To configure a storage system as a member of a Windows Active Directory domain, the time on the storage system must be within plus or minus five minutes of the domain controller time.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Boost your skills for the NetApp Data ONTAP 8.0 7-Mode Administrator Test. Learn with flashcards and multiple choice questions, each question with hints and explanations. Get prepared for your certification!

Multiple Choice

To configure a storage system as a member of a Windows Active Directory domain, the time on the storage system must be within plus or minus five minutes of the domain controller time.

Explanation:
Time synchronization between a domain member and domain controllers is essential because Kerberos authentication relies on accurate time stamps. Windows Active Directory uses a small window of clock skew to prevent replay and ticket issues, and that window is five minutes by default. If the storage system’s clock drifts more than five minutes from the domain controllers, Kerberos tickets can be considered invalid, causing authentication failures and preventing proper AD join or operation as a domain member. For this reason, the storage system should be configured to synchronize its time with the domain controllers (typically via NTP) so its time stays within that five-minute tolerance. In other words, the statement is correct: the time must be within plus or minus five minutes of the domain controller time.

Time synchronization between a domain member and domain controllers is essential because Kerberos authentication relies on accurate time stamps. Windows Active Directory uses a small window of clock skew to prevent replay and ticket issues, and that window is five minutes by default. If the storage system’s clock drifts more than five minutes from the domain controllers, Kerberos tickets can be considered invalid, causing authentication failures and preventing proper AD join or operation as a domain member. For this reason, the storage system should be configured to synchronize its time with the domain controllers (typically via NTP) so its time stays within that five-minute tolerance. In other words, the statement is correct: the time must be within plus or minus five minutes of the domain controller time.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy