Answers
· A real-time communication service.
· A replication service.
· A lookup service for an organization.
· A network time service.
2. What benefits does replication provide? Check all that apply.
Answers
· Redundancy
· Decreased latency
· Virtualization
· Enhanced security
3. What is the most popular directory services protocol used today?
Answers
· Lightweight Directory Access Protocol
· Directory System Protocol
· Directory Operational Binding Management Protocol
· Directory Access Protocol
Explanation: According to the most recent information that I have gathered, which was in January 2022, the Lightweight Directory Access Protocol (LDAP) is now one of the most widely used directory services protocols. Accessing and maintaining directory information services using LDAP has gained widespread use. It offers a standardized means of gaining access to directory services via an Internet Protocol (IP) network as well as maintaining such services.
4. Active Directory is the LDPA implementation for ________________.
Answers
· MAC
· Linux
· Microsoft
· Ubuntu
Explanation: Microsoft Windows installations often make use of Active Directory as their LDAP implementation. It provides centralized authentication and authorization services for Windows domain networks, serving as the directory service for such networks. Active Directory makes use of a protocol known as LDAP, which stands for Lightweight Directory Access Protocol, in order to access and manage directory information. Within a Windows environment, the organization and administration of people, workstations, and other network resources may be achieved via the use of this integration.
5. The containers in a Directory Service are referred to as _____________.
Answers
· user accounts
· organized structure
· organizational units (OUs)
· subfolders
Explanation: "Organizational Units" (abbreviated to OUs) are the names given to the containers that make up a Directory Service. Within a directory service like Microsoft Active Directory, OUs are used to assist in the organization and categorization of items such as users, computers, and many other resources. The use of organizational units (OUs) offers a method for structuring and managing the directory hierarchy. This makes it possible for administrators to apply rules, rights, and settings to certain groupings of objects. This organizational structure contributes to the effective management and protection of the resources that are included inside a network.
6. Which of these are examples of centralized management? Check all that apply.
Answers
· Role-based access control
· Centralized configuration management
· Copying configurations to various systems
· Local authentication
7. Which of these are components of an LDAP entry? Check all that apply.
Answers
· Uncommon Name
· Common Name
· Organizational User
· Distinguished Name
8. What's does the LDAP Bind operation do exactly?
Answers
· Modifies entries in a directory server
· Looks up information in a directory server
· Authenticates a client to the directory server
· Changes the password for a user account on the directory server
Explanation: When it comes to protecting access to directory information, the LDAP Bind action is very necessary. It guarantees that only clients who have been authenticated and given permission to communicate with the directory server may do so. The authentication procedure may make use of a number of different techniques, such as a straightforward authentication based on a password or other, more secure ways like SASL (Simple Authentication and Security Layer).
9. Which of the following are authentication types supported by the LDAP Bind operation? Check all that apply.
Answers
· Anonymous
· Simple
· Complex
· SASL
10. Which of these are examples of centralized management? Check all that apply.
Answers
· Centralized configuration management
· Role-based access control
· Copying configurations to various systems
· Local authentication
11. Which of these are components of an LDAP entry? Check all that apply.
Answers
· Distinguished Name
· Kerberos
· Common Name
· Uncommon Name
12. What does the LDAP Bind operation do exactly?
Answers
· Changes the password for a user account on the directory server
· Modifies entries in a directory server
· Authenticates a client to the directory server
· Looks up information in a directory server
Explanation: When it comes to protecting access to directory information, the LDAP Bind action is very necessary. It makes ensuring that the LDAP directory server may only be interacted with by clients who have been authenticated and given permission to do so. The authentication procedure may be as simple as entering a username and password, or it might include more complex processes such as Simple Authentication and Security Layer, abbreviated as SASL.
13. Which of the following are authentication types supported by the LDAP Bind operation? Check all that apply.
Answers
· Simple
· Anonymous
· Complex
· SASL
14. Which of the following are services provided for the Directory Services?
Answers
· Accounting
· Local authentication
· Centralized Authentication
· Authorization
15. What is the difference between a policy and a preference?
Answers
· They are the exact same thing.
· A policy is used to set a preference.
· A policy can be modified by a local user, while a preference is enforced by AD.
· A policy is enforced by AD, while a preference can be modified by a local user.
Explanation: A preference is a user's or system's particular option or setting that enables customization within specific constraints, while a policy is a collection of rules or guidelines that are authoritative and sometimes needed. To summarize, a policy is a set of rules or guidelines that are authoritative and frequently required. While policies are more concerned with enforcing norms and laws, preferences are more concerned with accommodating individual preferences and improving the user experience.
16. Select the right order of enforcement of GPOs:
Answers
· Site –> Domain –> OU
· OU –> Domain –> Sit
· Domain –> Site –> OU
· Site –> OU –> Domain
17. What can be used to determine what policies will be applied to a given machine?
Answers
· An RSOP report
· A control panel
· gpupdate
· A test domain
18. Which of the following could prevent logging into a domain-joined computer? Check all that apply.
Answers
· Unable to reach the domain controller
· The are time and date are incorrect
· The user account is locked
· Your computer is connected to Wifi
19. How does a client discover the address of a domain controller?
Answers
· It sends a broadcast to the local network
· It is provided via DHCP
· It is pushed via an AD GPO
· It makes a DNS query, asking for the SRV record for the domain
20. Directory services store information in a hierarchical structure. Which statements about Organizational Units (OUs) of a directory service hierarchy are true? (Choose all that apply)
Answers
· Sub-member OUs inherit the characteristics of their parent OU.
· Specific files within an OU, or container, are called “objects”.
· Changes can be made to one sub-OU without affecting other sub-OUs within the same parent.
· Parent OUs inherit characteristics of their sub-members.
21. Which directory service software would be used exclusively on a Windows network?
Answers
· DISP
· DSP
· Active Directory
· OpenLDAP
Explanation: Microsoft Active Directory is the directory service software that is used most often for a Windows-based network. Microsoft's Active Directory (AD) is a directory service and identity management system that the company developed in-house. It offers a single repository for managing and organizing information about network resources, and it is especially built to function in Windows systems.
22. What roles does a directory server play in centralized management? (Choose all that apply)
Answers
· Centralized authentication
· Confidentiality
· Authorization
· Accounting
Answers
· Domain name
· Distinguished name
· Distinguished number
· Distinct name
Answers
· Remove
· Modify
· Bind
· Add
Answers
· A DNS server
· A Kerberos authentication server
· A server that holds a replica of the Active Directory database
· A container
Answers
· Changes that are safe to be made by multiple Domain Controllers at once are tasked by granting them Flexible Single-Master Operations.
· The default Organizational Unit (OU), called Domain Controllers, contains all Domain Controllers in the domain.
· Delegation can be used in Active Directory.
· Always use the Domain Admin or Enterprise Admin for day-to-day use.
Answers
· Ask Juan questions to help him remember his password.
· Check the “User must change password at next logon” box so a new password must be created at the next logon.
· Issue a temporary password.
· Make sure the password reset is authorized by verifying that Juan is who he says he is.
Answers
· Preferences are reapplied every 90 minutes, and policies are more of a settings template.
· A policy is editable only by admins, but anyone can edit a group policy preference.
· Policies are reapplied every 90 minutes, and preferences are a settings template that the user can change on the computer.
· A preference is editable only by admins, but anyone can edit a policy.
Answers
· AAAA record
· TXT record
· SRV record
· A record
Answers
· centralized authentication
· centralized management
· active directory
· LDAP
Explanation: Rather than granting permissions or access rights to individual users, group-based access control entails the creation of groups and the assignment of those permissions or rights to the group. After that, users are added to suitable groups according to their positions, responsibilities, or the projects they are affiliated with. This method both simplifies administration and guarantees consistency, which makes it much simpler to control access for a large number of users. Instead of making changes to each individual user account, it is possible to make modifications at the group level, which will have an effect on all members of the group, in the event that access restrictions change. This is especially helpful in bigger workplaces, where it would be impossible to manage individual access for each person.
Answers
· All Users
· Domain Users
· Resource Users
· Enterprise Admins
Explanation: If a system administrator has to provide access to a resource for all of the users in a domain, they may utilize the "Domain Users" group in Active Directory to accomplish this task. Every user account that has ever been created in the domain is included in the "Domain Users" group, which is a pre-existing group. The administrator may guarantee that all users in the domain have access to a particular resource by either including the "Domain Users" group in the access control list (ACL) of that resource or by giving rights to the "Domain Users" group.
32. Which of these statements are true about managing through Active Directory? (Choose all that apply)
Answers
· Domain Local, Global, and Universal are examples of group scopes.
· Distribution groups can be used to assign permission to resources.
· The default group’s Domain Users and Domain Admins are security groups.
· ADAC uses PowerShell.
33. Which of the following are common reasons a group policy doesn't take effect correctly? (Choose all that apply)
Answers
· Kerberos may have issues with the UTC time on the clock.
· Fast Logon Optimization may delay GPO changes from taking effect.
· Replication failure may occur.
· The GPO may be linked to the OU that contains the computer.
34. Which of the following is not an advantage of replication of data in terms of directory services?
Answers
· It allows local management of user accounts.
· It decreases latency when accessing the directory service.
· It allows flexibility, allowing for easy creation of new object types as needs change.
· It provides redundancy for data.
35. A Lightweight Directory Access Protocol (LDAP) entry reads as follows: dn: CN=John Smith ,OU=Sysadmin,DC=jsmith,DC=com. \n. What is the organizational unit of this entry?
Answers
· CN=John Smith ,OU=Sysadmin,DC=jsmith,DC=com
· Sysadmin
· John Smith
· Jsmith
36. A particular computer on your network is a member of several GPOs. GPO-A has precedence set to 1. GPO-B has precedence set to 2, and GPO-C has precedence set to 3. According to the given levels of precedence, what will be the resultant set of policy (RSOP) for this machine?
Answers
· GPO-A will take precedence and overwrite any conflicting settings.
· The computer will default to local policy due to the confusion.
· GPO-B will take precedence and overwrite any conflicting settings.
· GPO-C will take precedence and overwrite any conflicting settings.
Explanation: The combination of these GPOs will produce the final set of policy (RSOP) for the system. This will be done by taking into consideration the settings of each GPO, as well as any user or computer specifications, and the order of precedence.
Due to the fact that it has the lowest precedence (1), GPO-A will be given preference over both GPO-B and GPO-C in this scenario. As a result, the settings that were applied by GPO-A will be reflected in the RSOP for the machine, followed by the settings that were applied by GPO-B and GPO-C.
Answers
· Edit the Windows Registry to change group policy settings
· Manually edit config files in SYSVOL
· Open ADAC and edit policy settings there
· Open the Group Policy Management Console by running gpmc.msc from the CLI
Answers
· By a hierarchical model of objects and containers
· By a flat text file
· By a relational database structure
· By a series of nested groups
Answers
· Configuration can take place on each device.
· Configuration management is centralized.
· Access and authorization are managed in one place.
· Role-Based Access Control (RBAC) can organize user groups centrally.
40. To authenticate user accounts on a computer against AD, what must be done to the computer first?
Answers
· Enable the administrator account
· Configure remote logging
· Join it to the domain
· Configure the firewall
Answers
· ADUC
· OpenLDAP
· Microsoft’s Active Directory
· RDP
Shuffle Q/A 2
Answers
· Simple bind
· Anonymous bind
· SASL
· PGP
Answers
· AD includes a tool called the Active Directory Authentication Center, or ADAC.
· AD can “speak” LDAP.
· AD is used as a central repository of group policy objects, or GPOs.
· AD is incompatible with Linux, OS X, and other non-Windows hosts.
44. Which directory standard was approved in 1988 and includes protocols like the Directory Access Protocol?
Answers
· LDAP
· Active Directory
· DISP
· X.500
Explanation: X.500 is the standard for directories that was established in 1988 and contains protocols such as the Directory Access Protocol. The Directory Access Protocol (DAP), which is used for accessing directory information, is one of the protocols that are defined in the X.500 standard, which also contains other models and protocols for directory services. The X.500 standard includes a framework that allows for the hierarchical and decentralized organization of directory information as well as its access. It is the basis for the Lightweight Directory Access Protocol (LDAP), which is a protocol for directory services that is more lightweight and is used by a large number of organizations.
45. By default, Active Directory adds new computers to what group?
Answers
· New Computers
· Domain Computers
· Added Computers
· All Computers
Explanation: By default, when a new computer is added to the Active Directory domain, it is automatically placed in the "Domain Computers" group. The "Domain Computers" group is a built-in group in Active Directory that includes all computer accounts in the domain. Members of this group have certain default permissions and rights within the domain, allowing them to access resources and perform basic operations.
This default placement in the "Domain Computers" group ensures that the new computer has the necessary permissions and access rights to interact with other domain resources. Administrators can further customize permissions and group memberships based on the specific needs of the organization.