TEST BANK 70-297 MCSE GUIDE TO DESIGNING A MICROSOFT WINDOWS SERVER 2003 ACTIVE DIRECTORY AND NETWORK INFRASTRUCTURE 1ST EDITION BY JAY ADAMSON A+

Description

1. Whenever Windows Server 2003 is installed as a DC, it automatically becomes a Kerberos Key Distribution Center service.

ANS: T PTS: 1 REF: 394

1. RIP Version 1 supports classless interdomain routing and variable-length subnet mask implementation.

ANS: F PTS: 1 REF: 398

1. There is a limit to the number of OUs that can exist within an individual domain.

ANS: F PTS: 1 REF: 410-411

1. Lease duration affects the amount of time that the DHCP server can be offline before problems arise.

ANS: T PTS: 1 REF: 443

1. The dial-in permission set on a user account overrides the permission option in the Properties dialog box, except in the case of native-mode administration model, where all user accounts are set to Control Access Through Remote Access Policy.

ANS: T PTS: 1 REF: 413

MODIFIED TRUE/FALSE

1. Authentication messages are defined in RFC 2800. _________________________

ANS: F, 2865

PTS: 1 REF: 423

1. All RADIUS messages use UDP for transmission. _________________________

ANS: T PTS: 1 REF: 423

1. A(n) scope can span up to a single subnet. _________________________

ANS: T PTS: 1 REF: 443

1. The maximum number of hops for RIP networks is 15 routers. _________________________

ANS: T PTS: 1 REF: 398

1. The Extensible Authentication Protocol is used to send passwords in open text. _________________________

ANS: F, Password Authentication

PTS: 1 REF: 394

MULTIPLE CHOICE

1. Which of the following is a standard Internet protocol for authenticating users and systems, and is the primary authentication protocol used by Windows Server 2003?

a.	NTLM	c.	Kerberos Version 5
b.	.NET Passport Authentication	d.	EAP

ANS: C PTS: 1 REF: 393

1. Which of the following uses a very simple, plain-text authentication protocol?

a.	Kerberos Version 5	c.	NTLM
b.	PAP	d.	EAP

ANS: B PTS: 1 REF: 394

1. _____ is the process of identifying a user.

a.	Authorization	c.	NTLM
b.	PAP	d.	Authentication

ANS: D PTS: 1 REF: 411

1. _____ is the process of allowing or denying a user access to a system and the objects on that system based on the user’s identity.

a.	Authorization	c.	Authentication
b.	PAP	d.	NTLM

ANS: C PTS: 1 REF: 411

1. _____ is the authentication protocol most commonly used by Internet service providers.

a.	NTLM	c.	PAP
b.	RADIUS	d.	KDC

ANS: B PTS: 1 REF: 422

1. A(n) _____ is a range of possible IP addresses on a network.

a.	session	c.	scope
b.	frame	d.	data link

ANS: C PTS: 1 REF: 443

1. A(n) _____ is a collection of scopes gathered together into a single administrative grouping.

a.	superscope	c.	interscope
b.	megascope	d.	intrascope

ANS: A PTS: 1 REF: 444

1. The _____ layer of the OSI model is responsible for the end-to-end integrity of data transmission.

a.	session	c.	transport
b.	application	d.	physical

ANS: C PTS: 1 REF: 390

1. Which of the following provides both the Authentication Service and Ticket Granting Service that is required in Kerberos authentication?

a.	EAP	c.	MS-CHAP v2
b.	NTLM	d.	KDC

ANS: D PTS: 1 REF: 394

1. The Key Distribution Center Service account _____ is used to authenticate a DC when it is authenticating users or client computers in other domains.

a.	Kerberos	c.	scope
b.	krbtgt	d.	kdcs

ANS: B PTS: 1 REF: 396

1. _____ options apply to all clients of the DHCP server. The main use would be for parameters common across all scopes installed on the server.

a.	Server	c.	Client
b.	Scope	d.	Class

ANS: A PTS: 1 REF: 438

1. A DHCP client will always request a renewal of its lease when _____ percent of the lease time has expired. If it fails to connect to the DHCP server, it will try again when _____ percent of the lease time is up.

a.	30, 50	c.	50, 85.5
b.	40, 75	d.	50, 95.5

ANS: C PTS: 1 REF: 442

1. One of the main reasons for using superscopes is _____.

a.	You need to remove the DHCP server from the subnet.
b.	The DHCP client cannot contact the DHCP server.
c.	A scope has too many IP addresses.
d.	You need to renumber the IP network and therefore move the clients from one set of addresses to another.

ANS: D PTS: 1 REF: 444

1. Which of the following protocols enables the use of Active Directory information during the authentication of Internet, intranet, and extranet users?

a.	Kerberos Version 5	c.	NT LAN Manager
b.	.NET Passport Authentication	d.	Extensible Authentication Protocol

ANS: B PTS: 1 REF: 393

1. There are three levels of OSPF design: _____.

a.	autonomous system design, area design, and network design
b.	subnet design, area design, and network design
c.	subnet design, host design, and network design
d.	autonomous system design, subnet design, and host design

ANS: A PTS: 1 REF: 398

1. RADIUS uses UDP ports _____.

a.	65 and 92	c.	10 and 21
b.	1812 and 1813	d.	1645 and 1646

ANS: B PTS: 1 REF: 423

YES/NO

1. Will the definition of an extensive logging and auditing strategy lower the performance of your server on your network?

ANS: Y PTS: 1 REF: 424

1. Is it necessary for a TCP/IP-based network to use DHCP?

ANS: Y PTS: 1 REF: 430

1. Is it necessary for DHCP servers running on Windows NT 4.0 to register and be authorized by Active Directory?

ANS: N PTS: 1 REF: 439

1. Kerberos tickets are maintained in a local cache and are aged. Do they have any value after they have expired?

ANS: N PTS: 1 REF: 395

1. Can you store remote access policies on the server that hosts the RRAS?

ANS: Y PTS: 1 REF: 410

COMPLETION

1. The default length of time Kerberos tickets are valid is ____________________ hours.

ANS:

eight

8

PTS: 1 REF: 396

1. The ____________________ Protocol was designed as an extension to the Point-to-Point Protocol and provides greater extensibility and flexibility in the implementation of authentication methods for the PPP connection.

ANS:

Extensible Authentication

extensible authentication

PTS: 1 REF: 394

1. You can determine whether your DHCP server has been authorized in Active Directory using the Active Directory ____________________ console.

ANS: Sites and Services

PTS: 1 REF: 439

1. The default lease time for a Widows Server 2003 server is ____________________ days.

ANS:

eight

8

PTS: 1 REF: 442

1. A(n) ____________________ attack can be initiated on your computer by a hacker performing a large number of dynamic updates through the DHCP.

ANS:

DoS

denial of service

PTS: 1 REF: 445

MATCHING

Match each item with a statement below.

a.	IP	f.	Permissions
b.	Presentation layer	g.	Internet Authentication Service
c.	MS-CHAP v2	h.	Access-Request
d.	Kerberos Key Distribution Center	i.	Scope
e.	Authorization

1. Used for network and dial-up authentication.

1. The dominant routable protocol.

1. Performed when the client sends the user’s username and password to the server using an authentication protocol.

1. Can be used to provide encryption and decryption services.

1. RADIUS authentication message.

1. Role is to authenticate Kerberos clients.

1. Used to set aside a range or a pool of consecutive IP addresses that can be distributed to clients.

1. Uses the data stored on the domain controller to verify authentication requests received through the RADIUS protocol.

1. Set on a user account and denied by default.

1. ANS: C PTS: 1 REF: 393

1. ANS: A PTS: 1 REF: 390

1. ANS: E PTS: 1 REF: 411

1. ANS: B PTS: 1 REF: 390

1. ANS: H PTS: 1 REF: 423

1. ANS: D PTS: 1 REF: 394

1. ANS: I PTS: 1 REF: 443

1. ANS: G PTS: 1 REF: 422

1. ANS: F PTS: 1 REF: 413

SHORT ANSWER

1. List five security features of IPSec.

ANS:

The features include:

Authentication using digital signature to identify the sender

Integrity through the use of hash algorithms, ensuring that the data has not been altered

Privacy through encryption that protects the data from being read

Anti-replay, which prevents unauthorized access by an attacker who resends packets

Nonrepudiation through the use of public-key digital signatures that prove the message’s origin

Dynamic rekeying that allows keys to be generated during communication so that the different transmissions are protected with different keys

Key generation using the Diffie-Hillman key agreement algorithm, which allows computers to agree on a key without having to expose it

Key lengths that are configurable to allow for export restrictions or highly sensitive transmissions

PTS: 1 REF: 409-410

1. For each layer in the OSI model, list the common remote access components.

ANS:

Layer 7 FTP, SMTP, HTTP, RLOGIN, DHCP, BOOTP

Layer 6 Lightweight Presentation Protocol

Layer 5 LDAP, DNS, NetBIOS

Layer 4 TCP, DNS, NetBIOS

Layer 3 IP

Layer 2 CHAP, PPP, PPTP

Layer 1 Analog, ISDN, ADSL, Frame Relay

PTS: 1 REF: 391

1. List three factors to be considered when designing your DHCP network.

ANS:

Factors to be considered:

Draw yourself a map of your network. Make sure you show each physical and logical subnet and the routers between the various subnets.

If the network uses routers to subnet the network, do the routers support forwarding DHCP broadcasts? Most new routers do, but that option must be turned on.

Sectioning the IP address range between two servers will provide fault tolerance.

Depending on the speed and reliability of your network and the links between your subnets, the routers can be configured to forward DCHP broadcasts (or you could add a DMCP relay agent).

If you are planning to the DHCP server to update DNS records for legacy clients, do not run the DHCP service on a domain controller. Doing so would cerate a security risk.

Remember that the recommendation is that a single DHCP server can provide services for 10,000 or fewer clients and 1000 or fewer scopes; therefore, make sure you size your servers appropriately.

DHCP servers access their disk drives very frequently. Make sure you use either a disk drive with a fast access time or a hardware RAID disk controller.

If you are still using any Windows NT 4 domain controllers, make sure you have them upgraded to Windows Server 2003.

PTS: 1 REF: 430-431

1. What decisions do you need to make when creating a scope?

ANS:

The decisions include:

The starting and ending addresses of the range you want to use

The subnet mask of the subnet in question

Whether there are clients using static IP addresses within this range that will need to be excluded from the pool

The amount of time the lease duration should be for the IP addresses leased from this scope

The IP configuration information you want to pass to clients, in addition to the IP address and the subnet mask

Whether you need to reserve specific IP addresses for specific clients

PTS: 1 REF: 444

1. In the administer-access-by-policy model in a Windows 2000 native or Windows Server 2003 domain, there are two alternatives for controlling access. List the two alternatives.

ANS:

Set the remote access permissions on every user account to Control Access through Remote Access Policy.

Determine your remote access permissions by the Remote Access Permission setting on the remote access policy.

PTS: 1 REF: 416

Chapter 7: Service Sizing and Placement

TRUE/FALSE

1. The more Group Policy Objects a computer and user need to process at boot and logon, the longer the process will take.

ANS: T PTS: 1 REF: 464

1. DCs should always be located in secure sites.

ANS: T PTS: 1 REF: 469

1. Domain controllers automatically defragment their local copy of the Active Directory database every 24 hours.

ANS: T PTS: 1 REF: 482

1. The sizing of each individual Application Directory Partition can be done precisely.

ANS: F PTS: 1 REF: 485

1. The Domain Naming Master role must be assigned to at least two DCs in the forest.

ANS: F PTS: 1 REF: 504

MODIFIED TRUE/FALSE

1. Active Directory can be used to store data relating to applications. _________________________

ANS: T PTS: 1 REF: 471

1. Each Domain Controller houses a local copy of the Active Directory database. _________________________

ANS: T PTS: 1 REF: 486

1. For DCs accessed by fewer than 1000 users, all four (database, logs, operating system, SYSVOL) components can be collocated on the same RAID 5 array. _________________________

ANS: F, RAID 1

PTS: 1 REF: 487

1. A role should be seized only if the current holder cannot be contacted to transfer the role in a graceful manner. _________________________

ANS: T PTS: 1 REF: 514

1. A FSMO role should be seized if the hosting DC is to be made unavailable for an extended period of time. _________________________

ANS: F, transferred

PTS: 1 REF: 514

MULTIPLE CHOICE

1. _____ house the Active Directory database.

a.	Domain Naming Masters	c.	FQDNs
b.	Domain Controllers	d.	Application Directory Partitions

ANS: B PTS: 1 REF: 468

1. _____ is a database that is used to store objects that exist within the organization.

a.	FQDN	c.	Dcpromo
b.	Schema	d.	Active Directory

ANS: D PTS: 1 REF: 471

1. Which of the following statements is correct?

a.	Size of domain partition in GB = (number of users in domain/1000) * 0.7
b.	Size of domain partition in GB = (1000) * 0.4
c.	Size of domain partition in GB = (number of users in domain/1000) * 0.4
d.	Size of domain partition in GB = (number of users in domain/10) * 0.4

ANS: C PTS: 1 REF: 479

1. A(n) _____ can be used to store data pertinent to a particular application.

a.	Application Directory Partition	c.	PDCe
b.	schema	d.	security ID

ANS: A PTS: 1 REF: 485

1. Which of the following statements is correct?

a.	If the domain controller requirement is 3.2GB then the global catalog requirement is 6.4GB.
b.	Each DC stores transaction log files relating to the database and a local operating system.
c.	If the number of resource records housed by a server is 100, the RAM requirement is 1MB.
d.	If the number of resource records housed by a server is 1000, the RAM requirement is 5MB.

ANS: B PTS: 1 REF: 486

1. Rather than directly provide answers to various questions and thus promote a member server to a DC manually, the process is automated using a(n) _____.

a.	dcpromo answer file	c.	FSMO file
b.	replication file	d.	SYSVOL

ANS: A PTS: 1 REF: 494

1. Dcpromo can be executed in the following way _____.

a.	dcpromo /answerfile.txt	c.	dcpromo /answerfile.txt
b.	dcpromo = answer:answerfile.txt	d.	dcpromo /answer:answerfile.txt

ANS: D PTS: 1 REF: 494

1. What is the Domain Controller disk space requirement when there are 2000 users per domain?

a.	0.8GB	c.	2.4GB
b.	1.6GB	d.	3.2GB

ANS: A PTS: 1 REF: 499

1. Each domain in a forest must have a unique _____.

a.	schema	c.	FQDN
b.	replication file	d.	FSMO

ANS: C PTS: 1 REF: 504

1. The DNS representation of the domain name is the _____.

a.	FSMO	c.	dcpromo
b.	FQDN	d.	Active Directory

ANS: B PTS: 1 REF: 504

1. It is the job of the _____ to ensure that each domain created has a unique name within the forest.

a.	PDCe	c.	FQDN
b.	Domain Naming Master	d.	PDC

ANS: B PTS: 1 REF: 504

1. The _____ exists as a partition within Active Directory and is replicated as a read-only partition to every DC in the forest.

a.	replication file	c.	schema
b.	FQDN	d.	infrastructure master

ANS: C PTS: 1 REF: 505

1. When a new security principal is created, it is assigned a unique _____.

a.	DNM	c.	Security ID
b.	FSMO role	d.	PDCe

ANS: C PTS: 1 REF: 509

1. The _____ role is responsible for updating the referenced objects whenever changes are made in the source domain.

a.	Infrastructure Master	c.	dcpromo
b.	FSMO	d.	DC

ANS: A PTS: 1 REF: 510

1. The _____ role will be housed on the first DC built in the forest, by default.

a.	infrastructure master	c.	Domain Naming Master
b.	FSMO	d.	FQDN

ANS: C PTS: 1 REF: 510

1. The _____ role will be housed on the first DC built in each domain in the forest, by default.

a.	FQDN	c.	DNM
b.	PDCe	d.	dcpromo

ANS: B PTS: 1 REF: 511

YES/NO

1. Is there an associated replication traffic overhead with every Domain Controller deployed?

ANS: Y PTS: 1 REF: 470

1. Does Microsoft advise that you place SYSVOL and the database on separate RAID arrays?

ANS: N PTS: 1 REF: 487

1. Is the minimum requirement for Logs (DC component) at least 500 MB free space?

ANS: Y PTS: 1 REF: 487

1. Is the domain controller requirement for 6000 users per domain approximately 1.6GB?

ANS: N PTS: 1 REF: 499

1. Is the space requirement for GC servers equivalent to the space requirements of a DC in the same domain?

ANS: N PTS: 1 REF: 499

COMPLETION

1. Startup and logon scripts are located in the SYSVOL share, which is replicated using the ____________________ System between each DC in the same domain.

ANS: File Replication

PTS: 1 REF: 464

1. In order that ADPs can be created and configured, the DC hosting the Domain Naming Master (DNM) FSMO role must first be upgraded to ____________________.

ANS: Windows Server 2003

PTS: 1 REF: 485

1. The most popular approach to promoting servers to become DCs is the ____________________ approach.

ANS: manual

PTS: 1 REF: 492

1. The Active Directory “equivalent” of the Windows NT PDC is the ____________________.

ANS: PDCe

PTS: 1 REF: 506

1. The ____________________ role will be housed on the first DC built in each domain in the forest, by default.

ANS: Infrastructure Master

PTS: 1 REF: 513

MATCHING

Match each item with a statement below.

a.	Transfer the role	f.	Active Directory database
b.	FSMO roles	g.	SYSVOL
c.	Domainwide roles	h.	PDCe
d.	Startup and logon scripts	i.	Forestwide roles
e.	Domain Controllers

1. Housed on precisely one DC at any one point in time.

1. Should be thoroughly tested in an environment that simulates the actual production environment.

1. House the Active Directory database.

1. Allows at least 500MB free space.

1. Used to implement all changes to GPOs, by default.

1. Will be transferred to a DC in the same domain, or any DC in the forest if necessary.

1. The preferred method of moving FSMO roles from one DC to another.

1. Comprised of discrete partitions, or naming contexts.

1. Will be transferred to another DC in the same domain.

1. ANS: B PTS: 1 REF: 514

1. ANS: D PTS: 1 REF: 464

1. ANS: E PTS: 1 REF: 468

1. ANS: G PTS: 1 REF: 487

1. ANS: H PTS: 1 REF: 508

1. ANS: I PTS: 1 REF: 514

1. ANS: A PTS: 1 REF: 514

1. ANS: F PTS: 1 REF: 478

1. ANS: C PTS: 1 REF: 514

SHORT ANSWER

1. When designing service placement, we must take into consideration the actual time to start up. What are the factors that will affect the actual time?

ANS:

The factors include:

Complexity of startup and logon scripts.

Number of group policies processed for the computer and user

Network speed from client to DC, DNS server, and GC

PTS: 1 REF: 464

1. List the four partitions supported by Windows Server 2003 Active Directory.

ANS:

They include:

Schema

Configuration

Domain

Application Directory partitions

PTS: 1 REF: 478

1. Before commencing with the promotion of a member server into a DC, several checks and best practices should be performed to ascertain whether the server is ready and able to be promoted. List five items on the pre-promotion checklist.

ANS:

The checklist includes:

Check event logs for boot-related issues

Configure event logs

Configure services

Check IP configuration

Check network connectivity

PTS: 1 REF: 490-491

1. What is the Active Directory infrastructure requirement for providing a self-sufficient startup and logon?

ANS:

The infrastructure requirement is:

DC from the user’s domain

GC from the user’s domain

DNS server hosting forest root domain zone

DNS server hosting user’s domain zone

PTS: 1 REF: 467-468

1. What are the functions that should be performed by the designer or architect of an active Directory infrastructure deployment?

ANS:

The functions include:

Document each location and the number of users at the location.

Assess the type of users at each location and determine if they require Active Directory authentication 24 hours per day, 7 days per week.

Determine if the users require Active Directory authentication even in the event of a WAN failure.

Create user population bandings

Deploy the appropriate Active Directory infrastructure components to each location based on the user population banding assigned to that location and the other factors mentioned previously.

PTS: 1 REF: 471-472