Exam A
QUESTION 1
You have an Open Directory master with many replicas. The master has had a hardware failure. How should you promote one of the replicas to master and have all the other replicas look to the new master?
A. Using Server Admin, change one of the Open Directory replicas to a master, and then change all of the remaining Open Directory replicas to standalone servers, and back to replicas.
B. Using dsconfigldap, change one of the Open Directory replicas to a master, and then use Server Admin to change all of the remaining Open Directory replicas to standalone servers, and back to replicas.
C. Using Server Admin, change one of the Open Directory replicas to a master, and then change the address of the Open Directory master on all of the remaining replicas, without changing the role of the replicas.
D. Using dscl, change one of the Open Directory replicas to a master, and then use serveradmin to change the address of the Open Directory master on all of the replicas, without changing the role of the replicas.
Correct Answer: A
QUESTION 2
You are configuring a Mac OS X Server v10.6 computer to search multiple directory domains. How can you specify the order in which the server searches the directories when authenticating users?
A. Define a custom search path in the Authentication pane of Directory Utility.
B. Run slapconfig -setauthmechanisms and specify the directory domain search order.
C. In the Mappings pane of Directory Utility, modify the mapping for the AuthenticationAuthority attribute.
D. In the Advanced pane of Workgroup Manager, configure the computer account and enter the authentication search path.
Correct Answer: A
QUESTION 3
In Mac OS X Server v10.6, GeneratedUIDs provide for user identification in which TWO contexts? Choose the two best answers.
A. file ACLs
B. file ownership
C. password policies
D. group membership
E. Kerberos TGT requests
F. CDSA security verification
Correct Answer: AD
QUESTION 4
A search base for an LDAP request describes ________.
A. the client application making the search request
B. the location in the LDAP hierarchy where the search will begin
C. the network path to the LDAP server that the request will search
D. the directory services data types that correspond to the LDAP entry being searched
Correct Answer: B
QUESTION 5
In a default configuration of a Mac OS X v10.6 computer, which folder contains Open Directory logs?
A. ~/Library/Logs/
B. /var/log/dslocal/
C. /System/Library/Logs/
D. /Library/Logs/DirectoryService/
Correct Answer: D
QUESTION 6
What type of entry in an LDAP schema defines the record type(s) that the LDAP directory supports?
A. OID base
B. object class
C. syntax definition
D. attribute definition
Correct Answer: B
QUESTION 7
You want to add a user to an Open Directory master. Which command-line tool lets you do so without requiring that you stop the DirectoryService process to avoid data corruption?
A. dscl
B. slapadd
C. slapconfig
D. slappasswd
E. dsconfigldap
Correct Answer: A
QUESTION 8
You want a Mac OS X v10.6 computer to mount a network volume dynamically over AFP when users log
in to the computer. Which TWO attributes must be defined in the mount record?
Choose the two best answers.
A. Export
B. MountDir
C. VFSOpts
D. VFSType
E. VFSMount
F. HomeDirectory
Correct Answer: CD
QUESTION 9
In Mac OS X v10.6, how do you enable or disable debug logging for the DirectoryService process?
A. Enter the command killall -USR1 DirectoryService in Terminal.
B. In Server Admin, select Detailed Logging in the Open Directory service pane.
C. Enter the command defaults write com.apple.DirectoryService LogLevel debug in Terminal.
D. Enter the command serveradmin settings dirserv:loggingAttributes:logLevel = “debug” in Terminal.
Correct Answer: A
QUESTION 10
When a Kerberos client authenticates with a kerberized service, how does the kerberized service determine that the client has a service ticket from an authentic KDC?
A. The service ticket is signed with the KDC’s public key.
B. The service ticket is signed with the user’s private key.
C. The service ticket is encrypted with the service’s public key.
D. The service ticket is encrypted with the service’s private key.
Correct Answer: D