Additional Active Directory Server Roles - MCTS Guide to Microsoft Windows Server 2008 Active Directory Configuration

Information Technology Reference

In-Depth Information

12. Which of the following should be installed to prevent employees from printing security-sensitive

e-mails?

a. AD LDS

b. AD FS

c. AD RMS

d. AD DS

13. You and another company are engaging in a joint operation to develop a new product. Both

companies must access certain Web-based applications in this collaborative effort.

Communication between the companies must remain secure, and use of exchanged docu-

ments and e-mails must be tightly controlled. What should you use?

a. AD CS and AD LDS

b. AD RMS and AD DS

c. AD FS and AD RMS

d. AD LDS and AD RMS

14. Which of the following isn't part of a typical AD RMS installation in a production environment?

a. AD RMS database server

b. AD DS

c. Client certificates

d. Microsoft Enrollment Service

15. Which of the following is true about an RODC installation?

a. A Windows Server 2008 DC is required.

b. The forest functional level must be at least Windows Server 2008.

c. Adprep /rodcprep must be run in Windows Server 2008 forests.

d. Multimaster replication must be used.

16. You need to install an RODC in a new branch office and want to use an existing work-

group server running Windows Server 2008. The office is a plane flight away and is con-

nected via a WAN. You want an employee at the branch office, Michael, to do the RODC

installation because he's good at working with computers and following directions. What

should you do?

a. Add Michael to the Domain Admins group, and give him directions on how to install

the RODC.

b. Use Dsmgmt.exe to make Michael a local administrator, and give him directions on how

to install the RODC.

c. Create the computer account for the RODC in the Domain Controllers OU, and spec-

ify Michael's account as one that can join the computer to the domain.

d. Create a group policy that specifies that Michael's account can join RODCs to the

domain. Then use Dsmgmt.exe to specify Michael as an account administrator for the

RODC.

17. You have an application integrated with AD DS that maintains Active Directory objects con-

taining credential information, and there are serious security implications if these objects are

compromised. An RODC at one branch office isn't physically secure, and theft is a risk.

How can you best protect this application's sensitive data?

a.

Configure the PRP for the RODC and specify a Deny setting for the application object.

b.

Configure a filtered attribute set and specify the application-related objects.

c.

Use EFS to encrypt the files storing the sensitive objects.

d.

Turn off all credential caching on the RODC.

MCTS Guide to Microsoft Windows Server 2008 Active Directory Configuration

Search WWH ::

Custom Search

Home