MS Server 2008 Quiz 9

not-available-via-ai

The Default Domain Policy is not linked to the Domain Controllers OU. It is linked to the root of the domain and its settings affect all objects within the domain, including domain controllers. Therefore, the statement is false.

Inbound replication is not when a domain controller transmits replication information to other domain controllers on the network. Inbound replication refers to the process of receiving replication information from other domain controllers. Therefore, the given statement is false.

Share permissions are typically found on a Share Permissions tab, and NTFS permissions are located on a Security tab. All Windows permission systems use the same interface, although the permissions themselves differ.

A printer driver is a device driver that converts the print jobs generated by applications into an appropriate string of commands for a specific print device. Printer drivers are designed for a specific print device and provide applications with access to all of the print device’s features.

The File Server Resource Manager console includes several predefined quota templates that you can use to create your own quota template.

Three types of user accounts can be created and configured in Windows Server 2008. They are local accounts, domain accounts, and built-in user accounts.

Folder redirection is a mechanism that enables administrators to store elements of user profiles on a server share instead of the local drives on individual workstations. This enables users to click what appears to be a local folder, such as Documents, and access their files that are actually stored on a server. Because the files in the Documents folder are stored on a server, users can access them from any workstation, and administrators can back up the files easily.

Windows operating systems rely on a protocol called Server Message Blocks (SMB) for their file sharing. However, in the UNIX world, the standard is the Network File System (NFS).

The Default Domain Policy is not linked to the Domain Controllers OU, but rather to the root of the domain. Therefore, its settings affect all objects within the domain, not just domain controllers.

A directory service allows businesses to define, manage, access, and secure network resources including files, printers, people, and applications. Without the efficiency of a directory service, businesses would have difficulty keeping up with demands for fast-paced data exchange.

The content of each nonlocal GPO is actually stored in two locations. One of these is the Group Policy container (GPC), an Active Directory object that stores the properties of the GPO.

not-available-via-ai

The Default Domain Policy is not linked to the Domain Controllers OU by default. It is linked to the root of the domain and its settings affect all objects within the domain, including domain controllers. Therefore, the statement is false.

Folder redirection is a mechanism that enables administrators to store elements of user profiles on a server share instead of the local drives on individual workstations. This enables users to click what appears to be a local folder, such as Documents, and access their files that are actually stored on a server. Because the files in the Documents folder are stored on a server, users can access them from any workstation, and administrators can back up the files easily.

The Infrastructure Master Role is responsible for reference updates from its domain objects to other domains. This assists in tracking which domains own which objects.

You cannot manually modify the group membership of special identity groups, nor can you view their membership lists.

The schema is a master database that contains definitions of all objects in the Active Directory—in a way, it defines what Active Directory is.

By installing the Fax Server role, you enable a Windows Server 2008 computer to send and receive faxes for clients. Clients send faxes using a standard printer interface, which connects to a fax server on the network as easily as connecting to a local fax modem.

Like CSVDE, the LDAP Data Interchange Format Directory Exchange (LDIFDE) utility can be used to import or export Active Directory information. It can be used to add, delete, or modify objects in Active Directory, in addition to modifying the schema, if necessary. It also can be used to import data from other directory services, such as Novell NetWare.

Assigning a cost to a site link object allows the administrator to define the path that replication will take. If more than one path can be used to replicate information, cost assignments will determine which path is chosen first.

By default, replication groups use a full mesh topology, which means that every member in a group replicates with every other member. This is a satisfactory solution for relatively small DFS deployments, but on larger installations, the full mesh topology can generate a huge amount of network traffic. In such cases, you might want to opt for a hub/spoke topology that enables you to limit the replication traffic to specific pairs of members.

The User Name Mapping service was the primary authentication mechanism in previous versions of Windows Services for NFS. It is essentially a lookup service that maintains a list of UNIX accounts by using their UID and GID values as well as their equivalent Windows or Active Directory accounts. The server component of User Name Mapping is not included in Windows Server 2008, but NFS Server still retains the client component that enables it to access an existing User Name Mapping server and perform account lookups.

A local group is a collection of user accounts that are local to one specific workstation or member server.

Realm trusts allow you to configure trust relationships between Windows Server 2008 Active Directory and a UNIX MIT Kerberos realm, which is the UNIX equivalent to an Active Directory domain allowing centralized user and password administration on a UNIX network.

Authorization is the process of confirming that an authenticated user has the correct permissions to access one or more network resources.

The distinguished name of an object signifies its relative location within an Active Directory OU structure.

Windows Server 2008 Web Edition does not support the UDDI Services server role.

The Infrastructure Master Role is responsible for reference updates from its domain objects to other domains. This assists in tracking which domains own which objects.

The Print Services role includes the Print Server role service that installs the Print Management snap-in for MMC, providing centralized printer management for an entire enterprise network.

There are three types of GPOs: local GPOs, domain GPOs, and starter GPOs.

After you establish a manual trust, you can verify the trust using either Active Directory Domains and Trusts or the netdom command-line tool that is used to create, delete, verify, and reset trust relationships from the Windows Server 2008 command line.

The explanation for the answer "False" is that the statement mentions the "Rule of Four" which states that no single domain controller should be more than four network hops away from any domain controller that can originate a change to the Active Directory database. However, the statement does not mention whether the KCC's selection of replication partners and creation of replication objects follows this rule or not. Therefore, we cannot determine if the statement is true or false based on the given information.

The ISTG automatically assigns one server in each site as the bridgehead server unless you override this by establishing a list of preferred bridgehead servers. The advantage of administratively assigning a preferred bridgehead server list is that you can determine which servers have the best processing power for handling replication traffic.

Instead of booting from a local drive, the computer in a PXE connects to a server on the network and downloads the boot files it needs to run. In the case of a WDS installation, the client downloads a boot image that loads Windows PE (Preinstallation Environment) 2.1, after which it installs the operating system using another image file.

The Default Domain Policy is linked to the domain, and its settings affect all users and computers in the domain.

Cross-forest trusts are new to Windows Server 2008, and they are only available when the forest functionality is set to Windows Server 2008. They must be manually created and maintained.

The Group Policy templates (GPT) folder structure is located in the shared SYSVOL folder on a domain controller. The path to the default GPT structure for the cohowinery.com domain is %systemroot%\sysvol\sysvol\cohowinery.com\Policies\. Replace %systemroot% with the folder location for the operating system files.

Enhanced Metafile (EMF) is a standardized, highly portable print job format that is the default format used by the Windows 2000, Windows XP, and Windows Server 2003 print subsystems. The printer driver converts the application data into an EMF file, and the printer sends it to the print server, which stores it in the spooler. The spooler then uses the printer driver on the print server to render the job into the final PCL format understood by the print device.

Offline Files, while technically not a form of fault tolerance, is a mechanism that individual users can employ to maintain access to their server files, even in the event of a network service failure. Windows workstations copy server-based folders that users designate for offline use to the local drive, and the users work with the copies, which remain accessible whether the computer is connected to the network or not. If the network connection fails or the user undocks a portable computer, access to the offline files continues uninterrupted. When the computer reconnects to the network, a synchronization procedure occurs that replicates the files between server and workstation in whichever direction is necessary.

The CA issues and manages certificates for individuals, computers, and organizations. Multiple CAs can be linked to form a public key infrastructure.

not-available-via-ai

The distinguished name of an object signifies its relative location within an Active Directory OU structure.

Drive letters can be mapped with login scripts or Group Policy.

Outgoing fax-routing policies enable you to specify the sending parameters for fax transmissions, including cover pages and dialing rules.

For sites that do not have a global catalog server available, Windows Server 2008 offers a feature called universal group membership caching. This stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server.

Prior to deploying smart cards, you must set up at least one computer as a smart card enrollment station, which is a dedicated workstation that allows an administrator or another authorized user to preconfigure certificates and smart cards on behalf of a user or workstation.

Repadmin is a command-line tool used to manually create a replication topology if site link bridging is disabled if the network is not fully routed.

Users accessing the fax server must have an account created on the Fax Service Manager console.

The global catalog holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest, called the partial attribute set (PAS). This partial copy of forest-wide data includes a subset of each object’s attributes. The attributes included in this subset are necessary to provide functionality such as logon, object searches, and universal group memberships.

Each class or attribute that you add to the schema should have a valid Object Identifier (OID). As part of the X.500 structure on which Active Directory is based, OIDs must be globally unique, and they are represented by a hierarchical dotted-decimal notation string.

Password-cracking is an attempt to discover a users password. Password-cracking tools are widely available on the Internet for download by even the least skilled attacker, and their ability to crack user passwords improves on almost a daily basis.

The Web Server (IIS) role in Windows Server 2008 implements Internet Information Services 7.0 as its core. IIS 7 provides the basic Web server functionality that enables you to publish a standard Website on the Internet or on a private network.

Local GPOs do not support folder redirection and Group Policy software installation. These features are only available in Active Directory-based Group Policy Objects (GPOs). Local GPOs are limited to configuring security settings, auditing policies, and user rights assignments on a single computer.

Prior to deploying smart cards, you must set up at least one computer as a smart card enrollment station, which is a dedicated workstation that allows an administrator or another authorized user to preconfigure certificates and smart cards on behalf of a user or workstation.

A key feature of an RODC is that each RODC can be configured with its own Password Replication Policy for security purposes.

The statement is false because the correct term for allowing a departmental supervisor or manager to manage day-to-day resource access or mundane tasks is not "assignment of control," but rather "delegation of control."

The Domain Naming Master role has the authority to manage the creation and deletion of domains, domain trees, and application data partitions in the forest. When any of these is created, the Domain Naming Master ensures that the name assigned is unique to the forest.

The Application Server role is essentially a superset of the Web Server (IIS) role that enables IIS to host Web services developed using environments such as Windows Communication Foundation (WCF) and .NET Framework 3.0.

Read-Only Domain Controllers also offer a feature that has been a top request of Active Directory administrators since the early days of Windows 2000: Admin Role Separation. This means that it is now possible to configure a user as the local administrator of a specific RODC without making the user a Domain Admins with far-reaching authority over all domain controllers in your entire domain and full access to your Active Directory domain data.

Password-cracking can be accomplished by intelligent guessing on the part of the hacker or through the use of an automated dictionary attack. Automated password-cracking tools will try every possible combination of characters until the correct sequence of characters is finally discovered.

Windows Server 2008 DFS uses Remote Differential Compression (RDC), a protocol that conserves network bandwidth by detecting changes in files and transmitting only the modified data to the destination. This conserves bandwidth and greatly reduces the time needed for the replication process.

Offline file storage works with folder redirection to provide the ability to cache files locally. This allows files to be available even when the network is inaccessible.

Synchronous processing of policies means that each policy must be read and applied completely before the next policy can be invoked. The default synchronous behavior can be modified by the system administrator if necessary, although such modification is discouraged.

If the domains within a forest are separated by slow WAN links and this tree-walking process takes an exceedingly long time to allow user authentication across domains, you can configure a shortcut trust along a commonly used “trust path.”

The three basic categories are Directory services, Infrastructure services, and Application services.

The KCC is responsible for calculating intrasite replication partners. During this process, the maximum number of hops that the KCC will allow between domain controllers is three.

The combination of Allow permissions and Deny permissions that a security principal receives for a given system element, whether explicitly assigned, inherited, or received through a group membership, is called the effective permissions for that element. Because a security principal can receive permissions from so many sources, it is not unusual for those permissions to conflict. Therefore, rules define how the permissions combine to form the effective permissions.

To create a replication topology in a multisite network, one domain controller within each site runs the Intersite Topology Generator (ISTG), which is a process responsible for selecting a bridgehead server and mapping the topology to be used for replication between sites.

All default groups are security groups. Active Directory does not include any default distribution groups.

Return on investment (ROI) can be measured by tangible benefits, such as implementation costs and ongoing support. In addition, it can be measured by intangible benefits, such as increased user productivity, and other factors that are difficult to measure from a financial standpoint. In financial terms, ROI is the amount of money gained (or lost) relative to the amount of money that was invested in a particular project or technology.

A printer driver is a device driver that converts the print jobs generated by applications into an appropriate string of commands for a specific print device. Printer drivers are designed for a specific print device and provide applications with access to all of the print device’s features.

In NFS, the bulk of the file-sharing process rests on the client. Compared with the Windows SMB file-sharing system, NFS servers are relatively simple and, in technical terms, dumb. NFS servers simply respond to file access requests from clients; they do not maintain any information about the client connections or the files that individual clients have open.

The following roles are supported in Windows Server 2008 Server Core: Active Directory Domain Services, Active Directory Lightweight Directory Services, DHCP Server, DNS Server, File Services, Print Services, and Web Server (IIS).

An advanced technique, called security group filtering, will allow you to apply GPO settings to only one or more users or groups within a container by selectively granting the “Apply Group Policy” permission to one or more users or security groups.

Files, folders, shares, registry keys, and Active Directory objects are all protected by permissions. To store the permissions, each of these elements has an access control list (ACL). An ACL is a collection of individual permissions in the form of access control entries (ACEs). Each ACE consists of a security principal (that is, the name of the user, group, or computer granted the permissions) and the specific permissions assigned to that security principal. When you manage permissions in any of the Windows Server 2008 permission systems, you are actually creating and modifying the ACEs in an ACL.