Schema Master FSMO for your forest will be taken offline for a few hours so that your hardware vendor can replace the motherboard of the server. To allow your clients to continue to log in, what is the minimum that you need to do?
a. Transfer the Schema Master FSMO to another domain controller before taking it
offline.
b. Seize the Schema Master FSMO to another domain controller before taking it offline.
c. Do nothing. Your clients will still be able to log in while the Schema Master is offline.
d. Disable the domain controller's computer account from Active Directory Users and Computers before taking it offline |
|
Definition
Do nothing. Your clients will still be able to log in while the Schema Master is offline
The Schema Master is only required when an application is installed that will extend the Active Directory schema. This FSMO role is not noticeable during day-to-day client logon operations and thus can be taken offline for a short period of time without impacting client activities |
|
|
Term
You are a member of the Domain Admins group of a child domain on an Active Directory network. You have an application that requires you to configure an application directory partition, but you find that you are unable to do so. What could be preventing you from creating an application directory partition in your domain?
a. You must be a member of the Enterprise Admins group to create an application
directory partition.
b. You must be a member of the Schema Admins group to create an application directory partition.
c. You must be a member of the Forest Admins group to create an application directory partition.
d. You must be a member of the DNS Admins group to create an application directory partition |
|
Definition
You must be a member of the Enterprise Admins group to create an application
directory partition
Only Enterprise Administrators can create application directory partitions because these have the potential to be replicated forest-wide |
|
|
Term
The RID Master FSMO distributes RIDs to domain controllers in increments of ____. a. 100
b. 250
c. 500
d. 1,000 |
|
Definition
500
By default, the RID Master FSMO role hands out Relative Identifiers (RIDs) to each
domain controller in a domain in increments of 500. Each DC will go back to the RID Master to obtain a new supply of RIDs when their current allotment runs out |
|
|
Term
You are logging onto an Active Directory child domain from a workstation running Windows Vista Business. By default, where will this workstation look to synchronize its clock with the domain?
a. The PDC Emulator for the child domain
b. The PDC Emulator for the forest root domain.
c. An external clock
d. The domain controller that authenticates the workstation |
|
Definition
The domain controller that authenticates the workstations
Active Directory time synchronization is hierarchical, wherein the PDC Emulator for
each domain will synchronize its time with the PDC Emulator in the forest root domain. Each DC in a domain will synchronize its time with the PDC Emulator for its domain. Member servers and workstations in a domain will synchronize their time with the DC that authenticated them, which can be the PDC Emulator for that domain |
|
|
Term
Each object's SID consists of two components: the domain portion and the ________.
a. remote identifier
b. globally unique identifier
c. relative identifier
d. global identifie |
|
Definition
relative identifier
An object SID is comprised of the security identifier for the Active Directory domain,
which will be the same for each security principal created within that domain, and a relative identifier, which will be unique to that security principal |
|
|
Term
You can view and manage the PDC Emulator FSMO role holder using which utility?
a. Active Directory Users and Computers
b. Active Directory Schema
c. Active Directory Sites and Services
d. Active Directory Domains and Trusts |
|
Definition
Active Directory Users and Computers
To view the PDC Emulator, RID Master, and Infrastructure Master FSMO role holders,
right-click the domain name in Active Directory Users and Computers and select the Operations Masters option from the context menu |
|
|
