2. 2
IBM Certified System Administrator – Lotus
Notes and Domino 8.5
• In June 2011, the IBM Certification • Individuals who wish to certify on Lotus
Program for Lotus Software announced Notes Domino 8.5, but have not
the restructuring of the Lotus Notes achieved certification on Lotus Notes
Domino 8.5 core certification paths. Domino 7.0 or 8.0 should follow the
• In October 2011, the new core tests applicable path(s) below:
were released. The old exams remained
available for those who had begun the • Pass LOT-925: Installing and
certification process through to the end Configuring IBM Lotus Notes and
of the year. Domino 8.5 AND
• Having been withdrawn on December • Pass LOT-926: Managing and
31st, they are no longer available. Maintaining IBM Lotus Notes and
Domino 8.5 Environments.
www.biztek.pl
3. 3
Test information
• Number of questions: 73 • Covers Lotus Notes Domino 8.5 material
• Time allowed in minutes: 90 as it relates to these competency areas:
• Required passing score: 72% • Defining and Managing Policies.
• Test languages: English • Install and Configure.
• Note: There are 73 scored items and 1 • Mail.
unscored items. • Manage and Maintain.
• Exam Type: Multiple Choice. • Managing Servers.
• Platform Support.
• Security.
www.biztek.pl
4. 4
Question 1
Domino roaming for the Notes standard configuration clients in Domino 8.5 and higher
offers the ability to synchronize which of the following?
A. A notebook database and user ID file
B. The user ID file and local Eclipse XML configuration files
C. A feeds subscription database and an Eclipse plug-in data and preferences
database
D. The Activities plug-in configuration and the integrated Sametime Connect
configurations
Answer: C
www.biztek.pl
5. 5
Answer 1 (1)
• Below is a summary of the changes introduced for the Roaming User functionality
in Notes and Domino 8.5.
• 1. Roaming the Notes 8.5 Standard configuration
• Notes/Domino 8.5 introduces support for roaming the Notes 8.5 standard
configuration. This is achieved through the addition of two roaming applications:
• The Roaming User Data application (roaminguser.nsf), which stores a
user's Eclipse-based configuration information.
• The Feed Content application (localfeedcontent.nsf), which stores a user's
feeds subscription information.
• 2. File server roaming
• Notes/Domino 8.5 introduces file server roaming. This option addresses the
needs of customers in remote locations who do not have a "local" Domino
server yet need a way for users to roam between multiple workstations.
• File server roaming is configured using the new Roaming policy settings
document.
• Users who are configured for file server roaming have a new Notes User
Preference that enables them to manually enable and disable roaming.
www.biztek.pl
6. 6
Answer 1 (2)
• 3. New "Roaming User Applications" folder
on the replication page
• In the Notes 8.5 client, the files that roam are
grouped on the Replication page in a folder
called "Roaming User Applications.”
• The data that roams for the Notes 8.5 client
standard configuration is the same for both
Domino server and file server roaming.
• 4. Mail signature effectively roams
• In addition to the Eclipse-based configuration
and RSS feeds, there is another aspect of
Notes that effectively "roams" in ND8.5:
• The personal signature for mail messages.
The signature in Notes 8.5 is stored in the
Mail file. This change enables roaming
users to access the signature from any
machine from which they can access their
mail file.
www.biztek.pl
7. 7
Question 2
Smart Upgrade Governor is enabled on the server. When a user manually tries to initiate
Smart Upgrade locally they get a dialog box indicating they are unable to upgrade at this
time and to try again later.
What server command can the administrator run on the server to display Smart Upgrade
statistics?
A. SU display
B. sucache show
C. show sugovernor
D. display su state
Answer: B
www.biztek.pl
8. 8
Answer 2 (1)
How Smart Upgrade performs an upgrade
• If the Smart Upgrade Timer on the IBM® Lotus® Notes® client expires, the next time that users log in
to their IBM® Lotus® Domino® home server or its cluster mate, Smart Upgrade does the following:
• Compares the release number of the user's Notes client to the release number specified in the
Source version field of the kit document in the Smart Upgrade database. The Notes client sends
a match pattern to the server including the Notes client's current version, the platform and the
localization. The Install type is also sent. The server then looks for a matching kit.
• If the server finds a match, it sends a flag back to the Notes client indicating an upgrade kit may
exist.
• The Notes client searches the Smart Upgrade database for a match for its current Notes client
version, platform and localization. The Notes client also checks the install type.
• If the user's Deploy version field on the desktop policy settings document is populated with a version
number, Notes compares that version number to the version number specified in the Destination
version field of the kit document.
www.biztek.pl
9. 9
Answer 2 (2)
• Note Specifying the upgrade kit release number in the Deploy version field of the
desktop policy settings document is optional. If that field is blank, but an update kit is
available, Lotus Notes Smart Upgrade skips Step 4 and uses the release number of the
update kit to continue the upgrade process.
• If a match is found, and users are specified or are members of a specified group, Lotus
Notes Smart Upgrade displays a Smart Upgrade dialog box that prompts the users to
upgrade their Notes client.
• Users can update their clients when prompted or delay the upgrade for a specified
period of time. If the user has a policy that specifies an Upgrade deadline and that date
has expired, the Smart Upgrade dialog box displays an "Update Now" button that
forces users to update their Notes client with no options for further delay. If the setting
"Remind me every hour after upgrade deadline has passed" is set in the policy settings
document, users can delay the Smart Upgrade in one hour increments before being
prompted again.
www.biztek.pl
10. 10
Answer 2 (3)
Using Notes Smart Upgrade
• IBM® Lotus® Notes® Smart Upgrade notifies
users to update their Notes client to a later
release. Lotus Notes Smart Upgrade uses
policy and settings documents to help manage
updates. You create policy documents in the
IBM® Lotus® Domino® Directory to distribute
standard settings and configurations across
groups, departments, or entire organizations.
• To use Smart Upgrade as a means of
upgrading Notes clients, you must meet the
following prerequisites:
• Notes client already installed
• Connectivity to a Domino server
• Smart Upgrade database created,
configured, deployed, and enabled
• User's Location documents specify the
correct home server on the Servers tab of
the document
www.biztek.pl
11. 11
Answer 2 (4)
• Use the Smart Upgrade kits template
(SMUPGRADE.NTF) to create the IBM®
Lotus® Notes® Smart Upgrade database that
will store the upgrade kits. The database must
reside on at least one server in the domain.
• If you replicate the Smart Upgrade database
to other servers in the domain, users will have
more choices in the database catalog and
possibly fewer network problems accessing
the update kits.
• In the IBM® Lotus® Domino® Administrator
client, choose File - Application - New.
• In the New Application dialog box, enter
the server name and database title.
• Enter a file name in the File Name field.
• Click Template Server, and then choose
the server on which the database will
reside.
• Select the "Show advanced templates"
check box.
• Select "Smart Upgrade kits" from the box
of template names, then click OK.
• After you create the Smart Upgrade
database, create a database link in your
Configuration Settings document in the
Domino Directory.
www.biztek.pl
12. 12
Answer 2 (5)
Limiting concurrent downloads with the Smart Upgrade Governor
• The Smart Upgrade Governor minimizes administrative overhead by dynamically
limiting Smart Upgrade downloads for kit documents that have attached kits, rather
than requiring groups in Policies or in the Smart Upgrade Kit documents to do this.
• For organizations for which bandwidth is limited, it is suggested that attached kits are used in
the Smart Upgrade Kit documents so that concurrent downloads can be easily managed by
the Smart Upgrade Governor.
• The Smart Upgrade Governor is enabled and configured in the Configuration
document for the server or servers on which the Smart Upgrade database resides:
• Enabled. The Smart Upgrade Governor is active for limiting concurrent downloads on the
server or servers to which this Configuration document applies.
• Disabled. The Smart Upgrade Governor is not in use on the server or servers to which
this Configuration document applies.
www.biztek.pl
13. 13
Question 3
Which of the following are required to be enabled for Server Fast Restart to function?
A. Cleanup Script
B. Fault Recovery
C. maximum Fault Limits
D. Server Shutdown Timeout
Answer: B
www.biztek.pl
14. 14
Answer 3 (1)
• Server Fast Restart allows a new Domino instance to start while NSD diagnostics are
being run on the initial Domino server instance.
• The fault-recovery system is initialized before the Domino Directory can be read.
During this initialization, fault-recovery settings are read from the NOTES.INI file, and
then later read from the Domino Directory and saved back to the NOTES.INI file:
• Open the Server document, click Edit Server, and click the Basics tab.
• In the Fault Recovery section, check "Automatically Restart Server After Fault/Crash
Enabled.
• You can set up fault recovery to automatically handle server crashes. When the
server crashes, it shuts itself down and then restarts automatically.
• A fatal error such as an operating system exception or an internal panic terminates
each Lotus Domino process and releases all associated resources. The startup script
detects the situation and restarts the server.
• Domino records crash information in the data directory. When the server
restarts, Domino checks to see if it is restarting after a crash.
• If it is, an e-mail is sent automatically to the person or group in the "Mail Fault
Notification to" field. The e-mail contains the time of the crash, the server name,
and, if available, the FAULT_RECOVERY.ATT file, which includes additional
failure information from an optional cleanup script.
www.biztek.pl
15. 15
Answer 3 (2)
• Subject: NSD
Host Name : WALTS-T61
User Name : SYSTEM
Date : Fri May 15 11:53:29 2009
Windows Dir : C:Windows
Arguments : "C:IBMLotusNotes8nsd.exe" -dumpandkill -termstatus 1 -
dlgopts showwait -crashpid 4524 -crashtid 5540 -runtime 300 -ini
"C:IBMLotusNotes8notes.ini" -svcreq 128
NSD Version : 8.5.00.8318 (Release 8.5)
OS Version : Windows/Vista 6.0 [64-bit] (Build 6001), PlatID=2, Service
Pack 1 (2 Processors)
Running as 32-bit Windows application on 64-bit Windows
Build time : Sat Dec 6 01:58:24 2008
Latest file mod : Fri Nov 14 21:25:15 2008
Notes Core Version : Release 8.5 (32-bit client)
Notes Standard Version : 8.5_20081211.1925
<@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@>
Section: System Data -> OS Process Table (Time 11:53:36)
<@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@>
<@@ ------ System Data -> Active Users (Time 11:53:36) ------ @@>
UID Name
0 SYSTEM
1013 wseymour
<@@ ------ System Data -> Processes (Time 11:53:36) ------ @@>
INFO PID PPID UID STIME COMMAND
0000 0000 0 ??? [[System Process]: 0000]
0250 0004 0 05/15 11:35:26 [ smss: 0250]
www.biztek.pl
16. 16
Question 4
After enabling DAOS for a mail database on your server which option should be run when
compacting the database for DAOS to take effect?
A. -b
B. -c
C. -D
D.
Answer: B
www.biztek.pl
17. 17
Answer 4 (1)
• Before anything is done with DAOS, there are some • 5. Establish backup/restore processes. It is
prerequisites that must be addressed. important to have reliable backup and restore
• 1. Disable SCOS Shared Mail. Single Copy Object procedures in a production environment, to avoid the
Store (SCOS) is an older approach to attachment possibility of data loss. DAOS adds some complexity
consolidation. This feature is not compatible with to the backup/restore process, so it is important that a
DAOS and must be disabled before you enable well established backup/restore foundation exists for
DAOS. DAOS to build on. Transaction logging introduces
• 2. Disable NSFDB2. NSFDB2 is a feature that some additional features that provide even better
allowed storing NSF data in DB2. This feature is also recovery options.
not compatible with DAOS and must be disabled on • 6. Upgrade Names.nsf design. The design of the
any NSF application that will participate in DAOS. Names.nsf file has been changed to accommodate
• 3. Upgrade. Although DAOS was introduced in DAOS, and the Server document has a new tab that
Domino 8.5.0, many important stability and covers the DAOS settings. Names.nsf must use the
performance improvements have been made in new Names.ntf template on all Domino servers that
subsequent releases. Hence, it is strongly will be enabled for DAOS.
recommended that all new DAOS deployments be
done on the 8.5.2 (or later) Domino release.
• 4. Enable transaction logging. DAOS depends on
transaction logging for proper operation. Since DAOS
must update several locations simultaneously, it is
important that all those updates succeed or fail (and
are subsequently rolled back) as a unit. Transactions
provide this ability, and therefore transaction logging is
required for all NSF files that participate in DAOS.
www.biztek.pl
18. 18
Answer 4 (2)
• Additional recommendations Compacting databases
• 1. Enable LZ1 compression. If no attachment • When documents and attachments are
compression is enabled on the NSF files, or if deleted from a database, IBM® Lotus®
Huffman compression is being used, then Domino® tries to reuse the unused space,
enabling LZ1 compression can save a rather than immediately reduce the file size.
significant amount of disk space. This is done Sometimes Domino won't be able to reuse the
by use of the compact command, and the -Zu space or, because of fragmentation, can't
flag. reuse the space effectively until you compact
• 2. Upgrade mail dbs. Upgrade mail the database.
databases to ODS=51 (compact databases). • Styles of compacting
• 3. Enable design and data document • There are three styles of compacting:
compression. Another Domino space-saving • In-place compacting with space recovery
feature is design and data document • In-place compacting with space recovery
compression. Enabling these compressions and reduction in file size
can also save a significant amount of disk
space. The savings from these features are • Copy-style compacting
independent from DAOS and are worth
investigating.
• 3. Use Domino Domain Monitoring (DDM).
DAOS diagnostic information is included in
DDM events. The events are logged to the
ddm.nsf file, which provides a convenient
environment for monitoring the operation of
DAOS. For information on managing and
configuring DDM, refer to the Domino wiki
article, “Domino Domain Monitoring (DDM).”
www.biztek.pl
19. 19
Answer 4 (3)
Characteristics In place, space In place, space Copy-style
recovery recovery with file
size reduction
Databases that use it when compact Logged databases Unlogged Databases with
runs without options with no pending databases with no pending structural
structural changes pending structural changes
changes
Databases you can use it on Current release Current release Current release
(need -c)
Relative speed Fastest Medium Slowest
Users can read databases during Yes Yes No (unless -L option
compacting used)
Users can edit databases during Yes Yes No
compacting
Reduction in file size No Yes Yes
Extra disk space required No No Yes
www.biztek.pl
20. 20
Question 5
The Domino server running Lotus Traveler must have which of the following access rights
to the user mailfiles it will be serving to mobile devices?
A. Author with delete rights
B. Editor with delete rights
C. Designer with delete rights
D. Manager with all rights
Answer: D
www.biztek.pl
21. 21
Answer 5 (1)
Overview
• IBM® Lotus Notes® Traveler provides automatic, two-way, over-the-air syncing between Lotus® Domino® servers
and wireless handheld devices, including Android devices, Windows Mobile devices, Nokia S60 Third Edition
devices, Nokia S60 Fifth Edition devices, Nokia Symbian^3 devices, and select mobile devices running the
ActiveSync protocol, such as Apple devices. Lotus Notes Traveler syncs email, calendar, to-do, address book, and
journal data in real time.
• IBM Lotus Notes Traveler provides automatic, two-way, over-the-air synchronization capability between Lotus
Domino servers and wireless handheld devices, including Android devices, Windows Mobile devices, Nokia S60
Third Edition devices, Nokia S60 Fifth Edition devices and select mobile devices running the ActiveSync protocol.
• New mail messages from the Lotus Domino server arrive on your device automatically and can trigger a notification
event, such as a tone or a device vibration. Updates made on the device, such as sending a new mail message or
changing a calendar entry, sync with the server as soon as a network connection is available.
• Lotus Notes Traveler provides a simple, easy-to-use interface with a minimal number of configuration settings. You
can customize how much data is synced with the device to optimize the use of device memory.
• The Lotus Notes Traveler 8.5.3 server is installed on a computer running Lotus Domino 8.5.3 and runs as a Lotus
Domino server task. For basic configurations, the Lotus Notes Traveler component operates immediately following
installation with minimal input required from an administrator. All day-to-day administrator activities are performed
using the IBM Lotus Domino Administrator client and the Lotus Domino remote administration console. Lotus Notes
Traveler uses the Domino directory to automatically look up and find users, so there is no manual enrollment
procedure.
• If you are an IBM Lotus Notes or Lotus iNotes® user, then you are already enabled as a Lotus Notes Traveler user.
Mobile handheld device users only must install the client software depending on the device, and direct the device to
a Lotus Notes Traveler server. The device automatically registers with the server and syncing begins immediately for
the device.
www.biztek.pl
22. 22
Answer 5 (2)
• The primary method for Lotus Notes Traveler clients communicating with the Lotus Domino server is through an
over-the-air communication channel. Examples include, cellular General Packet Radio Service (GPRS), WiFi
(802.11x) or 3G. The Lotus Notes Traveler client works with any secure virtual private network (VPN) installed on the
device. It also provides integrated support with IBM Lotus Mobile Connect. By using Lotus Mobile Connect, you take
advantage of the roaming and secure communication features that logically extend the enterprise network to the
mobile device, regardless of the physical network that the device is using. The Lotus Notes Traveler client can
connect using public GPRS or GSM (Global System for Mobile communications) networks and still maintain the
security and presence of being on a company intranet. Data transmitted between the device and server is
compressed to reduce the data traffic to a minimum, which is important over slow traffic links.
www.biztek.pl
23. 23
Answer 5 (3)
• The Lotus Notes Traveler server is installed and runs on an IBM Lotus Domino
server. The server must have access to the mail files of mobile Lotus Notes
Traveler users.
• Manager access with all rights - it needs access to add anything, edit anything,
delete anything, and update the read/unread marks.
• These mail files are either located on the same server as the Lotus Notes
Traveler server or they are hosted on remote Domino servers. Lotus Notes
Traveler uses a Lotus Domino directory to find the home mail server for a Lotus
Notes Traveler user. If the mobile users are not present in the local Domino
directory (names.nsf), then Lotus Domino directory assistance must be
configured so that these users can be found in remote Domino directories.
www.biztek.pl
24. 24
Question 6
Which setting on a Domino 8.5.2 Desktop Policy allows you to add or modify the client's
notes.ini parameters?
A. Preferences - notes.ini
B. Custom Settings - notes.ini
C. Custom Settings - Managed Setting
D. Basics - Notes Parameters
Answer: B
www.biztek.pl
25. 25
Answer 6 (1)
Administration - new features (8.5.2)
• Administrators can use new settings on the Mail tab of the Desktop Settings document
in the Domino Directory (NAMES.NSF) to configure "managed" mail replicas.
• Note: Users also have the ability to use a managed mail replica in the Lotus Notes
client by modifying NOTES.INI settings. The Desktop Settings document in the
Administrator client allows administrators to delivery this capability to users more
gracefully.
• Managed mail replicas improve upon previously available local mail replicas in
several ways. The Notes client can create, populate, and synchronize managed
replicas in the background without user intervention. Notes can also automatically
run fixup, if needed, on managed replicas, and if they become corrupted, Notes can
delete and recreate them without user intervention. Both of these operations will occur
without the user's awareness, as the user is redirected seamlessly to the server replica.
In addition, managed replicas control space usage in several ways, including truncation
of large documents until the user retrieves them, and limiting the number of days of
mail replicated to them.
• The administrator can use a Desktop Settings policy to mark local mail replicas
as managed mail replicas. With the appropriate policy settings, both existing and
newly created local mail replicas can become managed replicas.
www.biztek.pl
26. 26
Answer 6 (2)
• Notes 8.5.2 introduces the managed replica, which is a variation of a standard local
replica of the user's mail file. The managed replica has the special characteristic of
being used "automatically" when the user is connected on a server-based location.
• It also has the capability of containing full documents for a section (based on
time/date) of the mail file and truncated content for the rest (older data).
• The concept of a local replica of a user's mail file and the use of a local outgoing
mailbox to send mail has been with Notes almost since its inception. Previously these
features were utilized by configuring a location to use a local mail file, causing the
client to use a local outgoing mailbox automatically. In addition, the replication
schedule has to be configured so that the local replica will replicate with the server-
based mail file.
• At a fundamental level, the managed replica extends the capabilities of a local mail replica
and a local outgoing mailbox to those locations where the user remains connected to a
Domino server. In this configuration, (connected location with managed replica) when the
user opens the mail file the client code will detect that a managed replica for the file exists,
open that managed replica (locally), and present the user with the view of the mail from the
local file. Updates, sending of mail, and receipt of new mail will happen as when the Notes
user uses a standard local replica with a local outgoing mailbox. Synchronization occurs just
as always, in the client replicator between the server-based files (mailbox, mail file) and local
mail. The client will be configured to perform this synchronization in as timely a manner as
possible (details in a later section). The target user for this feature is a user who is connected
to a Domino server for mail but on a network or line that can have high latency issues (for
example, LLN2). By moving all network I/O between local and server files to the background
client replicator, the user's interface will never be blocked waiting for an I/O to complete. All
the user's operations will occur on the local files.
www.biztek.pl
29. 29
Answer 6 (5)
Detailed information for the notes.ini Keyword: ECLSetup
• Short Description: forces the Notes client to merge the Execution Control List (ECL)
• Description: The NOTES.INI variable ECLSetup forces the Notes client to merge the
Execution Control List (ECL) settings from the Administration ECL, located on the user's
home server, with the client workstation ECL.
• The options are:
• 0 - Merge the Administration ECL from the home server specified in the Location
document. The resulting workstation ECL will have all entries specified in the
Administration ECL, and any entries that were in the workstation ECL but not in the
Administration ECL. Any entries that were in both will be overwritten by the entries
in the Administration ECL.
• 3 - No specific action is necessary. This is the default setting after initial client
setup.
• If the value for this setting is 3 but Notes doesn't find an ECL for the current user in
the desktop-for example, when multiple users with individual Notes IDs are sharing
a desktop and one of them is a new user-Notes will create an ECL for that user and
merge the Administration ECL from the home server specified in the Location
document.
• Default value: None
• Syntax: ECLSetup=0/3 (Example: ECLSetup=0)
• UI equivalent: None (Applies to: Workstations)
www.biztek.pl
30. 30
Question 7
Where would Andrew configure a policy setting to ensure his users' contacts are available
on the server?
A. Desktop Settings - Basic Tab
B. Mail Settings - Contacts Tab
C. Mail Settings - Contacts Tab
D. Desktop Settings - Preferences Tab
Answer: A
www.biztek.pl
32. 32
Question 8
A user in your domain requires a change to their surname and you have generated the
proper name change request in admin4.nsf. Which of the following are required to utilize
the names list of a database found in Domino 8?
A. The names list must not exceed 10 Kb
B. The database must be on the Domino 8 ODS
C. The database must have a custom view titled "($Names)"
D. LocalDomainServers must have designer access to all databases on the server
Answer: B
www.biztek.pl
33. 33
Answer 8 (1)
• On-Disk Structure (ODS) information for converting database applications For
databases that you do not want converted to the new Domino 8 format when compact
runs on the Domino 8 server, pull a new local replica of the database with an .ns6
extension. Renaming the file extension at the operating system prompt will not prevent
the database from being converted.
• IBM Redbook "Lotus Notes and Domino 8 Deployment Guide" page 60, explains how
to upgrade the ODS and benefits. It is listed as "highly recommended" to upgrade the
ODS AFTER the Domino system administrator ensures that the Domino server is
stable at the new Domino 8 code level.
• Note: The ODS level will not be upgraded unless a copy-style compact is run on each
server, not just the administration server. The new ODS version is not enabled by
default for new or upgraded Domino applications so those databases will not be
converted by compact when default settings are used. It is only enabled if the notes.ini
file setting, CREATE_R8_DATABASES=1, is added.
www.biztek.pl
34. 34
Answer 8 (2)
• To summarize, the new ODS provides Database names list for user renames
potential improvements for I/O and • During a Notes user rename, a series of
folder optimization. administration requests are processed
• It is also a requirement for the to update the user’s name details in all
implementation of the following new areas that affect authentication, mail
features: routing, and access control for that user.
• Database names list for user • Part of this processing involves updating
renames the user name in Reader and Author
• Design compression fields.
• This administration process can be
resource intensive, since it must check
inside every document in every
database to determine whether a given
user’s name is present for updating.
www.biztek.pl
35. 35
Answer 8 (3)
• For databases that use the new ODS48, this area of the user rename process has
been streamlined.
• These databases store a names list, which is a master list of all the user names
listed within any document in that database.
• The names list is created automatically for all ODS48 databases. There is no
requirement to enable the function and no options to configure it. In a mixed
environment with a Domino 8 administration server and Adminp template, Domino 7
servers process renames in their usual way.
• During a user rename process, the administration process first checks the
master names list (in ODS48 databases) to determine whether any of the
documents in that database list the user in reader or author fields. If the user’s
name exists in the names list, the administration process searches through
every document in the database to process the rename. If the user’s name does
not exist on the names list, no more processing is completed for that database.
www.biztek.pl
36. 36
Question 9
Which of the following is the name of the process in which you periodically force the
update of new public and private keys stored in server id files?
A. Key update
B. Key rollover
C. Applied keyfile
D. Forced recertification
Answer: B
www.biztek.pl
37. 37
Answer 9 (1)
User and server key rollover
• Key rollover is the process used to update the set of IBM® Lotus® Notes® public
and private keys that is stored in user and server ID files. Periodically, this set of
keys may need to be replaced - as a precaution against undetected compromise
of the private key; as a remedy to recover from a known compromise of the
private key; or to increase security by updating to a larger key.
• You configure triggers to initiate user key rollover through a security settings policy
document, and for the server key rollover, in the Server document. Triggers include:
• Existing key size
• Issue date of existing key
• Age of existing key
• Key rollover gives administrators the ability to deploy replacement keys to groups of
users through a security settings policy document.
• Lotus Notes users can also trigger key rollover through the "Create New Public Keys"
button on the User Security dialog box. If they choose 'Authentication protocol' to as
the certificate request method, the current keys are rolled over just as if it were
triggered by a policy setting. If they choose "Mail Protocol," the R6 and earlier mail
method is used.
www.biztek.pl
38. 38
Question 10
What is the lowest level of rights in the Domino Directory ACL to allow the creation of
groups?
A. Author with the Group Creator Role
B. Editor with the Group Manager role
C. Designer with the Group Maintainer role
D. Reader with the Group Administrator role
Answer: A
www.biztek.pl
39. 39
Answer 10 (1)
• Access levels assigned to users in a database ACL
control which tasks users can perform in the database.
Access level privileges enhance or restrict the access
level assigned to each name in the ACL. For each
user, group, or server listed in the ACL, you select the
basic access level and user type. To further refine the
access, you select a series of access privileges.
• Note If you are designing a template (an .NTF file) for
others to use to create applications, make sure the
default access is at least Reader so that users and/or
servers can successfully read from the template when
creating or refreshing .NSF files based on that
template.
• Access levels assigned to servers in a database ACL
control what information within a database the servers
can replicate.
• To access a database on a particular server, a Notes
user must have both the appropriate database access
specified in the ACL as well as the appropriate access
specified in the Server document in the Domino
Directory.
• Caution Administrators who are listed in the Full
Access Administrators, Administrators, and Database
Administrators fields in the Server document are
allowed to delete any database on the server, even if
they are not listed as managers in the database ACL.
www.biztek.pl
40. 40
Answer 10 (2)
Access level Allows users to Assign to
Manager Modify the database ACL. Encrypt the database. Two people who are responsible for the database.
Modify replication settings.
Delete the database.
Perform all tasks allowed by lower access levels.
Designer Modify all database design elements. Create a full-text search index. A database designer and/or the person responsible for design
Perform all tasks allowed by lower access levels. updates.
Editor Create documents. Edit all documents, including those created by others. Any user allowed to create and edit documents in a database.
Read all documents unless there is a Readers field in the form. If there is a
Readers field, the Editor must be listed to be able to read or edit the document.
Author Create documents if the user or server also has the Create documents access Users who contribute documents to a database.
level privilege. When you assign Author access to a user or server, you must
also specify the Create documents access level privilege. Edit the documents
where there is an Authors field in the document and the user is specified in the
Authors field.
Read all documents unless there is a Readers field in the form. If there is a
Readers field, the Author must be listed to be able to read documents.
Reader Read documents where there is a Readers field in the form and the user name Users who only need to read documents in a database but not
is specified in the field. create or edit documents.
Depositor Create documents. Users who contribute documents but who do not need to read or
edit their own or other users' documents. For example, use
Depositor access for a ballot box application.
No Access Have no access, with the exception of options to "Read public documents" and Terminated users, users who do not need access to the database,
"Write public documents." These are privileges that designers may choose to or users who have access on a special basis. Note You may want
grant. to specifically assign No Access to individuals who should not have
access to a database, but who may be members of a group that
does.
www.biztek.pl
41. 41
Question 11
Domino roaming for the Notes standard configuration clients in Domino 8.5 and higher
offers the ability to synchronize which of the following?
A. A notebook database and user ID file
B. The user ID file and local Eclipse XML configuration files
C. A feeds subscription database and an Eclipse plug-in data and preferences
database
D. The Activities plug-in configuration and the integrated Sametime Connect
configurations
Answer: C
www.biztek.pl
42. 42
Answer 11 (1)
• Below is a summary of the changes introduced for the Roaming User functionality
in Notes and Domino 8.5.
• 1. Roaming the Notes 8.5 Standard configuration
• Notes/Domino 8.5 introduces support for roaming the Notes 8.5 standard
configuration. This is achieved through the addition of two roaming applications:
• The Roaming User Data application (roaminguser.nsf), which stores a
user's Eclipse-based configuration information.
• The Feed Content application (localfeedcontent.nsf), which stores a user's
feeds subscription information.
• 2. File server roaming
• Notes/Domino 8.5 introduces file server roaming. This option addresses the
needs of customers in remote locations who do not have a "local" Domino
server yet need a way for users to roam between multiple workstations.
• File server roaming is configured using the new Roaming policy settings
document.
• Users who are configured for file server roaming have a new Notes User
Preference that enables them to manually enable and disable roaming.
www.biztek.pl
43. 43
Answer 11 (2)
• 3. New "Roaming User Applications" folder
on the replication page
• In the Notes 8.5 client, the files that roam are
grouped on the Replication page in a folder
called "Roaming User Applications.”
• The data that roams for the Notes 8.5 client
standard configuration is the same for both
Domino server and file server roaming.
• 4. Mail signature effectively roams
• In addition to the Eclipse-based configuration
and RSS feeds, there is another aspect of
Notes that effectively "roams" in ND8.5:
• The personal signature for mail messages.
The signature in Notes 8.5 is stored in the
Mail file. This change enables roaming
users to access the signature from any
machine from which they can access their
mail file.
www.biztek.pl
44. 44
Question 12
Charlie is preparing an upgrade of the Notes clients and is testing the Smart Upgrade
Tracking feature.
When he tries to manually initiate a Smart Upgrade he receives the error "File Does Not
Exist". What could be the cause of this error?
A. A Desktop Policy is not configured
B. The id file is missing from the person document
C. The Smart Upgrade Tracking database is not named "Smart Upgrade Tracking"
D. The Smart Upgrade Tracking database name is incorrect in the Desktop
Policy
Answer: D
www.biztek.pl
45. 45
Answer 12 (1)
• The Lotus Notes/Domino Smart Upgrade Tracking Reports is
a system template, used to create a database(s) that store
information about smart upgrade attempts that occur from Notes
workstations or Domino servers in the domain.
• Server administrators and Notes support staff should look at the
Lotus Notes/Domino Smart Upgrade Tracking Reports often to
see if:
• Notes workstations or Domino servers are smart upgrading
successfully
• Notes workstations or Domino servers are experiencing smart
upgrade problems
• There are similar repeated smart upgrade failurs across the
same or different Notes workstations or Domino servers
• If appropriate, reporting of the smart upgrade failures to a
service provider or directly to IBM technical support
www.biztek.pl
46. 46
Answer 12 (2)
Creating a Smart Upgrade Tracking Reports
database
• From the IBM® Lotus® Domino® Administrator
client, choose File - Application - New.
• In the New Application dialog box, specify the
server name and database title.
• Enter a file name in the File Name field.
• Click Template Server, and then choose the
server on which the database will reside.
• Select the Show advanced templates check
box.
• Select Lotus Notes/Domino Smart Upgrade
Tracking Reports (LNDSUTR.NTF) from the list
of template names, and then click OK.
www.biztek.pl
47. 47
Answer 12 (3)
• There are the following requirements:
• Lotus Notes/Domino Smart Upgrade Tracking Reports exist on the server.
• Mail-in database configuration document.
• The Smart Upgrade Tracking Reports database is configured in the Desktop
Settings document in the Domino Directory.
www.biztek.pl
49. 49
Question 13
Terry is working on a document in a database on a server that is DAOS enabled. While in
the document, Terry replaces the attachment with a new version. Which of the following
occurs to the attachment in the DAOS store?
A. The server adjusts references to the attachment in DAOS
B. The server removes the reference from all mail files that pointed to that original file
reference
C. The server removes the previous attachment entirely from DAOS and inserts the
link to the new attachment
D. The server sends the full previous attachment to all user mail files that pointed to
that original file reference
Answer: A
www.biztek.pl
50. 50
Answer 13 (1)
• What about when attachments are modified or copied?
• DAOS code recognizes when an attachment is updated and stores the new copy as
another .NLO file
• DAOS can also recognize a copied/pasted attachment and references the already
existing .NLO
www.biztek.pl
51. 51
Question 14
You have elected to create a marker so clients can update their reference to a database
called MARKETING.NSF. However, you did not select a designated destination server.
Which of the following is the result of this action?
A. The client will remove the bookmark reference for the database
B. The client will search all servers in the domain for a replica of the database and
modify the bookmark
C. The client will search all known cluster servers only for a replica of the database
and modify the bookmark
D. The client will prompt the user to specify servers to search for a replica of the
database and modify the bookmark
Answer: A
www.biztek.pl
52. 52
Answer 14 (1)
Deleting databases
• To keep a server performing efficiently and to free disk space, delete databases that are no longer
active.
• To delete databases from a cluster server, you use the Cluster database tool in the IBM® Lotus®
Domino™ Administrator.
• To delete databases on non-cluster servers, select the databases and delete them
manually, or use the Delete database tool in the Domino Administrator to have the
Administration Process deletes replicas of the database.
• Within a cluster of servers, you create a number of replicas for each database to ensure user
access to an updated replica even if a particular cluster server becomes unavailable. You can mark
a cluster replica for deletion while users are working with the replica. Domino then prevents new
users from accessing the marked replica and deletes the database after all current users exit the
database. Before deleting the database, Domino replicates any changes to other replicas in the
cluster.
www.biztek.pl
53. 53
Answer 14 (2)
Deleting a non-cluster database and its replicas using the Administration Process
• Make sure you have Manager access in the database ACL.
• From the Domino Administrator, select the server that stores the database you want to delete.
• Click the Files tab.
• Select the database to delete.
• Click Database - Delete. The Confirm Database Delete dialog box appears.
• Optional) Select "Also delete replicas of this database on all other servers" if you want the Administration Process to
delete other replicas.
• If you are using Domino 8.0 or more recent, and you are using the database redirect feature, you have the option of
choosing one or both of these check boxes:
• Create a marker that allows clients to update their references to this database. Select this option if you are using
the database redirect feature and you want to allow IBM® Lotus® Notes® clients to update their database
references to the database you are deleting. The Notes client will update references such as bookmarks and
desktop shortcuts to access a replica of the deleted database.
• Redirect clients to the following server. Select this option if you are using the database redirect feature and
you want to specify the server that contains the database replica that clients should use in their updated
database references. Specify the server name.
• Click OK.
Database redirects without references
If a database redirect exists, but due to database
deletes or moves contains no reference to
a database, the client removes its references
to the original database.
www.biztek.pl
54. 54
Answer 14 (3)
Redirecting client references to databases
• Use the IBM® Lotus® Domino™ database redirect feature to redirect IBM® Lotus® Notes®
client references from deleted or moved databases to a database replica that you specify.
When a Notes client attempts to open a database instance which no longer exists, it uses the
database redirect information to remove or update references on the client. The database
redirect notifies the client that the database has been deleted or moved. Client references to
databases and servers reside in many places, and database redirects are used on the user's
desktop or workspace, in bookmarks, and also by the replicator. Database redirects may also
be used with resource links. Redirects are not used by the Open Application dialog box nor
by scripts. Database redirects and database moves
• When you move a database, the Move Database dialog box offers an option to create a
database redirect that allows clients to update their references to the database you are
deleting.
Database redirects and database deletes
• When you delete a database, the Confirm Database Delete dialog box contains an option to
create a database redirect that allows clients to update their references to the database you
are deleting as well as an option to redirect clients to another server. If the redirect server
name is set, it must not be the same server on which the deletion is to take place. If all
replicas are to be deleted, the redirect server must not be in the same domain.
Database redirects without references
• If a database redirect exists, but due to database deletes or moves contains no
reference to a database, the client removes its references to the original database.
www.biztek.pl
55. 55
Question 15
Which server console command adds or changes a setting in the NOTES.INI file?
A. Load update
B. Enter change
C. Set Configuration
D. Update notes variable
Answer: C
www.biztek.pl
56. 56
Answer 15 (1)
• To improve view indexing performance, you can run multiple Update tasks.
• Set Configuration
Set Configuration setting
• This command adds or changes a setting in the NOTES.INI file.
• Tip: You can also use the IBM® Domino Administrator to add or change (edit) many
settings in the NOTES.INI file using the Configuration Settings document.
• Example:
• Set Configuration Replicators = 3
• Set Configuration Names = Names,Westnames
www.biztek.pl
57. 57
Question 16
In Domino 8.5, when the router is running in a steady state and a new message is
deposited in MAIL.BOX, a copy of the message is made and placed on a mailbox event
queue which is then used by a new MailEvent thread in the router.
Which of the following is this feature?
A. Mailbox copy services
B. Router threaded delivery
C. Mailbox event notification
D. Mail queue delivery scheduler
Answer: C
www.biztek.pl
58. 58
Answer 16 (1)
Mailbox event notification (new in 8.5)
• Router optimizations is a series of enhancements and changes to the Domino mail
router designed and implemented to reduce latency, that is, to reduce the amount of
time between when a message is sent and when it is delivered, to contribute to
reduced I/O, and to address scalability issues caused by a large message backlog.
Mailbox event notification is also a router optimization.
• In Domino, when the router is running in a steady state and a new message is
deposited in MAIL.BOX, a copy of the message is made and placed on a mailbox event
queue which is then used by a new MailEvent thread in the router.
• The router then uses this copy of the message without having to search MAIL.BOX to
discover new messages nor perform a full note open for use in transfer or delivery. The
message is cached and additional copies of this message are made as needed for
multiple recipients.
www.biztek.pl
59. 59
Question 17
Streaming cluster replication uses which of the following to move unread marks and
folder additions to clustered servers?
A. In-memory information
B. Scheduled replication
C. A temporary index directory
D. A database titled clurep.nsf
Answer: A
www.biztek.pl
60. 60
Answer 17 (1)
• Domino 8.X Clusters - new features:
• Improved server availability in a cluster - You can allow the use of auxiliary ports
by entering this setting in the server's NOTES.INI file:
Server_Cluster_Auxiliary_Port. Use this setting to improve the availability of servers
in a cluster.
• Streaming cluster replication - Streaming cluster replication (SCR) takes
advantage of the fully connected nature of clusters and data streaming to produce a
low-overhead cluster replicator. SCR decreases the scheduled replicator overhead
for clusters and provides a significant reduction in cluster replicator latency.
• Streaming cluster replication (SCR) takes advantage of the fully-connected
nature of clusters and data streaming to produce a low-overhead cluster
replicator. SCR decreases the scheduled replicator overhead for clusters and
provides a significant reduction in cluster replicator latency. As changes occur, for
example, note changes, unread changes, and folder changes, the changes are
captured and immediately queued to other replicas in the same cluster. The result is a
more efficient cluster replication.
• If your cluster contains any combination of current-release Domino servers and servers
running releases earlier than 8, for the pre-Domino 8 servers, regular cluster replication
is used to replicate between current and previous-release servers.
www.biztek.pl
61. 61
Answer 17 (2)
• Domino enables SCR when the following sequence of events occurs:
• A database is opened
• Cluster replication replicates a change to another Domino (current-release) clustered
replica
• All references to the database are closed
• A database is opened
• On future changes in the database that needs to replicate, SCR replicates the change to
the other Domino (current-release) servers.
• If SCR encounters any errors during replication, it returns control of the database to the
standard cluster replicator to replicate the change and bring the database in sync.
• As a change occurs to a clustered server's database, the specific change is "captured" and
the change is immediately queued for replication to the source server's Domino (current-
release) cluster mates that have a replica of the database. When the destination cluster-
mates receive the change, they apply it to their replicas.
• The performance benefits of streaming cluster replication are:
• SCR does not perform operations, such as database opens and note opens, across
the network. Database changes are sent to the replicas with the assumption that
the database replicas need the change.
• SCR does not have to replicate one-to-one with each cluster-mate for a database
that has changed.
• The latency time for replication is immediate with SCR.
www.biztek.pl
62. 62
Answer 17 (3)
• When a document is read in the Domino Web Access mail file, unread mark processing
similar to the unread mark processing used in the Notes Client updates a copy of the
unread mark table cached in memory, removing the noteid from the Unread Mark
table.
• However, for the Domino Web Access client this memory copy is cached at the server,
whereas for the standard Notes Client the cache is maintained at the client.
• When the Domino Web Access user closes the open session, the table is written
back to the database in the same way that it is written when the session is
closed from the Notes Client.
www.biztek.pl
63. 63
Question 18
Users in your Domino environment are members of multiple groups in the Domino
Directory. You have implemented dynamic policies also.
Which of the following occurs particularly when a user is a member of multiple groups
that have alternate dynamic policies assigned?
A. The user receives the configurations from all the dynamic policies
B. The user receives the configurations from the last applied dynamic policy
C. The user receives the configurations from the first applied dynamic policy
D. The user receives no configurations from any of the dynamic policies until the
conflict is resolved
Answer: A
www.biztek.pl
64. 64
Answer 18 (1)
Group Precedence
• A user can only have one explicit policy or one organizational policy, but they since they
can be in several groups they could have multiple dynamic policies.
• In that case the group precedence is used. The precedence is defined in the Domino
Directory under People -> Policies -> Dynamic Policies.
• Like how precedence works with the three levels of policies, precedence only comes
into play when more than one policy has a value for a particular setting. Otherwise, the
setting is just merged into the effective policy. Therefore if you do have two dynamic
policies with the same setting, the one with the greatest precedence (the lowest
numerical value) will win.
• When an effective policy is being created for a user, all of the dynamic group settings
will be resolved before the precedence with explicit and organizational policies are
resolved.
When a new dynamic policy is created, it will automatically be given the lowest
precedence value.
www.biztek.pl
65. 65
Question 19
In Domino 8.5, you have the ability to perform key rollover for certifiers. Where is this key
rollover configured?
A. Domino Server document
B. Domino administrator client
C. Domino Server configuration document
D. Domino administration process database (admin4.nsf)
Answer: B
www.biztek.pl
66. 66
Answer 19 (1)
Rollover certificates (started in 8.0.1)
• In order to support certifier key rollover, the Domino trust model has been
extended to include a new type of certificate - the rollover certificate.
• These are certificates issued by an entity to itself. In a hierarchical certificate, there is a
single issuer name, a single subject name, and a single subject key. In a rollover
certificate, there is a single name (which is both the issuer and the subject) and two
subject keys: one key is used to sign the certificate and attests to the fact that the
subject name is legitimately in possession of the other key.
• Generally, when a key is rolled over, two rollover certificates are issued: one signed by
the old key saying that the new key is valid; and the other signed by the new key
saying that the old key is valid. Each certificate has its own expiration date.
• Rollover certificates are essential for limiting the expiration dates of certificates issued
to the older keys. One of the reasons for rolling over a key is that a former key has
been compromised, or at least be considered to be old enough that the probability of
compromise is considered unacceptable. In such cases, by limiting the expiration date
specified in a rollover certificate, it is possible to limit the lifetime of a formerly issued
child certificate by specifying an early enough expiration date in the rollover certificate.
www.biztek.pl
67. 67
Answer 19 (2)
• Rolling over a certifier affects the the whole organization. Once you have rolled
over a certifier, you must roll over or recertify all user IDs, server IDs, and cross-
certificates that were issued by that certifier.
• The best way to rollover an entire customer site is to start at the top and work down.
Begin by rolling over the root CA, and then the OU CAs. Then roll over server and user
keys. If a user or server key is rolled over befor that of the parent CA, then the new
user or server key will need to be certified twice -- once with the current (old) CA key,
and then again when the CA key rolls over. The extra recertification is expensive, in
terms of time and and effort: user and server recertification require adminstrator
intervention, as well as the replication of Person and Server documents.
• Note Clients using IBM® Lotus® Notes® releases earlier than 8.0 cannot accept CA
rollover certificates. Therefore, if you have a mixed-release client deployment, you
cannot proceed with CA key rollover until all users are upgraded to the Lotus Notes 8
client.
• First, you must assign a new key pair to the certifier.
• Roll-over or re-certify server IDs that were issued by that certifier.
• Roll over or re-certify user IDs that were issued by the certifier.
• Re-certify cross-certificates that were signed by the certifier.
www.biztek.pl
68. 68
Answer 19 (3)
Assigning a new key pair to a certifer
• Perform the following steps to assign a new key pair to a IBM® Lotus® Domino® certifier and 'rollover' the current
key pair.
• In the Domino Administrator, click Configuration - Certification - Rollover Certifer Keys.
• In the Generate New Certifier Key dialog box, click Directory Server and specify a registration server in the list
box that appears.
• Click ID file. In the Choose Certifier ID dialog, select the certifier ID file for which you want to assign new keys.
• At this point, the options in Generate New Certifier Key dialog box change, depending on whether you chose a
top-level certifier ID or an intermediate one.
• If you chose a top-level certifier ID, the Generate New Certifier Key dialog now has the following information:
• "The selected certifier is a top-level certifier and will re-certify itself."
• Click OK. This generates the new key pair and adds it to the top-level certifier ID.
• If you chose an intermediate-level certifier ID, the Generate New Certifier Key dialog now has the following
information:
• "The selected certifier is not a top-level certifier and must be recertified by its parent certifier."
• Click "Certify Using..." The Choose a Certifier dialog box appears.
• Choose one of the following:
• "Supply certifier ID and password" to select the certifier ID of the parent certifier for the target CA ID file.
• "Use the CA process" to send a request to the Admin Process database on the registration server so that
the certificates will be issued by the CA process.
• Click OK. This generates the new key pair and adds it to the top-level certifier ID.
• If the administrator opts to assign the keys directly to the certifying certifier's ID file, rather than choosing to use the
CA process for key rollover, then key rollover happens immediately. However, if the CA process is chosen, the
rollover sequence does not occur until the ID file of the CA being rolled over is opened to issue a certificate. When
that happens, the directory on the Registration server is searched for new certificates to be added to the certifier ID
file.
www.biztek.pl
70. 70
Question 20
Creation of the cross-certificates that are needed to establish vault trust and password
reset authority requires access to a parent certifier ID file of the user IDs to be stored in
the vault. Which of the following are not supported?
A. IDs of Domino Web Access users
B. Users on multiple servers in the same domain
C. Utilizing the CA process when creating the certificates
D. Locating two different organizational certifiers in the same vault
Answer: C
www.biztek.pl
71. 71
Answer 20 (1)
ID vault limitations
• Be aware of the following current ID vault limitations:
• Creation of the cross-certificates that are needed to establish vault trust and
password reset authority requires access to a parent certifier ID file of the
user IDs to be stored in the vault; you cannot use the CA process when
creating these certificates. Additionally, performing certificate authority key
rollover on these certifier IDs is not supported.
• Note You can use the CA process when registering users into the vault.
• Smartcard-enabled IDs cannot be stored in a vault.
• All replicas of a vault must be located within a single Domino® domain and all vault
users must have home servers in that domain. Note, though, that users under
different organizational certifiers can all use one vault, as long as their home servers
are within the same Domino domain as the vault.
www.biztek.pl
72. 72
Question 21
Antonio was in the process of registering users for his Domino domain. He had to stop in
the middle of creating new users with numerous users left to register. What database on
his local machine is the list of pending users for registration?
A. userreg.nsf
B. usercache.nsf
C. certlog.nsf
D. register.nsf
Answer: A
www.biztek.pl
74. 74
Question 22
The Managed Settings option under Custom Settings in the Desktop Policy for Domino
8.5.2 requires which parameters?
A. A. Item, Value, Widget Title
B. Preference, Value, Plugin Name
C. Item, Value, Plugin Name
D. Preference, Widget Title, Value
Answer: C
www.biztek.pl
75. 75
Answer 22 (1)
Managed Settings
• On the Managed Settings tab, click Edit list to specify the managed settings that you want
to add to or remove from Notes users' local plugin_customization.ini file, which is used to
control aspects of IBM® Lotus® Notes® installation and usage.
• This file is supplied in the Notes installation kit in the deploy directory
(deployplugin_customization.ini). Once installed, the file is located at
<install_dir>frameworkrcpplugin_customization.ini.
• If a setting resides in both the PLUGIN_CUSTOMIZATION.INI file and Domino policy,
Domino policy takes precedence.
• Some of the settings that you can use in the plugin_customization.ini file are listed below:
• Feature trust settings - These settings allow you to define default trust responses for use
during user-initiated feature install and update.
• com.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=PROMPT
• com.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=PROMPT
• com.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=PROMPT
www.biztek.pl
76. 76
Question 23
After DAOS is enabled and functioning on your Domino server, which of the following
occurs when a recipient opens a document with an attachment that is in the DAOS
repository?
A. Attachment icons display with a link icon over the attachment icon
B. Attachment icons display a doclink to the attachment stored in DAOS
C. Attachment icons display the same as it would on a server without DAOS
enabled
D. Attachment icons do not show and they are replaced with text that describes the
attachment and is linked to the attachment
Answer: C
www.biztek.pl
77. 77
Question 24
Private server blacklists are stored in what database?
A. names.nsf
B. blacklist.nsf
C. smtpconf.nsf
D. A Domino administrator defined database
Answer: A
www.biztek.pl
78. 78
Answer 24 (1)
• Private whitelists – to specify the hosts • Private blacklists - Use private blacklists to
and/or domains to exclude from blacklist specify hosts and/or domains responsible for
processing. Hosts that are specified in private sending unnecessary, unwanted mail to your
whitelists are exempt from blacklist checks. Internet domain. For consistency, IBM® Lotus®
Whitelisted hosts bypass blacklist filter checks Domino's™ private blacklists follow the model
but there are other controls which may prevent currently used by existing anit-spam
the message from being accepted. Members functionality.
of the private whitelist are still subjected to • Private blacklists are stored in the Domino
connection, relay, sender, and recipient Directory to simplify the process of
controls. Being whitelisted does not guarantee maintaining and distributing blacklist
that the message will be delivered to the information between servers.
recipient. Whitelists can be used • When private blacklists are enabled, the
independently of blacklists. SMTP listener task compares the names of
• When private whitelists are enabled, the hosts that may be subject to relay
SMTP listener task compares hosts that may enforcement against the private blacklist
be subject to relay enforcement against the prior to performing DNS blacklist queries.
defined private whitelist. If there is a match, This prevents unnecessary DNS lookups. If
the private blacklist, DNS whitelists, and the host is found in the private blacklist, the
DNS blacklists are skipped. Otherwise, action specified in the field "Desired action
processing continues beginning with the when a connecting host is found in a private
private blacklist. blacklist" in the Private Blacklist Filters section
of the Configuration Settings document
applies. If the host is not found in the private
blacklists, processing continues with DNS
whitelist filters and then DNS blacklist filters.
www.biztek.pl
79. 79
Answer 24 (2)
• Whitelists allow messages from specified domains to be
received.
• IBM supports both private blacklist and whitelist
filters. With these configuration settings, it is
important to understand how you can reduce spam
and to know the order that Domino will check when
blacklist and whitelist filters are enabled.
• If you enable private whitelist filters, when Domino
receives an SMTP connection, it compares the IP
address/host name against this list. The field
"Whitelist the following hosts" should be used to
enter the IP addresses or host names of systems
that you want to whitelist. You can also use an
asterisk (*) as a wild card. Members of the private
whitelist are still subjected to connection, relay,
sender, and recipient controls. Being whitelisted
does not guarantee that the message will be
delivered to the recipient.
www.biztek.pl
80. 80
Question 25
Charlie is preparing an upgrade of the Notes clients and is testing the Smart Upgrade
Tracking feature. When he tries to manually initiate a Smart Upgrade he receives the
error "File Does Not Exist". What could be the cause of this error?
A. A Desktop Policy is not configured
B. The id file is missing from the person document
C. The Smart Upgrade Tracking database is not named "Smart Upgrade Tracking"
D. The Smart Upgrade Tracking database name is incorrect in the Desktop
Policy
Answer: D
www.biztek.pl
81. 81
Answer 25 (1)
• The Lotus Notes/Domino Smart Upgrade Tracking Reports is
a system template, used to create a database(s) that store
information about smart upgrade attempts that occur from Notes
workstations or Domino servers in the domain.
• Server administrators and Notes support staff should look at the
Lotus Notes/Domino Smart Upgrade Tracking Reports often to
see if:
• Notes workstations or Domino servers are smart upgrading
successfully
• Notes workstations or Domino servers are experiencing smart
upgrade problems
• There are similar repeated smart upgrade failurs across the
same or different Notes workstations or Domino servers
• If appropriate, reporting of the smart upgrade failures to a
service provider or directly to IBM technical support
www.biztek.pl
82. 82
Answer 25 (2)
Creating a Smart Upgrade Tracking Reports
database
• From the IBM® Lotus® Domino® Administrator
client, choose File - Application - New.
• In the New Application dialog box, specify the
server name and database title.
• Enter a file name in the File Name field.
• Click Template Server, and then choose the
server on which the database will reside.
• Select the Show advanced templates check
box.
• Select Lotus Notes/Domino Smart Upgrade
Tracking Reports (LNDSUTR.NTF) from the list
of template names, and then click OK.
www.biztek.pl
83. 83
Answer 25 (3)
• There are the following requirements:
• Lotus Notes/Domino Smart Upgrade Tracking Reports exist on the server.
• Mail-in database configuration document.
• The Smart Upgrade Tracking Reports database is configured in the Desktop
Settings document in the Domino Directory.
www.biztek.pl
84. 84
Question 26
What is the issued Certificate list (ICL)?
A. A database that stores cross certificates accepted or imported by an id file
B. The list of valid certificates contained within the security preferences of an id file
C. A database that stores a copy of each certificate issued, certificate
revocation lists, and CA configuration documents
D. A document that lists each certificate issued, certificate revocation lists, and CA
configuration documents accepted by an id file
Answer: C
www.biztek.pl
85. 85
Answer 26 (1)
• The Certification Authority (CA) process is a Lotus Domino server task that is used to
manage and process certificate requests.
• The CA process runs as an automated process on Lotus Domino servers that are used
to issue certificates.
• When you set up a Lotus Notes or Internet certifier, you link it to the CA process on the
server in order to take advantage of CA process activities.
www.biztek.pl
86. 86
Answer 26 (2)
Benefits of using the CA process
• Does not require access to the Domino certifier ID and password
• Supports the Registration Authority (RA) role
• Provides a unified mechanism for issuing Lotus Notes and Internet certificates
• Simplifies the Internet certificate requests process
• Issues certificate revocation lists
• Creates and maintains the Issued Certificate List (ICL)
• Is compliant with security industry standards for Internet certificates, such as X.509 and
PKIX
www.biztek.pl
88. 88
Answer 26 (4)
Issued Certificate List (ICL)
• Each certifier has an Issued Certificate List (ICL) that is created when the certifier is created or
migrated to the CA process. The ICL is a database that stores a copy of each unexpired
certificate that it has issued, certificate revocation lists, and CA configuration documents.
• Configuration documents are generated when you create the certifier and sign it with the
certifier's public key. After you create these documents, you cannot edit them.
CA configuration documents include:
• Certificate profiles, which contain information about certificates issued by the certifier.
• CA configuration document, which contains information about the certifier itself.
• RA/CA association documents, which contain information about the RAs who are authorized to
approve and deny certificate requests. There is one document for each RA.
• ID file storage document, which contains information about the certifier ID.
• Another CA configuration document, the Certifier document, is created in the Domino Directory
when you set up the a certifier. This document can be modified.
www.biztek.pl
89. 89
Question 27
Rosie wants to be able to allow her helpdesk team to recover IDs out of the ID Vault but
still know that ids are secure. How does she achieve this?
A. Give some helpdesk staff the "IDExport" role in the ACL of the ID Vault
B. Set the ID Vault to only allow ID export if two user authorities request it
C. Only allow ID export if the helpdesk user also knows the ID password
D. Allow helpdesk users to "Request ID Export" which generates an Adminp request
for approval by the Domino Administrator
Answer: C
www.biztek.pl
90. 90
Answer 27 (1)
ID vault management roles
• Domino administrator access is required to
perform all vault configuration and
management tasks, with the following
exceptions:
• Vault administrators can add and
remove other vault administrators, can
add and remove vault servers, and can
delete a vault. Vault administrators have
Manager access to the vault. A person
must have Domino administrator access
to a server to be designated a vault
administrator.
• A vault administrator assigned the
Auditor role in the vault database can
extract ID files to gain access to
users' encrypted data.
• Only people with password reset
authority can use the Domino
Administrator to reset passwords on
behalf of users and specify an ID
download count limit.
www.biztek.pl
91. 91
Question 28
Jack wishes to give a user from another organization access to applications on his
primary application server. Which of the following is the most secure way to allow this
user Notes acccess?
A. Cross-certify your application server id with his organization.
B. Cross-certify your application server id with his user id file.
C. Cross-certify your organization with his organizational unit.
D. Cross-certify your organizational unit with his user id file.
Answer: B
www.biztek.pl
92. 92
Answer 28 (1)
To authenticate with all servers in another organization
• This example describes what the Acme company and the ABC company do to allow all users
and servers in both organizations to authenticate.
• The Acme organization certifier (/Acme) obtains a cross-certificate for the ABC
organization certifier (/ABC) and stores it in Acme's IBM® Lotus® Domino™ Directory.
• The ABC organization certifier (/ABC) obtains a cross-certificate for the Acme organization
certifier (/Acme) and stores it in ABC's Domino Directory.
To authenticate with a specific server in another organization
• The Acme company wants to let Seascape users who have the hierarchical certification
AppDevelopment/Seascape to access their customer support server,
CSSUPPORT/East/Acme.
• 1. The Acme organizational unit certifier (/East/Acme) has a cross-certificate for the
Seascape organizational unit certifier (/AppDevelopment/Seascape) and stores it in
Acme's Domino Directory.
• 2. The Seascape organizational unit certifier (/AppDevelopment/Seascape) has a cross-
certificate for the Acme organizational unit certifier (/East/Acme) and stores it in
Seascape's Domino Directory.
• This cross-certification enables Kelly Jones/AppDevelopment/Seascape and Jonathan
Moutal/AppDevelopment/Seascape to authenticate with the server
CSSUPPORT/East/Acme. However, it does not allow these users to authenticate with the
Acme server Mail-W/West/Acme.
www.biztek.pl
94. 94
Answer 28 (3)
• Aby wygenerować bezpieczną kopię pliku ID:
• Otworzyć zakładkę Configuration.
• Wybrać Tools / Certification / ID Properties.
• Wybrać plik ID i kliknąć przycisk Open (podać hasło).
• Wybrać Your Identity section / Your Certificates. Z menu Other Actions wybrać Export Notes ID (Safe
Copy).
• Zapisać plik na nośniku.
www.biztek.pl
95. 95
Answer 28 (4)
• Aby utworzyć cross – certyfikat:
• Wybrać zakładkę Configuration.
• Wybrać polecenie Tools / Certification /
Cross Certify.
• Podać serwer rejestracyjny, wybrać pliki
ID, które mają podlegać procesowi
wzajemnej certyfikacji.
• Wybrać tzw. temat wzajemnej certyfikacji
(subject).
• Podać datę wygaśnięcia certyfikatu i
kliknąć Cross Certify.
• Uwaga: Na rysunku tylko przykład!
www.biztek.pl
96. 96
Question 29
Joe has enabled Lotus Traveler policies for his users and has them applied when the
user first installs their client software. He has made recent changes to the policy but
users are not receiving the changes. Joe found that he could manually force the update
by issuing which of the following server commands?
A. load traveler client update
B. tell adminp process traveler
C. load traveler policy manager
D. tell traveler process policy
Answer: B
www.biztek.pl
97. 97
Answer 29 (1)
How do policies get pulled and applied on the client?
• When the client authenticates with the users home server, it sends over a hashed value
that indicates what policy information it thinks it has stored locally. The server
calculates a similar hashed value for what it thinks the client should have. If those
values do not match, then the server tells the client that it need to refresh it's policies.
At this point, the client launches the dynamic configuration process, Dyncfg.exe,
passing it flags on the command line that tell it to pull policies. Dyncfg uses the
NAMEGetPolicy API, which asks the server to calculate the effective policy for the user,
and then stores the effective policies locally in the clients NAMES.NSF database. You
can see your locally cached policy documents by opening the hidden $Policies view
(via Ctrl-Shift ViewGo To).
• After pulling and applying the policies to the client, Dyncfg stores off the new hashed
value that it got from the server, to be sent back to the server during the next
authentication, which starts this whole process over again.
www.biztek.pl
98. 98
Answer 29 (2)
• The policy change is not pushed to the affected user's mail database
immediately. The admin process task does this push operation periodically,
every 6 hours by default.
• To update immediately, run the Domino console command:
tell adminp process traveler
• The initial settings on a users mobile device will use the setting values from a policy if
the policy is in effect when the mobile device registers for the first time. When no policy
is in effect then built-in defaults are used. The mobile device settings are saved in the
users mail database as a device profile. Separate device profiles are maintained for
each mobile device the user registers. If the user gets a new device its default settings
will come from the current effective policy, if any, when that device registers for the first
time.
• Once a device profile has been created for a particular device changes to the policy
settings have no effect on settings for that mobile device unless the settings are locked.
Locking a setting or changing a locked setting value will update the setting value on the
device. A mobile device user cannot change setting values from his device for settings
that are locked by a policy.
www.biztek.pl
99. 99
Question 30
Alan has specified multiple Notes network ports available to TCP/IP on the Domino
server. By default, all TCP/IP -based services on a Domino server listen for network
connections on all NICs and on all configured IP addresses on the server. How does Alan
configure Domino to listen to a specific address?
A. Bind a port to a specific address in the notes.ini
B. Disable all network cards except for the card with the IP address desired
C. Configure the physical server to assign all IP addresses to one network card
D. Enter specific addresses into Domino IP configuration documents in the Domino
Directory
Answer: A
www.biztek.pl
100. 100
Answer 30 (1)
Binding an NRPC port to an IP address
• By default, all TCP/IP-based services on a Domino server listen for network connections
on all NICs and on all configured IP addresses on the server.
• If you have enabled more than one Notes network port for TCP/IP (TCP port for NRPC) on
either a single Domino server or a Domino partitioned server, you must associate the
NRPC ports and IP addresses by binding each port to an address.
To bind an NRPC port to an IP address
• When setting the NOTES.INI variables for port mapping, do not include a zone in a port
mapped address. The zone is only valid locally.
• For each IP address, make sure you have added a Notes port for TCP/IP (unique name).
• In the NOTES.INI file, confirm that these lines appear for each port that you added:
Ports=TCPIPportname
TCPIPportname=TCP, 0, 15, 0 Where TCPIPportname is the port name you defined.
• For each port that you want to bind to an IP address, add this line to the NOTES.INI file:
TCPIPportname_TCPIPAddress=0,IPaddress
Where IPaddress is the IP address of the specific NIC.
• For example: TCPIP_TCPIPAddress=0,130.123.45.1
www.biztek.pl