LOT-926 Managing and Maintaining IBM Lotus Notes and Domino 8.5 Environments

4,540 views

Published on

Demo of LOT-926 egzam question, demo of education materials.

Published in: Education
7 Comments
5 Likes
Statistics
Notes
No Downloads
Views
Total views
4,540
On SlideShare
0
From Embeds
0
Number of Embeds
64
Actions
Shares
0
Downloads
0
Comments
7
Likes
5
Embeds 0
No embeds

No notes for slide

LOT-926 Managing and Maintaining IBM Lotus Notes and Domino 8.5 Environments

  1. 1. 1LOT-926Managing and Maintaining IBM Lotus Notes and Domino 8.5Environments www.biztek.pl
  2. 2. 2IBM Certified System Administrator – LotusNotes and Domino 8.5• In June 2011, the IBM Certification • Individuals who wish to certify on Lotus Program for Lotus Software announced Notes Domino 8.5, but have not the restructuring of the Lotus Notes achieved certification on Lotus Notes Domino 8.5 core certification paths. Domino 7.0 or 8.0 should follow the• In October 2011, the new core tests applicable path(s) below: were released. The old exams remained available for those who had begun the • Pass LOT-925: Installing and certification process through to the end Configuring IBM Lotus Notes and of the year. Domino 8.5 AND• Having been withdrawn on December • Pass LOT-926: Managing and 31st, they are no longer available. Maintaining IBM Lotus Notes and Domino 8.5 Environments. www.biztek.pl
  3. 3. 3Test information• Number of questions: 73 • Covers Lotus Notes Domino 8.5 material• Time allowed in minutes: 90 as it relates to these competency areas:• Required passing score: 72% • Defining and Managing Policies.• Test languages: English • Install and Configure.• Note: There are 73 scored items and 1 • Mail. unscored items. • Manage and Maintain.• Exam Type: Multiple Choice. • Managing Servers. • Platform Support. • Security. www.biztek.pl
  4. 4. 4Question 1Domino roaming for the Notes standard configuration clients in Domino 8.5 and higheroffers the ability to synchronize which of the following? A. A notebook database and user ID file B. The user ID file and local Eclipse XML configuration files C. A feeds subscription database and an Eclipse plug-in data and preferences database D. The Activities plug-in configuration and the integrated Sametime Connect configurationsAnswer: C www.biztek.pl
  5. 5. 5Answer 1 (1)• Below is a summary of the changes introduced for the Roaming User functionality in Notes and Domino 8.5.• 1. Roaming the Notes 8.5 Standard configuration• Notes/Domino 8.5 introduces support for roaming the Notes 8.5 standard configuration. This is achieved through the addition of two roaming applications: • The Roaming User Data application (roaminguser.nsf), which stores a users Eclipse-based configuration information. • The Feed Content application (localfeedcontent.nsf), which stores a users feeds subscription information.• 2. File server roaming • Notes/Domino 8.5 introduces file server roaming. This option addresses the needs of customers in remote locations who do not have a "local" Domino server yet need a way for users to roam between multiple workstations. • File server roaming is configured using the new Roaming policy settings document. • Users who are configured for file server roaming have a new Notes User Preference that enables them to manually enable and disable roaming. www.biztek.pl
  6. 6. 6Answer 1 (2)• 3. New "Roaming User Applications" folder on the replication page • In the Notes 8.5 client, the files that roam are grouped on the Replication page in a folder called "Roaming User Applications.” • The data that roams for the Notes 8.5 client standard configuration is the same for both Domino server and file server roaming.• 4. Mail signature effectively roams • In addition to the Eclipse-based configuration and RSS feeds, there is another aspect of Notes that effectively "roams" in ND8.5: • The personal signature for mail messages. The signature in Notes 8.5 is stored in the Mail file. This change enables roaming users to access the signature from any machine from which they can access their mail file. www.biztek.pl
  7. 7. 7 Question 2 Smart Upgrade Governor is enabled on the server. When a user manually tries to initiate Smart Upgrade locally they get a dialog box indicating they are unable to upgrade at this time and to try again later. What server command can the administrator run on the server to display Smart Upgrade statistics? A. SU display B. sucache show C. show sugovernor D. display su state Answer: Bwww.biztek.pl
  8. 8. 8Answer 2 (1) How Smart Upgrade performs an upgrade• If the Smart Upgrade Timer on the IBM® Lotus® Notes® client expires, the next time that users log in to their IBM® Lotus® Domino® home server or its cluster mate, Smart Upgrade does the following: • Compares the release number of the users Notes client to the release number specified in the Source version field of the kit document in the Smart Upgrade database. The Notes client sends a match pattern to the server including the Notes clients current version, the platform and the localization. The Install type is also sent. The server then looks for a matching kit. • If the server finds a match, it sends a flag back to the Notes client indicating an upgrade kit may exist. • The Notes client searches the Smart Upgrade database for a match for its current Notes client version, platform and localization. The Notes client also checks the install type.• If the users Deploy version field on the desktop policy settings document is populated with a version number, Notes compares that version number to the version number specified in the Destination version field of the kit document. www.biztek.pl
  9. 9. 9Answer 2 (2)• Note Specifying the upgrade kit release number in the Deploy version field of the desktop policy settings document is optional. If that field is blank, but an update kit is available, Lotus Notes Smart Upgrade skips Step 4 and uses the release number of the update kit to continue the upgrade process.• If a match is found, and users are specified or are members of a specified group, Lotus Notes Smart Upgrade displays a Smart Upgrade dialog box that prompts the users to upgrade their Notes client.• Users can update their clients when prompted or delay the upgrade for a specified period of time. If the user has a policy that specifies an Upgrade deadline and that date has expired, the Smart Upgrade dialog box displays an "Update Now" button that forces users to update their Notes client with no options for further delay. If the setting "Remind me every hour after upgrade deadline has passed" is set in the policy settings document, users can delay the Smart Upgrade in one hour increments before being prompted again. www.biztek.pl
  10. 10. 10Answer 2 (3) Using Notes Smart Upgrade• IBM® Lotus® Notes® Smart Upgrade notifies users to update their Notes client to a later release. Lotus Notes Smart Upgrade uses policy and settings documents to help manage updates. You create policy documents in the IBM® Lotus® Domino® Directory to distribute standard settings and configurations across groups, departments, or entire organizations.• To use Smart Upgrade as a means of upgrading Notes clients, you must meet the following prerequisites: • Notes client already installed • Connectivity to a Domino server • Smart Upgrade database created, configured, deployed, and enabled • Users Location documents specify the correct home server on the Servers tab of the document www.biztek.pl
  11. 11. 11 Answer 2 (4) • Use the Smart Upgrade kits template (SMUPGRADE.NTF) to create the IBM® Lotus® Notes® Smart Upgrade database that will store the upgrade kits. The database must reside on at least one server in the domain. • If you replicate the Smart Upgrade database to other servers in the domain, users will have more choices in the database catalog and possibly fewer network problems accessing the update kits. • In the IBM® Lotus® Domino® Administrator client, choose File - Application - New. • In the New Application dialog box, enter the server name and database title. • Enter a file name in the File Name field. • Click Template Server, and then choose the server on which the database will reside. • Select the "Show advanced templates" check box. • Select "Smart Upgrade kits" from the box of template names, then click OK. • After you create the Smart Upgrade database, create a database link in your Configuration Settings document in the Domino Directory.www.biztek.pl
  12. 12. 12 Answer 2 (5) Limiting concurrent downloads with the Smart Upgrade Governor • The Smart Upgrade Governor minimizes administrative overhead by dynamically limiting Smart Upgrade downloads for kit documents that have attached kits, rather than requiring groups in Policies or in the Smart Upgrade Kit documents to do this. • For organizations for which bandwidth is limited, it is suggested that attached kits are used in the Smart Upgrade Kit documents so that concurrent downloads can be easily managed by the Smart Upgrade Governor. • The Smart Upgrade Governor is enabled and configured in the Configuration document for the server or servers on which the Smart Upgrade database resides: • Enabled. The Smart Upgrade Governor is active for limiting concurrent downloads on the server or servers to which this Configuration document applies. • Disabled. The Smart Upgrade Governor is not in use on the server or servers to which this Configuration document applies.www.biztek.pl
  13. 13. 13Question 3Which of the following are required to be enabled for Server Fast Restart to function? A. Cleanup Script B. Fault Recovery C. maximum Fault Limits D. Server Shutdown TimeoutAnswer: B www.biztek.pl
  14. 14. 14Answer 3 (1)• Server Fast Restart allows a new Domino instance to start while NSD diagnostics are being run on the initial Domino server instance.• The fault-recovery system is initialized before the Domino Directory can be read. During this initialization, fault-recovery settings are read from the NOTES.INI file, and then later read from the Domino Directory and saved back to the NOTES.INI file: • Open the Server document, click Edit Server, and click the Basics tab. • In the Fault Recovery section, check "Automatically Restart Server After Fault/Crash Enabled.• You can set up fault recovery to automatically handle server crashes. When the server crashes, it shuts itself down and then restarts automatically.• A fatal error such as an operating system exception or an internal panic terminates each Lotus Domino process and releases all associated resources. The startup script detects the situation and restarts the server.• Domino records crash information in the data directory. When the server restarts, Domino checks to see if it is restarting after a crash.• If it is, an e-mail is sent automatically to the person or group in the "Mail Fault Notification to" field. The e-mail contains the time of the crash, the server name, and, if available, the FAULT_RECOVERY.ATT file, which includes additional failure information from an optional cleanup script. www.biztek.pl
  15. 15. 15Answer 3 (2) • Subject: NSD Host Name : WALTS-T61 User Name : SYSTEM Date : Fri May 15 11:53:29 2009 Windows Dir : C:Windows Arguments : "C:IBMLotusNotes8nsd.exe" -dumpandkill -termstatus 1 - dlgopts showwait -crashpid 4524 -crashtid 5540 -runtime 300 -ini "C:IBMLotusNotes8notes.ini" -svcreq 128 NSD Version : 8.5.00.8318 (Release 8.5) OS Version : Windows/Vista 6.0 [64-bit] (Build 6001), PlatID=2, Service Pack 1 (2 Processors) Running as 32-bit Windows application on 64-bit Windows Build time : Sat Dec 6 01:58:24 2008 Latest file mod : Fri Nov 14 21:25:15 2008 Notes Core Version : Release 8.5 (32-bit client) Notes Standard Version : 8.5_20081211.1925 <@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@> Section: System Data -> OS Process Table (Time 11:53:36) <@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@> <@@ ------ System Data -> Active Users (Time 11:53:36) ------ @@> UID Name 0 SYSTEM 1013 wseymour <@@ ------ System Data -> Processes (Time 11:53:36) ------ @@> INFO PID PPID UID STIME COMMAND 0000 0000 0 ??? [[System Process]: 0000] 0250 0004 0 05/15 11:35:26 [ smss: 0250] www.biztek.pl
  16. 16. 16Question 4After enabling DAOS for a mail database on your server which option should be run whencompacting the database for DAOS to take effect? A. -b B. -c C. -D D.Answer: B www.biztek.pl
  17. 17. 17Answer 4 (1)• Before anything is done with DAOS, there are some • 5. Establish backup/restore processes. It is prerequisites that must be addressed. important to have reliable backup and restore• 1. Disable SCOS Shared Mail. Single Copy Object procedures in a production environment, to avoid the Store (SCOS) is an older approach to attachment possibility of data loss. DAOS adds some complexity consolidation. This feature is not compatible with to the backup/restore process, so it is important that a DAOS and must be disabled before you enable well established backup/restore foundation exists for DAOS. DAOS to build on. Transaction logging introduces• 2. Disable NSFDB2. NSFDB2 is a feature that some additional features that provide even better allowed storing NSF data in DB2. This feature is also recovery options. not compatible with DAOS and must be disabled on • 6. Upgrade Names.nsf design. The design of the any NSF application that will participate in DAOS. Names.nsf file has been changed to accommodate• 3. Upgrade. Although DAOS was introduced in DAOS, and the Server document has a new tab that Domino 8.5.0, many important stability and covers the DAOS settings. Names.nsf must use the performance improvements have been made in new Names.ntf template on all Domino servers that subsequent releases. Hence, it is strongly will be enabled for DAOS. recommended that all new DAOS deployments be done on the 8.5.2 (or later) Domino release.• 4. Enable transaction logging. DAOS depends on transaction logging for proper operation. Since DAOS must update several locations simultaneously, it is important that all those updates succeed or fail (and are subsequently rolled back) as a unit. Transactions provide this ability, and therefore transaction logging is required for all NSF files that participate in DAOS. www.biztek.pl
  18. 18. 18Answer 4 (2)• Additional recommendations Compacting databases• 1. Enable LZ1 compression. If no attachment • When documents and attachments are compression is enabled on the NSF files, or if deleted from a database, IBM® Lotus® Huffman compression is being used, then Domino® tries to reuse the unused space, enabling LZ1 compression can save a rather than immediately reduce the file size. significant amount of disk space. This is done Sometimes Domino wont be able to reuse the by use of the compact command, and the -Zu space or, because of fragmentation, cant flag. reuse the space effectively until you compact• 2. Upgrade mail dbs. Upgrade mail the database. databases to ODS=51 (compact databases). • Styles of compacting• 3. Enable design and data document • There are three styles of compacting: compression. Another Domino space-saving • In-place compacting with space recovery feature is design and data document • In-place compacting with space recovery compression. Enabling these compressions and reduction in file size can also save a significant amount of disk space. The savings from these features are • Copy-style compacting independent from DAOS and are worth investigating.• 3. Use Domino Domain Monitoring (DDM). DAOS diagnostic information is included in DDM events. The events are logged to the ddm.nsf file, which provides a convenient environment for monitoring the operation of DAOS. For information on managing and configuring DDM, refer to the Domino wiki article, “Domino Domain Monitoring (DDM).” www.biztek.pl
  19. 19. 19Answer 4 (3)Characteristics In place, space In place, space Copy-style recovery recovery with file size reductionDatabases that use it when compact Logged databases Unlogged Databases withruns without options with no pending databases with no pending structural structural changes pending structural changes changesDatabases you can use it on Current release Current release Current release (need -c)Relative speed Fastest Medium SlowestUsers can read databases during Yes Yes No (unless -L optioncompacting used)Users can edit databases during Yes Yes NocompactingReduction in file size No Yes YesExtra disk space required No No Yes www.biztek.pl
  20. 20. 20Question 5The Domino server running Lotus Traveler must have which of the following access rightsto the user mailfiles it will be serving to mobile devices? A. Author with delete rights B. Editor with delete rights C. Designer with delete rights D. Manager with all rightsAnswer: D www.biztek.pl
  21. 21. 21Answer 5 (1) Overview• IBM® Lotus Notes® Traveler provides automatic, two-way, over-the-air syncing between Lotus® Domino® servers and wireless handheld devices, including Android devices, Windows Mobile devices, Nokia S60 Third Edition devices, Nokia S60 Fifth Edition devices, Nokia Symbian^3 devices, and select mobile devices running the ActiveSync protocol, such as Apple devices. Lotus Notes Traveler syncs email, calendar, to-do, address book, and journal data in real time.• IBM Lotus Notes Traveler provides automatic, two-way, over-the-air synchronization capability between Lotus Domino servers and wireless handheld devices, including Android devices, Windows Mobile devices, Nokia S60 Third Edition devices, Nokia S60 Fifth Edition devices and select mobile devices running the ActiveSync protocol.• New mail messages from the Lotus Domino server arrive on your device automatically and can trigger a notification event, such as a tone or a device vibration. Updates made on the device, such as sending a new mail message or changing a calendar entry, sync with the server as soon as a network connection is available.• Lotus Notes Traveler provides a simple, easy-to-use interface with a minimal number of configuration settings. You can customize how much data is synced with the device to optimize the use of device memory.• The Lotus Notes Traveler 8.5.3 server is installed on a computer running Lotus Domino 8.5.3 and runs as a Lotus Domino server task. For basic configurations, the Lotus Notes Traveler component operates immediately following installation with minimal input required from an administrator. All day-to-day administrator activities are performed using the IBM Lotus Domino Administrator client and the Lotus Domino remote administration console. Lotus Notes Traveler uses the Domino directory to automatically look up and find users, so there is no manual enrollment procedure.• If you are an IBM Lotus Notes or Lotus iNotes® user, then you are already enabled as a Lotus Notes Traveler user. Mobile handheld device users only must install the client software depending on the device, and direct the device to a Lotus Notes Traveler server. The device automatically registers with the server and syncing begins immediately for the device. www.biztek.pl
  22. 22. 22Answer 5 (2)• The primary method for Lotus Notes Traveler clients communicating with the Lotus Domino server is through an over-the-air communication channel. Examples include, cellular General Packet Radio Service (GPRS), WiFi (802.11x) or 3G. The Lotus Notes Traveler client works with any secure virtual private network (VPN) installed on the device. It also provides integrated support with IBM Lotus Mobile Connect. By using Lotus Mobile Connect, you take advantage of the roaming and secure communication features that logically extend the enterprise network to the mobile device, regardless of the physical network that the device is using. The Lotus Notes Traveler client can connect using public GPRS or GSM (Global System for Mobile communications) networks and still maintain the security and presence of being on a company intranet. Data transmitted between the device and server is compressed to reduce the data traffic to a minimum, which is important over slow traffic links. www.biztek.pl
  23. 23. 23Answer 5 (3)• The Lotus Notes Traveler server is installed and runs on an IBM Lotus Domino server. The server must have access to the mail files of mobile Lotus Notes Traveler users. • Manager access with all rights - it needs access to add anything, edit anything, delete anything, and update the read/unread marks.• These mail files are either located on the same server as the Lotus Notes Traveler server or they are hosted on remote Domino servers. Lotus Notes Traveler uses a Lotus Domino directory to find the home mail server for a Lotus Notes Traveler user. If the mobile users are not present in the local Domino directory (names.nsf), then Lotus Domino directory assistance must be configured so that these users can be found in remote Domino directories. www.biztek.pl
  24. 24. 24Question 6Which setting on a Domino 8.5.2 Desktop Policy allows you to add or modify the clientsnotes.ini parameters? A. Preferences - notes.ini B. Custom Settings - notes.ini C. Custom Settings - Managed Setting D. Basics - Notes ParametersAnswer: B www.biztek.pl
  25. 25. 25Answer 6 (1) Administration - new features (8.5.2)• Administrators can use new settings on the Mail tab of the Desktop Settings document in the Domino Directory (NAMES.NSF) to configure "managed" mail replicas. • Note: Users also have the ability to use a managed mail replica in the Lotus Notes client by modifying NOTES.INI settings. The Desktop Settings document in the Administrator client allows administrators to delivery this capability to users more gracefully.• Managed mail replicas improve upon previously available local mail replicas in several ways. The Notes client can create, populate, and synchronize managed replicas in the background without user intervention. Notes can also automatically run fixup, if needed, on managed replicas, and if they become corrupted, Notes can delete and recreate them without user intervention. Both of these operations will occur without the users awareness, as the user is redirected seamlessly to the server replica. In addition, managed replicas control space usage in several ways, including truncation of large documents until the user retrieves them, and limiting the number of days of mail replicated to them.• The administrator can use a Desktop Settings policy to mark local mail replicas as managed mail replicas. With the appropriate policy settings, both existing and newly created local mail replicas can become managed replicas. www.biztek.pl
  26. 26. 26Answer 6 (2)• Notes 8.5.2 introduces the managed replica, which is a variation of a standard local replica of the users mail file. The managed replica has the special characteristic of being used "automatically" when the user is connected on a server-based location.• It also has the capability of containing full documents for a section (based on time/date) of the mail file and truncated content for the rest (older data).• The concept of a local replica of a users mail file and the use of a local outgoing mailbox to send mail has been with Notes almost since its inception. Previously these features were utilized by configuring a location to use a local mail file, causing the client to use a local outgoing mailbox automatically. In addition, the replication schedule has to be configured so that the local replica will replicate with the server- based mail file.• At a fundamental level, the managed replica extends the capabilities of a local mail replica and a local outgoing mailbox to those locations where the user remains connected to a Domino server. In this configuration, (connected location with managed replica) when the user opens the mail file the client code will detect that a managed replica for the file exists, open that managed replica (locally), and present the user with the view of the mail from the local file. Updates, sending of mail, and receipt of new mail will happen as when the Notes user uses a standard local replica with a local outgoing mailbox. Synchronization occurs just as always, in the client replicator between the server-based files (mailbox, mail file) and local mail. The client will be configured to perform this synchronization in as timely a manner as possible (details in a later section). The target user for this feature is a user who is connected to a Domino server for mail but on a network or line that can have high latency issues (for example, LLN2). By moving all network I/O between local and server files to the background client replicator, the users interface will never be blocked waiting for an I/O to complete. All the users operations will occur on the local files. www.biztek.pl
  27. 27. 27Answer 6 (3) www.biztek.pl
  28. 28. 28Answer 6 (4) www.biztek.pl
  29. 29. 29Answer 6 (5) Detailed information for the notes.ini Keyword: ECLSetup• Short Description: forces the Notes client to merge the Execution Control List (ECL)• Description: The NOTES.INI variable ECLSetup forces the Notes client to merge the Execution Control List (ECL) settings from the Administration ECL, located on the users home server, with the client workstation ECL.• The options are: • 0 - Merge the Administration ECL from the home server specified in the Location document. The resulting workstation ECL will have all entries specified in the Administration ECL, and any entries that were in the workstation ECL but not in the Administration ECL. Any entries that were in both will be overwritten by the entries in the Administration ECL. • 3 - No specific action is necessary. This is the default setting after initial client setup. • If the value for this setting is 3 but Notes doesnt find an ECL for the current user in the desktop-for example, when multiple users with individual Notes IDs are sharing a desktop and one of them is a new user-Notes will create an ECL for that user and merge the Administration ECL from the home server specified in the Location document.• Default value: None• Syntax: ECLSetup=0/3 (Example: ECLSetup=0)• UI equivalent: None (Applies to: Workstations) www.biztek.pl
  30. 30. 30Question 7Where would Andrew configure a policy setting to ensure his users contacts are availableon the server? A. Desktop Settings - Basic Tab B. Mail Settings - Contacts Tab C. Mail Settings - Contacts Tab D. Desktop Settings - Preferences TabAnswer: A www.biztek.pl
  31. 31. 31Answer 7 (1) www.biztek.pl
  32. 32. 32Question 8A user in your domain requires a change to their surname and you have generated theproper name change request in admin4.nsf. Which of the following are required to utilizethe names list of a database found in Domino 8? A. The names list must not exceed 10 Kb B. The database must be on the Domino 8 ODS C. The database must have a custom view titled "($Names)" D. LocalDomainServers must have designer access to all databases on the serverAnswer: B www.biztek.pl
  33. 33. 33Answer 8 (1)• On-Disk Structure (ODS) information for converting database applications For databases that you do not want converted to the new Domino 8 format when compact runs on the Domino 8 server, pull a new local replica of the database with an .ns6 extension. Renaming the file extension at the operating system prompt will not prevent the database from being converted.• IBM Redbook "Lotus Notes and Domino 8 Deployment Guide" page 60, explains how to upgrade the ODS and benefits. It is listed as "highly recommended" to upgrade the ODS AFTER the Domino system administrator ensures that the Domino server is stable at the new Domino 8 code level.• Note: The ODS level will not be upgraded unless a copy-style compact is run on each server, not just the administration server. The new ODS version is not enabled by default for new or upgraded Domino applications so those databases will not be converted by compact when default settings are used. It is only enabled if the notes.ini file setting, CREATE_R8_DATABASES=1, is added. www.biztek.pl
  34. 34. 34Answer 8 (2)• To summarize, the new ODS provides Database names list for user renames potential improvements for I/O and • During a Notes user rename, a series of folder optimization. administration requests are processed• It is also a requirement for the to update the user’s name details in all implementation of the following new areas that affect authentication, mail features: routing, and access control for that user. • Database names list for user • Part of this processing involves updating renames the user name in Reader and Author • Design compression fields. • This administration process can be resource intensive, since it must check inside every document in every database to determine whether a given user’s name is present for updating. www.biztek.pl
  35. 35. 35Answer 8 (3)• For databases that use the new ODS48, this area of the user rename process has been streamlined.• These databases store a names list, which is a master list of all the user names listed within any document in that database.• The names list is created automatically for all ODS48 databases. There is no requirement to enable the function and no options to configure it. In a mixed environment with a Domino 8 administration server and Adminp template, Domino 7 servers process renames in their usual way.• During a user rename process, the administration process first checks the master names list (in ODS48 databases) to determine whether any of the documents in that database list the user in reader or author fields. If the user’s name exists in the names list, the administration process searches through every document in the database to process the rename. If the user’s name does not exist on the names list, no more processing is completed for that database. www.biztek.pl
  36. 36. 36Question 9Which of the following is the name of the process in which you periodically force theupdate of new public and private keys stored in server id files? A. Key update B. Key rollover C. Applied keyfile D. Forced recertificationAnswer: B www.biztek.pl
  37. 37. 37Answer 9 (1) User and server key rollover• Key rollover is the process used to update the set of IBM® Lotus® Notes® public and private keys that is stored in user and server ID files. Periodically, this set of keys may need to be replaced - as a precaution against undetected compromise of the private key; as a remedy to recover from a known compromise of the private key; or to increase security by updating to a larger key.• You configure triggers to initiate user key rollover through a security settings policy document, and for the server key rollover, in the Server document. Triggers include: • Existing key size • Issue date of existing key • Age of existing key• Key rollover gives administrators the ability to deploy replacement keys to groups of users through a security settings policy document.• Lotus Notes users can also trigger key rollover through the "Create New Public Keys" button on the User Security dialog box. If they choose Authentication protocol to as the certificate request method, the current keys are rolled over just as if it were triggered by a policy setting. If they choose "Mail Protocol," the R6 and earlier mail method is used. www.biztek.pl
  38. 38. 38Question 10What is the lowest level of rights in the Domino Directory ACL to allow the creation ofgroups? A. Author with the Group Creator Role B. Editor with the Group Manager role C. Designer with the Group Maintainer role D. Reader with the Group Administrator roleAnswer: A www.biztek.pl
  39. 39. 39Answer 10 (1)• Access levels assigned to users in a database ACL control which tasks users can perform in the database. Access level privileges enhance or restrict the access level assigned to each name in the ACL. For each user, group, or server listed in the ACL, you select the basic access level and user type. To further refine the access, you select a series of access privileges.• Note If you are designing a template (an .NTF file) for others to use to create applications, make sure the default access is at least Reader so that users and/or servers can successfully read from the template when creating or refreshing .NSF files based on that template.• Access levels assigned to servers in a database ACL control what information within a database the servers can replicate.• To access a database on a particular server, a Notes user must have both the appropriate database access specified in the ACL as well as the appropriate access specified in the Server document in the Domino Directory.• Caution Administrators who are listed in the Full Access Administrators, Administrators, and Database Administrators fields in the Server document are allowed to delete any database on the server, even if they are not listed as managers in the database ACL. www.biztek.pl
  40. 40. 40Answer 10 (2) Access level Allows users to Assign to Manager Modify the database ACL. Encrypt the database. Two people who are responsible for the database. Modify replication settings. Delete the database. Perform all tasks allowed by lower access levels. Designer Modify all database design elements. Create a full-text search index. A database designer and/or the person responsible for design Perform all tasks allowed by lower access levels. updates. Editor Create documents. Edit all documents, including those created by others. Any user allowed to create and edit documents in a database. Read all documents unless there is a Readers field in the form. If there is a Readers field, the Editor must be listed to be able to read or edit the document. Author Create documents if the user or server also has the Create documents access Users who contribute documents to a database. level privilege. When you assign Author access to a user or server, you must also specify the Create documents access level privilege. Edit the documents where there is an Authors field in the document and the user is specified in the Authors field. Read all documents unless there is a Readers field in the form. If there is a Readers field, the Author must be listed to be able to read documents. Reader Read documents where there is a Readers field in the form and the user name Users who only need to read documents in a database but not is specified in the field. create or edit documents. Depositor Create documents. Users who contribute documents but who do not need to read or edit their own or other users documents. For example, use Depositor access for a ballot box application. No Access Have no access, with the exception of options to "Read public documents" and Terminated users, users who do not need access to the database, "Write public documents." These are privileges that designers may choose to or users who have access on a special basis. Note You may want grant. to specifically assign No Access to individuals who should not have access to a database, but who may be members of a group that does. www.biztek.pl
  41. 41. 41Question 11Domino roaming for the Notes standard configuration clients in Domino 8.5 and higheroffers the ability to synchronize which of the following? A. A notebook database and user ID file B. The user ID file and local Eclipse XML configuration files C. A feeds subscription database and an Eclipse plug-in data and preferences database D. The Activities plug-in configuration and the integrated Sametime Connect configurationsAnswer: C www.biztek.pl
  42. 42. 42Answer 11 (1)• Below is a summary of the changes introduced for the Roaming User functionality in Notes and Domino 8.5.• 1. Roaming the Notes 8.5 Standard configuration• Notes/Domino 8.5 introduces support for roaming the Notes 8.5 standard configuration. This is achieved through the addition of two roaming applications: • The Roaming User Data application (roaminguser.nsf), which stores a users Eclipse-based configuration information. • The Feed Content application (localfeedcontent.nsf), which stores a users feeds subscription information.• 2. File server roaming • Notes/Domino 8.5 introduces file server roaming. This option addresses the needs of customers in remote locations who do not have a "local" Domino server yet need a way for users to roam between multiple workstations. • File server roaming is configured using the new Roaming policy settings document. • Users who are configured for file server roaming have a new Notes User Preference that enables them to manually enable and disable roaming. www.biztek.pl
  43. 43. 43Answer 11 (2)• 3. New "Roaming User Applications" folder on the replication page • In the Notes 8.5 client, the files that roam are grouped on the Replication page in a folder called "Roaming User Applications.” • The data that roams for the Notes 8.5 client standard configuration is the same for both Domino server and file server roaming.• 4. Mail signature effectively roams • In addition to the Eclipse-based configuration and RSS feeds, there is another aspect of Notes that effectively "roams" in ND8.5: • The personal signature for mail messages. The signature in Notes 8.5 is stored in the Mail file. This change enables roaming users to access the signature from any machine from which they can access their mail file. www.biztek.pl
  44. 44. 44Question 12Charlie is preparing an upgrade of the Notes clients and is testing the Smart UpgradeTracking feature.When he tries to manually initiate a Smart Upgrade he receives the error "File Does NotExist". What could be the cause of this error? A. A Desktop Policy is not configured B. The id file is missing from the person document C. The Smart Upgrade Tracking database is not named "Smart Upgrade Tracking" D. The Smart Upgrade Tracking database name is incorrect in the Desktop PolicyAnswer: D www.biztek.pl
  45. 45. 45Answer 12 (1)• The Lotus Notes/Domino Smart Upgrade Tracking Reports is a system template, used to create a database(s) that store information about smart upgrade attempts that occur from Notes workstations or Domino servers in the domain.• Server administrators and Notes support staff should look at the Lotus Notes/Domino Smart Upgrade Tracking Reports often to see if: • Notes workstations or Domino servers are smart upgrading successfully • Notes workstations or Domino servers are experiencing smart upgrade problems • There are similar repeated smart upgrade failurs across the same or different Notes workstations or Domino servers • If appropriate, reporting of the smart upgrade failures to a service provider or directly to IBM technical support www.biztek.pl
  46. 46. 46Answer 12 (2) Creating a Smart Upgrade Tracking Reports database• From the IBM® Lotus® Domino® Administrator client, choose File - Application - New.• In the New Application dialog box, specify the server name and database title.• Enter a file name in the File Name field.• Click Template Server, and then choose the server on which the database will reside.• Select the Show advanced templates check box.• Select Lotus Notes/Domino Smart Upgrade Tracking Reports (LNDSUTR.NTF) from the list of template names, and then click OK. www.biztek.pl
  47. 47. 47Answer 12 (3)• There are the following requirements: • Lotus Notes/Domino Smart Upgrade Tracking Reports exist on the server. • Mail-in database configuration document. • The Smart Upgrade Tracking Reports database is configured in the Desktop Settings document in the Domino Directory. www.biztek.pl
  48. 48. 48Answer 12 (4) www.biztek.pl
  49. 49. 49Question 13Terry is working on a document in a database on a server that is DAOS enabled. While inthe document, Terry replaces the attachment with a new version. Which of the followingoccurs to the attachment in the DAOS store? A. The server adjusts references to the attachment in DAOS B. The server removes the reference from all mail files that pointed to that original file reference C. The server removes the previous attachment entirely from DAOS and inserts the link to the new attachment D. The server sends the full previous attachment to all user mail files that pointed to that original file referenceAnswer: A www.biztek.pl
  50. 50. 50Answer 13 (1)• What about when attachments are modified or copied? • DAOS code recognizes when an attachment is updated and stores the new copy as another .NLO file • DAOS can also recognize a copied/pasted attachment and references the already existing .NLO www.biztek.pl
  51. 51. 51Question 14You have elected to create a marker so clients can update their reference to a databasecalled MARKETING.NSF. However, you did not select a designated destination server.Which of the following is the result of this action? A. The client will remove the bookmark reference for the database B. The client will search all servers in the domain for a replica of the database and modify the bookmark C. The client will search all known cluster servers only for a replica of the database and modify the bookmark D. The client will prompt the user to specify servers to search for a replica of the database and modify the bookmarkAnswer: A www.biztek.pl
  52. 52. 52 Answer 14 (1) Deleting databases • To keep a server performing efficiently and to free disk space, delete databases that are no longer active. • To delete databases from a cluster server, you use the Cluster database tool in the IBM® Lotus® Domino™ Administrator. • To delete databases on non-cluster servers, select the databases and delete them manually, or use the Delete database tool in the Domino Administrator to have the Administration Process deletes replicas of the database. • Within a cluster of servers, you create a number of replicas for each database to ensure user access to an updated replica even if a particular cluster server becomes unavailable. You can mark a cluster replica for deletion while users are working with the replica. Domino then prevents new users from accessing the marked replica and deletes the database after all current users exit the database. Before deleting the database, Domino replicates any changes to other replicas in the cluster.www.biztek.pl
  53. 53. 53 Answer 14 (2) Deleting a non-cluster database and its replicas using the Administration Process • Make sure you have Manager access in the database ACL. • From the Domino Administrator, select the server that stores the database you want to delete. • Click the Files tab. • Select the database to delete. • Click Database - Delete. The Confirm Database Delete dialog box appears. • Optional) Select "Also delete replicas of this database on all other servers" if you want the Administration Process to delete other replicas. • If you are using Domino 8.0 or more recent, and you are using the database redirect feature, you have the option of choosing one or both of these check boxes: • Create a marker that allows clients to update their references to this database. Select this option if you are using the database redirect feature and you want to allow IBM® Lotus® Notes® clients to update their database references to the database you are deleting. The Notes client will update references such as bookmarks and desktop shortcuts to access a replica of the deleted database. • Redirect clients to the following server. Select this option if you are using the database redirect feature and you want to specify the server that contains the database replica that clients should use in their updated database references. Specify the server name. • Click OK. Database redirects without referencesIf a database redirect exists, but due to database deletes or moves contains no reference to a database, the client removes its references to the original database. www.biztek.pl
  54. 54. 54Answer 14 (3) Redirecting client references to databases• Use the IBM® Lotus® Domino™ database redirect feature to redirect IBM® Lotus® Notes® client references from deleted or moved databases to a database replica that you specify. When a Notes client attempts to open a database instance which no longer exists, it uses the database redirect information to remove or update references on the client. The database redirect notifies the client that the database has been deleted or moved. Client references to databases and servers reside in many places, and database redirects are used on the users desktop or workspace, in bookmarks, and also by the replicator. Database redirects may also be used with resource links. Redirects are not used by the Open Application dialog box nor by scripts. Database redirects and database moves• When you move a database, the Move Database dialog box offers an option to create a database redirect that allows clients to update their references to the database you are deleting.Database redirects and database deletes• When you delete a database, the Confirm Database Delete dialog box contains an option to create a database redirect that allows clients to update their references to the database you are deleting as well as an option to redirect clients to another server. If the redirect server name is set, it must not be the same server on which the deletion is to take place. If all replicas are to be deleted, the redirect server must not be in the same domain.Database redirects without references• If a database redirect exists, but due to database deletes or moves contains no reference to a database, the client removes its references to the original database. www.biztek.pl
  55. 55. 55Question 15Which server console command adds or changes a setting in the NOTES.INI file? A. Load update B. Enter change C. Set Configuration D. Update notes variableAnswer: C www.biztek.pl
  56. 56. 56Answer 15 (1)• To improve view indexing performance, you can run multiple Update tasks.• Set Configuration Set Configuration setting• This command adds or changes a setting in the NOTES.INI file.• Tip: You can also use the IBM® Domino Administrator to add or change (edit) many settings in the NOTES.INI file using the Configuration Settings document.• Example: • Set Configuration Replicators = 3 • Set Configuration Names = Names,Westnames www.biztek.pl
  57. 57. 57Question 16In Domino 8.5, when the router is running in a steady state and a new message isdeposited in MAIL.BOX, a copy of the message is made and placed on a mailbox eventqueue which is then used by a new MailEvent thread in the router.Which of the following is this feature? A. Mailbox copy services B. Router threaded delivery C. Mailbox event notification D. Mail queue delivery schedulerAnswer: C www.biztek.pl
  58. 58. 58Answer 16 (1) Mailbox event notification (new in 8.5)• Router optimizations is a series of enhancements and changes to the Domino mail router designed and implemented to reduce latency, that is, to reduce the amount of time between when a message is sent and when it is delivered, to contribute to reduced I/O, and to address scalability issues caused by a large message backlog. Mailbox event notification is also a router optimization.• In Domino, when the router is running in a steady state and a new message is deposited in MAIL.BOX, a copy of the message is made and placed on a mailbox event queue which is then used by a new MailEvent thread in the router.• The router then uses this copy of the message without having to search MAIL.BOX to discover new messages nor perform a full note open for use in transfer or delivery. The message is cached and additional copies of this message are made as needed for multiple recipients. www.biztek.pl
  59. 59. 59Question 17Streaming cluster replication uses which of the following to move unread marks andfolder additions to clustered servers? A. In-memory information B. Scheduled replication C. A temporary index directory D. A database titled clurep.nsfAnswer: A www.biztek.pl
  60. 60. 60Answer 17 (1)• Domino 8.X Clusters - new features: • Improved server availability in a cluster - You can allow the use of auxiliary ports by entering this setting in the servers NOTES.INI file: Server_Cluster_Auxiliary_Port. Use this setting to improve the availability of servers in a cluster. • Streaming cluster replication - Streaming cluster replication (SCR) takes advantage of the fully connected nature of clusters and data streaming to produce a low-overhead cluster replicator. SCR decreases the scheduled replicator overhead for clusters and provides a significant reduction in cluster replicator latency.• Streaming cluster replication (SCR) takes advantage of the fully-connected nature of clusters and data streaming to produce a low-overhead cluster replicator. SCR decreases the scheduled replicator overhead for clusters and provides a significant reduction in cluster replicator latency. As changes occur, for example, note changes, unread changes, and folder changes, the changes are captured and immediately queued to other replicas in the same cluster. The result is a more efficient cluster replication.• If your cluster contains any combination of current-release Domino servers and servers running releases earlier than 8, for the pre-Domino 8 servers, regular cluster replication is used to replicate between current and previous-release servers. www.biztek.pl
  61. 61. 61Answer 17 (2)• Domino enables SCR when the following sequence of events occurs: • A database is opened • Cluster replication replicates a change to another Domino (current-release) clustered replica • All references to the database are closed • A database is opened • On future changes in the database that needs to replicate, SCR replicates the change to the other Domino (current-release) servers.• If SCR encounters any errors during replication, it returns control of the database to the standard cluster replicator to replicate the change and bring the database in sync.• As a change occurs to a clustered servers database, the specific change is "captured" and the change is immediately queued for replication to the source servers Domino (current- release) cluster mates that have a replica of the database. When the destination cluster- mates receive the change, they apply it to their replicas.• The performance benefits of streaming cluster replication are: • SCR does not perform operations, such as database opens and note opens, across the network. Database changes are sent to the replicas with the assumption that the database replicas need the change. • SCR does not have to replicate one-to-one with each cluster-mate for a database that has changed. • The latency time for replication is immediate with SCR. www.biztek.pl
  62. 62. 62Answer 17 (3)• When a document is read in the Domino Web Access mail file, unread mark processing similar to the unread mark processing used in the Notes Client updates a copy of the unread mark table cached in memory, removing the noteid from the Unread Mark table.• However, for the Domino Web Access client this memory copy is cached at the server, whereas for the standard Notes Client the cache is maintained at the client.• When the Domino Web Access user closes the open session, the table is written back to the database in the same way that it is written when the session is closed from the Notes Client. www.biztek.pl
  63. 63. 63Question 18Users in your Domino environment are members of multiple groups in the DominoDirectory. You have implemented dynamic policies also.Which of the following occurs particularly when a user is a member of multiple groupsthat have alternate dynamic policies assigned? A. The user receives the configurations from all the dynamic policies B. The user receives the configurations from the last applied dynamic policy C. The user receives the configurations from the first applied dynamic policy D. The user receives no configurations from any of the dynamic policies until the conflict is resolvedAnswer: A www.biztek.pl
  64. 64. 64Answer 18 (1) Group Precedence• A user can only have one explicit policy or one organizational policy, but they since they can be in several groups they could have multiple dynamic policies.• In that case the group precedence is used. The precedence is defined in the Domino Directory under People -> Policies -> Dynamic Policies.• Like how precedence works with the three levels of policies, precedence only comes into play when more than one policy has a value for a particular setting. Otherwise, the setting is just merged into the effective policy. Therefore if you do have two dynamic policies with the same setting, the one with the greatest precedence (the lowest numerical value) will win.• When an effective policy is being created for a user, all of the dynamic group settings will be resolved before the precedence with explicit and organizational policies are resolved. When a new dynamic policy is created, it will automatically be given the lowest precedence value. www.biztek.pl
  65. 65. 65Question 19In Domino 8.5, you have the ability to perform key rollover for certifiers. Where is this keyrollover configured? A. Domino Server document B. Domino administrator client C. Domino Server configuration document D. Domino administration process database (admin4.nsf)Answer: B www.biztek.pl
  66. 66. 66Answer 19 (1) Rollover certificates (started in 8.0.1)• In order to support certifier key rollover, the Domino trust model has been extended to include a new type of certificate - the rollover certificate.• These are certificates issued by an entity to itself. In a hierarchical certificate, there is a single issuer name, a single subject name, and a single subject key. In a rollover certificate, there is a single name (which is both the issuer and the subject) and two subject keys: one key is used to sign the certificate and attests to the fact that the subject name is legitimately in possession of the other key.• Generally, when a key is rolled over, two rollover certificates are issued: one signed by the old key saying that the new key is valid; and the other signed by the new key saying that the old key is valid. Each certificate has its own expiration date.• Rollover certificates are essential for limiting the expiration dates of certificates issued to the older keys. One of the reasons for rolling over a key is that a former key has been compromised, or at least be considered to be old enough that the probability of compromise is considered unacceptable. In such cases, by limiting the expiration date specified in a rollover certificate, it is possible to limit the lifetime of a formerly issued child certificate by specifying an early enough expiration date in the rollover certificate. www.biztek.pl
  67. 67. 67Answer 19 (2)• Rolling over a certifier affects the the whole organization. Once you have rolled over a certifier, you must roll over or recertify all user IDs, server IDs, and cross- certificates that were issued by that certifier.• The best way to rollover an entire customer site is to start at the top and work down. Begin by rolling over the root CA, and then the OU CAs. Then roll over server and user keys. If a user or server key is rolled over befor that of the parent CA, then the new user or server key will need to be certified twice -- once with the current (old) CA key, and then again when the CA key rolls over. The extra recertification is expensive, in terms of time and and effort: user and server recertification require adminstrator intervention, as well as the replication of Person and Server documents.• Note Clients using IBM® Lotus® Notes® releases earlier than 8.0 cannot accept CA rollover certificates. Therefore, if you have a mixed-release client deployment, you cannot proceed with CA key rollover until all users are upgraded to the Lotus Notes 8 client. • First, you must assign a new key pair to the certifier. • Roll-over or re-certify server IDs that were issued by that certifier. • Roll over or re-certify user IDs that were issued by the certifier. • Re-certify cross-certificates that were signed by the certifier. www.biztek.pl
  68. 68. 68Answer 19 (3) Assigning a new key pair to a certifer• Perform the following steps to assign a new key pair to a IBM® Lotus® Domino® certifier and rollover the current key pair. • In the Domino Administrator, click Configuration - Certification - Rollover Certifer Keys. • In the Generate New Certifier Key dialog box, click Directory Server and specify a registration server in the list box that appears. • Click ID file. In the Choose Certifier ID dialog, select the certifier ID file for which you want to assign new keys. • At this point, the options in Generate New Certifier Key dialog box change, depending on whether you chose a top-level certifier ID or an intermediate one.• If you chose a top-level certifier ID, the Generate New Certifier Key dialog now has the following information: • "The selected certifier is a top-level certifier and will re-certify itself." • Click OK. This generates the new key pair and adds it to the top-level certifier ID. • If you chose an intermediate-level certifier ID, the Generate New Certifier Key dialog now has the following information: • "The selected certifier is not a top-level certifier and must be recertified by its parent certifier." • Click "Certify Using..." The Choose a Certifier dialog box appears. • Choose one of the following: • "Supply certifier ID and password" to select the certifier ID of the parent certifier for the target CA ID file. • "Use the CA process" to send a request to the Admin Process database on the registration server so that the certificates will be issued by the CA process. • Click OK. This generates the new key pair and adds it to the top-level certifier ID.• If the administrator opts to assign the keys directly to the certifying certifiers ID file, rather than choosing to use the CA process for key rollover, then key rollover happens immediately. However, if the CA process is chosen, the rollover sequence does not occur until the ID file of the CA being rolled over is opened to issue a certificate. When that happens, the directory on the Registration server is searched for new certificates to be added to the certifier ID file. www.biztek.pl
  69. 69. 69Answer 19 (4) www.biztek.pl
  70. 70. 70Question 20Creation of the cross-certificates that are needed to establish vault trust and passwordreset authority requires access to a parent certifier ID file of the user IDs to be stored inthe vault. Which of the following are not supported? A. IDs of Domino Web Access users B. Users on multiple servers in the same domain C. Utilizing the CA process when creating the certificates D. Locating two different organizational certifiers in the same vaultAnswer: C www.biztek.pl
  71. 71. 71Answer 20 (1) ID vault limitations• Be aware of the following current ID vault limitations: • Creation of the cross-certificates that are needed to establish vault trust and password reset authority requires access to a parent certifier ID file of the user IDs to be stored in the vault; you cannot use the CA process when creating these certificates. Additionally, performing certificate authority key rollover on these certifier IDs is not supported. • Note You can use the CA process when registering users into the vault. • Smartcard-enabled IDs cannot be stored in a vault. • All replicas of a vault must be located within a single Domino® domain and all vault users must have home servers in that domain. Note, though, that users under different organizational certifiers can all use one vault, as long as their home servers are within the same Domino domain as the vault. www.biztek.pl
  72. 72. 72Question 21Antonio was in the process of registering users for his Domino domain. He had to stop inthe middle of creating new users with numerous users left to register. What database onhis local machine is the list of pending users for registration? A. userreg.nsf B. usercache.nsf C. certlog.nsf D. register.nsfAnswer: A www.biztek.pl
  73. 73. 73Answer 21 (1) www.biztek.pl
  74. 74. 74Question 22The Managed Settings option under Custom Settings in the Desktop Policy for Domino8.5.2 requires which parameters? A. A. Item, Value, Widget Title B. Preference, Value, Plugin Name C. Item, Value, Plugin Name D. Preference, Widget Title, ValueAnswer: C www.biztek.pl
  75. 75. 75Answer 22 (1) Managed Settings • On the Managed Settings tab, click Edit list to specify the managed settings that you want to add to or remove from Notes users local plugin_customization.ini file, which is used to control aspects of IBM® Lotus® Notes® installation and usage. • This file is supplied in the Notes installation kit in the deploy directory (deployplugin_customization.ini). Once installed, the file is located at <install_dir>frameworkrcpplugin_customization.ini. • If a setting resides in both the PLUGIN_CUSTOMIZATION.INI file and Domino policy, Domino policy takes precedence. • Some of the settings that you can use in the plugin_customization.ini file are listed below: • Feature trust settings - These settings allow you to define default trust responses for use during user-initiated feature install and update. • com.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=PROMPT • com.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=PROMPT • com.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=PROMPT www.biztek.pl
  76. 76. 76Question 23After DAOS is enabled and functioning on your Domino server, which of the followingoccurs when a recipient opens a document with an attachment that is in the DAOSrepository? A. Attachment icons display with a link icon over the attachment icon B. Attachment icons display a doclink to the attachment stored in DAOS C. Attachment icons display the same as it would on a server without DAOS enabled D. Attachment icons do not show and they are replaced with text that describes the attachment and is linked to the attachmentAnswer: C www.biztek.pl
  77. 77. 77Question 24Private server blacklists are stored in what database? A. names.nsf B. blacklist.nsf C. smtpconf.nsf D. A Domino administrator defined databaseAnswer: A www.biztek.pl
  78. 78. 78Answer 24 (1)• Private whitelists – to specify the hosts • Private blacklists - Use private blacklists to and/or domains to exclude from blacklist specify hosts and/or domains responsible for processing. Hosts that are specified in private sending unnecessary, unwanted mail to your whitelists are exempt from blacklist checks. Internet domain. For consistency, IBM® Lotus® Whitelisted hosts bypass blacklist filter checks Dominos™ private blacklists follow the model but there are other controls which may prevent currently used by existing anit-spam the message from being accepted. Members functionality. of the private whitelist are still subjected to • Private blacklists are stored in the Domino connection, relay, sender, and recipient Directory to simplify the process of controls. Being whitelisted does not guarantee maintaining and distributing blacklist that the message will be delivered to the information between servers. recipient. Whitelists can be used • When private blacklists are enabled, the independently of blacklists. SMTP listener task compares the names of• When private whitelists are enabled, the hosts that may be subject to relay SMTP listener task compares hosts that may enforcement against the private blacklist be subject to relay enforcement against the prior to performing DNS blacklist queries. defined private whitelist. If there is a match, This prevents unnecessary DNS lookups. If the private blacklist, DNS whitelists, and the host is found in the private blacklist, the DNS blacklists are skipped. Otherwise, action specified in the field "Desired action processing continues beginning with the when a connecting host is found in a private private blacklist. blacklist" in the Private Blacklist Filters section of the Configuration Settings document applies. If the host is not found in the private blacklists, processing continues with DNS whitelist filters and then DNS blacklist filters. www.biztek.pl
  79. 79. 79Answer 24 (2)• Whitelists allow messages from specified domains to be received. • IBM supports both private blacklist and whitelist filters. With these configuration settings, it is important to understand how you can reduce spam and to know the order that Domino will check when blacklist and whitelist filters are enabled. • If you enable private whitelist filters, when Domino receives an SMTP connection, it compares the IP address/host name against this list. The field "Whitelist the following hosts" should be used to enter the IP addresses or host names of systems that you want to whitelist. You can also use an asterisk (*) as a wild card. Members of the private whitelist are still subjected to connection, relay, sender, and recipient controls. Being whitelisted does not guarantee that the message will be delivered to the recipient. www.biztek.pl
  80. 80. 80Question 25Charlie is preparing an upgrade of the Notes clients and is testing the Smart UpgradeTracking feature. When he tries to manually initiate a Smart Upgrade he receives theerror "File Does Not Exist". What could be the cause of this error? A. A Desktop Policy is not configured B. The id file is missing from the person document C. The Smart Upgrade Tracking database is not named "Smart Upgrade Tracking" D. The Smart Upgrade Tracking database name is incorrect in the Desktop PolicyAnswer: D www.biztek.pl
  81. 81. 81Answer 25 (1)• The Lotus Notes/Domino Smart Upgrade Tracking Reports is a system template, used to create a database(s) that store information about smart upgrade attempts that occur from Notes workstations or Domino servers in the domain.• Server administrators and Notes support staff should look at the Lotus Notes/Domino Smart Upgrade Tracking Reports often to see if: • Notes workstations or Domino servers are smart upgrading successfully • Notes workstations or Domino servers are experiencing smart upgrade problems • There are similar repeated smart upgrade failurs across the same or different Notes workstations or Domino servers • If appropriate, reporting of the smart upgrade failures to a service provider or directly to IBM technical support www.biztek.pl
  82. 82. 82Answer 25 (2) Creating a Smart Upgrade Tracking Reports database• From the IBM® Lotus® Domino® Administrator client, choose File - Application - New.• In the New Application dialog box, specify the server name and database title.• Enter a file name in the File Name field.• Click Template Server, and then choose the server on which the database will reside.• Select the Show advanced templates check box.• Select Lotus Notes/Domino Smart Upgrade Tracking Reports (LNDSUTR.NTF) from the list of template names, and then click OK. www.biztek.pl
  83. 83. 83Answer 25 (3)• There are the following requirements: • Lotus Notes/Domino Smart Upgrade Tracking Reports exist on the server. • Mail-in database configuration document. • The Smart Upgrade Tracking Reports database is configured in the Desktop Settings document in the Domino Directory. www.biztek.pl
  84. 84. 84Question 26What is the issued Certificate list (ICL)? A. A database that stores cross certificates accepted or imported by an id file B. The list of valid certificates contained within the security preferences of an id file C. A database that stores a copy of each certificate issued, certificate revocation lists, and CA configuration documents D. A document that lists each certificate issued, certificate revocation lists, and CA configuration documents accepted by an id fileAnswer: C www.biztek.pl
  85. 85. 85Answer 26 (1)• The Certification Authority (CA) process is a Lotus Domino server task that is used to manage and process certificate requests.• The CA process runs as an automated process on Lotus Domino servers that are used to issue certificates.• When you set up a Lotus Notes or Internet certifier, you link it to the CA process on the server in order to take advantage of CA process activities. www.biztek.pl
  86. 86. 86 Answer 26 (2) Benefits of using the CA process • Does not require access to the Domino certifier ID and password • Supports the Registration Authority (RA) role • Provides a unified mechanism for issuing Lotus Notes and Internet certificates • Simplifies the Internet certificate requests process • Issues certificate revocation lists • Creates and maintains the Issued Certificate List (ICL) • Is compliant with security industry standards for Internet certificates, such as X.509 and PKIXwww.biztek.pl
  87. 87. 87Answer 26 (3) www.biztek.pl
  88. 88. 88Answer 26 (4) Issued Certificate List (ICL)• Each certifier has an Issued Certificate List (ICL) that is created when the certifier is created or migrated to the CA process. The ICL is a database that stores a copy of each unexpired certificate that it has issued, certificate revocation lists, and CA configuration documents.• Configuration documents are generated when you create the certifier and sign it with the certifiers public key. After you create these documents, you cannot edit them.CA configuration documents include:• Certificate profiles, which contain information about certificates issued by the certifier.• CA configuration document, which contains information about the certifier itself.• RA/CA association documents, which contain information about the RAs who are authorized to approve and deny certificate requests. There is one document for each RA.• ID file storage document, which contains information about the certifier ID.• Another CA configuration document, the Certifier document, is created in the Domino Directory when you set up the a certifier. This document can be modified. www.biztek.pl
  89. 89. 89Question 27Rosie wants to be able to allow her helpdesk team to recover IDs out of the ID Vault butstill know that ids are secure. How does she achieve this? A. Give some helpdesk staff the "IDExport" role in the ACL of the ID Vault B. Set the ID Vault to only allow ID export if two user authorities request it C. Only allow ID export if the helpdesk user also knows the ID password D. Allow helpdesk users to "Request ID Export" which generates an Adminp request for approval by the Domino AdministratorAnswer: C www.biztek.pl
  90. 90. 90 Answer 27 (1) ID vault management roles • Domino administrator access is required to perform all vault configuration and management tasks, with the following exceptions: • Vault administrators can add and remove other vault administrators, can add and remove vault servers, and can delete a vault. Vault administrators have Manager access to the vault. A person must have Domino administrator access to a server to be designated a vault administrator. • A vault administrator assigned the Auditor role in the vault database can extract ID files to gain access to users encrypted data. • Only people with password reset authority can use the Domino Administrator to reset passwords on behalf of users and specify an ID download count limit.www.biztek.pl
  91. 91. 91Question 28Jack wishes to give a user from another organization access to applications on hisprimary application server. Which of the following is the most secure way to allow thisuser Notes acccess? A. Cross-certify your application server id with his organization. B. Cross-certify your application server id with his user id file. C. Cross-certify your organization with his organizational unit. D. Cross-certify your organizational unit with his user id file.Answer: B www.biztek.pl
  92. 92. 92Answer 28 (1) To authenticate with all servers in another organization• This example describes what the Acme company and the ABC company do to allow all users and servers in both organizations to authenticate. • The Acme organization certifier (/Acme) obtains a cross-certificate for the ABC organization certifier (/ABC) and stores it in Acmes IBM® Lotus® Domino™ Directory. • The ABC organization certifier (/ABC) obtains a cross-certificate for the Acme organization certifier (/Acme) and stores it in ABCs Domino Directory.To authenticate with a specific server in another organization• The Acme company wants to let Seascape users who have the hierarchical certification AppDevelopment/Seascape to access their customer support server, CSSUPPORT/East/Acme. • 1. The Acme organizational unit certifier (/East/Acme) has a cross-certificate for the Seascape organizational unit certifier (/AppDevelopment/Seascape) and stores it in Acmes Domino Directory. • 2. The Seascape organizational unit certifier (/AppDevelopment/Seascape) has a cross- certificate for the Acme organizational unit certifier (/East/Acme) and stores it in Seascapes Domino Directory. • This cross-certification enables Kelly Jones/AppDevelopment/Seascape and Jonathan Moutal/AppDevelopment/Seascape to authenticate with the server CSSUPPORT/East/Acme. However, it does not allow these users to authenticate with the Acme server Mail-W/West/Acme. www.biztek.pl
  93. 93. 93Answer 28 (2) www.biztek.pl
  94. 94. 94Answer 28 (3)• Aby wygenerować bezpieczną kopię pliku ID: • Otworzyć zakładkę Configuration. • Wybrać Tools / Certification / ID Properties. • Wybrać plik ID i kliknąć przycisk Open (podać hasło). • Wybrać Your Identity section / Your Certificates. Z menu Other Actions wybrać Export Notes ID (Safe Copy). • Zapisać plik na nośniku. www.biztek.pl
  95. 95. 95Answer 28 (4)• Aby utworzyć cross – certyfikat: • Wybrać zakładkę Configuration. • Wybrać polecenie Tools / Certification / Cross Certify. • Podać serwer rejestracyjny, wybrać pliki ID, które mają podlegać procesowi wzajemnej certyfikacji. • Wybrać tzw. temat wzajemnej certyfikacji (subject). • Podać datę wygaśnięcia certyfikatu i kliknąć Cross Certify.• Uwaga: Na rysunku tylko przykład! www.biztek.pl
  96. 96. 96Question 29Joe has enabled Lotus Traveler policies for his users and has them applied when theuser first installs their client software. He has made recent changes to the policy butusers are not receiving the changes. Joe found that he could manually force the updateby issuing which of the following server commands? A. load traveler client update B. tell adminp process traveler C. load traveler policy manager D. tell traveler process policyAnswer: B www.biztek.pl
  97. 97. 97Answer 29 (1) How do policies get pulled and applied on the client?• When the client authenticates with the users home server, it sends over a hashed value that indicates what policy information it thinks it has stored locally. The server calculates a similar hashed value for what it thinks the client should have. If those values do not match, then the server tells the client that it need to refresh its policies. At this point, the client launches the dynamic configuration process, Dyncfg.exe, passing it flags on the command line that tell it to pull policies. Dyncfg uses the NAMEGetPolicy API, which asks the server to calculate the effective policy for the user, and then stores the effective policies locally in the clients NAMES.NSF database. You can see your locally cached policy documents by opening the hidden $Policies view (via Ctrl-Shift ViewGo To).• After pulling and applying the policies to the client, Dyncfg stores off the new hashed value that it got from the server, to be sent back to the server during the next authentication, which starts this whole process over again. www.biztek.pl
  98. 98. 98 Answer 29 (2) • The policy change is not pushed to the affected users mail database immediately. The admin process task does this push operation periodically, every 6 hours by default. • To update immediately, run the Domino console command: tell adminp process traveler • The initial settings on a users mobile device will use the setting values from a policy if the policy is in effect when the mobile device registers for the first time. When no policy is in effect then built-in defaults are used. The mobile device settings are saved in the users mail database as a device profile. Separate device profiles are maintained for each mobile device the user registers. If the user gets a new device its default settings will come from the current effective policy, if any, when that device registers for the first time. • Once a device profile has been created for a particular device changes to the policy settings have no effect on settings for that mobile device unless the settings are locked. Locking a setting or changing a locked setting value will update the setting value on the device. A mobile device user cannot change setting values from his device for settings that are locked by a policy.www.biztek.pl
  99. 99. 99Question 30Alan has specified multiple Notes network ports available to TCP/IP on the Dominoserver. By default, all TCP/IP -based services on a Domino server listen for networkconnections on all NICs and on all configured IP addresses on the server. How does Alanconfigure Domino to listen to a specific address? A. Bind a port to a specific address in the notes.ini B. Disable all network cards except for the card with the IP address desired C. Configure the physical server to assign all IP addresses to one network card D. Enter specific addresses into Domino IP configuration documents in the Domino DirectoryAnswer: A www.biztek.pl

×