Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

41 Cards in this Set

  • Front
  • Back
What authentication method is digest authentication most similar to? What advantage does digest authentication have over this method?
most similar to basic authentication, but username/password is not sent in cleartext
What advantage does digest authentication have over Integrated Windows authentication?
works through proxies and firewalls
What permission must users authenticating with digest authentication have on the IIS server?
Log On Locally
What requirement must an IIS server meet to perform digest authentication?
it must be a member of an Active Directory domain
What two IIS authentication methods require that the user have IE5 or higher?
Kerberos authentication and digest authentication
What console is used to map client certificates to user accounts?
Internet Service Manager console
What two types of client certificate mapping are possible?
one-to-one and one-to-many
If a client with a one-to-one mapping gets a new certificate, do they need to be remapped?
What filename extension do RIS answer files use?
When configuring an SUS client, what template is applied?
At what layer of the OSI model do SSL communications take place at?
Application layer
Where can parameters be set to registry-based settings for configuring application settings and user desktop environments?
in the Administrative Templates section of a GPO
What is IPSec's default method of authentication?
Kerberos 5 authentication
In terms of clients, what advantage does SMS have over SUS?
clients do not need Active Directory
What encryption algorithm does WEP use?
What are the first 24 bits of a WEP key known as?
the Initialization Vector (IV)
If 802.1x is uses, what network option should be deselected?
Authenticate as computer when computer information is available
What kind of attacks does mutual authentication prevent?
Where are server certificates for IIS configured?
from the Directory Security tab of the website/FTP site
Where are server certificates for IIS configured?
from the Directory Security tab of the website/FTP site
What needs to be installed to enable NTLMv2 on 9x clients?
Directory Services Client (from the 2000 Server CD)
What registry edit must be performed to allow NT and 9x clients to use NTLMv2?
in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA, add LMCompatibilityLevel DWORD:3
For what two reasons might trust relationships be created manually?
for shortcut trusts or for external trusts
What kind of trusts are shortcut trusts?
two-way transitive trusts
What kind of trusts are external trusts?
one-way non-transitive
What two methods can be used to manage trusts?
Netdom command or the Active Directory Domains and Trusts snap-in
What format does basic authentication send information in?
Base64 cleartext
What version of IE is required for NTLM IIS authentication?
IE2 or higher
What two pieces are necessary for Integrated Windows authentication to use Kerberos?
the client must be in a trusted domain, and the client must have Windows 2000 and IE5 or higher
What are the three options for certificate mapping?
one-to-one; many-to-one; Directory Service (DS) mapping
What does Directory Service mapping use to authenticate users with certificates?
Active Directory
What advantage does Directory Service mapping have over one-to-one and many-to-one mapping?

What disadvantage?
client certificate information can be shared across servers, but wildcard mapping is not as advanced
Can Directory Services mapping work with one-to-one and many-to-one mapping?
After making changes to the mapping rules on a website, what must be done to ensure the changes take effect?
stop and restart the website
If a client with a many-to-one mapping gets a new certificate, do they need to be re-mapped?
not if the new certficate still fulfills the requirements of the many-to-one mapping
What network architecture issue does Integrated Windows authentication have?
does not work through proxies or firewalls
What is the major advantage of Integrated Windows authentication?
single signon
What permission must users have on an IIS server for basic authentication to work?
Log On Locally
In terms of IIS authentication, what advantage does Kerberos have over NTLM?
Kerberos is not limited to resources on the IIS server
What two groups is IUSR_servername a member of? What permission does it have?
Guests and Everyone groups; has Log On Locally permission
What two authentication methods are used for Integrated Windows authentication?
NTLM and Kerberos