9L0-624 Mac OS X Directory Services 10.6 Exam

Page 1   
Question 1

In a default configuration of a Mac OS X v10.6 computer, which folder contains Open
Directory logs?

  • A. ~/Library/Logs/
  • B. /var/log/dslocal/
  • C. /System/Library/Logs/
  • D. /Library/Logs/DirectoryService/


Answer : D

Question 2

What is a Kerberos user principal?

  • A. An entry in the local keychain database that contains the private keys for a particular kerbeeros user
  • B. An entry in the LDAP database that contains the identification for a particular Kerberos user
  • C. An entry in the KDC database that contains the authentication information for a particular Kerberos user
  • D. An entry in the local directory services database that contains the identification information for a particularKerberos user


Answer : C

Question 3

Which command should you enter in Terminal to view the Kerberos principals stored on
your server?

  • A. ktutil list
  • B. krb5dkc --principals
  • C. dscl localhost -getprincs
  • D. kadmin.local -q list_principals


Answer : D

Question 4

By setting the your want to promote a standalone Mac OS X Server v10.6 computer to an
Open Directory master. If the server has the DNS name mainserver.pretendco.com,
which command should you use to perform the promotion?

  • A. slapconfig-promote mainserver.pretendco.com
  • B. ldapconfig-a mainserver.pretendco.com –u diradmin –p password
  • C. ldapconfig createldapmaster dc=mainserver,dc=pretendco,dc=com MAINSERVER.PRETENDCO.COM
  • D. slapconfig createldapmasterandadmin diradmin director Admin 1000 dc=mainserver,dc=pretendco, dc=com MAINSERVER.PRETENDCO.COM


Answer : D

Question 5

A Kerberos keytab file contains

  • A. public keys for a user principal
  • B. public keys for the KDC principal
  • C. secret keys for the client principal
  • D. secret keys for the service principal


Answer : D

Question 6

In which situation should you use dseditgroup rather than dscl?

  • A. You need to edit the Directory ACLs for your groups.
  • B. You need to edit both the local and network directory domains.
  • C. You need to edit groups that reside in an Active Directory directory domain.
  • D. You need a PrimaryGroupID to be created automatically for new group records.


Answer : D

Question 7

Which process on an open directory replica receives notification of changes to an open
directory master?

  • A. repid
  • B. slapd
  • C. slurpd
  • D. slapcatd


Answer : B

Question 8

You are deploying a new Mac OS X Server v10.6 computer. You want to configure the new
server to augment user accounts on an existing Open Directory master. How can you
accomplish this goal?

  • A. Set up the new server using the Workgroup configuration, and use Server Preferences to augment the useraccounts.
  • B. Set up the new server using the Advanced configuration, and use Directory Utility to configure mappings forthe augmented user accounts.
  • C. Set up the new server using the advanced configuration, and use the advanced user pane in WorkgroupManager to augment the user accounts.
  • D. Set up the new server using the Workgroup configuration, and use the advanced user pane in WorkgroupManager to augment the user accounts.


Answer : A

Question 9

When reviewing the directory service log file on your Mac OS X Server v10.6 computer,
you see error number 14002 listed. Which command should you enter in Terminal to
discover the meaning of this error number?

  • A. dserr -14002
  • B. dscl-e 14002
  • C. cat /var/db/err / grep 14002
  • D. DirectoryService –error 14002


Answer : A

Question 10

Where in the Mac OS X v10.6 file system are user accounts for the /Local/Default directory
domain stored?

  • A. /var/db/netinfo/local.nidb
  • B. /etc/openldap/Local/Default
  • C. /var/db/mysql/dslocal/Default
  • D. /var/db/dslocal/nodes/Default/users/


Answer : D

Question 11

You have just installed Mac OS X v10.6 on a new computer, and are now binding the
computer to a third-party LDAP server. Before mapping Open Directory attributes to LDAP
attributes in the LDAPv3 plug-in, you must ________.

  • A. add the LDAP server to the authentication search path
  • B. modify your LDAP schema to support native Directory Services data types
  • C. use Directory Utility to install the Open Directory LDAP schema on your LDAP server, then restart the server
  • D. create a new LDAP configuration in Directory Utility, and specify the appropriate search base for the LDAP directory


Answer : D

Question 12

Which statement describes how an Open Directory master sends directory changes to an
Open Directory replica?

  • A. slapd sends changes to the replica via LDAP.
  • B. slurpd sends changes to the replica via LDAP.
  • C. syncrepl sends changes to the replica via HTTPS.
  • D. DirectoryServices sends changes to the replica via HTTPS.


Answer : B

Question 13

Which keys are stored in a Kerberos service principal?

  • A. The public keys used to encrypt the TGT
  • B. The public keys used to initiate an SSL connection
  • C. The secret keys use to authenticate the user with the KDC
  • D. The secret keys used to authenticate a server with the KDC


Answer : D

Question 14

Review the screenshot of two custom mappings in directory utility, then answer the
QUESTION NO: below. Which is a valid storage location for the file named
openldapwithstatic.plist?

  • A. /etc/openldap/templ/
  • B. /var/db/dslocal/Default/mappings/
  • C. /Library/Preferences/DirectoryServic/
  • D. ~/Library/Application Support/Directory Access/LDAPv3/Templates/


Answer : D

Question 15

Which command-line tool should you use to view cached Kerberos service tickets?

  • A. kinit
  • B. klist
  • C. ktutil
  • D. kadmin


Answer : B

Page 1