|
Home > Archive > 70-068 enterprise > January 2001 > I need a rule here ! I'm confused
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
I need a rule here ! I'm confused
|
|
|
| I know its very long 
119. Your organization has 5 domains. Each domain user in your domain organization has a single account that resides in his home domain. Password security is strictly enforced. The Sales domain in your organization trusts Corp domain. Mary, a domain user in Sales domain, logs on to the Corp domain. What folders will she be able to view?
A. All folders in the Corp domain for which the Corp/Domain users global group has been granted Read access.
B. All folders in the Corp domain for which the Sales/Domain users global group has been granted Read access.C. All folders in the Corp domain for which the Corp/Domain guests global group has been granted Read access.D. All folders in the Corp domain for which the Sales/Domain guests global group has been granted Read access.
E. All folders in either the Corp or the Sales domain for which the Sales/Domain guests global group granted Read access.
Answer C
**Mary is a Sales Domain user and hence a Corp Domain guest. She is NOT a Sales Domain guest; E is incorrect.
103. You log on from a computer in the MKTG domain to one in the CORP domain. The MKTG domain trusts the Corp Domain. Which resources can you access?
A. in MKTG, MKTG/DOMUSERS access
B. in CORP, CORP/DOMUSERS access
C. in CORP, CORP/DOMGUESTS access
D. in CORP, MKTG/DOMGUESTS access
Answer B
(Notice the words "MKTG domain trusts the Corp" - this is the key to the question. Because of the TRUST, we now are assuming that there is a MASTER database with accounts. Because of this, the MKTG is logging on to the Master, in which they have an account. Ref: EXAM CRAM. With an account, you are not using the GUESTS, you are indeed logged into a valid account, therefore USERS would be correct.)
**Pass-through authentication is being used. Since MKTG trusts CORP, when a user logs tries to log into the CORP domain from a MKTG machine, the MKTG machine will pass the request to a DC of CORP. The user will then log on with access permissions as if he/she had logged into CORP directly from a CORP machine.
104. You log on from a computer in the MKTG single domain to one in the CORP domain. The MKTG domain trusts the Corp Domain. Which resources can you access?
A. in MKTG, MKTG/DOMUSERS access
B. in CORP, CORP/DOMUSERS access
C. in CORP, CORP/DOMGUESTS access
D. in CORP, MKTG/DOMGUESTS access
Answer C
(The reason GUESTS is correct, is that they are not logging into an account that they own, so it is assumed they are using the GUEST account. Watch out for when they change this question, and they say "the guest account is disabled". Thus, in this situation, they could not log on.)
120. Your company has two domains, CORP and EAST. CORP trusts EAST. Your user account exists in the CORP domain, and you log on to the CORP domain from a machine that is a member of the EAST domain. To what resources do you have access?
A. Resources in CORP for which CORP\Domain Users have been granted access
B. Resources in EAST for which EAST\Domain Users have been granted access
C. Resources in EAST for which EAST\Domain Guests have been granted access
D. Resources in EAST for which CORP\DOmain guests have been granted access
Answer A
**My answer: C.
CORP trusts EAST, but EAST does NOT trust CORP. Since CORP is not trusted by EAST, when you attempt to log into CORP from EAST, EAST will not pass the logon request to CORP. You will be logged on as a guest of the EAST domain (actually, I think the logon should simply fail).
Comments Are Very Welcome ! 
------------------
Najed Guy
[This message has been edited by Najed Guy (edited 01-17-2001).] | |
|
| Q119 - Answer would be "C". Reason - In this single domain scenario, if the user successfully logs onto another domain besides the Sales domain, that user must be using the Guest account of that domain.
Q103 - Big assumption to be made by the wording of this question. If you assume this is a Single Master Domain Model, then "B" is correct. Otherwise it would be "C". I can't see how the Single Master Domain assumption can be made with how this question is worded - just my 2 cents on that.
Q104 - Answer would be "C", same reasoning as Q119.
Q120 - Answer would be "C", pass through authentication would not happen in this scenario. East/Domain Guest resources would be the only thing you could get to. If the East/Domain Guest account was not enabled, your logon attempt would fail.
Anyone else agree or disagree? 
Hope this Helps!!
Spid
Net+, MCSE | |
|
| First I would like to thank u for your help spid. 
Second, I don’t feel comfortable with some of the answers above. Because I can’t tell for sure, according to my knowledge, whether it’s right or wrong here is what I think:
For Q 103 I agree that we can’t take the big assumption worded in the answer below the Q and we can’t ignore it. Right?
You choose “C”, It is right if we assume that the Guest account is enabled witch is not by default. And not indicated in the Q. in addition answer “B” can be supported by the following, with out looking to the Net. structure:
1. The Guest account is disabled by default.
2. The user already logged on.
3. Pass-through authentication is being used. Since MKTG trusts CORP.
I think the same could be applied on Q104 since the Q doesn’t say the users have one single account as its indicated in Q119. And Q119 it’s obviously clear for me the answer is “C”. “Each domain user in your domain organization has a single account that resides in his home domain”
But for Q120 since the user logged on to CORP domain and there is no way to imagine it without the Guest account. Because the truest required for the Pass-through authentication in this situation is not exist. So I think the answer defiantly would be “C”.
What do u thing guys? I like to know your opinion
------------------
Najed Guy | |
|
| Looking at Q103 again, I agree with your reasoning (yes, guest account is disabled by default). So in retrospect, I would go with "C" and base my answer on the Single Master Domain assumption because Guest account is disabled by default and user logged on.
Q104 - I still say "C" because the question states "Single domain" and "you log on.."
So, here's my reasoning..
This is not a Single Master Domain Model, it's 2 single domains with a one way trust (MKT - trusting domain, CORP - trusted). The Guest account has to be enabled in this case or the logon would fail. Since that is not in the answer set, I've got to go with Corp/DomainGuests access to resources.
Spid
Net+, MCSE | |
|
|
In return to Q104:
Isn’t possiple that the user who logged on to the CORP domain had used his CORP domain account? Since there is the trust to use the Pass-through authentication.
Dose it matter whether it is single or single master? Why?
I think we have a problem in understanding the Q because witch its not clearly worded by Bill Gate and his gang  , which is done for unfairly purpose.
Let’s make a base to understand such Qs. I think basically if a user logs on, he uses his own account. “Guest account is disabled by default”. Then if there is no way to log on with his account, we assume he logs on with the Guest account.” Do you think I am right?”
------------------
Najed Guy | |
|
| quote:
Originally posted by Najed Guy:
In return to Q104:
Isn’t possiple that the user who logged on to the CORP domain had used his CORP domain account? Since there is the trust to use the Pass-through authentication.
Dose it matter whether it is single or single master? Why?
Najed,
No offense intended but I'm not going to debate you over poorly written questions pulled from a brain-dump. We can sit here and make assumptions all night long as to why one answer could be correct and the other may not.
Botton-Line - Answer the question however you feel most comfortable, but know that the difference between Single Domains with a one way trust and a Single Master Domain model is huge.
Single Master domain, by default has all user accounts in the Master Domain. For example, let's say Corp is the Master domain where all the user accounts reside, MKT is the resource domain and trusts CORP (by definition of a single master domain model).
By definition, all users have access to resources that the Global group Corp/DomainUsers has been given regardless of which domain they are logging on from..yes, pass-through authentication in action 
2 Single Domains with a one-way trust between them have user accounts in both domains. And depending on where your account is and what Domain you are trying to log in from, as well as how the trust is established between the Domains and whether or not the Guest account is enabled or disabled will determine whether or not you can log on at all, have access to Guest account resources, or Domain user resources.
I can't make it any more detailed than that. If you are unsure of the differences between Single Domains, Single Master Domains, Multiple Master Domains, and Complete Trust Domain structures, I would suggest maybe finding some reference materials to look at.
Hope this helps!!
Spid
Net+, MCSE
[This message has been edited by Spid (edited 01-18-2001).] | |
|
|
Spid, I agree that the Q is poorly worded and pulled from a brain-dump. But I have taken the exam once and have seen confusing Qs in the exam that may have more than one possible answer and force you to make assumptions.
Any way let’s stop it. I was trying to reach a basic guideline to overcome such Qs. I don’t think going any further in this debate would lead us to any result.
What u have written was wonderful. It gives me confidence and confirms my knowledge.
Spid you are a star guides a ship in the ocean.
For your suggestion: sorry I don't think so I had enough
Take it ease man.
| |
|
| Agreed! And thank you for the kind words.
Let me know if I can help further.
Take Care,
Spid
Net+, MCSE |
|
|
|
|