Question: 1 Which is NOT a characteristic of the incremental backup method? A. Incremental backup copies fewer files than a differential backup. B. Performing an incremental backup requires less space and time than a full backup. C. You must use ALL incremental backup sets that were made in order to restore a system. D. Restoring a system from an incremental backup requires a minimum of TWO full backups. Question: 2 Which TWO commands will let you monitor and troubleshoot file systemissues? (Choose TWO.) A. nicl / B. df -hl C. watchdog -du D. servermonitor on E. diskspcemonitor on, E Question: 3 Which are valid SMTP commands that you might use in a Telnet session when testing your mail server? (Choose all that apply.) A. mail from: <user@company.com> B. mail to: <user@company.com> C. rcpt from: <user@company.com> D. rcpt to: <user@company.com> E. relay from: <user@company.com> F. relay to: <user@company.com> Answer: A, D Question: 4 On Mac OS X Server 10.3, which feature in amd represents an improvement ever automount? A. graphical user interface B. support of AFP and NFS C. integration with directory services D. support of industry-standard mound maps Question: 5 Which statement is NOT true of Password Server replication in Mac OS X Server 10.3? A. Password Sever engages in a multimaster replication scheme. B. Conflict in the Password Server database replicas are resolved using slapd.access. C. The replication process is entirely encrypted between each Password Server process. D. Password Server refers to authserverreplicas to determine if the last synchronization was successful. Page 1 of 22
Question: 6 When configuring Mac OS X Server to search multiple directory services, with what tool do you set the search order? A. ldapsearch B. Open Directory Assistant C. Advanced pane of Workgroup Manager D. Authentication pane of Directory Access Question: 7 You want to change the password for the MySQL root user after starting the process for the first time. Which command changes the MySQL root user's password to "my568sq1"? A. sudo passwd root When prompted for the new password, type my 568sq1. B. mysqladmin -u root password "my568sq1. C. sudo mysql -u root password "my568sq1" D. mysql_config -u root -p "my568sq1" Question: 8 Which statement is NOT true of cross-realm authentication between a KDC running on MAC OS X Server 10.3 and another KDC? A. User accounts must exist in both domains. B. A TGT from a trusted domain is accepted in a second domain. C. Cross realm authentication is a standard built into Kerberos v5. D. Ktutil -trust is used to create a cross-realm trust relationship. Question: 9 Which files are crated when you enable disk quotas using Workgroup Manager? (Choose all that apply.) A..quota.user B..quota.group C..quota.ops D..quota.ops.user E..quota.ops.group F..quota.group.ops Answer: A D Question: 10 What are TWO advantages AFP has over NFS when either protocol is used to serve network home folders? (Choose TWO.) A. AFP supports case sensitivity, while NFS does not. B. AFP supports a more secure authentication model than NFS. C. AFP is platform independent, while NFS works only with UNIX clients. D. AFP home folders can be stored on both Mac OS Extended and UFS volumes, while NFS requires UFS volumes. Page 2 of 22
E. The initial user login creates that user's home folder on an AFP share point, but not on an NFS share point., E Question: 11 Which is the IP Failover process that listens on port 1694 for broadcasts from the primary server? A. watchdog B. failoverd C. sysadmind D. heartbeatd E. hostconfigd Question: 12 Which tools can you use to configure a Mac OS X Server to restart automatically after a power failure or a system freeze? (Choose all that apply.) A. shutdown B. systemsetup C. Server Assistant D. Workgroup Manager E. Energy Saver pane of System Preferences, E Question: 13 Asymmetric encryption uses. A. certificates B. APOP authentication C. One shared private session key D. A pair of keys, one private and one public Question: 14 Your Mac OS X Server LDAP server provides LDAP mappings via DHCP. How can clients obtain the schema mappings for your server? A. The mappings are delivered as part of the DHCP OFFER. B. Clients request the schema mappings via the MetaDirectory Protocol. C. The schema files are copied to /etc/openidap/schema on the client computer. D. Clients query the LDAP server for the mapping configuration entry at cn=macosxodconfig, cn=config. Question: 15 Which statements about setting disk quotas are TRUE? (Choose all that apply.) A. You can limit the number of files a user can create. B. You can set disk space quotas for groups and for users. Page 3 of 22
C. You can enable quotas on directories, such as /Users, and on volumes. D. You can enable quotas on MAC OS Extended volumes but not on UFS volumes. E. If you enforce a finite quota on a volume for one user, you must enforce finite quotas for all users on that volume. Answer: A, B Question: 16 When a client makes an AFP connection to a Mac OS X Server, how does the server know whether to use mapped permissions for the client? A. The user name and user ID of the user logged into the client computer are compared to the user name and user ID of the account used for AFP authentication. If both user names and IDs match, mapped permission are NOT used. B. Open Directory is queried to determine whether this AFP server is a part of the Directory Domain. If it is part of the same Directory Domain as the client, mapped permission are NOT used. C. Mapped permission are always used, unless mapped permissions were disabled when configuring the client with Directory Access. D. If the server is an Open Directory Master, or is connected to a directory system, mapped permissions are NOT used. Answer: A Question: 17 When kadmin starts, which configuration filedoes it read to locate the kadmind server? A. krb5.keytab B. kadmin.conf C. principal.kadm5 D. edu.mit.kerberos Question: 18 When you set up Mac OS X Server to work with a Kerberos KDC, which file is highly sensitive and therefore should be readable only by root? A. edu.mit.kerberos.plist B. kerberos.conf C. krb5.keytab D. kery.pem Answer: C Question: 19 Exhibit: Page 4 of 22
Quotas are enabled on your file server, and turned on. Refer to the exhibit and study several lines output by repquota, then answer the question below. What can you conclude from the repquota output? A. User dave cannot create any files. B. User jack can create one more file. C. User laura cannot create any more files. D. User jack exceeded his soft quota within the last 24 hours. E. User sally created all her files while quota enforcement was enabled and turned on. Answer: C Question: 20 You boot your server from the Mac OS X Server Install CD. Which command-line tool do you use to create a RAID Level 0 (RAID 0) volume from your two drives? A. pdisk B. disktool C. diskutil D. newfs_raid Answer: C Question: 21 In an Open Directory replication system, with master and replica servers, the KDC is replicated through. A. kadmind B. OpenLDAP C. the Kerberos realm D. the Password Server Question: 22 Which THREE authentication methods does the Password Server support? (Choose THREE.) A. SSL B. PGP C. APOP D. LUHN-10 E. CRAM-MD5 F. NT LAN Manager Answer: C, E, F Explanation: Password Server uses SASL plug-ins for authentication. Those plug-ins include: CRAM-MD5, NTLMv1, DHX, WebDAV digest, APOP, LAN Manager (for SMB), and MS-CHAPv2. We would conclude that C and E are definitely correct, and that F is correct as well, although not an exact match for SMB-NT or SNB-LAN-MANAGER. Not D: LUHN-10 is a verification algorithm for credit cards. Page 5 of 22
Question: 23 Server Monitor does NOT provide status information for which Xserve component? A. blower B. hard drive C. power supply D. fibre channel link Question: 24 The keep-state option in a firewall. A. prevents access to the destination address by the specified IP address B. allows two-way connection to be established between the source and destination addresses. C. Remembers the IP address of the first connection and restricts future access to that IP address only D. Adds the connecting IP address to a cached list to allow the IP address to connect again in the future Question: 25 Which tools are JBoss administration utilities that are provided in a default installation of Mac OS X Server 10.3? A. /user/bin/jbossadmin B. /Library/JBoss/3.2/deploy/jbossadmin C. /Library/JBoss/3.2/deploy/JbossManagement.jar D. /Library/JBoss/Applications/DeploymentTool.woa E. /Library/JBoss/Applications/JbossManagement.woa, E Explanation: Looking in the folders on the server you find this: maggie:/library/jboss/applications root# ls AppSupport DeploymentTool.woa JBossManagement.woa maggie:/library/jboss/applications root# ls /Library/JBoss/3.2/deploy/ DeployService.jar mysql-ds.xml RmiOverSSL-service.xml welcome.war.old mysql-connector-java-3.0.8-stable-bin.jar maggie:/library/jboss/applications root# As you can see there is NO JBossManagement.jar file in the 'deploy' directory, however there are 'DeploymentTool.woa' and ' JBossManagement.woa' in the 'Applications' directory. Question: 26 Which additional Apache web server modules are included with Mac OS X Server 10.3? Page 6 of 22
A. mod_opendirectory_apple (supports authentication against Open Directory) B. mod_macbinary_apple (packages forked files in MacBinary format for download) C. mod_afpradmin_apple (allows administration of AFP shares via a web interface) D. mod_sherlock_apple (allows relevance-ranked searches of the website using Sherlock) E. mod_serveradmin_apple (allows an administratorto modify Mac OS X Server settings), D Question: 27 In a default configuration, What LDAP user name do clients enter in Directory Access to perform LDAP queries on Mac OS X Server Open Directory? A. ldap B. admin C. cn=ldap,dc=example,dc=com D. cn=admin,dc=example,dc=com E. None: the default configuration allows anonymous binding. Answer: E Question: 28 Ad administrator assigns a Mac OS X Server 10.3 computer to the role of Open Directory replica. Which information will the administrator NOT be prompted to provide about the Open Directory master being replicated? A. IP address of the master B. MAC address of the master C. root password for the master D. LDAP directory administrator user name on the master Question: 29 When editing watchdog.conf, which term do you insert in a process action field, if you want that process to restart after failure? A. on B. start C. restart D. respawn E. bootwait Question: 30 By default in Mac OS X Server 10.3, the lmtp client within Postfix sends mail to the. A. SpamAssassin spam filter B. sendmail mail server C. Cyrus mail server D. smtp process Answer: C Question: 31 Page 7 of 22
Which protocols included in Mac OS X Server 10.3 support browsing of AFP share points? (Choose all that apply.) A. NSL B. WINS C. Apple Talk D. Redezvous E. Active Directory Answer: C D Question: 32 Which of these files have privileges that allow the Apache web server to read them? (Choose all that apply.) A. -rw-r----- 1 bob www 2832 Jan 30 14:26 menu.html B. ---x-x--- 1 www www 2832 Jan 30 14:25 index.html C. -rw-r---w- 1 505 staff 2832 Jan 30 14:27 about.html D. -rw-r--r-- 1 505 staff 2832 Jan 30 14:26 index2.html E. -rw------- 1 bob www 2832 Jan 30 14:26 product.html Answer: A, D Question: 33 You create a read/write image of a server volume using Disk Utility. The image will be copied to target volumes using Apple Software Restore (ASR). What step can you take to prepare the source image? A. Verify the image using hdiutil checksum, and run asr -imagescan. B. Compress the image using hdiutil convert, and run asr -imagescan. C. Rename the volume with hdiutil -volume,and verify the image with hdiutil verify. D. Verify that the image is Read Only using hdiutil -readonly, and compress the image with hdiutil compress Question: 34 Exhibit: Page 8 of 22
Refer to the Exhibit and study the Mac OS X Server named Company A. In particular notice Company A's two network interfaces, then answer the question below. en0is connected to the Internet, and en1 is connected to the internal network. All the computers on the internal network have routable IP addresses, IP forwarding is turned on, and a deny rule, 65535 deny ip from any to any, is in effect. Which TWO additional ipfw rules do you need to set on the server so that computers on the internal network CAN connected to servers on the Internet, but computers on the Internet CANNOT connect to computers on the internal network? (Choose TWO.) A. ipfw 100 deny ip fromany to any via en1 B. ipfw 200 allow ip from any to any keep-state out en0 C. ipfw 300 allow ip from any to any D. ipfw 500 denyip fromany to any out en0 E. ipfw 600 allow ip fromany to any via en1, E Question: 35 Which is NOT a valid way to improve mail server performance in Mac OS X Server 10.3? A. Dedicate one computer to provide mail services. B. Set per-user quotas on mailbox size in Workgroup Manager. C. Limit the number of concurrent IMAP connections in Server Admin. D. In Workgroup Manager create group mailboxes that are shred by multiple users. Question: 36 Exhibit: Refer to the exhibit and study the Mac OS X Server routing table, then answer the question below. To what IP address does the server forward a packet that is addressed to 10.1.7.102? A. 127.0.0.1 B. 10.1.4.255 Page 9 of 22
C. 10.1.4.1 D. 10.1.0.1 Question: 37 From Server Assistant in Mac OS X Server 10.3, you can and. (Choose TWO.) A. configure Startup Disk preferences B. configure multiple network interfaces C. set up multiple remote servers interactively in a batch D. configure your server to provide network time services E. discover unconfigured server on a remote network, and display them for remote configuration, C Question: 38 You disable anonymous binding on the Mac OS X Server LDAP server by. A. issuing the following command to the server: sudo NeST - setldapconfig "BIND_ANON" off B. adding the following line to the /etc/openldap/slapd.conf file: disallow bind_anon C. adding the following line to the /etc/hostconfig file:ldapserver_bindanon=nod. D. adding the following line to the /etc/openldap/ladp.conf file: disallow bind_anon Question: 39 The services that are running on your Mac OS X Server need to accept Kerbero service tickets generated by another server. Which steps do you take to set this up in Mac OS X Server? (Choose all that apply.) A. Enable the Kerberos Open Directory plug-in. B. Install the appropriate keytab files in /etc/krb5.keytab. C. Confiugreeach service to accept Kerberos authentication. D. Use NeST to establish a trust relationshipwith the Kerberos server. E. Add an /etc/kerberos.conf file to define the correct Kerberos domain and service principal., C Question: 40 Using Server Admin, you have configured a Mac OS X Server to provide directory information via LDAP. If you are configuring this server on the domain example.com, what is the default search base? A. ou=example,o=com B. ou=example,ou=com C. dc=example,dc=com D. dc=od, dc=example, dc=com Answer: C Question: 41 Which command does Mac OS X Server 10.3 use to set up the KDC, and configure it to work with Password Server? Page 10 of 22
A. klist -ke B. kadmin.local -q C. NeST - convertkdc D. Slapconfig -createldapmaster Question: 42 Where are user mail files located by default in Mac OS X Server 10.3? A. /var/imap/username B. /etc/var/imap/username C. /var/etc/spool/username D. /var/spool/imap/user/username Question: 43 When a Macintosh client connects to a server for the first time in a Mac OS X Server 10.3 Directory Services replication system, the client FIRST. A. registers itself with each of the replicas B. adds a search path for Directory Access for one of the servers in the replication system C. downloads a list of LDAP replicas from the LDAP server for storage in its LDAPv3 Plugin plist file D. Looks at the Password Server public key and references this key to find out which password servers can be used for authentication Answer: C Question: 44 Which steps can you take to prevent your mail service in Mac OS X Server 10.3 from being used as an open relay? (Choose all that apply.) A. Require SMTP authentication. B. Require APOP authentication. C. Configure the firewall to block port 110. D. Configure the firewall to block port 323. E. Limit the hosts and networks from which you accept relays. Answer: A, E Question: 45 In Mac OS X Server 10.3, the command-line tool md5 can. A. repair and restore corrupted data from a backup set B. simulate restoring a backup set for testing purposes C. build a mirrored backup set that provides redundancy D. compare checksum values for files before and after backup Question: 46 Which statement is NOT true of the krb5kdc process running in Mac OS X Server 10.3? Page 11 of 22
A. The process is started by the watchdog daemon. B. The process reads its configuration data from kdc.conf. C. The process communicates on UDP and TCP/IP port 88. D. The process reads its service principals in the local LDAP database. Question: 47 Which is NOT a function of SSL? A. deciding on a key exchange method B. encrypting traffic sent between two hosts C. providing extensions to the HTTP protocol D. securing otherwise non-secure protocols, such as HTTP, POP, and IMAP Answer: C Question: 48 Which statements are TRUE of configuring SSL for IMAP using Server Admin in Mac OS X Server 10.3? (Choose all that apply.) A. The certificate must exist in /etc/certs. B. IMAP supports only CRAM-MD5 with SSL. C. Certificates cannot include a passphrase. D. The encryption key must be less than 128 bits. E. The certificate and key must be in the same file. Answer: C, D Question: 49 Which statement is NOT true of configuring your website to host dynamic content? A. CGIs in the /Library/WebServer/CGI-Executables folder must have the suffix.cgi. B. In order to recognize php instructions, html documents must have the suffix.php. C. In order to recognize server-side includes, html documents must have the suffix.shtml. D. No configuration is required in the default Apache installation to deploy WebObjects applications. Answer: A Question: 50 When running the Mail service in Mac OS X Server 10.3, an administrator restricts the amount of email data that user can store on the server by enabling and setting. A. file system quotas in Workgroup Manager B. mail quotas in Workgroup Manager C. mail quotas in Server Admin D. quotas in imapd.conf Question: 51 SSH can be configured to require which TWO of these authentication methods? (Choose TWO.) Page 12 of 22
A. user name and password B. shared ssh_config files C. NT LAN Manager D. identity key pair E. L2TP Answer: A, D Question: 52 Which services are kerberized on Mac OS X Server 10.3? (Choose all that apply.) A. AFP B. NFS C. IMAP D. SMTP E. WebDAV Answer: A, C, D POP, SMTP, FTP, SSH and AFP are all kerberized. Question: 53 Which THREE takes must you perform to configure the Mac OS X Server LDAP server for SSL? (Choose THREE.) A. Enable SSL in Server Admin. B. Enter the passphrase for the private key. C. Enable SSL in Directory Access on the server. D. Install a private key and configure the server to use it. E. Install a signed certificate and configure the server to use it. F. Install the Cryptography Services package from the Admin Tools CD. Answer: A, D, E On a server you must enable SSL in Server Admin in the Open Directory>Protocols window, and then install and configure the private key and signed certificate. On a OS X client, you enable SSL in Directory Access. Question: 54 Which statement presents a valid reason for creating two user record branches in a Mac OS X Server LDAP directory? A. LDAP object classes hold a limited number of fields. B. Open Directory does not support the inetorgperson Schema. C. You want to separate public and private user account information. D. The NetInfo user account schema does not support extra contact information. Answer: C Question: 55 Which string below will partition your 30 gigabyte disk into two 10 gigabyte Mac OS Extended partitions, and one 10 gigabyte UFS partition? A. diskutil partitiondisk /dev/disk0s1 JournaledHFS+ Startup 10G /dev/disk0s2 JournaledHFS+ HFS_Vol 10G /dev/disk0s3 UFS UFS_Vol 10 g Page 13 of 22
B. diskutil partitiondisk /dev/disk0 3 JournaledHFS+ Startup 10G JournaledHFS+ HFS_Vol 10G UFS UFS_Vol 10G C. diskutil partitiondisk /dev/disk0 3 JournaledHFS+ Startup 10G JournaledHFS+ HFS_Vol_1 10G UFS_Vol 10G D. diskutil partitiondisk /dev/disk0 2 JournaledHFS+ Startup 10G JournaledHFS+ HFS_Vol 10G Question: 56 Which statement about the edquota command is TRUE? A. You use edquota to set group quotas. B. A separate edquota command should be entered for each user name. C. A 1K block hard limit of zero (0) can be st to prevent the use of disk space. D. edquota overrides the default filename and root location of the user quotas. Answer: A Question: 57 When resharing a mounted NFS share point over AFP, the NFS export must map. A. root to root B. all users to root C. root to nobody D. all users to nobody Answer: A Question: 58 When you configure access control using Server Admin, which Apache web server module enables users to authenticate to Open Directory? A. mod_dav B. mod_digest C. mod_access D. mod_auth_dbm E. mod_auth_apple Answer: E Question: 59 How does the Server Monitor tool provide notification when an Xserve computer experiences hardware problems? (Choose all that apply.) A. Server Monitor updates monitorstatus via the command line. B. Server Monitor puts itself in standby mode until the problem is corrected. C. Server Monitor sends an email or pager message to a specified recipient. D. Server Monitor changes the color of the status indicators in the Server Monitor window. E. Server Monitor blinks the processor status lights in a specified order on the front panel of the Xserve computer. Answer: C D Question: 60 Page 14 of 22
You initiate an SSH connection to a remote computer that is booted fromteh Mac OS X Server Install CD. What are possible default root password for the remote computer? (Choose all that apply.) A. the first eight characters of the remote computer's hardware serial number B. the first eight characters of the remote computer's Ethernet address C. the administrator account password for the remote computer D. the numbers "12345678" E. the word "admin" Answer: A, D Question: 61 Which tools can you sue to partition a disk? (Chose all that apply.) A. hdisk B. pdisk C. newhfs D. diskutil E. disktool, D Question: 62 Exhibit: Refer to the exhibit and study the network diagram, then answer the question below. You administer the Company A server with IP addresses 10.1.1.1 and 10.1.0.11. You have configured its two network interface in Network Preferences. Which TWO additional steps must you take on your server to ensure that the workstation Company 2 at 10.1.1.2 can communicate with the server Company B at 10.1.0.1, even if Company A is restarted? (Choose TWO.) A. Enable IP forwarding with systl. B. Add a static route for network 10.1.0/24 C. Add static route for network 10.1.1/24 D. Enable IP forwarding from Server Admin. E. Set the IPFORWARDING flag in /etc/hostconfig to YES Page 15 of 22
Answer: A, E Question: 63 The watchdog process and.(choose TWO.) A. controls the IP Failover process B. monitors and reports the failure of a fibre channel on an Xserve RAID C. reboots the computer if it crashes or freezes, and reports the event via the watchdog.event.log D. watches for specified process running on the Mac OS X Server, and restarts them if they stop. E. Reboots the server via the PMU firmware, ifwatchdog does not reset the PMU timer before it reaches five, E Question: 64 When using X.509 certificates, what role does a Certificate Authority play? A. A Certificate Authority must be; present on the server before SSL can be enabled. B. A Certificate Authority determines what ciphers are available for symmetric encryption. C. SSL routes traffic through the Certificate Authority to verify the identity of the client and server. D. A Certificate Authority ensures the identity of the web server by digitally signing the server's certificate. Question: 65 You are running Mac OS X Server 10.3. Using Workgroup Manager, you select "Inherit permissions from parent" when sharing an AFP volume. Users mount the volume. Which TWO statements accurately reflect the permissions on that volume? (Choose TWO.) A. If a user copies a file into a directory that is group-writable, the copy will be group-writeable. B. If a user copies a file into a directory that is not group-writeable, the copy will be groupwriteable. C. If a user creates a new subdirectory in a directory that is not group-writeable, the subdirectory will be group-writeable. D. If a user cretes a new subdirectory in a directory that is not group-writeable, the subdirectory will be group-writeable. E. If a user copies a file that is not group-writeable into a directory that is group-writeable, the permissions on the copy will not be group-writeable. Answer: A, C Question: 66 Exhibit: Page 16 of 22
Refer to the exhibit and study the sample output you get when you type the command df - Hl, then answer the question below. From which disk partition is the computer booted? A. /dev/disk3 B. /dev/disk0s3 C. /dev/disk0s5 D. /dev/disk/1s1s9 Question: 67 As the administrator of an Open Directory master and its replicas, which command would you use to force a replication? A. ldapd B. syncd C. slapconfig D. slapd.access Answer: C Question: 68 You are troubleshooting an Open Directory LDAP server. Which step will allow you to gather troubleshooting information from the server? A. Start slapd with the flag -d 99. B. Turn on verbose logging in Server Admin. C. Start Open Directoyr with flag -- debug. D. Edit/etc/hostconfig to contain LDAPARGS= '-d'. Answer: A Question: 69 Exhibit: Page 17 of 22
Refer to the exhibit and study the Mac OS X server routing table, then answer the question below. What network interface will the server use to forward a packet addressed to 10.1.1.100? A. en0 B. en1 C. en2 D. en3 E. en4 Answer: A Question: 70 You want your DNS server to forward queries to a DNS server at 10.1.0.1. Which step is necessary to create your forwarding DNS server? A. Configure the client DNS resolver on the server to 10.1.0.1 B. Enter this line in /etc/named.conf: forwarders { 10.1.0.1; }; C. Enter this line in /var/named/db.root: listen-on {10.1.0.1; }; D. Enter this line in /var/named/db.root: forwarders { 10.1.0.1; }; Question: 71 Server Assistant does NOT cerate server setup files in the format. A. Text File B. PkgInstall File C. Directory Record D. Configuration File Question: 72 Page 18 of 22
In Mac OS X Server 10.3, a through backup scheme for an Open Directory master does NOT require that you back up the. A. LDAP directory database B. DirectoryService framework C. Kerberos database and configuration files D. Open Directory Password Server database Question: 73 You AFP server is configured as a standalone server with users and groups stored in the local directory. On your share point is a folder named CompanyDocs, with the following permissions: Drwxr-xr-x 1 jack staff 272 4 Jun 17:05CompanyDocs You loginto a Mac OS X client computer as jkennedy.you then connect to the AFP server as user jack, and mount the volume containing the CompanyDocs folder. Which statement accurately describe the ownership and permissions of the CompanyDocs folder on the mounted AFP volume? (Choose all that apply). A. Using Get Info from the Finder on the client shows the jack as the owner of the CompanyDocs folder. B. Using Get Info from the Finder on the client shows the user jkennedy as the owner of the CompanyDocs folder C. Using 1s - 1 from the Terminal on the client shows the user jack as the owner of the CompanyDocs folder. D. Using 1s - 1 from the Terminal on the client shows the user jknnedy as the owner of the CompanyDocs folder. E. You will have read-only access to the CompanyDocs folder. F. You will have read and write access to the CompanyDocs folder. Answer: C, D Question: 74 You are configuring Mac OS X Server to authorize users stored on an Active Directory server. You need to and. (Choose TWO.) A. generate and install keytabs B. configure the Active Directory plug-in C. use slurpd to import Active Directory users to your local LDAP database D. configure Open Directory to emulate Active Directory properties in the LDAPv3 database E. use Workgroup Manager to include properties required by Open Directory in the Active Directory database Answer: A, B Question: 75 When the IP Failover process detects a failure, an email may (optionally) be sent. What happens next? A. The primary server is shut down. B. The secondary server is started. C. /usr/libexec/processfailover runs and executes the Test script. D. An IP address is brought up on the secondary server's secondary interface. Answer: C Page 19 of 22
Question: 76 Which is a valid step when configuring your website to use SSL? A. Modify the /etc/openssl/ssl.conf file to change the SSL port to a standard port. B. Install a certificate in the Open Directory domain to which your web server belongs. C. Modify the /etc/httpd/httpd.conf file to run Apache SSL child processes under a user other than www. D. Configure the SSL connection cache by using the file directives SSLSessionCache and SSLSessionCacheTimeout. Question: 77 By default, which protocol does the VPN service in Mac OS X Server 10.3 use to authenticate users? A. SSL B. Kerberos C. CRAM-MD5 D. MS-CHAPv2 Question: 78 Which statement is NOT true of SSH tunneling? A. SSH tunnels support the PPP protocol. B. You can secure DNS traffic by sending it through an SSH tunnel. C. SSH tunnels can secure otherwise non-secure POP and AFP traffic. D. Forwarding port 1023 and below requires root privileges for the initial receiving port. Question: 79 Which statement is TRUE of the as command? A. asr creates disk images B. asr can back up selected directories on a volume to a disk image. C. The -imgescan option in as corrects permission errors on a disk image. D. When used with the hdiutil command, asr can back up a disk to a disk image. Question: 80 As a backup solution for Mac OS X Server 10.3, rsync lets you. A. incrementally backup files B. synchronize an Open Directory master with its corresponding replica C. synchronize LDAP accounts in Mac OS X Server and Active Directory D. remotely synchronize an Open Directory master with its corresponding replica Answer: A Question: 81 Page 20 of 22
Your user accounts are stored on an Active Directory server. Which TWO steps, performed in combination, let your users access Mac OS X Server services that requires authentication? (Choose TWO.) A. Start the LDAP server on the Mac OS X Server. B. Modify the authentication search path on your Mac OS X Server. C. Modify the authentication search path on your Mac OS X clients. D. Create keytab files on the Mac OS X Server for each user stored on the Active Directory server. E. Configure the Active Directory plug-in on the Mac OS X Server to connect to the Active Directory server., E Question: 82 To support Mac OS X clients, you deploy a server running directory services on Mac OS X Server 10.3 to supplement the existing Active Directory services. This solution provides. A. a mechanism for mapping Mac OS X schema to Active Directory B. a mechanism for storing Microsoft Exchange data in Open Directory C. a means of managing Windows Group Policy objects from Workgroup Manager in Mac OS X D. a way to store user principals in Active Directory, and delegate Mac-specific management to Mac OS X Server Question: 83 Which TWO statements are true of auto mounting volumes in Mac OS X Server? (Choose TWO.) A. Automount information is stored in /etc/hostconfig. B. Static automounts can only be used as user home folders. C. The automount type is specified in the NFS Settings pane in Server Admin. D. The sharepoint configured to be a static automaount is mounted when the local system starts up. E. The sharepoint configured to be a dynamic automountis mounted in /Network/Servers when referenced., E Question: 84 Before you back up Cyrus files in Mac OS X Server 10.3, you must to avoid inconsistencies. A. stop the mail server B. run the ctl_mboxlist -d command C. check the Cyrus files with the md5 command D. check the files in the mail partition folder using the df command Answer: A Question: 85 What authentication token does a client present when accessing a kerberized service? A. the user's password B. a TGT obtained form the KDC Page 21 of 22
C. a client-generated service ticket D. a service ticket obtained from the KDC Question: 86 Exhibit: Refer to the exhibit and study the mounts record for the Marketing share point on your server, then answer the question below. From its record, what can you determine about the Marketing share point? A. It will be statically automated at /Network/Marketing. B. It will be dynamically automounted at /Network/Servers. C. It will be dynamically automounted at /Network/Marketing. D. User must authenticate before they can access the share point End of Document Page 22 of 22