Top Banner
Apple Certified Technical Coordinator 10.7 Recertification Exam Preparation Guide Updated February 2012
66
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Actc 10.7 Exam Prep

ACTC 10.7 Recertification Exam Preparation Guide

1

Apple Certified Technical Coordinator 10.7 RecertificationExam Preparation Guide

Updated February 2012

Page 2: Actc 10.7 Exam Prep

Contents

..............................................................................................................About This Guide 3

........................................Becoming an Apple Certified Technical Coordinator 3

.......................................................................................................................Exam Details 4

.............................................................................Recommended Exam Preparation 4

.................OS X Lion Support Essentials Objectives and Review Questions 6

........................................................Chapter One: Installation and Configuration 6

........................................................................................Chapter Two: User Accounts 10

..........................................................................................Chapter Three: File Systems 13

...............................................................................Chapter Four: Data Management 18

..............................................................Chapter Five: Applications and Processes 23

..........................................................................Chapter Six: Network Configuration 27

..............................................................................Chapter Seven: Network Services 32

...................................................................Chapter Eight: Peripherals and Printing 38

.....................................................................................Chapter Nine: System Startup 40

.....................OS X Lion Server Essentials Objectives and Review Questions 43

.......................................Chapter One: Installing and Configuring OS X Server 43

................................Chapter Two: Authenticating and Authorizing Accounts 46

......................................................................Chapter Three: Using Open Directory 49

............................................................................Chapter Four: Managing Accounts 52

..........................................Chapter Five: Implementing Deployment Solutions 54

...........................................................................Chapter Six: Providing File Services 57

................................................................Chapter Seven: Managing Web Services 61

.........................................................Chapter Eight: Using Collaborative Services 62

ACTC 10.7 Recertification Exam Preparation Guide

2

TM and © 2012 Apple Inc. All rights reserved. Other product and company names mentioned herein may be trademarks of their respective companies. Mention of third-party products is for information purposes only and constitutes neither an endorsement nor a warranty. Apple assumes no responsibility with regard to the selection, performance or use of these vendors or products.

Page 3: Actc 10.7 Exam Prep

About This GuideThis guide provides all the information you need to prepare to take the Apple Certified Technical Coordinator 10.7 Recertification Exam. From this guide you can:

• Learn about Apple Certification

• Find out how to take the exam

• Locate resources to help you prepare for the exam

• Review the range of objectives that the exam may cover

• Get a feel for the type of questions that appear on the exam

Becoming an Apple Certified Technical Coordinator The Apple Training and Certification program is designed to keep you at the forefront of Apple technology. Certification creates a benchmark to demonstrate your proficiency in specific Apple technologies and gives you a competitive edge in today’s evolving job market.

Apple offers three OS X certifications: Apple Certified Associate: Mac Integration, Apple Certified Support Professional, and Apple Certified Technical Coordinator. For more information on all OS X certifications, visit training.apple.com/certification/macosx.

Apple Certified Technical Coordinator (ACTC) certification verifies a foundation in OS X and OS X Server core functionality and an ability to configure key services and perform basic troubleshooting. ACTC certification is intended for OS X technical coordinators and entry-level system administrators who maintain small-to-medium networks of computers using OS X Server.

Students who earned ACTC 10.6 or ACSA 10.6 certification can become ACTC 10.7 certified by passing just the ACTC 10.7 Recertification Exam. 

Students who are not ACTC 10.6 or ACSA 10.6 certified can earn ACTC 10.7 certification by passing both the OS X Support Essentials 10.7 Exam and the OS X Server Essentials 10.7 Exam. Exam Preparation Guides for these exams are available at: http://training.apple.com/certification/macosx.

What are the benefits of Apple Certification?Besides differentiating you as a skilled user and support professional for OS X Lion and OS X Lion Server, becoming an Apple Certified Technical Coordinator allows you to leverage the power of the Apple brand. When you pass a certification exam, you receive an email with a PDF copy of your Apple certificate, along with instructions on how to order a printed or a printed and framed certificate.

You also receive a login for the Apple Certification Records System, where you can:

ACTC 10.7 Recertification Exam Preparation Guide

3

Page 4: Actc 10.7 Exam Prep

• Update your profile information and opt in to display your Apple Certification(s) on the Apple Certified Professionals Registry

• Review your certification progress

• Download your certification logo(s) to use on business cards, resumes, websites, and more

• Provide access to employers to verify your certifications

Exam Details The exam is a computer-based test offered at Apple Authorized Training Centers (AATCs) or from any computer that has Internet access. ACTC 10.6 and ACSA 10.6 certified professionals were sent a recertification email with information to take the ACTC 10.7 Recertification Exam online. If you are eligible and did not receive this email, please contact us. Certification exams don’t require class attendance, and all AATCs offer all exams, even if they don’t offer the corresponding course. Many AATCs schedule certification exam sessions at training.apple.com/schedule. If you don’t see a session scheduled at your nearest AATC, contact the AATC and it may be able to schedule a session.

The ACTC 10.7 Recertification Exam details:

• Exam number: 9L0-517

• Number of test questions: approximately 93 technical, 5 demographic (unscored)

• The exam uses a random pool of multiple-choice, fill-in-the-blank, and interactive-media questions

• Passing score: 72 percent (scores are not rounded; you must earn a score of 72 percent or higher to pass the exam)

• Details on exam scoring are at training.apple.com/certification/faq

• Exam duration: Two hours and thirty minutes

• The exam is based on features and functionality present in OS X Lion (version 10.7.3) and OS X Lion Server (version 10.7.3)

• Some exams are also available in other languages; for details, visit training.apple.com/certification/localized

The exam timer doesn’t start until you view the first technical question. You may not access any resources or references during the exam.

If you still have questions, visit training.apple.com/certification/faq.

Recommended Exam PreparationWe recommend the following exam preparation strategies:

• Gain experience with OS X and OS X Server.

• Take a class and learn from experts:

ACTC 10.7 Recertification Exam Preparation Guide

4

Page 5: Actc 10.7 Exam Prep

• Lion 101: OS X Support Essentials 10.7 (PDF) and Lion 201: OS X Server Essentials 10.7 (PDF)

• Or Lion 101+201: Apple Certified Technical Coordinator 10.7 Bootcamp (PDF)

• Study the Apple Pro Training Series books, OS X Lion Support Essentials by Kevin M. White, and OS X Lion Server Essentials by Arek Dreyer and Ben Greisler.

• Review the optional study materials.

• Review the objectives and sample questions in this guide.

Gain experience with OS X and OS X ServerNothing can substitute for time spent learning the technology firsthand. After you read the book and/or take the class, spend time increasing your familiarity with OS X and OS X Server on your own to ensure your success on the certification exam.

Learn from expertsApple Authorized Training Centers (AATCs) offer classes where you can learn hands on with the technology and benefit from the expertise of Apple Certified Trainers and your peers. Visit the Apple Training & Certification website to find course offerings at nearby AATCs.

Study the Apple Pro Training Series booksThe Apple Pro Training Series books OS X Lion Support Essentials by Kevin M. White and OS X Lion Server Essentials by Arek Dreyer and Ben Greisler prepare you to take the ACTC 10.7 Recertification Exam.

You can purchase the books at peachpit.com (save 30% by using coupon code PP-APL-DISC at checkout). Creative Edge, an on-demand digital library, offers subscription access to the Apple Pro Training Series, as well as thousands of other reference videos and books. If you use an iPad, an electronic version is available on the iBookstore. Some books are also available in other languages.

Review the optional study materialsThe following resources may also help you prepare for your certification exam, as well as expand your general knowledge:

• Review the Upgrading and Migrating Guide and the Lion Server: Advanced Administration Guide at http://images.apple.com/macosx/server/resources/documentation.html

• Launch the Help documentation from the Help menu in OS X Lion Server.

• Designed for iPad and iPhone, the Test Yourself apps let students review and assess their knowledge of the material in the OS X Support Essentials 10.7 and OS X Server Essentials 10.7 books. Peachpit should make the apps available in 2012.

ACTC 10.7 Recertification Exam Preparation Guide

5

Page 6: Actc 10.7 Exam Prep

Review the objectives and review questionsEven if you’re self-taught or have taken courses that don’t use the Apple Pro Training Series curriculum, you can still prepare for the certification exam by making sure that you can complete all the tasks and answer all the review questions in the following sections.

The learning objectives describe the knowledge domains assessed by the exam. The review questions summarize what you should have learned in each chapter. Although this guide divides the objectives into chapters or knowledge areas, questions are presented randomly during the exam.

The number of test questions drawn from each knowledge area is indicated for each of the following chapters.

OS X Lion Support Essentials Objectives and Review Questions

The next sections present the learning objectives for the OS X Lion Support Essentials class, and the chapter review questions from the Apple Pro Training Series: OS X Lion Support Essentials book.

Chapter One: Installation and ConfigurationUpon completion of Chapter One, “Installation and Configuration” in OS X Lion Support Essentials, you should be able to complete the following tasks. Four items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Identify the version of firmware installed on a Mac OS X computer

• Use the appropriate firmware update utility to update a Mac computer's firmware

• On a Mac running the OS X Installer, use Lion Recovery to restore the computer's hard disk from a Time Machine backup

• Document an OS X Mac computer's network settings

• Locate late-breaking news about OS X in Apple's knowledge base on the Internet

• From a description of organizational needs, identify an appropriate partition structure for the hard disk where OS X will be installed

• From a description of organizational needs, identify an appropriate volume format for all partitions of the hard disk where OS X will be installed

• On a Mac running the OS X Installer, format the computer's hard disk into one or more partitions in a specific volume format

• Verify and repair file and folder permissions on the hard drive

• On a Mac running Lion Recovery, configure the computer to boot from a specific disk

ACTC 10.7 Recertification Exam Preparation Guide

6

Page 7: Actc 10.7 Exam Prep

• On a Mac running the OS X Installer, verify that installation was successful

• On a Mac running the OS X Installer, view the OS X installation log

• Troubleshoot a failed OS X installation

• State the minimum hardware requirements to install OS X

• Verify that a Mac meets the minimum hardware requirements to install the latest OS X software

• List four critical steps that should be taken prior to installing OS X

• Identify the latest version of firmware available for your Mac

• Verify that installed applications are compatible with OS X

• Describe how formatting a Mac computer's hard disk into a single partition can simplify the process of preparing to install OS X

• Describe how formatting a Mac computer's hard disk into multiple partitions makes it easier to configure and use the Mac

• Describe how to use a multiple-partition drive to simplify maintenance of multiple operating systems

• Describe how to simplify separating operating system data and user data by using a multiple-partition drive

• Describe OS X installation, including decisions made in response to Installer interface options

• List what utilities are available when a Mac is booted from the OS X recovery volume

• State where in the GUI interface you configure network settings

• Migrate user data from a Time Machine backup to a new Mac

• Provide OS X registration information to the Setup Assistant utility

• Configure a local administrator account

• Configure a computer's network connection(s) and time zone settings

• Access preference configurations

• Use the Internet to install Apple software updates

• Download software updates to install on multiple computers

• Open the System Information utility

• Install Apple and third-party packages, including home directories, network-install packages, and signed packages

• Compare and contrast the five categories of preferences in System Preferences: Personal, Hardware, Internet & Network, System & Other

• Describe how the Software Update utility makes software updates available to client computers through the utility's preference pane in System Preferences or Software Update in the Apple menu

• Identify any updates that have been installed

ACTC 10.7 Recertification Exam Preparation Guide

7

Page 8: Actc 10.7 Exam Prep

• Define the terms ”system version number,” ”build number,” and ”serial number” as they pertain to OS X installation

• Identify the version number, build number, and serial number of the installed OS

• Describe the process for creating an external Lion Recovery volume

• State the methods for obtaining the OS X Installer

• Create a Lion Recovery volume on an unformatted external storage device

• State from which types and sources of data the Migration Assistant can migrate

• Describe how to use the Lion Recovery volume to reinstall OS X

• Reinstall OS X on a Mac with a Lion Recovery volume

Chapter One review questionsAfter completing Chapter One, you should be able to answer the following questions.

1. What are the minimum hardware requirements for upgrading a system to OS X Lion?

2. What seven preparation steps must you take before upgrading a system to Lion?

3. How can you identify whether a Mac requires a firmware update?

4. What are the advantages and disadvantages of using a single-partition drive with Mac OS X? What about a multiple-partition drive?

5. What utilities are available when a Mac starts up from Lion Recovery?

6. Where can you locate the system version number, build number, and serial number? What is the significance of each of these numbers?

7. How do the four default System Preferences categories differ?

8. How do you ensure that you have the latest Apple software?

Answers

1. The minimum requirements for upgrading Lion are:

• A Mac with an Intel Core 2 Duo, Core i3, Core i5, Core i7, or Xeon processor 2GB of memory

• Mac OS X v10.6.6 or later (v10.6.8 recommended)

• 7GB of available disk space

• Some features require an Apple ID; terms apply

ACTC 10.7 Recertification Exam Preparation Guide

8

Page 9: Actc 10.7 Exam Prep

• Some features require a compatible Internet service provider; fees may apply

2. Seven steps you should take before upgrading a system to Lion are

• plug portable Macs into main power

• Use Apple Software Update

• Check for firmware updates

• Verify application compatibility

• Back up important files and folders

• Document critical settings

• Keep up to date by visiting Apple’s Lion support website.

3. You can identify a Mac firmware version by opening the full system report in the System Information application. You can verify whether a Mac firmware is up to date by visiting Apple’s support website to see a list of available firmware updates.

4. Single-partition drives are easier to set up initially, but they aren’t as flexible for administration and maintenance. Multiple-partition drives require repartitioning during setup but provide several separate partitions, which can be used to segregate user data and host multiple operating systems.

5. The Lion Recovery system provides access to Restore System From Time Machine Backup, Reinstall Mac OS X, Get Help Online via Safari, Disk Utility, Startup Disk, Firmware Password Utility, Terminal, Reset Password, System Information, and Network Utility.

6. The system version, build number, and hardware serial number are located in the About This Mac dialog or the login screen. The system version number defines the specific version of Mac OS X installed. The system build number is an even more specific identifier used primarily by developers. Finally, the hardware serial number is a unique number used to identify your Mac.

7. Generally, Personal preferences affect only a single user, Hardware preferences adjust hardware and peripheral settings, Internet & Wireless preferences affect personal and system network settings, and System preferences affect all users and often require administrative access.

8. The Software Update application uses the Internet to check for Apple software updates. You can adjust automatic update settings or manually open the Software Update application from the Software Update preferences.

ACTC 10.7 Recertification Exam Preparation Guide

9

Page 10: Actc 10.7 Exam Prep

Chapter Two: User Accounts

Upon completion of Chapter Two, “User Accounts” in OS X Lion Support Essentials, you should be able to complete the following tasks. Two items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Create a local user account

• Configure a local user account with a name, short name, picture, parental control, administrator access, password, and several login items

• Customize the appearance and behavior of the login window

• Reset a user’s password

• Disable fast user switching

• Switch between two configured user accounts

• Delete a local user account

• Restore a deleted user's data

• Troubleshoot an issue related to fast user switching

• Resolve an issue related to fast user switching

• Troubleshoot a lost administrator account password

• Resolve a lost administrator account password

• List five types of user accounts in OS X and compare and contrast them

• Identify three attributes of user accounts in OS X

• Describe the security risks related to enabling the Guest account, user account, and sharing user account

• Describe a security risk of using an administrator account as the primary user account

• Describe an advantage of using an administrator account as the primary user account in OS X

• List the default folders in a user home folder

• Compare and contrast the functions of each of the default folders in a user's home folder in OS X

• List the resources that an administrator can limit in the Parental Controls pane of System Preferences

• Describe three errors that can occur when fast user switching is turned on and two users access the same file or peripheral

• Describe errors that can occur when fast user switching is turned on and two users access the same application simultaneously, as described in Apple Support article 25619 <http://docs.info.apple.com/article.html?artnum=25619>

• Describe a security risk when fast user switching is turned on, and other local users switch to their accounts

ACTC 10.7 Recertification Exam Preparation Guide

10

Page 11: Actc 10.7 Exam Prep

• Test a password's robustness

• Create a secure password

• View a keychain password

• Set a Master password

• Reset the Master password

• Configure the computer to be more secure

• Troubleshoot a lost FileVault-encrypted user account password,

• Compare and contrast how login, Firmware, resource, and keychain passwords function in OS X

• Compare and contrast the roles of keychains, keychain items, and keychain first aid

• Describe how FileVault secures user data

• Describe how resetting a user account password can cause the keychain and user account password to get out of sync

• Describe how resetting a user account password can cause the FileVault and user account password to get out of sync

• Describe how the Firmware password feature prevents users from changing passwords for user accounts other than their own

• Describe how to enable and disable the firmware password

• Describe the implications and process for converting Legacy FileVault data to FileVault 2

• Describe the functions and features of the keychains in OS X

• Use Keychain Access to create new keychains, reset keychain passwords, and change keychain settings

• Describe how to use an Apple ID to reset a user account password

• Reset the account password for the user associated with an Apple ID

• Enable and disable the firmware password

• Upgrade a user's account from Legacy FileVault to FileVault 2

• Troubleshoot a lost Master password,

Chapter Two review questionsAfter completing Chapter Two, you should be able to answer the following questions.

1. What are the five types of user accounts in Lion? How are they different?

2. What are account attributes?

3. How can you restrict a user account from having full access to all applications?

ACTC 10.7 Recertification Exam Preparation Guide

11

Page 12: Actc 10.7 Exam Prep

4. What are some security risks associated with each type of user account?

5. What default folders make up a user’s home folder? What are some optional folders in a user’s home folder?

6. What types of resource contention issues can occur when fast user switching is enabled?

7. What security risk is associated with fast user switching?

8. What does a keychain do?

9. How does Legacy FileVault secure a user’s data?

10. How does resetting the Master password affect existing Legacy FileVault user accounts?

11. How does resetting a user’s password as an administrative user affect that user’s keychains?

12. How does the Firmware Password Utility help prevent users from making unauthorized password changes?

Answers

1. Standard is the default account type; administrative users can make changes to the system; a guest user doesn’t require a password; sharing only users can access only shared files; and the root user has unlimited access.

2. Account attributes are the individual pieces of information that define a user account. Examples include full name, account name, user ID, universally unique ID (UUID), group, and home directory.

3. Parental controls can be used to further limit a user account. Examples include enforcing a simple Finder, limiting applications and widgets, setting time limits, and filtering content.

4. Standard user accounts are very secure, assuming they have good passwords. Administrative users can make changes that may negatively affect the system or other user accounts. A guest user could fill your system drive with unwanted files. Sharing only users are generally secure as long as you don’t give them too much access to your items. The potential for mayhem with root user access is nearly unlimited.

5. The default folders in a user’s home folder are Desktop, Documents, Downloads, Library (hidden), Movies, Music, Pictures, and Public. Optional home folder items include Applications and Sites folders.

6. Resource contention occurs when fast user switching is enabled and a user tries to access an item that another user has open in the background. Document contention occurs when a user attempts to open a document that another user has already opened. Peripheral contention occurs when a

ACTC 10.7 Recertification Exam Preparation Guide

12

Page 13: Actc 10.7 Exam Prep

user attempts to access a peripheral that’s already in use by another user’s open application. Application contention occurs when the second user attempts to access an application that’s designed to run only once on a system.

7. When fast user switching is enabled, all users can see other users’ locally connected drives.

8. A keychain is an encrypted file that securely saves passwords, certificates, or notes. By default, all users have a login keychain that has the same password as their account.

9. Legacy FileVault stores the user’s home folder in an encrypted disk image. This disk image is accessible only by the Legacy FileVault user.

10. If a known Master password is reset using the Security & Privacy preferences, Legacy FileVault accounts won’t be negatively affected. On the other hand, if a Master password is reset because it was lost, Legacy FileVault accounts can’t be reset by the new Master password.

11. If an administrative user resets another user’s account password, this process won’t change any keychain passwords. Therefore, the user’s keychains won’t automatically open when the user logs in with the new password. The user will have to use Keychain Access to manually change keychain passwords.

12. The Firmware Password Utility prevents users from starting up from another system drive, which then prevents them from using a Lion Recovery system to reset local passwords without authorization.

Chapter Three: File Systems

Upon completion of Chapter Three, “File Systems” in OS X Lion Support Essentials, you should be able to complete the following tasks. One item from this chapter is included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Configure OS X so that the entire hard drive is encrypted

• Resolve lost login password and recovery key issues on a Mac with OS X installed on FileVault 2 encrypted disk

• Change the partition map scheme of a non-boot disk, such as an external hard disk

• Format a computer's hard disk as specified in a set of volume and partition scheme specifications

• Gather information about the format, partition scheme, bus type, and available space on local hard disks and volumes

• Repair the hard disk

ACTC 10.7 Recertification Exam Preparation Guide

13

Page 14: Actc 10.7 Exam Prep

• Securely erase a volume using the Zero Out Data option

• Configure a Mac into Target Disk Mode so it can be connected to another computer as a hard drive

• Unmount one of the computer’s storage devices

• Use the Finder to burn a data CD or a data DVD

• Use Disk Utility to burn a data CD or a data DVD

• Troubleshoot and resolve a scenario in which corrupted volume permissions have motivated an unbootable system or file access issues

• Given two Mac computers with OS X installed, Internet access, and a scenario in which one computer has become unbootable, resolve the issue by migrating user data from the unbootable disk

• Differentiate between hard disks, partitions, and volumes

• Compare and contrast GUID, APM, and MBR partition map schemes

• Compare and contrast the volume formats supported by OS X: Mac OS Extended; Mac OS Extended (Journaled); Mac OS Extended (Journaled, Case-Sensitive); UFS; FAT32; NTFS; ExFAT; and Mac OS Extended (Journaled, Encrypted)

• Describe how file system journaling works in OS X

• Compare and contrast the RAID schemes Disk Utility supports

• Describe the Verify and Repair features of Disk Utility

• Compare and contrast the erase options available in Disk Utility, including single-pass, 3-pass, and 7-pass erases

• Describe the function of the Secure Empty Trash feature in the Finder

• Describe how power failures and force-ejecting a disk can corrupt a volume

• Identify three ways to unmount a disk from the Finder

• Describe the steps required to use the Finder to burn a CD or DVD

• Describe the steps required to use Disk Utility to burn a CD or DVD

• Describe Target Disk Mode

• Change the owner and group for a file and a folder

• Store an application and a data file so that they’re accessible only to individual local users

• Configure file and folder permissions to enforce a set of access specifications

• Use Lion Recovery to repair permissions on the computer's boot volume

• Troubleshoot a scenario in which incorrect permissions have caused a file access issue

• Describe the function of each of the permission settings and ACL settings on OS X files and folders

• Identify the owner and group for any file in a file system

ACTC 10.7 Recertification Exam Preparation Guide

14

Page 15: Actc 10.7 Exam Prep

• Identify the owner and group permission settings for users' home folders

• Describe why the root of any user's home folder is accessible to other users

• Describe the permissions you can set on the Shared folder so it will act as a shared storage location for local user accounts

• Describe what it means to ”ignore volume ownership,” including when it is useful to do so, and one potential risk when ignoring ownership

• Describe how the organization of the OS X file system allows multiple users to safely share local files and folders

• Define the term “sticky bit” as it applies to the OS X file system

• State the requirements for FileVault 2 on an OS X computer

• Describe how to securely erase the remaining space on a drive connected to an OS X computer

• Use Disk Utility to securely erase remaining space on a drive

• Describe how to force an item that’s in use to eject

• Configure a Mac that has a Lion Recovery disk to use FileVault 2

• Describe the tools and methods for locking and unlocking files for particular users on the system

• Describe the tools and methods for resetting home folder permissions

• Reset the home folder permissions on a Mac booted from a Lion Recovery volume

Chapter Three review questionsAfter completing Chapter Three, you should be able to answer the following questions.

1. What is the difference between disk drives, partitions, and volumes?

2. What are the two primary partition schemes for Mac-formatted drives? What are their differences?

3. What two volume formats does a Lion system volume support?

4. How does file system journaling work?

5. What are the four erase options available in Disk Utility? What are the differences between them?

6. How does the Finder’s Secure Empty Trash feature work?

7. What four methods can be used to eject a volume or drive from the Finder?

8. What is the potential side effect of improperly unmounting or ejecting a drive or volume?

ACTC 10.7 Recertification Exam Preparation Guide

15

Page 16: Actc 10.7 Exam Prep

9. What differentiates a RAID 0 set from a RAID 1 set?

10. How do you use the Finder’s Burn Folder feature?

11. How do you use Disk Utility to burn an optical disc?

12. Why is the root, or beginning, level of a user’s home folder visible to other users?

13. How do you set the permissions on the Shared folder to allow local user sharing?

14. How does the default organization of the file system allow users to safely share local files and folders?

15. What does it mean when you choose the option to “ignore volume ownership” in the Finder? What are the security ramifications of ignoring volume ownership?

16. How do you identify the ownership and permissions of a file or folder in the Finder?

17. What is the sticky bit?

18. What is the locked file flag?

19. How do you use Disk Utility’s Verify and Repair feature?

20. What is Target Disk Mode and how do you turn it on?

Answers

1. Disk drives are the actual storage hardware; partitions are logical divisions of a disk drive used to define the storage space; and volumes, contained inside partitions, define how the individual files and folders are saved to the storage.

2. GUID Partition Table is the default partition scheme on Intel-based Mac computers, and Apple Partition Map is the default partition scheme on PowerPC-based Mac computers.

3. The volume formats supported as system volumes for Lion are Mac OS Extended (Journaled) and Mac OS Extended (Journaled, Encrypted).

4. File system journaling records what file operations are in progress at any given moment. This way, if a power failure or system crash occurs, after the system restarts it can quickly verify the integrity of the volume by “replaying” the journal.

5. The four erase options in Disk Utility are Fastest, which simply replaces the volume’s directory structure; a second choice (single-pass erase), which provides good security by writing zeros on top of all the previous drive data; a third choice (3-pass erase), which provides even better security by writing three separate passes of information on top of the previous drive data; and Most Secure (7-pass erase), which provides the best security by writing seven separate passes of information on top of the previous drive data.

ACTC 10.7 Recertification Exam Preparation Guide

16

Page 17: Actc 10.7 Exam Prep

6. The Finder’s Secure Empty Trash performs a 7-pass erase on the contents of the Trash folder.

7. The four methods for ejecting a volume or drive from the Finder are: drag the drive icon to the Trash in the Dock; press and hold the Eject key to unmount and eject optical media; select the volume you wish to unmount and eject from the Finder and choose File > Eject from the menu bar; and, finally, in the Finder’s sidebar, click the small Eject button next to the volume you wish to unmount and eject.

8. Improperly unmounting or ejecting a drive or volume may cause data corruption. The system will automatically verify and repair an improperly unmounted or ejected volume the next time it becomes available to the Mac.

9. RAID 0 uses disk striping to simultaneously write data to all drives, providing increased performance, but it increases your chances of data loss due to drive failure. RAID 1 uses disk mirroring to write the same data to multiple drives, which does not increase performance but does greatly decrease your chances of data loss due to drive failure.

10. You can burn a disc with the Finder in several ways. First, you can create a burn folder of any size by choosing File > New Burn Folder from the menu bar. After you’re done adding and arranging items in the burn folder, click the Burn button and then insert a blank recordable optical disc. You can also create a burn folder of a specific optical disc size by first inserting a blank recordable optical disc; the Finder will automatically create a burn folder that matches the size of the recordable optical disc.

11. Disk Utility can burn the contents of a disk image to an optical disk. Click the Burn button in Disk Utility’s toolbar, select a disk image, and then insert a blank recordable optical disc.

12. The root level of a user’s home folder is visible to other users so they can navigate to the Public and Sites shared folders.

13. The Shared folder is set up to allow all users to read and write files, but only the user who owns an item can delete it from the Shared folder. This is accomplished using the sticky bit permissions setting.

14. Every home folder contains a Public folder that other users can read and a Drop Box folder that other users can write to. All other subfolders in a user’s home folder (except the optional Sites folder) have default permissions that don’t allow access to other users. The Shared folder is also set for all users to share items.

15. You can choose to ignore ownership on any nonsystem volume. This ignores any ownership rules and grants any logged-on user unlimited access to the contents of the volume. It’s a potential security risk because any local user

ACTC 10.7 Recertification Exam Preparation Guide

17

Page 18: Actc 10.7 Exam Prep

account can have full access to the volume even if that user didn’t originally mount the volume.

16. You can identify an item’s ownership and permissions with the Get Info or Inspector windows in the Finder.

17. The sticky bit is a special permission used to define a folder as an append-only destination or, more accurately, a folder in which only the owner of the item can move, rename, or delete the item.

18. The locked file flag prevents anyone, including the item’s owner, from editing an item. Only the item’s owner can unlock the item to then allow modification.

19. The Disk Utility’s Verify and Repair feature can verify and repair the directory structure of a volume. The directory structure contains all the information used to locate files and folders on the volume.

20. Target Disk Mode is a Mac-specific hardware feature that you can use to share a Mac internal disk drives through its FireWire ports. You can turn on Target Disk Mode from the Startup Disk preferences or by holding down the T key as you turn on the Mac.

Chapter Four: Data ManagementUpon completion of Chapter Four, “Data Management” in OS X Lion Support Essentials, you should be able to complete the following tasks. No items from this chapter are included in the pool of exam questions.

• Access the contents of a package

• Install a font so only one user account can use it

• Locate a file in the OS X file system that has specific metadata

• Configure privacy settings for Spotlight

• Troubleshoot and resolve scenarios in which resources, including fonts, are missing from a search path

• Configure the Finder to show all file extensions

• Change which application is set to open a file or file type

• List the four default top-level folders visible in the Finder

• Describe a resource fork, including its advantages and disadvantages

• Compare and contrast the System, Local, User, and Network domains, including what resources are stored in each, and the order in which OS X searches for resources in the file system

• Describe OS X extended attributes, and give one example of information the system keeps as an extended attribute

• Compare and contrast these file types: extensions, frameworks, fonts, preferences, startup items, and logs

ACTC 10.7 Recertification Exam Preparation Guide

18

Page 19: Actc 10.7 Exam Prep

• Compare and contrast file system packages and bundles, and their purposes

• Identify where files of each of these file types are located in the file system: extensions, frameworks, fonts, preferences, startup items, and logs

• Describe how Spotlight metadata is used

• Describe how and why the Finder hides certain folders by default

• Identify potential privacy and security issues with Spotlight

• Describe where metadata indexes and plug-ins are stored in the OS X file system

• Describe how the Finder identifies which application it should use to open a file

• Create a compressed copy of specified files

• Create a disk image that archives and compresses target files

• Create an encrypted disk image that archives and compresses target files

• Compare and contrast disk images created with Disk Utility and zip archives created with the Finder

• Describe what options are available when you use Disk Utility to create a new blank image

• Choose the destination where Time Machine should store backup data

• Verify backup frequency, retention schedule, and items excluded from backup

• Use a Time Machine backup to restore individual files, a complete set of user data, and a full system

• View items inside the Time Machine archive

• Describe how Time Machine works

• Identify which files are always omitted from Time Machine backups

• Describe issues with backing up large database files that are frequently updated

• Describe the archive format Time Machine uses

• Describe why a specific archived file may not be available due to backup or retention schedule parameters

• Compare and contrast the features and functions of aliases and links as implemented in OS X

• Describe the tools and methods used to create aliases and links

• Create an alias

• Describe the features and functions of Quick Look

• State the location of Quick Look plugins

• State the file types Quick Look supports in a default installation of OS X

ACTC 10.7 Recertification Exam Preparation Guide

19

Page 20: Actc 10.7 Exam Prep

• State which applications included with OS X use Quick Look

• Use Quick Look to view files of different types

• Describe how Time Machine uses encryption in a backup

• Configure a Time Machine backup to use encryption

• Repair a broken alias

• Describe the structure and purpose of the Apple Double metadata format

• Identify the files and their associated Apple Double metadata files in a non-native share point containing native OS X files

Chapter Four review questionsAfter completing Chapter Four, you should be able to answer the following questions.

1. What are the four default top-level folders visible in the Finder?

2. What are six common system resources? What purpose does each resource serve? Where are they located in the file hierarchy?

3. What are the four system resource domains? What purpose does each domain serve?

4. Why does the Finder hide certain folders at the root of the system volume?

5. What two methods can you use to hide items from the Finder?

6. What is file system metadata? What are some examples of file system metadata?

7. What are some of the common file flags Lion uses?

8. What does Lion use bundles or packages for?

9. How does the system identify which application to open when a user double-clicks a file?

10. What are some privacy and security concerns with Spotlight?

11. What are the differences between zip archives and disk images?

12. How does Spotlight use metadata?

13. Where does Spotlight store its metadata index databases? How about the Spotlight plug-ins?

14. What backup destinations does Time Machine support?

15. How does Time Machine maintain a backup history of the file system?

ACTC 10.7 Recertification Exam Preparation Guide

20

Page 21: Actc 10.7 Exam Prep

16. What types of files are omitted from Time Machine backups?

17. Why is Time Machine inefficient at backing up large databases?

18. Why might a previously backed-up item no longer be available in Time Machine?

Answers

1. The four default top-level folders visible in the Finder are:

• Applications, containing applications all local users have access to

• Library, containing system resources all local users have access to;

• System, containing necessary system resources

• Users, containing all the local user home folders.

2. Six common system resources are:

• Extensions, which attach themselves to the system kernel to provide hardware and peripheral driver support

• F rameworks, which are shared code libraries that provide additional software resources for both applications and system processes

• Fonts

• Preference files, which contain application and system configuration information

• LaunchAgents and LaunchDaemons, used by launchd to provide services that automatically start when they’re needed or at system startup

• Logs, which are text files that contain error and progress entries from nearly any application or system service.

3. The four system resource domains are:

• User, containing applications and system resources specific to each user account

• Local, containing applications and system resources available to all users on the local Mac

• Network (optional), containing applications and system resources available to any Mac that has an automated network share

• System, containing applications and system resources required to provide basic system functionality.

4. The Finder hides traditional UNIX resources from average users because they don’t need to access those items. If users do need access to these UNIX items, they can access them from Terminal.

5. The Finder doesn’t show items with periods at the beginning of their filename or items with the hidden file flag enabled.

6. Metadata is information stored outside a file or folder. It provides additional information about files and folders.

ACTC 10.7 Recertification Exam Preparation Guide

21

Page 22: Actc 10.7 Exam Prep

Examples include file flags, extended file attributes, and permissions.

7. Common file flags include the locked flag, which locks files from changes, and the hidden flag, which hides the item in the Finder.

8. OS X uses bundles and packages to combine complex items into individual folders. Packages have the advantage of appearing as a single item in the Finder, and software developers can combine resources into a single item, preventing users from altering those resources.

9. Files are identified primarily by their filename extension. Launch Services maintains a database of known applications and which file types they can open. When you double-click a file in the Finder, Launch Services tries to find an appropriate match. You can override the default application selection in the Finder.

10. Though Spotlight indexes file and folder permissions, it will allow other users to search the contents of locally attached nonsystem volumes when ownership is ignored on those volumes.

11. You can create zip archives with the Finder from a specific selection of items. Zip archives are compatible with many operating systems. On the other hand, you use Disk Utility to create disk images and you can create highly flexible archive volumes that contain nearly anything.

12. Spotlight creates index databases of file system metadata so that it can perform normally time-intensive searches nearly instantly.

13. Spotlight metadata index databases are stored at the root of every volume in a /.Spotlight-V100 folder. However, a Legacy FileVault user’s database is stored in the user’s encrypted home folder. Also, the Mail application maintains its own database in each user’s home folder at ~/Library/Mail/V2/MailData/Envelope Index. Spotlight plug-ins are in any Library in a folder named Spotlight.

14. Time Machine can back up to any Mac OS Extended volume, a network share hosted on Time Capsule, or a network share hosted on an OS X Server computer.

15. Time Machine starts with a full copy of the file system; then it records any changes to the file system and copies only the changes. It creates a simulation of the full file system using hard links for files that haven’t changed.

16. Time Machine always ignores temporary files, Spotlight indexes, items in the Trash, and anything else considered a cache. Time Machine also ignores any files an application has defined as exempt, or any files you have defined as exempt in the Time Machine preferences.

ACTC 10.7 Recertification Exam Preparation Guide

22

Page 23: Actc 10.7 Exam Prep

17. Time Machine is inefficient at backing up large databases because it must back up the entire database file every time any change, no matter how small, is made to the database.

18. An item you previously backed up may not be available if the backup volume is full and Time Machine has deleted older items to make room for newer items.

Chapter Five: Applications and ProcessesUpon completion of Chapter Five, “Applications and Processes” in OS X Lion Support Essentials, you should be able to complete the following tasks. Two items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Force an application to quit in two ways

• Resolve corrupted preferences in an application

• Troubleshoot and resolve corrupt files inside a Library folder

• Troubleshoot and resolve corrupted preferences on the system

• Define protected memory

• Describe the application environments OS X supports

• Define 64-bit memory addressing

• Identify the architecture (PowerPC or Intel) an application supports

• Identify processes and applications that are using a significant percentage of RAM or processor time

• List installed applications

• Identify three ways to force an application to quit

• Describe where OS X stores application preferences

• Describe the format of preference files

• Identify the preference pane that enables accessibility features in the Finder and other applications

• Describe Universal Access's VoiceOver feature

• Describe the function of Universal Access

• Describe advantages of signed applications

• Describe how to troubleshoot application environment issues

• Install a widget that only one user can access, and a widget that all users can access

• Locate preferences stored by Dashboard widgets

• Remove installed Dashboard widgets

• Troubleshoot and resolve an issue with a Dashboard widget

• Describe how Dashboard widgets work

ACTC 10.7 Recertification Exam Preparation Guide

23

Page 24: Actc 10.7 Exam Prep

• Describe security implications of installing Dashboard widgets

• Describe the key features of the Mac App Store

• Describe the key requirements for using the Mac App Store to purchase and install applications

• Describe the process for signing in and out of the Mac App Store with a valid Apple ID

• Verify the currently active Apple ID for the Mac App Store

• Use the Mac App Store to purchase, download, and install an application

• Use the Mac App Store to update an application purchased on the Mac App Store

• Use the Mac App Store to view and manage purchases

• Describe the features, purpose, and operation of Auto Save

• Create a locked document with the pop-up menu in the document's title bar

• Describe the features, purpose, and operation of Versions

• Choose Browse All Versions from the document’s title bar and use the timeline interface to restore a previous version of a document

• Use the pop-up menu in the document's title bar to modify a locked document

• Use the pop-up menu in the document's title bar to create a template from a locked document

• Use the pop-up menu in the document's title bar to create a duplicate document

• Choose Browse All Versions in the document's title bar and use the timeline interface to copy between versions of a document

• Describe the requirements and process for running Java applications on OS X

• Describe the purpose and benefit of application sandboxing

• Install and run a Java application

• Compare and contrast 32- and 64-bit modes for OS X applications

• Configure an application to run in 32-bit mode

• Compare and contrast using dragging to install applications and using installation packages to install applications

• Install an application with drag-and-drop

• Install an application with an installation package

• Describe the tools and methods for updating applications that were installed using either traditional drag and drop or installation packages

• Update an application that was installed with drag-and-drop

• Update an application that was installed with an installation package

ACTC 10.7 Recertification Exam Preparation Guide

24

Page 25: Actc 10.7 Exam Prep

• Compare and contrast the tools and methods to remove applications with Launchpad, Trash, and uninstallers

• Remove an application with Launchpad

• Remove the application that was installed by drag-and-drop using the Trash

• Remove an application using its uninstaller

• Describe the function, purpose, and benefits of the Resume feature

• Describe the tools and methods to control the Resume feature

• Use the options presented in the logout window to enable and disable the Resume feature

• Use System Preferences to enable and disable the Resume feature

• Describe the diagnostic reporting and log features supported in the Console application

• Use the Console application to display diagnostic reporting and logs for a particular application

Chapter Five review questionsAfter completing Chapter Five, you should be able to answer the following questions.

1. What is protected memory? What is 64-bit memory addressing?

2. What are the five application environments Lion supports? Which one requires an additional download and installation?

3. What are the advantages of code signing?

4. What are the requirements for purchasing applications on the Mac App Store?

5. What system preference enables the accessibility features in Lion? What accessibility features are available in Lion?

6. What is Auto Save? How can you identify an application that supports Auto Save?

7. How deep is the version history of a file when shared by email?

8. How can you identify an application’s type?

9. How can you identify which applications are installed on your Mac?

10. What steps should you take to troubleshoot application issues?

11. What three ways can you can force an application to quit from the graphical interface?

12. What does the diagnostic reporting feature do?

ACTC 10.7 Recertification Exam Preparation Guide

25

Page 26: Actc 10.7 Exam Prep

13. Where are application preferences stored? What format is often used for preference files?

14. What process or processes are responsible for Dashboard widgets?

Answers

1. The system keeps applications from interfering with one another by segregating their memory usage using protected memory. Mac computers with 64-bit-capable processors allow processes to run in 64-bit mode, which allows them to individually access more than 4GB of memory.

2. The five application environments supported by Lion are:

• Cocoa, the native application environment for OS X

• Carbon, which is based on Mac OS 9 but still provides native performance

• BSD, which is Lion’s command-line interface (CLI) and is based on Berkeley Software Distribution (BSD) UNIX

• X11, which is a popular UNIX windowing environment

• Java, which works as a cross-platform application solution. Lion doesn’t include the Java application runtime, so it must be downloaded and installed after Lion’s initial installation.

3. Code-signed items include a digital signature that the system can use to verify the authenticity and integrity of the application or process and its resources.

4. The requirements to purchase items from the Mac App Store are Mac OS X v10.6.6 or later, an Apple ID, an Internet connection, and authorization as a local administrator.

5. Lion’s accessibility features are available from the Universal Access preferences. Universal Access includes options to assist users who have difficulty seeing, hearing, using the keyboard, or using the mouse and trackpad.

6. Auto Save is a new feature in Lion that allows applications to automatically save changes to users’ documents. Once users save a document the first time, they never have to think about saving changes again. Applications that support Auto Save feature a Duplicate function in the File menu instead of a Save As function.

7. Documents sent via email or otherwise copied to a shared location don’t retain any version history.

8. You can identify an application’s type with the Get Info or Inspector window in the Finder or with System Profiler.

9. You can use the System Profiler application to easily scan all the appropriate application locations and return a list of installed applications.

ACTC 10.7 Recertification Exam Preparation Guide

26

Page 27: Actc 10.7 Exam Prep

10. General application troubleshooting steps include restarting the application, trying another known working document, trying another user account, checking log files, deleting cache files, replacing preference files, and replacing application resources.

11. The three ways to force an application to quit from the graphical interface are from the Force Quit Application dialog accessed from the Apple menu, from the Dock’s application shortcut menu accessed by Control-clicking or right-clicking the application’s icon, or from the/Applications/Utilities/Activity Monitor application.

12. The diagnostic reporting feature automatically begins any time an application crashes or hangs. This process creates a diagnostic report log that can be viewed immediately, reported to Apple via the Internet, or viewed later in the /Applications/Utilities/Console application.

13. Application preferences are almost always stored in the user’s Library folder in the ~/Library/Preferences folder. Most application preferences are property lists, which are XML-formatted files that use the “.plist” filename extension.

14. The Dock process starts the DashboardClient process on behalf of the currently logged-in user. All open widgets run inside the DashboardClient process.

Chapter Six: Network ConfigurationUpon completion of Chapter Six, “Network Configuration” in OS X Lion Support Essentials, you should be able to complete the following tasks. One item from this chapter is included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Discuss the purpose and format of Internet Protocol (IP) addresses and subnet masks

• Describe how the Internet Protocol uses a MAC address to send messages between computers over a local area network (LAN)

• Describe how the IP transfers messages between computers over a wide area network (WAN), including how IP addresses, subnet masks, and routers work

• Describe how domain name service (DNS) is used to associate computer host names with IP addresses on a network

• Define the terms ”service,” ”interface,” and ”protocol”

• Identify an IPv4 address, an IPv6 address, and a MAC address

• Configure a network interface for TCP/IP, and DNS for a static address

• Configure a network interface for TCP/IP for a dynamic (DHCP) address

• Configure a network interface for WINS

ACTC 10.7 Recertification Exam Preparation Guide

27

Page 28: Actc 10.7 Exam Prep

• Configure proxy settings for a network interface

• Describe the ways to configure a network interface for 802.1X

• Configure link speed, duplex, and MTU for a network interface

• Configure PPPoE connection settings for an Ethernet interface

• Configure VPN settings, including PPTP, L2TP, and Cisco IPSec, for a VPN connection

• Configure a virtual interface for a VLAN or for bonding

• Troubleshoot network connectivity issues

• Isolate a network connection issue to the local computer, the network, or a server

• Isolate local network configuration issues that prevent use of LAN resources

• Troubleshoot and resolve a connection issue for a specific network interface

• Monitor the incoming and outgoing traffic on a network interface for network connectivity issues

• Make sure a DNS entry is correctly configured

• List the interfaces and interface protocols supported in a default installation of OS X

• Describe how OS X computers acquire and use link-local TCP/IP addresses on a network

• Identify whether a network interface has received an IP address from a DHCP server or is using a link-local address

• Identify the Ethernet or Airport MAC address of an OS X computer

• Identify a connection issue for a network interface

• List four common issues that can interrupt network services on an OS X computer

• Configure multiple network interfaces

• Configure the network interface priority

• Create a new network location

• Change to a new network location

• Troubleshoot a failed network connection

• Make sure that a network route exists between two computers

• Describe how network port priority affects network connectivity

• Given a list of network interface priorities and active interfaces, identify the interface used for network access

• Describe how computers get assigned IP addresses by a DHCP server

• Configure a Mac to automatically obtain an IP address from the DHCP server

• Describe how OS X connects to Wi-Fi networks upon startup or wake

ACTC 10.7 Recertification Exam Preparation Guide

28

Page 29: Actc 10.7 Exam Prep

• Configure a Mac to connect to a Wi-Fi network

• Describe the criteria by which a Mac with OS X installed and functional Wi-Fi hardware automatically connects to a Wi-Fi network

• Configure a Mac to connect to a secure Wi-Fi network

• Describe the types of secure Wi-Fi networks that a Mac with OS X installed and functional Wi-Fi hardware can connect to

• Describe how OS X stores and manages credentials for accessing secure Wi-Fi networks

• Define SSID as it relates to Wi-Fi networks

• Describe the purpose of SSIDs as they relate to Wi-Fi networks

• Identify a particular SSID associated with a particular Wi-Fi network

• Create and join an ad hoc Wi-Fi network between two computers

• Describe the features and purpose of Ad Hoc Networking as it relates to Wi-Fi networks on OS X computers

• Describe the tools, options, and methods for configuring Wi-Fi on an OS X computer

• Configure a Mac to prompt the user when it joins a Wi-Fi network

• Configure a Mac to show its Wi-Fi status

• Describe the tools, options, and methods for managing preferred networks on an OS X computer

• Display the preferred networks that have been created on a Mac

• Create a preferred networks entry on a Mac

• Remove a preferred networks entry from a Mac

Chapter Six review questionsAfter completing Chapter Six, you should be able to answer the following questions.

1. What do the terms interface, protocol, and service mean in relation to computer networks?

2. What is the purpose of Internet Protocol (IP) addresses and subnet masks? What is their format?

3. How does the IP use the MAC address to send messages between computers on a local area network (LAN)?

4. How does the IP transfer messages between computers over a wide area network (WAN)?

5. How does the Domain Name Service (DNS) facilitate network naming?

6. How do network devices acquire and use link-local TCP/IP addresses?

7. What interfaces and protocols does Lion support by default?

ACTC 10.7 Recertification Exam Preparation Guide

29

Page 30: Actc 10.7 Exam Prep

8. How does network service order affect network connectivity?

9. In the Network preferences, how can you tell which interface is currently in use for network activities?

10. What functionality does Lion support with the AppleTalk protocol?

11. What are four common issues that can interrupt network services on a Mac?

12. How can you identify the MAC addresses for all of a Mac’s network interfaces?

Answers

1. An interface is any channel through which network data can flow. Hardware network interfaces are defined by physical network connections, while virtual network interfaces are logical network connections that ride on top of hardware network connections. A protocol is a set of rules used to describe a specific type of network communication. Protocols are necessary for separate network devices to communicate properly. Finally, a network service (as it pertains to the Network preferences) is the collection of settings that define a network connection.

2. The Internet Protocol (IP) address identifies the location of a specific network device. IP addresses are the primary identification the Internet protocol suite TCP/IP uses for LANs and WANs. Subnet masks are used by network devices to identify their local network range and to determine whether outgoing data is destined for a network device on the LAN. Most common IP addresses and subnet masks share the same IPv4 formatting. An IPv4 address is a 32-bit number represented in four groups of three-digit numbers, known as octets, separated by periods. Each octet has a value between 0 and 255.

3. If a network device needs to send data to another network device on the same LAN, it addresses the outgoing packets based on the destination device’s MAC address.

4. A network client uses the subnet mask to determine whether the destination IP address is on the LAN. If the destination IP address is not on the LAN, then it’s assumed the destination address is on another network, and the client sends the data to the IP address of the local network router. The network router then sends the data, over a WAN connection, on to another router that it thinks is closer to the destination. This continues across WAN connections from router to router until the data reaches its destination.

5. The DNS service translates host names to IP addresses with forward lookups and translate IP addresses to host names by using reverse lookups. DNS is architected as a hierarchy of worldwide domain servers. Local DNS servers provide name

ACTC 10.7 Recertification Exam Preparation Guide

30

Page 31: Actc 10.7 Exam Prep

resolution and possibly host names for local clients. These local DNS servers connect to DNS servers higher in the DNS hierarchy to resolve both unknown host names and host local domain names.

6. If DHCP is specified as the configuration for a TCP/IP connection and no DHCP service is available, the device automatically selects a random IP address in the 169.254.xxx.xxx range. It checks the local network to ensure that no other network device is using the randomly generated IP address before it applies the IP address. In most cases, though, this addressing is not normal, and often indicates a problem with DHCP services.

7. Lion supports the following network interfaces and protocols:

• Wired Ethernet IEEE 802.3 family of hardware network interface standards

• Wireless (Wi-Fi) IEEE 802.11 family of hardware network interface standards

• FireWire IEEE 1394 hardware network interface

• Analog modem hardware network interface

• Bluetooth wireless hardware network interface

• USB connectivity via cellular network adapters

• Virtual private network (VPN) virtual network interface via the Point-to-Point Tunneling Protocol (PPTP)

• VPN virtual network interface via the Layer 2 Tunneling Protocol (L2TP) over Internet Protocol security (IPsec)

• Point-to-Point Protocol over Ethernet (PPPoE) virtual network interface 6 to 4 virtual network interface

• Virtual local area network (VLAN) virtual network interface via the IEEE 802.1Q standard

• Link Aggregation virtual network interface via the IEEE 802.3ad standard

• Transmission Control Protocol/Internet Protocol (TCP/IP), also known as the Internet protocol suite

• Dynamic Host Configuration Protocol (DHCP) Domain Name Service (DNS) protocol

• Network Basic Input/Output System (NetBIOS) and Windows Internet

• Naming Service (WINS) protocols

• Authenticated Ethernet via the 802.1X protocol

• Point-to-Point Protocol (PPP)

8. The network service order list determines the primary network service interface if there is more than one active service. All network traffic that isn’t better handled via local connection to an active network service interface is sent to the primary network service interface. Thus, all Internet traffic

ACTC 10.7 Recertification Exam Preparation Guide

31

Page 32: Actc 10.7 Exam Prep

is sent through the primary network service interface. Further, all DNS resolution is handled via the primary network service interface.

9. In Network preferences, all network service interfaces with a green status indicator are being used for network activities. However, all network traffic that isn’t better handled by a local connection is sent to the primary network service interface. The primary network service interface is the topmost active interface in the listing.

10. Lion does not support AppleTalk.

11. Four common issues that interrupt network services on a Mac are:

• A disconnected network cable will cause the hardware network interface to become inactive.

• A nonfunctioning network interface port will cause the hardware network interface to become inactive.

• A DHCP service issue will prevent proper TCP/IP configuration.

• A DNS service issue will prevent host name resolution.

12. You can identify all the MAC addresses for the computer’s network interfaces from the Info pane of Network Utility.

Chapter Seven: Network Services

Upon completion of Chapter Seven, “Network Services” in OS X Lion Support Essentials, you should be able to complete the following tasks. Two items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Given a Mac with OS X installed, access network services

• Access files from each of the five types of accessible file servers

• Access screen sharing on other OS X computers

• Discover file services available on a WAN

• Access remote login (SSH) services on another computer from the command line

• Map all open ports on a network computer

• Troubleshoot and resolve a network connectivity issue that arises due to incorrect network configuration

• Describe the relationship between client software, client configurations, server software, and server configurations relative to network service access

• Describe the relationship between a network service and a network port

ACTC 10.7 Recertification Exam Preparation Guide

32

Page 33: Actc 10.7 Exam Prep

• List three troubleshooting techniques for issues involving failure to connect to various network services

• List the five types of file servers accessible with the “Connect to Server” command

• List the service discovery protocols OS X supports

• Describe how OS X uses dynamic service discovery protocols to access network services

• Describe how items inside /Network in OS X are populated and organized

• Describe common issues when connecting to file-sharing services

• Configure OS X to connect to an Active Directory server for authentication and directory services

• Troubleshoot and resolve directory services issues in log files

• Obtain, view, and destroy a Kerberos ticket

• Troubleshoot an authentication issue by verifying Kerberos tickets and checking for clock skew

• Troubleshoot an authentication issue by viewing the Directory Service error log

• Define a directory as it relates to directory services

• List three types of resources OS X v10.7 can use from a directory

• Compare and contrast local and network user accounts

• Identify two advantages of using directory services to store user account information

• Describe three service discovery protocols OS X uses

• Define authentication

• Define authorization

• Compare and contrast Kerberos, LDAP, and Active Directory authentication methods

• Compare and contrast the authentication and authorization processes and outcomes

• Describe the Kerberos Distribution Center and a Kerberos ticket

• Compare and contrast Kerberos and keychain for managing authentication for accessing services

• Describe three common authentication troubleshooting techniques

• Configure a Mac to share files with other computers on the network over AFP, SMB, and FTP

• Share a folder with a user

• Provide Windows file services in OS X

• Troubleshoot and resolve an issue that a remote user is having accessing files

ACTC 10.7 Recertification Exam Preparation Guide

33

Page 34: Actc 10.7 Exam Prep

• Troubleshoot and resolve different issues related to sharing services

• Describe how to configure an OS X computer's file services so that other computers can connect to it over AFP, SMB, and FTP

• Describe the default permissions structure of the File Sharing feature in Mac OS X

• List the volumes that are accessible to a non-administrator user who connects to an OS X computer that has file sharing over AFP and/or SMB enabled

• List the volumes that are accessible to an administrator user who connects to an OS X computer that has file sharing over AFP and/or SMB enabled

• Describe new password issues related to Windows Sharing

• Enable the firewall

• Disable the firewall

• Configure firewall ports

• Describe how firewalls work in OS X

• Describe the advanced firewall settings

• Describe AirDrop’s requirements, purpose, and operation

• Configure two computers to share files with AirDrop

• Share a file between two computers with AirDrop

Chapter Seven review questionsAfter completing Chapter Seven, you should be able to answer the following questions.

1. What is the relationship between clients and servers as it relates to network service access?

2. What is the relationship between a network service and a network port?

3. What two dynamic network service discovery protocols does Lion support?

4. How does Lion use dynamic network service discovery protocols to access network services?

5. What five network file services can you connect to from the Finder’s “Connect to Server” dialog?

6. How are items inside the Finder’s Network folder populated?

7. What is AirDrop, and how do you know whether a specific Mac supports it?

8. How do you provide Lion file-sharing services to other computers?

ACTC 10.7 Recertification Exam Preparation Guide

34

Page 35: Actc 10.7 Exam Prep

9. How is authentication handled to a client Mac providing SMB service?

10. What shared items are accessible to an administrative user who connects over AFP or SMB? What about a standard user?

11. What items are shared by default by all users?

12. What client sharing services can Lion provide?

13. What is the security risk of enabling client sharing services?

14. How does Lion’s built-in firewall work? What advanced firewall settings are available?

15. What are some known issues that arise when connecting to network file services?

16. What are three common troubleshooting techniques for issues involving failure to connect to network services?

17. What is a directory as it relates to directory services?

18. What are six common types of resources that Lion can access from a directory service?

19. What are the primary differences between local, network, and mobile accounts?

20. What are four advantages of using network directory services to store account information?

21. What four directory service types can be used in Lion?

22. What is authentication? What is authorization?

23. What are three common authentication methods?

24. What is a Kerberos ticket? What is a Key Distribution Center (KDC)?

25. How do Kerberos and the keychain system differ for managing authentication services?

26. What are five common directory services and authentication services troubleshooting techniques?

Answers

1. Client software accesses network services provided by server software. The connection is established using a common network protocol known by both the client and server software. Thus, the client and server software can be from different sources.

2. Network services are established with a common network protocol. The protocol specifies which TCP or UDP port number to use for communications.

3. Lion supports Bonjour and Server Message Block (SMB), including support for legacy Network Basic Input/Output and

ACTC 10.7 Recertification Exam Preparation Guide

35

Page 36: Actc 10.7 Exam Prep

Windows Internet Naming Service (NetBIOS and WINS) dynamic network service discovery protocols.

4. Devices providing a network service advertise their availability via a dynamic network service discovery protocol. Clients that are looking for services request and receive this information to provide the user with a list of available network service choices.

5. From the Finder’s “Connect to Server” dialog, you can connect to Apple File Protocol (AFP), Server Message Blocks/Common Internet File System (SMB), Network File System (NFS), Web-based Distributed Authoring and Versioning (WebDAV), and File Transfer Protocol (FTP) network file services.

6. The Finder uses information provided by the dynamic network services discovery protocols to populate the Network folder. Computers providing services appear as resources inside the Network folder, and service discovery zones or workgroups appear as folders. Any currently connected servers also appear in the Network folder.

7. AirDrop provides a quick and easy way to share files locally over Wi-Fi. AirDrop creates a secure peer-to-peer network between local Mac computers. You can verify that a Mac supports AirDrop from the Go menu in the Finder.

8. To provide services to other network clients, you first set the computer’s network identification, then enable the desired network file service, and finally define access to file system resources.

9. To support SMB authentication to a Mac client providing file-sharing services, users’ passwords must be stored in a special format that’s enabled in Sharing preferences.

10. Administrators who connect to your Mac over AFP or SMB have access to any locally mounted volume. By default, standard users can access only their home folder and other users’ Public folders.

11. By default, the items shared by all users are the local users’ Public folders inside their home folders.

12. The OS X client sharing services include screen sharing, remote login, remote management, remote Apple Events, and Xgrid sharing.

13. If a client sharing service is compromised, an unauthorized user can control your Mac and execute unwanted applications or processes.

14. Lion’s built-in firewall inspects each incoming network connection to determine whether it’s allowed. Connections are allowed or denied on a per-application basis. The advanced firewall settings let you control whether signed applications are automatically allowed through the firewall, control the list of allowed (or denied) applications, and enable

ACTC 10.7 Recertification Exam Preparation Guide

36

Page 37: Actc 10.7 Exam Prep

stealth mode (which means your Mac won’t respond to any unsolicited connections).

15. Files with metadata may cause problems for NFS or WebDAV network file systems. Also, avoid AFP 2 services when they’re provided by Windows file servers.

16. Review the Network preferences, review the Network Utility statistics, and attempt to connect to different network services.

17. A directory is a database of information that in some cases can be shared over the network. The most commonly accessed directory resource is account information.

18. Common directory resources that Lion can access include user accounts, user groups, computer accounts, computer groups, network file mounts, and management settings.

19. Local accounts are available only to a single Mac; network accounts are available to Mac computers connected to a network directory service; and mobile accounts are network accounts that are cached to the local Mac for offline use.

20. Four advantages of using network directory services to store account information are: 1) user accounts are no longer tied to individual Mac computers; 2) the same user account information can be used for multiple network services; 3) you can use Kerberos to provide secure single-sign-on authentication; and 4) you can define user and computer settings from a centralized location.

21. The directory service types that can be used in Lion are Local, Network Information Systems (NIS), Lightweight Directory Access Protocol version 3 (LDAPv3), and Active Directory (AD).

22. Authentication is the process of proving your identity to the computer; authorization defines which items or services you can access.

23. Three common authentication methods are basic or clear-text passwords, encrypted passwords, and Kerberos ticket–based authentication.

24. Kerberos tickets validate an account’s identity. Kerberos uses ticket-granting tickets (TGTs) and service tickets. Kerberos requires a special trusted service known as the KDC. In most cases, the KDC service is running alongside the network directory service.

25. Kerberos can only be used to authenticate Kerberized services and is often managed on a network-wide scale. The keychain system can be used to save a wide variety of authentication information, but only the local Mac can access saved keychain information.

26. Common troubleshooting techniques for directory services and authentication services are: 1) attempting to authenticate

ACTC 10.7 Recertification Exam Preparation Guide

37

Page 38: Actc 10.7 Exam Prep

with another user account; 2) resetting the account password; 3) verifying network directory service connectivity and configuration; 4) verifying Kerberos authentication and configuration; and 5) checking the directory service log files.

Chapter Eight: Peripherals and Printing

Upon completion of Chapter Eight, “Peripherals and Printing” in OS X Lion Support Essentials, you should be able to complete the following tasks. One item from this chapter is included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Troubleshoot and resolve problems connecting to a peripheral arising from a faulty hardware connection

• Troubleshoot and resolve problems connecting to a peripheral arising from corrupt firmware

• Identify the buses OS X supports to connect to and communicate with peripheral devices

• Compare and contrast uses of the buses available on a Mac and their characteristics, such as speed, power requirements, and connector types. Include these buses: Bluetooth, SCSI, ATA, Serial ATA, FireWire, USB PC Card bus, and Thunderbolt

• Use the System Information utility to identify connected peripherals and the buses they’re using

• Define the term ”device driver” as it applies to OS X

• List three ways a device driver can be implemented in OS X

• Add a USB or Bonjour printer

• Add a network LPR printer

• Configure the correct PPD for a specified printer

• Configure a Mac so that other computers on the network can use the printer connected to the Mac

• Configure a document's page setup and print characteristics, such as layout and number of copies

• Manage print queues and print jobs, including holding, deleting, and resuming print jobs

• Save a file in PDF and as a PostScript file

• Edit a printer’s name, location, and driver options

• Create a desktop printer

• Reset the printing system

• Troubleshoot a printing-related issue

• Describe the role of PPD files in printing

• Describe how to configure printing in OS X so that Windows users can print to a printer shared from an OS X v10.7 computer

ACTC 10.7 Recertification Exam Preparation Guide

38

Page 39: Actc 10.7 Exam Prep

Chapter Eight review questionsAfter completing Chapter Eight, you should be able to answer the following questions.

1. Which peripheral, expansion, and storage buses does Lion support?

2. What is a device driver? What are three primary types of device drivers?

3. How does Lion support third-party devices without needing third-party device drivers?

4. What is CUPS?

5. What are PPD files responsible for?

6. How do you share printers with other Mac and Windows users?

Answers

1. Lion supports Universal Serial Bus (USB), FireWire, Thunderbolt, and Bluetooth peripheral buses; PCI Express (PCIe), PC Card, and ExpressCard 34 expansion buses; and Advanced Technology Attachment (ATA), Serial ATA (SATA), Small Computer System Interface (SCSI), Serial Attached SCSI (SAS), and Fibre Channel storage buses.

2. A device driver is software specially designed to facilitate communication between Lion and a peripheral. Device drivers can be kernel extensions, framework plug-ins, or standalone applications.

3. Lion uses built-in generic drivers based on each device class. For example, generic drivers for scanners and printers can be used in lieu of official third-party drivers.

4. Common UNIX Printing System (CUPS) manages all printing and faxing for Lion, including both local and shared printing.

5. PostScript Printer Description (PPD) files are printer driver files that tell CUPS how to communicate with specific printer models.

6. You can enable printer sharing for Mac clients from the Print & Scan or Sharing preferences, but to enable authenticated print sharing to Windows clients, you must also enable users’ passwords in the SMB file sharing settings from the Sharing preferences.

ACTC 10.7 Recertification Exam Preparation Guide

39

Page 40: Actc 10.7 Exam Prep

Chapter Nine: System Startup

Upon completion of Chapter Nine, “System Startup” in OS X Lion Support Essentials, you should be able to complete the following tasks. No items from this chapter are included in the pool of exam questions.

• Configure the Mac to boot in Single User mode

• Configure the Mac to boot in Safe Mode

• Identify, in order, each process that starts up at OS X startup

• Map visual and audible cues to the stages of the OS X startup sequence

• Describe the role of BootROM and the Power On Self Test (POST) in OS X startup

• Describe the role of the launchd processes during OS X system startup

• Describe the role of startup scripts in the OS X startup sequence

• Describe the role of the loginwindow process in the user environment setup as described in System Startup Programming Topics <http://developer.apple.com/documentation/MacOSX/Conceptual/BPSystemStartup/Articles/BootProcess.html#//apple_ref/doc/uid/20002130-115340>

• Compare and contrast startup items with login items

• Identify the stages of shutdown and logout

• Troubleshoot and resolve a startup issue related to launchd items

• Troubleshoot and resolve a startup issue related to startup items

• Troubleshoot a startup issue related to login items

• Troubleshoot and resolve issues caused by nonessential kernel extensions

• Troubleshoot and resolve startup issues caused by Startup Items

• Identify the location of files and scripts essential to OS X startup

• Compare and contrast Safe Boot and Safe Mode

• Identify, in order, the items that load when starting up in Safe Mode

• Identify the keyboard combination to start a Mac in Safe Mode

• Describe how to further isolate and then resolve an issue that disappears when the computer starts up in Safe Mode

Chapter Nine review questionsAfter completing Chapter Nine, you should be able to answer the following questions.

ACTC 10.7 Recertification Exam Preparation Guide

40

Page 41: Actc 10.7 Exam Prep

1. What are the primary system startup stages and user environment stages in OS X, and in what order do they start?

2. What are the visual and audible cues of the stages of system startup?

3. What does the firmware do? What is the POST?

4. What role does the system launchd process serve during system startup?

5. What items are automatically started by the system launchd during system startup?

6. What role does the loginwindow process serve in system startup?

7. What is the difference between launch daemons, startup items, launch agents, and login items?

8. What happens during user logout?

9. What happens during system shutdown?

10. What is the difference between Safe Boot, Safe Mode, and Safe Login?

11. Which items aren’t loaded when OS X safe-boots?

12. What keyboard shortcut do you use to safe-boot OS X?

13. How do you resolve an issue that disappears when the Mac successfully safe-boots?

Answers

1. The primary system startup stages are: firmware, booter, kernel, and system launchd (in that order). The primary user environment stages are loginwindow, user launchd, and user environment.

2. The visual and audible cues for system startup stages are: firmware—startup chime or bright flash of the power-on light followed by a light gray screen on the primary display; booter—a dark gray Apple logo on the primary display; kernel—a small dark gray spinning gear or spinning earth icon below the Apple logo; and system launchd—a white screen on all displays followed by the login screen.

3. The firmware initializes the Mac’s hardware and locates the booter file on a system volume. The Power-On Self-Test (POST) checks for basic hardware functionality when your Mac turns on.

4. The system launchd process is ultimately responsible for starting every system process. It also manages system startup and starts the loginwindow process.

ACTC 10.7 Recertification Exam Preparation Guide

41

Page 42: Actc 10.7 Exam Prep

5. During system startup, the system launchd process automatically starts /System/Library/LaunchDaemons, /Library/LaunchDaemons, /Library/StartupItems (via SystemStarter), and the /etc/rc.local UNIX script if it exists.

6. The loginwindow process displays the login screen that allows the user to authenticate, and then sets up and manages the graphical interface user environment.

7. The launchd process opens launch daemons and startup items during system startup on behalf of the root user. Launch agents and login items are opened during initialization of the user environment by the user’s specific launchd process.

8. During user logout, the user’s loginwindow process does the following: requests that the user quit all applications; automatically quits any user background processes; runs any logout scripts; records the logout to the main system.log file; resets device permissions and preferences to their defaults; and quits the user’s loginwindow and launchd processes.

9. During system shutdown, the loginwindow process logs all users out and then tells the kernel to quit all remaining system processes. Once the kernel quits all system processes, the Mac will shut down.

10. Safe Boot refers to when the system is starting up; Safe Mode is when the system is actually running; and Safe Login is when the system starts up the user session.

11. When OS X safe-boots, it doesn’t load any third-party items, such as KEXTs, launch agents, launch daemons, startup items, fonts, any user login items, or any user-specific launch agents.

12. A Safe Boot is initiated by holding down the Shift key during system startup.

13. If an issue disappears when the Mac successfully safe-boots, then you must find and remove or quarantine the third-party startup resource that caused the issue. The best way to isolate the problematic item is to start up the Mac in Verbose mode and then see where the startup process fails. Verbose mode is initiated by holding down Command-V during system startup.

ACTC 10.7 Recertification Exam Preparation Guide

42

Page 43: Actc 10.7 Exam Prep

OS X Lion Server Essentials Objectives and Review QuestionsThe next sections present the learning objectives for the OS X Lion Server Essentials class, and the chapter review questions from the Apple Pro Training Series: OS X Lion Server Essentials book.

Chapter One: Installing and Configuring OS X Server

Upon completion of Chapter One, “Installing and Configuring OS X Server” in OS X Lion Server Essentials, you should be able to complete the following tasks. Fourteen items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Verify that a Mac meets the minimum requirements to install OS X Server

• Install the OS X Server administration software on an OS X client computer so that it can remotely monitor or configure an OS X Server computer

• State the minimum system requirements for installing OS X Server

• Describe how installing OS X Server on a multiple-partition drive simplifies the task of keeping operating system files separate from server data

• Explain the purpose of the computer name assigned using Server Assistant

• Explain the purpose of the primary DNS name assigned using Server Assistant

• Explain the purpose of the local host name

• List the steps that should be done before installing the OS X Server software

• Install the OS X Server app so that computer becomes an OS X Server computer

• Use Server Admin, the network address of an OS X Server computer, and the name and password of an administrator account on the server to connect to the server so that you can monitor and configure it

• Use Server Admin and details about required minimum free space available to configure the server to send a message to one or more email addresses when a disk drive connected to the server has less than the specified percentage of available free space

ACTC 10.7 Recertification Exam Preparation Guide

43

Page 44: Actc 10.7 Exam Prep

• Configure Server Admin so that specified services are added to the list of those that you can monitor and configure

• Use the Server app to determine the amount of free disk space on the server

• Use the Server app to display a graph showing the amount of CPU utilization on the server over the past hour, day, and week

• Use Server Admin to display a graph indicating the amount of network traffic on the server over the past hour, day, and week

• Configure the Server Status widget so that it can be used for high-level monitoring of an OS X Server computer

• Use the Server app on an OS X client computer to observe a screen shared from an OS X Server computer

• Use a list of services that can be monitored and configured by Server Admin to briefly describe what each service provides when enabled

• Use the Server app to configure the server to send a message to one or more email addresses when an Apple-provided software update is available

• Use the Server app to update the server with updates provided by Apple’s Software Update service

• State which notifications can be configured in the main Settings pane of Server Admin to trigger an email notification when a specific condition has been met

• State how to configure an administrator email address in Server app to receive alert emails

• Use the Server app to create a self-signed certificate

• Use the Server app to install a certificate granted by a trusted authority

• Explain the purpose of a certificate

• Explain the purposes of root and chain the following types of certificates: root, chain

• Display the built-in certificate(s)

• Create a certificate signing request (CSR)

• Define the term “certificate” as it applies to computer security

• Determine whether a computer trusts the Certificate Authority that issued a certificate

• Explain how trust of a certificate is granted

• Describe the function of the CA as it applies to the Public Key Infrastructure (PKI)

• List the services capable of using certificates

Chapter One review questionsAfter completing Chapter One, you should be able to answer the following questions.

ACTC 10.7 Recertification Exam Preparation Guide

44

Page 45: Actc 10.7 Exam Prep

14. What are the minimum hardware requirements for installing OS X Lion Server?

15. What tool do you use to configure Lion Server if you have an unconfigured Lion Server?

16. If you’re installing Lion Server on a Mac with Lion, what’s one configuration step you should take first?

17. What are three kinds of names associated with your Lion Server, and what are they used for?

18. How can you install the Server app on an administrator computer?

19. What are three ways to keep Lion Server up to date with software?

20. What three applications can you use to display graphs of performance characteristics of your Lion Server?

21. What’s the difference between a root certificate authority (CA) and an intermediate CA?

22. What’s the problem with just using a self-signed SSL certificate?

Answers1. The minimum requirements are:

• Mac with an Intel Core 2 Duo, Core i3, Core i5, Core i7, or Xeon processor

• 2 GB of RAM (more for high-demand servers running multiple services)

• 10 GB of available disk space

2. You use the Server app to configure an unconfigured Lion Server.

3. You should configure your Mac with Lion to use a manually assigned IPv4 address.

4. You can use the Server app to configure these three names:

• Computer Name: What appears in the Finder sidebar if your server offers file-sharing services.

• Bonjour name: Appended with .local and is used for services discovery.

• DNS host name: Computers and devices can access services offered by your Lion Server by using its DNS host name, even if they’re not on its local network, as long as the host name corresponds with an IPv4 address that is reachable and not blocked by firewalls.

5. You can use the Mac App Store to download the Server app to an administrator computer, or just copy the Server app to an administrator computer.

6. You can:

ACTC 10.7 Recertification Exam Preparation Guide

45

Page 46: Actc 10.7 Exam Prep

• Log in to your Lion Server, and from the Apple menu, choose Software Update

• Use the Alerts section of the Server app to install available software updates

• Click Server Updates in the toolbar of Server Admin, select the update(s) to install, and then click Install

7. The Server app, Server Admin, and the Server Status widget all display graphs.

8. An intermediate CA’s public key certificate is signed by another CA. A root CA’s public key certificate is signed by itself. Note that there is a set of root CAs that Lion and Lion Server trust.

9. Computers and devices that access services that use a self-signed SSL certificate will see a message that the SSL certificate is not trusted. It’s a security risk to teach users to just trust any SSL certificate that causes a warning.

Chapter Two: Authenticating and Authorizing AccountsUpon completion of Chapter Two, “Authenticating and Authorizing Accounts” in OS X Lion Server Essentials, you should be able to complete the following tasks. Nine items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Use Server app to create a user account so that the user can authenticate before accessing services provided by an OS X Server computer

• Use Server app to enable a user account to have administrative capabilities on the server

• Use Server app to create a group account

• Use Server app to assign users to a group account stored on the server

• Use Server app to assign groups to a user account

• Use Server app to assign groups to one group so that all the users can be granted the same permissions, as a group, on the server

• Use Workgroup Manager to export user, group, computer, and computer group accounts so that they can be imported into a different OS X Server computer

• Use Workgroup Manager and a text file with user account data exported from a source other than an OS X Server computer to import the accounts so that they can be used for authentication and authorization on the server

• Use Workgroup Manager and a text file with accounts exported from another OS X Server computer to import the accounts into the server so they can be used for authentication and authorization on the server

ACTC 10.7 Recertification Exam Preparation Guide

46

Page 47: Actc 10.7 Exam Prep

• Define the terms “authentication” and “authorization” as they apply to computers and servers

• List at least three examples of user authentication on an OS X client computer, such as logging in on a client computer, connecting to a file server, authenticating as an administrator for configuration purposes, and providing a user name and password for a secured website

• Explain the main purpose of Workgroup Manager

• List the four types of OS X Server accounts that can be created and managed by Workgroup Manager, including user, group, computer, and computer group

• Explain the purpose of the user ID for a user account

• Define the term “groups” as it applies to user accounts on a computer

• Describe three examples of authorization on an OS X client computer

• Explain the purpose of aliases in the Server app

• Use Server Admin and a list of services to configure service access control lists (service ACLs) on the server so that only specified users and groups can access the listed services

• Use Server Admin to configure the service ACLs on the server so that only specified users can access any services on the server

• Use Server Admin to configure the server to allow specified users to monitor all the services provided by the server

• Use Server Admin to configure the server to allow specified users to administer all the services provided by the server

• Use Server Admin to configure the server to allow specified users to monitor only specified services

• Use Server Admin to configure the server to allow specified users to administer only specified services

• Describe service ACLs

• Explain why a user account may be given administrative capabilities for a subset of the services provided by an OS X Server computer

• Use the Server app to enable the VPN service on the server to allow remote users to connect to the internal network

• Explain the purpose of VPN and how it differs from a firewall in providing access to an internal network

• State what protocol is used by the VPN service on an OS X server computer to provide access

• Use the Server app and an OS X Server computer configured to provide VPN service to configure the shared secret for the VPN service on the server

• Use the Server app to configure the address range that’s used to assign addresses to users connecting to the network over the VPN service

ACTC 10.7 Recertification Exam Preparation Guide

47

Page 48: Actc 10.7 Exam Prep

Chapter Two review questionsAfter completing Chapter Two, you should be able to answer the following questions.

1. Describe the difference between authentication and authorization, and give an example of each.

2. What is the difference between user and administrator accounts on Lion Server?

3. Which applications can you use to configure Lion Server local user and group settings?

4. What tool can you use to import and export user accounts?

5. Which two file formats can you use to import users with Workgroup Manager?

6. Can you export user passwords with Workgroup Manager?

7. What tool can you use to authorize a nonadministrative user to administer or monitor specific services on Lion Server?

8. What’s the difference between service ACLs and limited administrator settings?

9. What’s an easy way to help your users running Lion to quickly configure their computers to use your server’s VPN service?

Answers

1. Authentication is the process by which the system requires you to provide information before it allows you to access a specific account. An example is entering a name and password while connecting to a Lion Server’s Apple Filing Protocol service. Authorization refers to the process by which permissions are used to regulate a user’s access to specific resources, such as files and shared folders, once the user has been authenticated.

2. User accounts provide basic access to a computer or server, whereas administrator accounts allow a person to administer the computer. On Lion Server, an administrator account is typically used for changing settings on the server computer itself, usually through the Server app, Server Admin, or Workgroup Manager.

3. You can use the Users & Groups preferences, the Server app, and Workgroup Manager to create and configure local users and groups.

4. You can use Workgroup Manager to import and export user accounts. Additionally, you can use the Server app to import network users after you authenticate as a directory administrator.

5. You can use Workgroup Manager to import a character-delimited text file with user information, but you need to use Workgroup Manager to define the characteristics of the

ACTC 10.7 Recertification Exam Preparation Guide

48

Page 49: Actc 10.7 Exam Prep

information contained in the file. You can also import a text file that has a header line at the beginning of the file that defines its contents, such as a file exported from another OS X Server computer.

6. No. You can only import user passwords; you can’t export user passwords when you export users with Workgroup Manager.

7. You can use Server Admin to give a nonadministrative user the ability to use Server Admin to administer or monitor specific services.

8. Service ACLs determine which users can use a given service, whereas limited administrator settings control which nonadministrative users can monitor or change a service with Server Admin.

9. Select VPN in the Server app sidebar, click Save Configuration Profile, and distribute the resulting .mobileconfig file to your users. When a user of a computer with Lion opens the .mobileconfig file, the Profiles preferences automatically open and prompt the user to install the configuration profile.

Chapter Three: Using Open Directory

Upon completion of Chapter Three, “Using Open Directory” in OS X Lion Server Essentials, you should be able to complete the following tasks. Nine items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Configure an OS X Server computer to use directory data provided by another directory server so that users can access services on the OS X Server computer by authenticating with user accounts provided by the other directory server

• Use Server Admin to configure the server as an Open Directory master so that multiple computers on the network can access directory data provided by the OS X Server computer

• Use Workgroup Manager and an OS X Server computer configured as an Open Directory master to create user accounts on the server that can be accessed by client computers bound to the OS X Server computer

• Use an OS X client computer and the address of an OS X Server computer configured as an Open Directory master to configure the OS X client computer to connect to the OS X Server computer for authentication and directory data

• Use Server Admin to configure the OS X Server computer to act as an Open Directory replica so that the replica server shares with client computers directory data as provided by the Open Directory master server

• Use Server Admin to determine whether any replica computers are connected to an Open Directory master server

ACTC 10.7 Recertification Exam Preparation Guide

49

Page 50: Actc 10.7 Exam Prep

• Use Server Admin to display the Open Directory service-related log files

• Describe the function of directory services in a networked computing environment

• List three advantages networked directory services provide to users and system administrators, including providing a common user experience, providing easier access to networked resources such as printers and servers, and allowing users to log in on different computers with a single account

• Explain two advantages of using a server to provide shared directory data, including providing common authentication information to multiple servers, and providing common configuration data, such as auto-mounts and printers, to multiple client computers

• Define the term Open Directory as it applies to an OS X client computer

• Describe the structure and components of Open Directory on an OS X client computer

• List and describe the four Open Directory service roles as configured by Server Admin: Standalone, Open Directory master, Connected to, and Open Directory replica

• Compare and contrast the four Open Directory service roles as configured by Server Admin

• Use the pop-up menu in Workgroup Manager that lists the directory domains for the server to identify which item to choose to allow viewing and editing of records provided by the server to other computers bound to the server

• State how many replicas can be connected to a single OS X Server computer and how many total replicas can be part of a single Open Directory network

• State which utilities are used to configure the Open Directory service and the primary purpose of each

• State what data is archived when the Open Directory archive function is used

• Define the term “locale” as it applies to OS X Server

• Create a locale to specify to which server clients should connect so that directory usage may be balanced between a master and replica(s)

• Use the Workgroup Manager to configure the password type for a user account stored on an OS X Server computer

• Use Workgroup Manager to disable a user account so that it can’t be used for authentication purposes—without deleting it

• Use Workgroup Manager to configure the password policies of user accounts so that they become disabled on a specified date

• Use Workgroup Manager to configure the password policies of user accounts so that they’re disabled after a specified number of failed attempts

ACTC 10.7 Recertification Exam Preparation Guide

50

Page 51: Actc 10.7 Exam Prep

• Use Workgroup Manager to configure user accounts so that the users can’t change their passwords

• Use Workgroup Manager to configure user accounts so that when users change their password it conforms to an organization’s policies

• Use an OS X client computer and an OS X Server computer providing Kerberized services to troubleshoot a situation where the client computer is unable to use Kerberos to authenticate and access the services provided by the server

• Describe five methods an OS X Server computer can use to provide authentication, including hash files, crypt passwords, password server, Kerberos, and LDAP

• Contrast the following methods for storing authentication information: crypt, shadow, Open Directory

• Describe how Kerberos provides both identification and authentication services

• Define the following terms as they apply to Kerberos: ticket, Kerberos Distribution Center, Ticket Granting Ticket, and Service Ticket

• List four reasons a client computer might not be able to use Kerberos authentication to access a service, including a DNS configuration issue, a mismatch in time settings between the client and server computers, Kerberos authentication disabled for a service, and a user account not being configured correctly

• Determine the appropriate password type for a user account

• State which utilities are used to set password policies for user accounts

• State which types of password policies can be applied to a user account

• State one method for displaying the status of Kerberos tickets on an OS X client computer

Chapter Three review questionsAfter completing Chapter Three, you should be able to answer the following questions.

1. What’s the main function of directory services?

2. What standard is used for data access with Open Directory? What version and level of support is provided for this standard?

3. In terms of Open Directory, what four roles can Lion Server play?

4. What are the two methods of applying password policies, and where are they located?

5. When you create an Open Directory archive, is the sparse image created on the server that hosts the Open Directory service or on the administrator computer from which you run Server Admin?

ACTC 10.7 Recertification Exam Preparation Guide

51

Page 52: Actc 10.7 Exam Prep

6. What criteria determines the Open Directory locale with which a Lion Open Directory client associates?

7. What log shows successful and failed attempts to authenticate against the password service?

8. What tool can you use to confirm forward and reverse DNS records?

9. What tool can you use to check the ability to obtain a Kerberos ticket?

Answers

1. Directory services provide a central repository for information about the computers, applications, and users in an organization.

2. Open Directory uses OpenLDAP and the Lightweight Directory Access Protocol (LDAP) standard to provide a common language for directory access. Open Directory uses LDAPv3 to provide read and write access to the directory data.

3. Lion Server can be an Open Directory master, a standalone server, connected to a directory system, and an Open Directory replica.

4. Per-user policies are defined in Workgroup Manager, and global policies are defined in Server Admin or the Server app.

5. The archive is created on the server that hosts the Open Directory service.

6. If a Lion computer’s IPv4 address is in the range of a subnet associated with an Open Directory locale, that computer should use any of the Open Directory servers associated with that locale. Otherwise, it will use the default locale.

7. Password Service Server Log, located at /Library/Logs/PasswordService/ApplePasswordServer.Server.log, shows successful and failed attempts to authenticate.

8. You should use Network Utility to confirm forward and reverse DNS records before configuring as an Open Directory master or replica, or binding to another directory service.

9. Ticket Viewer is in /System/Library/CoreServices, and you can use it to confirm the ability to obtain a Kerberos ticket.

Chapter Four: Managing AccountsUpon completion of Chapter Four, “Managing Accounts” in OS X Lion Server Essentials, you should be able to complete the following tasks. Ten items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

ACTC 10.7 Recertification Exam Preparation Guide

52

Page 53: Actc 10.7 Exam Prep

• Define the following terms: configuration profile, enrollment profile

• Enable the Profile Manager service on the server

• List two methods for delivering a profile to a user

• Use the Server app to configure the Profile Manager service to sign configuration profiles

• Explain the benefit of signing a configuration profile

• Use the Server app to configure the Profile Manager service to manage devices

• Describe the process for configuring the Profile Manager service to manage devices

• Explain how to access the Profile Manager on a remote computer

• Use a client computer with a web browser and an OS X Server computer hosting the Profile Manager service to open the Profile Manager on the client computer

• Remove an installed profile

• Explain how an OS X computer will interpret two or more installed profiles that attempt to manage the same setting

• Explain how to install a profile on an iOS device such as an iPhone

• Describe how to display a list of the installed profiles

Chapter Four review questionsAfter completing Chapter Four, you should be able to answer the following questions.

1. What tool is used to create profiles?

2. Name at least three ways a profile can be delivered.

3. Why should a configuration profile be signed?

4. How is a profile removed from an OS X computer? From an iOS device?

5. What is a configuration profile? An enrollment profile?

6. What steps are involved with turning on the Profile Manager service?

7. What steps are involved with specifying that you want to sign your configuration profiles?

8. What three components comprise Profile Manager?

Answers

1. The Profile Manager web app is used to create profiles.

2. User portal, email, web page, manual delivery, or a push to enrolled devices via the Mobile Device Management capabilities of Profile Manager.

ACTC 10.7 Recertification Exam Preparation Guide

53

Page 54: Actc 10.7 Exam Prep

3. A configuration profile should be signed to validate the contents of the profile.

4. In OS X Lion, the profiles are managed in the Profiles preference pane within System Preferences. On an iOS device, navigate to Settings > General > Profiles to view and remove installed profiles.

5. A configuration profile contains settings and preferences to manage the user experience in a controlled device. An enrollment profile allows the device to be remotely controlled, performing such tasks as remote wipe and lock, and installation of other configuration profiles.

6. You can click the On/Off switch in the Server app Profile Manager pane to turn on the Profile Manager service. To enable device management (also known as Mobile Device Management), click Configure next to Device Management, select a valid SSL certificate, and specify a verified Apple ID to obtain an Apple Push Notification service certificate.

7. In the Server app Profile Manager pane, select the checkbox labeled “Sign configuration profiles,” then choose a valid code signing certificate. Then, when you create profiles with the Profile Manager web app, they’re automatically signed.

8. The Profile Manager includes the Profile Manager web app, the user portal, and the optional device management (Mobile Device Management) service.

Chapter Five: Implementing Deployment SolutionsUpon completion of Chapter Five, “Implementing Deployment Solutions” in OS X Lion Server Essentials, you should be able to complete the following tasks. Nine items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Use System Image Utility and an appropriate image source to create a NetBoot image that can be used by the NetBoot service so that other Mac computers can use the image as a boot volume

• Use Server Admin to set which volumes on the server will be used to store NetBoot data

• Use System Image Utility and an appropriate image source to create a NetInstall image that can be used by the NetBoot service so that other Mac computers on the network can boot from the image to install software

• Use Server Admin to configure the NetBoot service to share NetBoot images over a specified network port

• Use Server Admin to start and stop the NetBoot service

• Use Server Admin to enable an image in the NetBoot service so that client computers can boot using it

ACTC 10.7 Recertification Exam Preparation Guide

54

Page 55: Actc 10.7 Exam Prep

• Use a NetBoot server to configure a client computer to boot using the NetBoot service by pressing a key sequence during startup

• Use System Preferences to configure an OS X client computer to boot using an image served by a NetBoot server

• Use Server Admin to configure the NetBoot service to allow or deny specified client computers access to the NetBoot service

• Use Server Admin to configure which image will be the default image used by the NetBoot service

• Use Server Admin to set what protocol will be used to serve the NetBoot image

• Use an OS X Server computer hosting NetBoot images to display the log files for the NetBoot service so that they can be used for troubleshooting

• Explain five problems that are solved by using a NetBoot server, including having to rapidly update a large number of computers with newer system software; quickly repurposing a number of computers with different software, including operating systems and applications; needing an emergency boot disk when a hard drive on a client computer has failed; needing to quickly revert systems such as kiosks to a known “clean” state; and needing a quick and easy method for imaging computers with a variety of configurations

• Define the term NetBoot as it applies to OS X Server

• List the initial steps a client computer goes through when it’s configured to boot using a NetBoot server

• Explain how network home folders complement a NetBoot system by providing users with a location to store personal data and preferences

• Locate the System Image Utility application

• Explain the differences between the three types of System Image Utility images: NetBoot, Network Install, and NetRestore

• List the types of sources, installation application, installation media and disk volumes that can be used to create a NetBoot or NetInstall image

• Compare and contrast the benefits of using each type of image source that can be used to create a NetBoot or NetInstall image, including the ability to create clean systems

• State the minimum Mac OS version for a NetBoot or NetInstall image source

• State the minimum network requirements to support client computers booting using the NetBoot service in OS X Server

• State the location where a NetBoot image should be stored so that it can be used by the NetBoot service

• Copy a NetBoot image to the correct location so that it can be used by the NetBoot service

• State three methods that can be used to configure the client computer to boot using an image provided by a NetBoot server

ACTC 10.7 Recertification Exam Preparation Guide

55

Page 56: Actc 10.7 Exam Prep

• State what keys should be pressed during startup to configure a Mac to boot from a NetBoot server

• Define the term “shadow files” as it applies to the NetBoot service

• Use Server Admin to list the client computers that are booted using a NetBoot image hosted by the server

• Use Server Admin and the network address of a client computer connected to the NetBoot service to state the client computer’s connection information, including what image it used and when the client computer last booted

• Use a set of NetBoot log files for a NetBoot service that’s not serving images to clients properly to identify the issue

• State the minimum system requirements for client computers booting using the NetBoot service

• Describe the purpose of the filters in the NetBoot service

• Give two reasons an organization would want to set up an internal software update server, including maintaining control over what updates users install and reducing the amount of network bandwidth used

• Describe the basic features of the Software Update service, including how it can automatically download updates provided by Apple and share only select updates to clients

• Use Server Admin to configure the server to automatically download all software updates provided by Apple

• Use Server Admin to configure the server to download all new software updates provided by Apple

• Use Server Admin to configure the server to automatically enable any updates that have been downloaded from Apple

• Use Server Admin to configure the Software Update service to automatically delete unused or legacy updates

• Use Server Admin to configure the server to limit the amount of network bandwidth that can be used for distributing software updates

• Use Server Admin to enable updates downloaded to the Software Update service so that they’re accessible by other computers on the network

• Use Server Admin to list what Apple-provided updates are available

• Use Profile Manager to create a profile to configure an OS X computer to use an OS X Server computer as the source for any software updates for the OS X computer

Chapter Five review questionsAfter completing Chapter Five, you should be able to answer the following questions.

1. What are the advantages of using NetBoot?

2. What are three ways to configure the network startup disk?

ACTC 10.7 Recertification Exam Preparation Guide

56

Page 57: Actc 10.7 Exam Prep

3. Which network protocols are used during the NetBoot startup sequence? What components are delivered over each of these protocols?

4. What is a NetBoot shadow file?

5. What are the major differences between NetBoot, NetInstall, and NetRestore?

Answers

1. Because NetBoot unifies and centralizes the system software that NetBoot clients use, software configuration and maintenance are reduced to a minimum. A single change to a NetBoot image propagates to all client computers on the next startup. NetBoot also decouples the system software from the computer, decreasing potential software troubleshooting.

2. A client can select a network disk image from the Startup pane within System Preferences, by holding down the N key at startup to boot from the default NetBoot image, or by pressing the Option key.

3. NetBoot uses DHCP, TFTP, NFS, and HTTP during the NetBoot client startup sequence. DHCP provides the IP address, TFTP delivers the boot ROM (“booter”) file, and NFS or HTTP delivers the network disk image.

4. Because the NetBoot boot image is read-only, anything that the client computer writes to the volume is cached in the shadow file. This allows a user to change the boot volume, including setting preferences and storing files; however, when the computer is restarted, all changes are erased.

5. NetBoot allows multiple machines to boot into the same environment. NetInstall provides a convenient way to install operating systems and packages onto multiple machines. NetRestore provides a way to clone an existing image to multiple machines.

Chapter Six: Providing File ServicesUpon completion of Chapter Six, “Providing File Services” in OS X Lion Server Essentials, you should be able to complete the following tasks. Eleven items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Use the Server app to modify the POSIX permissions for files and folders to restrict user access to them

• Use the Server app to create access control lists (ACLs) that control access to files and folders shared by the server

• Use the Server app to create ACLs for files and folders on the server

ACTC 10.7 Recertification Exam Preparation Guide

57

Page 58: Actc 10.7 Exam Prep

• Use server administrator software to isolate and resolve issues with file system ACLs on the server

• Explain why it’s best to use groups instead of individual user accounts to manage permissions

• Explain how unique IDs (UIDs) and group IDs (GIDs) are used to relate permissions for files and folders to users and groups

• Explain how Guest access and permissions for Everyone for files can expose shared items to undesirable access

• Explain how POSIX permissions can limit your options when setting up folder and file permission structures that involve multiple users or groups

• Define the term “access control list” (ACL) as it applies to OS X Server

• Define “globally unique ID” (GUID) as it relates to user and group accounts

• Explain how Access Control Entries (ACEs) are interpreted to determine the permissions of a file or folder

• Explain the order of how OS X interprets access control entries and POSIX permission settings when determining the effective permissions of a file

• Explain how GUIDs associate ACLs to users and groups

• Describe how file system ACLs in OS X Server map to file system ACLs in Windows servers

• Define “inheritance” as it applies to file system ACLs

• Define “access control entry” (ACE) as it applies to ACLs

• Use the Server app to modify the permissions on a share point to grant or restrict access to user accounts

• Use the Server app to create a new folder on the server that can be configured to act as a share point

• Use the Server app to configure a folder on the server to act as a share point so that other computers on the network can access files stored within the folder

• List the file-sharing protocols that can be enabled for a share point using the File Sharing pane within the Server app

• Describe the four basic steps to set up file services, including planning, configuring accounts, configuring file service, and monitoring the service

• Explain two issues related to configuring a share point to share files over two different protocols, including volume format case-sensitivity and file system permissions

• State what tool is used to create and manage share points

• Use the Server app to configure a share point so that client computers can access the files using the Apple Filing Protocol (AFP)

ACTC 10.7 Recertification Exam Preparation Guide

58

Page 59: Actc 10.7 Exam Prep

• Use the Server app to configure a share point so that client computers can access the files on the share point without having to provide a user name and password

• Use the Server app to configure a share point so that client computers can access files using Server Message Block (SMB)

• Describe how a Windows client accesses a shared SMB volume that resides on an OS X Server computer

• Explain the difference between the specified permissions and inherited permissions models as they relate to assigning permissions to new files and folders on an SMB share point hosted by an OS X Server computer

• Use the address of an OS X Server computer sharing files over WebDAV to state the URL to access the files

• Compare and contrast WebDAV with other common file-sharing protocols such as AFP and SMB, discussing security issues, format of the URLs used to access, and benefits of using each

• Use the Server app and a share point on an OS X Server computer configured to provide network user data to configure the share point to be available to host home folders

• Use the Server app to configure a user account to use a network home folder hosted on a share point on the server

• Use the Server app and a folder on the server containing web files to create a website so that other computers on the network can access the web files

• Use the Server app to enable the Time Machine service on the server

• Use the Server app to configure the Time Machine service so that it uses a specified drive to store backup data

• State where the user backup data is stored when the Time Machine service is enabled

Chapter Six review questionsAfter completing Chapter Six, you should be able to answer the following questions.

1. Name three file-sharing protocols supported by Lion Server and their principal target clients.

2. How does Lion Server support browsing for Windows clients?

3. When does an access control entry (ACE) for a folder’s access control list (ACL) get propagated to items in the folder?

4. What two actions are necessary to provide a network home folder for a network user?

5. What permissions can you choose for an ACE in the File Sharing pane of the Server app?

6. What permissions can you specify for an ACE in the Storage pane of the Server app?

ACTC 10.7 Recertification Exam Preparation Guide

59

Page 60: Actc 10.7 Exam Prep

7. In the Storage pane of the Server app, what four rules for inheritance can you apply to an ACE?

8. How do you remove an inherited ACE?

9. What might it mean if you see a GUID rather than a user name in an ACL?

10. What URL should you use from an iOS device to save to a WebDAV-enabled share point hosted by the Lion Server at server17.pretendco.com, if the web service on the Lion Server uses an SSL certificate?

11. Do both the File Sharing and the Time Machine services need to be turned on to offer Time Machine services to your users?

Answers

1. AFP for Mac clients, SMB for Windows clients, and WebDAV for iOS devices are three file-sharing protocols supported by Lion Server.

2. Lion Server uses NetBIOS to advertise its presence to Windows clients; Windows users see Lion Server in their Network Neighborhood or Network Places.

3. An ACE of a folder’s ACL is propagated to a new item that’s created in that folder, or copied into that folder from another volume, if the inheritance options for the ACE apply. Also, an administrator can select a folder in the Storage pane of the Server app, choose Propagate Permissions from the Action pop-up menu, select the Access Control List checkbox, and click OK. Finally, if you use the File Sharing pane to modify an ACL that has been inherited, the changes will be propagated.

4. You need to first edit a share point and select the checkbox “Make available for home directories.” Then you can edit a user, and select that share point in the Home Folder pop-up menu.

5. In the File Sharing pane of the Server app, when you edit an ACE, you can choose Read & Write, Read, or Write.

6. In the Storage pane of the Server app, when you edit an ACE, you can select checkboxes for 13 kinds of permissions. The categories include Administration, Read, and Write.

7. There are four inheritance rules: folder, child folders, child files, and all descendants.

8. In the Storage pane of the Server app, navigate to the item that has an ACL, click the Action pop-up menu, choose Edit Permissions, click the Action pop-up menu, and choose Remove Inherited Entries.

9. If you see a GUID instead of a user name, it could mean that you removed a user or a group from your Lion Server, and the ACE is displaying that user or group’s GUID because it can’t map the GUID to a user or a group.

ACTC 10.7 Recertification Exam Preparation Guide

60

Page 61: Actc 10.7 Exam Prep

10. In the iOS application that supports WebDAV, you would use the URL https://server17.pretendco.com/webdav. Depending on the application, you’ll see a list of share points that support WebDAV.

11. Yes, both File Sharing and Time Machine need to be on to offer the Time Machine service to your users.

Chapter Seven: Managing Web ServicesUpon completion of Chapter Seven, “Managing Web Services” in OS X Lion Server Essentials, you should be able to complete the following tasks. Four items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Use the Server app to configure a share point to share files using WebDAV so that iOS devices can access files stored on the share point

• Use the Server app and a website hosted on a OS X Server computer to disable the site so other computers can’t access it

• Use the Server app to configure the location of the data files for a website hosted on an OS X Server computer

• Configure the permissions of files so that they can be served by the web service

• Use the Server app to start and stop the web service

• Use the Server app to configure two or more websites on the server so that each is uniquely accessible

• Use Server Admin and a website hosted by an OS X Server computer to add an alias to the website so that the server responds to the new name

• State the standard web server on which the web service in OS X Server is based

• List the three methods for distinguishing between websites hosted by an OS X Server computer, including domain name, IP address, and port number, so that multiple sites can be hosted on a single server

• List the types of logs generated by the web service

• Use the Server app and an OS X Server computer hosting a website to configure the website so that it requires a user to authenticate before accessing the website

Chapter Seven review questionsAfter completing Chapter Seven, you should be able to answer the following questions.

1. On what software is Lion Server’s web service based?

2. Which permissions are necessary on a web folder to ensure that visitors to the site can access the pages?

ACTC 10.7 Recertification Exam Preparation Guide

61

Page 62: Actc 10.7 Exam Prep

3. What are access controls?

4. Where is the default location for the Apache log files?

5. What is the advantage of using SSL on a website?

Answers

1. Lion Server’s web service is based on Apache, the open source web server software.

2. The everyone or www group must have read access to the web files.

3. Access controls are paths to folders that can be restricted based on group.

4. The default location for Apache log files is /var/log/apache2/access_log and /var/log/apache2/error_log.

5. SSL helps protect the traffic traveling to and from the website by encrypting the data.

Chapter Eight: Using Collaborative ServicesUpon completion of Chapter Eight, “Using Collaborative Services” in OS X Lion Server Essentials, you should be able to complete the following tasks. Fourteen items from this chapter are included in the pool of exam questions. Questions are drawn randomly from the following objectives:

• Use the Server app to enable the wiki service on the server

• Use the Server app and one or more groups of users on the server to add the groups to the list of those that can create a wiki

• Use the Server app to configure the server so that anyone can create a wiki

• Create a new wiki on the server

• Use a list of user accounts to modify the wiki permissions for the given users

• Define the term “wiki” as it applies to OS X Server

• State three benefits of setting up a wiki server

• Define the term “blog” as it applies to OS X Server

• Delete a wiki

• Configure a wiki to provide a blog

• Use the Server app to enable the iCal service so that two or more OS X client computers can access and share calendar data

• Configure iCal on an OS X client computer so that it displays shared scheduling data provided by the iCal service

• Create new resources on the iCal server that can be scheduled using iCal on an OS X client computer

ACTC 10.7 Recertification Exam Preparation Guide

62

Page 63: Actc 10.7 Exam Prep

• Use the Server app to troubleshoot issues with the iCal Server

• List three reasons why, according to the OS X Server documentation, you would want to provide shared calendar services using the iCal service on an OS X computer

• State which protocols are used by the iCal service in OS X Server

• Use the Server app to modify the list of host domains that the chat service in OS X Server will connect to

• Use the Server app to start and stop the iChat service on an OS X Server computer

• Add a service account to iChat on an OS X client computer so that it can be used to chat with other iChat users via the iChat service on an OS X Server computer

• Use the Server app to configure the iChat service so that all chat messages are logged to a file on the server

• Use the Server app to display chat messages that have been stored on the server

• Use the Server app to enable the server-to-server federation feature for the iChat service

• Use the Server app to configure the iChat service to allow federation with any other XMPP chat server

• Use the Server app to configure the iChat service to allow federation with just a specific XMPP server

• Use the Server app to display the iChat service log

• Use the Server app to troubleshoot issues with the iChat Server

• Use the Server app to enable or disable access to the iChat service for a given account

• State which protocol is used by the chat service in OS X Server, both the familiar name, Jabber, and the official name, Extensible Messaging and Presence Protocol (XMPP)

• Explain the benefits of setting up a chat server, including automatically generating chat transcripts and increasing security

• List the methods that can be used by the iChat service in OS X Server to authenticate iChat clients

• State the iChat server screen name for a user account

• Explain the purpose of the federation feature for the iChat service in OS X Server

• Use the Server app to identify how many users are connected to the iChat service

• Use the system log file to identify the users that are connected to the iChat service

• Use the Server app to configure the Address Book service so that users can store contact information on the server

ACTC 10.7 Recertification Exam Preparation Guide

63

Page 64: Actc 10.7 Exam Prep

• Use the Server app and an OS X Server computer hosting the Address Book service to configure the client computer to access contact information stored on the server

• Explain how contact data is shared between OS X client computers and the Address Book service

• Explain how to configure an OS X client computer to access shared contact information provided by the Address Book services

• Use the Server app to configure the Address Book service to provide contact information provided by a directory server

• Explain three reasons for hosting a mail server, including limited network bandwidth, increased security, and enhanced control

• Define the terms POP, IMAP, and SMTP as they apply to email service

• Explain how an email message travels from a source client computer through multiple mail servers and is received by a destination client computer

• Explain how a mail server identifies the network address of the destination mail server when handling outgoing email

• Use the Server app to configure a user account to be able to send email via the server

• Use the Server app to stop and start the Mail service

• Use the Server app to configure the domain name for the Mail service

• Use the Server app to configure the Mail service to relay all outgoing email through a specified mail server

• Use the Server app to configure the Mail service so that users can access their mail accounts through a web browser

• Use the Server app to configure the Mail service so that users can’t store more than a specified amount of mail on the server

• Use the Server app to configure the Mail service to scan mail messages for viruses

• State what the Mail service uses to scan email messages for viruses

• Explain what service a blacklist server provides

• Explain what service the Mail service uses to analyze email messages to determine the likelihood of the message being junk mail

• Use the Server app to configure the Mail service to use a blacklist server to filter junk mail

• Use the Server app to configure the Mail service to filter for junk mail

• Use the Server app to configure how aggressively the Mail service filters for junk mail

Chapter Eight review questionsAfter completing Chapter Eight, you should be able to answer the following questions.

1. What protocol is used for the iChat service?

ACTC 10.7 Recertification Exam Preparation Guide

64

Page 65: Actc 10.7 Exam Prep

2. How would you limit access to iChat service on Lion Server?

3. What tools can an administrator use to specify which users can create wikis? How does a network user specify which users and groups can edit a wiki?

4. How would you enter the iChat name for the user Jet Dogg (short name: jet) on server17.pretendco.com?

5. What application do you use to create resources and locations for use in iCal events?

6. What open source protocol does the Address Book service use?

7. What is an open relay?

8. What is an MX record?

9. What is SMTP?

10. What are the main differences between POP and IMAP?

11. What method can be used to limit the amount of disk space used on a mail server?

Answers

1. The iChat service uses the Extensible Messaging and Presence Protocol (XMPP).

2. You can limit access through Service Access Control Lists, available per user in the Server app.

3. Administrators can use the Wiki Creators list in the Wiki service settings in the Server app. When creating a wiki with a web browser, a user can specify permissions for users and groups to access and edit the wiki.

4. The iChat name format for Jet Dogg on server17.pretendco.com is [email protected].

5. The Server app is used to create resources and locations for use in iCal events.

6. The Address Book service uses CardDAV.

7. An open relay is a mail server that allows anyone on the Internet to anonymously send email messages through it. It’s the primary tool used by spammers on the Internet.

8. An MX record is a DNS record that indicates the priority and host name of a domain’s email server.

9. Simple Mail Transfer Protocol defines how messages travel from one computer to another on the Internet.

10. IMAP keeps a copy of the email message and its state on the server, maintains a persistent connection between the client and server, allows folder access, and supports higher security authentication methods. POP typically stores the message

ACTC 10.7 Recertification Exam Preparation Guide

65

Page 66: Actc 10.7 Exam Prep

only until it’s downloaded by the client and requires fewer server resources than IMAP.

11. The method to control disk consumption by users is user quotas.

ACTC 10.7 Recertification Exam Preparation Guide

66