000-272 - IBM WebSphere Message Broker V8.0 Solution Development
Go back to
IBM
Example Questions
If you create an LDAP configuration in Directory Access that statically maps the local UniqueID attribute to #1007, what is the result?
All user accounts provided by that LDAP configuration will have a UniqueID of 1007.
By default, which agent does lookupd check first to resolve a machine name?
CacheAgent
Your Mac OS X Server LDAP server provides LDAP mappings via DHCP. How can clients obtain the schema mappings for your server?
Clients query the LDAP server for the mapping configuration entry at cn=macosxodconfig,cn=config.
Which statement is NOT true of Password Server replication in Mac OS X Server v10.4?
Conflicts in the Password Server database replicas are resolved using slapd.access.
Which is a valid concern when using the Archive feature in Open Directory services on Mac OS X Server v10.4?
The archive contains all of the account passwords and should not be left unsecured.
As an administrator of an Open Directory master and its replicas, which command would you use to force a replication?
slapconfig
Mary logs in to Mac OS X v10.4 as an Active Directory user via Apple Active Directory plug-in. A network home folder has been configured for her account. By default, her home folder ________.
is stored locally, but an SMB ome is mounted on the desktop
Which information is included in a ticket-granting ticket (TGT) from the key distribution center (KDC)?
the time the TGT was issued
Which Open Directory group record attribute is used by access control list (ACL) file permissions?
GeneratedUID
An administrator assigns a computer with Mac OS X Server v10.4 to the role of Open Directory replica. What information will the administrator NOT be prompted to provide about the Open Directory master being replicated?
MAC address of the master
You are setting up a new server. When the role in Open Directory services on a computer running Mac OS X Server v10.4 is configured to be a standalone server, ________.
directory data is stored in the local NetInfo database
Review the following command: ldapsearch -LLL -x -H ldap://oneserver.example.com -b dc=example,dc=com objectClass=apple-group)?cn objectClass The last two options in this command, cn and objectClass, specify the ________.
attributes to return in the results
What authentication token does a client present when accessing a kerberized service?
a service ticket obtained from the key distribution center (KDC)
When you define a new LDAP configuration in Directory Access, you might need to enter a distinguished name and password for the connection. The distinguished name is the ________.
logical path specifying the user record required by your LDAP server to perform queries
Which statement is NOT true of the krb5kdc process running in Mac OS X Server v10.4?
The process reads its service principals in the local LDAP database.
The Mac OS X Server Password Server does NOT ________.
allow non-kerberized services to use a Kerberos session key
What file on a Mac OS X computer is used to specify the location of the key distribution center (KDC) and the Kerberos realm?
Library/Preferences/edu.mit.Kerberos
You want services that are running on Mac OS X Server to accept Kerberos service tickets generated by another server. Which of the following is a valid step to accomplish this in Mac OS X Server v10.4?
Use Server Admin to join the Kerberos realm of the other server.
Which statement about using the Active Directory plug-in to access user records is true?
Mac OS X will use password policies set by the Active Directory administrator.
When configuring Mac OS X Server to search multiple directory services, how do you set the search order?
Use the Authentication and Contacts panes of Directory Access.
You are configuring Mac OS X client computers to access user records in a third-party directory. Without modifying the schema on the third-party directory, how can you provide valid mount records for network home folders?
Supplement the third-party directory with a directory on Mac OS X Server to host the mount records.
Which command would create a backup of the key distribution center (KDC)?
sudo kdb5_util dump > /etc/secured/kdc_backup
Chris is logged into a Mac OS X computer using a non-admin network user account provided by Mac OS X Server v10.4. The user account is configured to use an Open Directory password. When Chris tries to connect to an AFP server that is configured to use only Kerberos authentication, an uthenticate to Kerberos dialog appears, requesting a name, realm, and password. Chris enters the user account name and password again, and clicks OK. The same dialog reappears. What can a local system administrator do to resolve Chris issue?
Ensure that the date, time, and time zone on the Mac OS X client and on the key distribution center (KDC) are synchronized.
In Mac OS X Server v10.4, Directory Services replication lets you ________.
maintain a duplicate of the current contents of the LDAP and Password Servers, and the Kerberos key distribution center (KDC) on a remote Mac OS X Server
To configure the Mac OS X Server LDAP server for SSL, in addition to enabling the LDAP SSL option, what else must you do?
Install a private key and a signed certificate, and configure the server to use them.
When adding records into an LDAP database using slapdadd, what file format should be used?
LDIF
Which Open Directory user record attribute is used by standard BSD file permissions?
UniqueID
In an Open Directory user record, what value should the NFSHomeDirectory attribute contain?
the local file system path to the user home folder
What two pieces of information must be specified in the Active Directory plug-in configuration in order for Mac OS X v10.4 to bind to Active Directory via the Active Directory plug-in? (Choose TWO.)
Computer ID
Active Directory domain
You are promoting Open Directory services on a computer running Mac OS X Server v10.4 from Standalone Server to Open Directory Master. Which statement about the administrator account is true?
A new administrator account is created in the LDAP database, and you assign it a name and password.
Which is a valid method for optimizing the performance of a server providing Open Directory services?
Add memory and increase the BerkeleyDB cache size.
When referring to an LDAP directory, what is the schema?
The set of rules that describes the structure of the data in the directory
What is the command-line utility for requesting a ticket from a key distribution center (KDC)?
kinit
Which tool uses the DirectoryService process to retrieve directory data?
Workgroup Manager
When troubleshooting directory services issues, what is a limitation of using the -d option with the lookupd process?
The results of the lookupd process are from a new instance of lookupd.
A Mac OS X v10.4 computer is bound to an Active Directory server using the Active Directory plug-in in Directory Access. Using the default configuration of the plug-in, what is the Mac OS X user ID number for a user account provided by the Active Directory server?
The number is generated based upon the user account Globally Unique ID (GUID).
You have created new client mappings for the LDAPv3 plug-in. One way to make these mappings accessible to other Mac OS X clients is to ________.
use the Write to Server option in Directory Access
In a default configuration, what LDAP user name do clients enter in Directory Access to perform LDAP queries on Mac OS X Server Open Directory?
Nonehe default configuration allows anonymous binding.
You are configuring your Mac OS X computer to authenticate at the login window through an LDAP server. Which Open Directory user attribute are you NOT required to map to an LDAP user attribute?
MCXFlags
In Mac OS X, Open Directory allows ________.
creation of new plug-ins for integration with other directory services
Which command-line utility can be used to remove Kerberos tickets from the cache on a Mac OS X client computer?
kdestroy
You have an LDIF file with 1,000 user records from another LDAP server that you want to import into your server without stopping the slapd process. Which of the following commands do you use?
ldapadd
You are using an LDAP browsing utility such as LDapper to browse user records in the LDAP directory served by a Mac OS X Server computer. Which attribute in the LDAP database maps to the UniqueID attribute in an Open Directory user record?
uidNumber
When you set up Mac OS X Server to work with a Kerberos key distribution center (KDC), which file is highly sensitive and should be readable only by root?
krb5.keytab
You disable anonymous binding on the Mac OS X Server LDAP server by ________.
adding the following line to the /etc/openldap/slapd.conf file: disallow bind_anon
Which statement about passwords for local user accounts in Mac OS X v10.4 is true?
A crypt password is accessible by anyone using the computer; a shadow password is only accessible by the System Administrator (root).
Which command does Mac OS X Server use to set up the key distribution center (KDC) and configure it to work with Password Server?
slapconfig -createldapmaster
Your user accounts are stored on an Active Directory server. Which action is necessary to enable your users to access Mac OS X Server services that require authentication?
Configure the Active Directory plug-in on the Mac OS X Server to connect to the Active Directory server.
A search base for an LDAP request describes ________.
the point in the data tree where a data search request is started
In Mac OS X Server v10.4, which process is reponsible for managing changes to the Kerberos database?
kadmind