1. What does a directory server provide?
Answers
·
A real-time communication service.
·
A replication service.
·
A lookup service for an
organization.
· A network time service.
2. What benefits does
replication provide? Check all that apply.
Answers
·
Redundancy
·
Decreased latency
·
Virtualization
· Enhanced security
3. What is the most
popular directory services protocol used today?
Answers
·
Lightweight Directory
Access Protocol
·
Directory System Protocol
·
Directory Operational Binding
Management Protocol
· Directory Access Protocol
Explanation: According to the most recent information that I have gathered, which was in January 2022, the Lightweight Directory Access Protocol (LDAP) is now one of the most widely used directory services protocols. Accessing and maintaining directory information services using LDAP has gained widespread use. It offers a standardized means of gaining access to directory services via an Internet Protocol (IP) network as well as maintaining such services.
4. Active Directory is
the LDPA implementation for ________________.
Answers
·
MAC
·
Linux
·
Microsoft
· Ubuntu
Explanation: Microsoft Windows installations often make use of Active Directory as their LDAP implementation. It provides centralized authentication and authorization services for Windows domain networks, serving as the directory service for such networks. Active Directory makes use of a protocol known as LDAP, which stands for Lightweight Directory Access Protocol, in order to access and manage directory information. Within a Windows environment, the organization and administration of people, workstations, and other network resources may be achieved via the use of this integration.
5. The containers in a
Directory Service are referred to as _____________.
Answers
·
user accounts
·
organized structure
·
organizational units (OUs)
·
subfolders
Explanation: "Organizational Units" (abbreviated to OUs) are the names given to the containers that make up a Directory Service. Within a directory service like Microsoft Active Directory, OUs are used to assist in the organization and categorization of items such as users, computers, and many other resources. The use of organizational units (OUs) offers a method for structuring and managing the directory hierarchy. This makes it possible for administrators to apply rules, rights, and settings to certain groupings of objects. This organizational structure contributes to the effective management and protection of the resources that are included inside a network.
6. Which of these are
examples of centralized management? Check all that apply.
Answers
·
Role-based access control
·
Centralized configuration
management
·
Copying configurations to various
systems
· Local authentication
7. Which of these are
components of an LDAP entry? Check all that apply.
Answers
·
Uncommon Name
·
Common Name
·
Organizational User
· Distinguished Name
8. What's does the LDAP
Bind operation do exactly?
Answers
·
Modifies entries in a directory server
·
Looks up information in a directory
server
·
Authenticates a client to
the directory server
· Changes the password for a user account on the directory server
Explanation: When it comes to protecting access to directory information, the LDAP Bind action is very necessary. It guarantees that only clients who have been authenticated and given permission to communicate with the directory server may do so. The authentication procedure may make use of a number of different techniques, such as a straightforward authentication based on a password or other, more secure ways like SASL (Simple Authentication and Security Layer).
9. Which of the
following are authentication types supported by the LDAP Bind operation? Check
all that apply.
Answers
·
Anonymous
·
Simple
·
Complex
· SASL
10. Which of these are
examples of centralized management? Check all that apply.
Answers
·
Centralized configuration
management
·
Role-based access control
·
Copying configurations to various
systems
· Local authentication
11. Which of these are
components of an LDAP entry? Check all that apply.
Answers
·
Distinguished Name
·
Kerberos
·
Common Name
· Uncommon Name
12. What does the LDAP
Bind operation do exactly?
Answers
·
Changes the password for a user
account on the directory server
·
Modifies entries in a directory server
·
Authenticates a client to
the directory server
· Looks up information in a directory server
Explanation: When it comes to protecting access to directory information, the LDAP Bind action is very necessary. It makes ensuring that the LDAP directory server may only be interacted with by clients who have been authenticated and given permission to do so. The authentication procedure may be as simple as entering a username and password, or it might include more complex processes such as Simple Authentication and Security Layer, abbreviated as SASL.
13. Which of the
following are authentication types supported by the LDAP Bind operation? Check
all that apply.
Answers
·
Simple
·
Anonymous
·
Complex
·
SASL
14. Which of the
following are services provided for the Directory Services?
Answers
·
Accounting
·
Local authentication
·
Centralized Authentication
· Authorization
15. What is the
difference between a policy and a preference?
Answers
·
They are the exact same thing.
·
A policy is used to set a preference.
·
A policy can be modified by a local
user, while a preference is enforced by AD.
· A policy is enforced by AD, while a preference can be modified by a local user.
Explanation: A preference is a user's or system's particular option or setting that enables customization within specific constraints, while a policy is a collection of rules or guidelines that are authoritative and sometimes needed. To summarize, a policy is a set of rules or guidelines that are authoritative and frequently required. While policies are more concerned with enforcing norms and laws, preferences are more concerned with accommodating individual preferences and improving the user experience.
16. Select the right
order of enforcement of GPOs:
Answers
·
Site –> Domain –> OU
·
OU –> Domain –> Sit
·
Domain –> Site –> OU
· Site –> OU –> Domain
17. What can be used to
determine what policies will be applied to a given machine?
Answers
·
An RSOP report
·
A control panel
·
gpupdate
· A test domain
18. Which of the
following could prevent logging into a domain-joined computer? Check all that
apply.
Answers
·
Unable to reach the domain
controller
·
The are time and date are
incorrect
·
The user account is locked
· Your computer is connected to Wifi
19. How does a client
discover the address of a domain controller?
Answers
·
It sends a broadcast to the local
network
·
It is provided via DHCP
·
It is pushed via an AD GPO
· It makes a DNS query, asking for the SRV record for the domain
20. Directory services store
information in a hierarchical structure. Which statements about Organizational
Units (OUs) of a directory service hierarchy are true? (Choose all that apply)
Answers
·
Sub-member OUs inherit the characteristics of
their parent OU.
·
Specific files within an OU, or container, are
called “objects”.
·
Changes can be made to one sub-OU without
affecting other sub-OUs within the same parent.
· Parent OUs inherit characteristics of their sub-members.
21.
Which directory service software would be used exclusively on a Windows
network?
Answers
·
DISP
·
DSP
·
Active Directory
· OpenLDAP
Explanation: Microsoft Active Directory is the
directory service software that is used most often for a Windows-based network.
Microsoft's Active Directory (AD) is a directory service and identity
management system that the company developed in-house. It offers a single
repository for managing and organizing information about network resources, and
it is especially built to function in Windows systems.
22. What roles does a directory
server play in centralized management? (Choose all that apply)
Answers
·
Centralized
authentication
·
Confidentiality
·
Authorization
·
Accounting
Answers
·
Domain
name
·
Distinguished name
·
Distinguished
number
·
Distinct
name
Answers
·
Remove
·
Modify
·
Bind
·
Add
Answers
·
A DNS server
·
A Kerberos authentication server
·
A server that holds a replica of the Active
Directory database
·
A
container
Answers
·
Changes
that are safe to be made by multiple Domain Controllers at once are tasked by
granting them Flexible Single-Master Operations.
·
The default Organizational Unit (OU), called
Domain Controllers, contains all Domain Controllers in the domain.
·
Delegation can be used in Active Directory.
·
Always
use the Domain Admin or Enterprise Admin for day-to-day use.
Answers
·
Ask
Juan questions to help him remember his password.
·
Check
the “User must change password at next logon” box so a new password must be
created at the next logon.
·
Issue a temporary password.
·
Make sure the password reset is authorized by verifying that Juan
is who he says he is.
Answers
·
Preferences
are reapplied every 90 minutes, and policies are more of a settings template.
·
A
policy is editable only by admins, but anyone can edit a group policy
preference.
·
Policies are reapplied every 90 minutes, and
preferences are a settings template that the user can change on the computer.
·
A
preference is editable only by admins, but anyone can edit a policy.
Answers
·
AAAA
record
·
TXT
record
·
SRV record
·
A
record
Answers
·
centralized
authentication
·
centralized management
·
active
directory
· LDAP
Explanation: Rather than granting
permissions or access rights to individual users, group-based access control
entails the creation of groups and the assignment of those permissions or
rights to the group. After that, users are added to suitable groups according
to their positions, responsibilities, or the projects they are affiliated with.
This method both simplifies administration and guarantees consistency, which
makes it much simpler to control access for a large number of users. Instead of
making changes to each individual user account, it is possible to make
modifications at the group level, which will have an effect on all members of
the group, in the event that access restrictions change. This is especially
helpful in bigger workplaces, where it would be impossible to manage individual
access for each person.
Answers
·
All
Users
·
Domain
Users
·
Resource
Users
· Enterprise Admins
Explanation: If a system administrator has to
provide access to a resource for all of the users in a domain, they may utilize
the "Domain Users" group in Active Directory to accomplish this task.
Every user account that has ever been created in the domain is included in the
"Domain Users" group, which is a pre-existing group. The
administrator may guarantee that all users in the domain have access to a
particular resource by either including the "Domain Users" group in
the access control list (ACL) of that resource or by giving rights to the
"Domain Users" group.
32. Which of these statements are
true about managing through Active Directory? (Choose all that apply)
Answers
·
Domain Local, Global, and Universal are
examples of group scopes.
·
Distribution
groups can be used to assign permission to resources.
·
The
default group’s Domain Users and Domain Admins are security groups.
·
ADAC uses PowerShell.
33.
Which of the following are common reasons a group policy doesn't take effect
correctly? (Choose all that apply)
Answers
·
Kerberos may have issues with the UTC time on
the clock.
·
Fast Logon Optimization may delay GPO changes
from taking effect.
·
Replication failure may occur.
·
The
GPO may be linked to the OU that contains the computer.
34.
Which of the following is not an advantage of replication of data in terms of
directory services?
Answers
·
It allows local management of user accounts.
·
It
decreases latency when accessing the directory service.
·
It
allows flexibility, allowing for easy creation of new object types as needs
change.
·
It
provides redundancy for data.
35.
A Lightweight Directory Access Protocol (LDAP) entry reads as follows: dn:
CN=John Smith ,OU=Sysadmin,DC=jsmith,DC=com. \n. What is the organizational
unit of this entry?
Answers
·
CN=John
Smith ,OU=Sysadmin,DC=jsmith,DC=com
·
Sysadmin
·
John
Smith
· Jsmith
36.
A particular computer on your network is a member of several GPOs. GPO-A has
precedence set to 1. GPO-B has precedence set to 2, and GPO-C has precedence
set to 3. According to the given levels of precedence, what will be the
resultant set of policy (RSOP) for this machine?
Answers
·
GPO-A
will take precedence and overwrite any conflicting settings.
·
The
computer will default to local policy due to the confusion.
·
GPO-B
will take precedence and overwrite any conflicting settings.
· GPO-C will take precedence and overwrite any conflicting settings.
Explanation: The combination of these GPOs will produce the final set of policy (RSOP) for the system. This will be done by taking into consideration the settings of each GPO, as well as any user or computer specifications, and the order of precedence.
Due to the
fact that it has the lowest precedence (1), GPO-A will be given preference over
both GPO-B and GPO-C in this scenario. As a result, the settings that were
applied by GPO-A will be reflected in the RSOP for the machine, followed by the
settings that were applied by GPO-B and GPO-C.
Answers
·
Edit
the Windows Registry to change group policy settings
·
Manually
edit config files in SYSVOL
·
Open
ADAC and edit policy settings there
·
Open the Group Policy Management Console by running gpmc.msc from
the CLI
Answers
·
By a hierarchical model of objects and
containers
·
By
a flat text file
·
By
a relational database structure
·
By
a series of nested groups
Answers
·
Configuration
can take place on each device.
·
Configuration
management is centralized.
·
Access
and authorization are managed in one place.
·
Role-Based Access Control (RBAC) can organize user groups
centrally.
40. To authenticate user accounts on
a computer against AD, what must be done to the computer first?
Answers
·
Enable
the administrator account
·
Configure
remote logging
·
Join
it to the domain
·
Configure
the firewall
Answers
·
ADUC
·
OpenLDAP
·
Microsoft’s
Active Directory
·
RDP
Shuffle Q/A 2
Answers
·
Simple
bind
·
Anonymous
bind
·
SASL
·
PGP
Answers
·
AD
includes a tool called the Active Directory Authentication Center, or ADAC.
·
AD
can “speak” LDAP.
·
AD
is used as a central repository of group policy objects, or GPOs.
· AD is incompatible with Linux, OS X, and other non-Windows hosts.
44. Which directory
standard was approved in 1988 and includes protocols like the Directory Access
Protocol?
Answers
·
LDAP
·
Active Directory
·
DISP
·
X.500
Explanation: X.500 is the standard for directories that was established in 1988 and contains protocols such as the Directory Access Protocol. The Directory Access Protocol (DAP), which is used for accessing directory information, is one of the protocols that are defined in the X.500 standard, which also contains other models and protocols for directory services. The X.500 standard includes a framework that allows for the hierarchical and decentralized organization of directory information as well as its access. It is the basis for the Lightweight Directory Access Protocol (LDAP), which is a protocol for directory services that is more lightweight and is used by a large number of organizations.
45. By default, Active
Directory adds new computers to what group?
Answers
·
New Computers
·
Domain Computers
·
Added Computers
· All Computers
Explanation: By default, when a new computer is added
to the Active Directory domain, it is automatically placed in the "Domain
Computers" group. The "Domain Computers" group is a built-in
group in Active Directory that includes all computer accounts in the domain.
Members of this group have certain default permissions and rights within the
domain, allowing them to access resources and perform basic operations.
This default placement in the "Domain Computers" group ensures that the new computer has the
necessary permissions and access rights to interact with other domain resources. Administrators can further customize permissions and group memberships based on the specific needs of the organization.
