Name:     ID: 
 
    Email: 

Windows Server 2003 Chapter 3 & 4

True/False
Indicate whether the sentence or statement is true or false.
 

 1. 

Less common attributes of user accounts can be managed programmatically with code, script, or tools like ADSI Edit.
 

 2. 

One domain controller in an Active Directory environment is specified to be the Key Distribution Center for Kerberos v5 authentication.
 

 3. 

If changes are made to a user’s roaming profile, the changes are saved at the central server where the profile is maintained.
 

 4. 

A domain local group can be assigned rights and permissions to any resource within the same domain only.
 

 5. 

The functional level of a domain can be raised in Active Directory Users and Computers by right-clicking the domain and clicking Raise Domain Functional Level.
 

Multiple Choice
Identify the letter of the choice that best completes the statement or answers the question.
 

 6. 

Which of the following user account properties is used to add the account to an existing group of users that have the same security and access requirements?
a.
COM+
c.
Remote control
b.
Member Of
d.
Environment
 

 7. 

Under which of the user account properties tabs can you find the user logon name and the domain name?
a.
Account
c.
Organization
b.
Environment
d.
Member Of
 

 8. 

In an Active Directory environment, a server configured as a(n) _____ authenticates a user.
a.
administrative server
c.
domain server
b.
member server
d.
domain controller
 

 9. 

Which of the following refers to the process of supplying a user name and password via the Log On to Windows dialog box?
a.
interactive authentication
c.
network authentication
b.
workgroup authentication
d.
domain authentication
 

 10. 

_____ is the primary authentication protocol used in Active Directory domain environments.
a.
NTLM
c.
Kerberos v5
b.
KDC
d.
service ticketing
 

 11. 

Under the Kerberos v5 authentication protocol, when a user tries to access a network resource, it presents a TGT to the KDC and requests a(n) _____ for the server on which the resource resides.
a.
challenge
c.
access ticket
b.
ticket-granting ticket
d.
service ticket
 

 12. 

Which of the following refers to operating systems running Windows NT 4.0 or earlier with respect to user authentication?
a.
down-level
c.
KDC
b.
Kerberos v5
d.
challenge-response
 

 13. 

In NTLM authentication, the domain controller generates a 16-bit random number known as a _____ and sends it back to the client.
a.
service ticket
c.
cryptograph
b.
challenge
d.
ticket-granting ticket
 

 14. 

An administrator can configure a _____ user profile that cannot be modified by the user.
a.
roaming
c.
mandatory
b.
default
d.
key
 

 15. 

Roaming profiles are configured from the _____ page of a user account’s properties in Active Directory Users and Computers.
a.
Profiles
c.
Sessions
b.
Environment
d.
Terminal Services Profile
 

 16. 

Changing a user profile to be mandatory requires that the .dat file extension of the ntuser.dat file be changed to which of the following?
a.
.ext
c.
.pro
b.
.man
d.
.adm
 

 17. 

The distinguished name used to identify a user account being created with the DSADD command is in _____ format.
a.
UPN
c.
Active Directory
b.
LDAP
d.
DNS
 

 18. 

When data is exported from Active Directory using CSVDE, the first line of the file contains the name of each attribute being exported, separated by
a.
commas.
c.
spaces.
b.
hyphens.
d.
asterisks.
 

 19. 

The Default Domain Policy object is which of the following types?
a.
organizational unit
c.
Account Policy
b.
Group Policy
d.
system services
 

 20. 

Which of the following account lockout policy items defines the number of failed logon attempts that results in the user account being locked?
a.
reset account lockout counter after
c.
account lockout threshold
b.
account lockout complexity
d.
account lockout duration
 

 21. 

Groups are similar to _____ in that both organize other objects into logical containers.
a.
user accounts
c.
functional levels
b.
computer accounts
d.
organizational units
 

 22. 

Unlike security groups, distribution groups do not have a(n) _____ associated with them.
a.
SID
c.
domain functional level
b.
global group
d.
schema
 

 23. 

There are _____ possible group scopes.
a.
2
c.
4
b.
3
d.
5
 

 24. 

Which of the following refers to a type of group that is typically created for the purpose of aggregating users or groups in different domains throughout an Active Directory forest?
a.
distribution group
c.
domain local group
b.
universal group
d.
security group
 

 25. 

To create a group using Active Directory Users and Computers, you should right-click the particular container or OU, select _____, and then click Group.
a.
General
c.
New
b.
Create
d.
Members
 

 26. 

Under which of the following tabs in a properties dialog box for a group account in Active Directory Users and Computers could you add or remove this group from other groups?
a.
General
c.
Members
b.
Managed By
d.
Member Of
 

 27. 

In order to change the scope of a group, the domain functional level must be at least at the _____ level.
a.
Windows 2000 mixed
c.
Windows Server 2003
b.
Windows 2000 native
d.
Windows NT 4.0
 

 28. 

Which of the following command-line utilities can be used to create a new group account?
a.
DSQUERY
c.
DSADD
b.
DSRM
d.
DSMOVE
 

 29. 

What is the required argument for the DSADD GROUP command-line utility?
a.
scope
c.
members
b.
distinguished name
d.
member of
 

 30. 

Which of the following is the last step in the A G U DL P strategy?
a.
create user accounts
b.
create universal groups
c.
assign permissions to domain local groups
d.
add global groups to domain local groups
 

 31. 

The easiest method of determining the groups that a user belongs to is via the _____ tab in the properties of their user account.
a.
General
c.
Member Of
b.
Advanced
d.
Profile
 

 32. 

The _____ command-line utility provides a method of determining a user’s group membership.
a.
DSGET
c.
DSRM
b.
DSQUERY
d.
DSMOD
 

 33. 

Which of the following features do built-in local security groups have?
a.
universal scope
c.
administrative scope
b.
customized organizational units
d.
pre-assigned rights
 

 34. 

Which of the following built-in containers holds built-in groups that are created automatically when Active Directory is installed?
a.
Users
c.
Admins
b.
Groups
d.
Guests
 

 35. 

What tool could you use to change the settings of an existing computer account?
a.
DSRM COMPUTER
c.
DSGET COMPUTER
b.
DSADD COMPUTER
d.
DSMOD COMPUTER
 

Yes/No
Indicate whether you agree with the sentence or statement.
 

 36. 

Do all of the following operating systems support Kerberos v5 authentication: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003?
 

 37. 

Must roaming profiles be stored on a domain controller?
 

 38. 

Can security groups be used as e-mail entities?
 

 39. 

Are universal groups supported at the Windows 2000 mixed domain functional level?
 

 40. 

Does the P in the acronym A G U DL P stand for Permissions?
 



 
Submit          Reset Help