Module 4 challenge: Directory Services :System Administration and IT Infrastructure Services(Google IT Support Professional Certificate) Answers 2025:

Question 1

How are things organized in a directory server?

✅ By a hierarchical model of objects and containers
❌ Relational database structure
❌ Flat text file
❌ Series of nested groups

Explanation:
Directory servers like LDAP or Active Directory use a hierarchical model, organizing information into objects (users, devices) and containers (OUs) that reflect a tree-like structure.

Question 2

Which directory service software would be used exclusively on a Windows network?

✅ Active Directory
❌ DSP
❌ DISP
❌ OpenLDAP

Explanation:
Active Directory (AD) is Microsoft’s directory service designed specifically for Windows-based networks, managing users, computers, and policies.

Question 3

Instead of assigning access for each user account individually, ________ is a more efficient and easier-to-manage approach.

✅ Centralized authentication
❌ LDAP
❌ Active Directory
❌ Centralized management

Explanation:
Centralized authentication allows users to log in using one set of credentials across all systems — improving efficiency and security through directory services like AD or LDAP.

Question 4

An LDAP entry reads:
dn: CN=John Smith, OU=Sysadmin, DC=jsmith, DC=com
What is the organizational unit (OU)?

✅ Sysadmin
❌ jsmith
❌ John Smith
❌ Full DN string

Explanation:
In LDAP syntax, OU stands for Organizational Unit — here it’s clearly labeled as Sysadmin.

Question 5

Which of the following are ways to authenticate to an LDAP server?

✅ Anonymous bind
✅ Simple bind
✅ SASL
❌ PGP

Explanation:
LDAP supports:

• Anonymous bind: No credentials required.

• Simple bind: Plain text username/password.

• SASL (Simple Authentication and Security Layer): More secure methods like Kerberos.
  PGP is unrelated; it’s used for encryption, not authentication.

Question 6

Which statements about Active Directory (AD) are true?

✅ AD can “speak” LDAP.
✅ AD is used as a central repository of group policy objects (GPOs).
❌ AD includes a tool called ADAC (Active Directory Authentication Center).
❌ AD is incompatible with Linux/OS X.

Explanation:

• AD uses LDAP as its communication protocol.

• AD stores Group Policy Objects (GPOs) centrally.

• It is compatible with other OSes using tools like Samba or LDAP clients.

• There’s no tool called “Active Directory Authentication Center”; it’s Active Directory Administrative Center (ADAC).

Question 7

Which statements are true about Domain Controllers (DCs)?

✅ The default Organizational Unit (OU), called Domain Controllers, contains all Domain Controllers in the domain.
✅ Delegation can be used in Active Directory.
✅ Changes that are safe to make by multiple DCs are handled by Flexible Single Master Operations (FSMO).
❌ Always use Domain Admin for daily use.

Explanation:
Best practice: never use the Domain Admin account daily — use it only for administrative tasks. FSMO roles handle replication and unique changes.

Question 8

Which of these statements are true about managing through Active Directory?

✅ ADAC uses PowerShell.
✅ Domain Local, Global, and Universal are examples of group scopes.
✅ Default groups Domain Users and Domain Admins are security groups.
❌ Distribution groups can be used to assign permissions.

Explanation:

• Distribution groups are for email only.

• Security groups (like Domain Users/Admins) control access.

• ADAC (Active Directory Administrative Center) uses PowerShell backend for automation.

Question 9

A computer is in several GPOs:

• GPO-A (Precedence 1)

• GPO-B (Precedence 2)

• GPO-C (Precedence 3)

✅ GPO-A will take precedence and overwrite any conflicting settings.
❌ GPO-B or GPO-C
❌ Local policy

Explanation:
In Group Policy, lower number = higher priority.
So GPO-A (1) overrides others when conflicts occur.

Question 10

Which of the following are common reasons a group policy doesn’t take effect correctly?

✅ Fast Logon Optimization may delay GPO changes from taking effect.
✅ Replication failure may occur.
✅ Kerberos may have issues with UTC time.
❌ GPO may be linked to the OU that contains the computer.

Explanation:

• Fast Logon Optimization delays GPOs for performance.

• Replication issues cause inconsistent policy application.

• Time drift affects Kerberos authentication.

• If GPO is correctly linked to the OU, it should apply — so that’s not an issue.

🧾 Summary Table