Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
41 Cards in this Set
- Front
- Back
What authentication method is digest authentication most similar to? What advantage does digest authentication have over this method?
|
most similar to basic authentication, but username/password is not sent in cleartext
|
|
What advantage does digest authentication have over Integrated Windows authentication?
|
works through proxies and firewalls
|
|
What permission must users authenticating with digest authentication have on the IIS server?
|
Log On Locally
|
|
What requirement must an IIS server meet to perform digest authentication?
|
it must be a member of an Active Directory domain
|
|
What two IIS authentication methods require that the user have IE5 or higher?
|
Kerberos authentication and digest authentication
|
|
What console is used to map client certificates to user accounts?
|
Internet Service Manager console
|
|
What two types of client certificate mapping are possible?
|
one-to-one and one-to-many
|
|
If a client with a one-to-one mapping gets a new certificate, do they need to be remapped?
|
yes
|
|
What filename extension do RIS answer files use?
|
.SIF
|
|
When configuring an SUS client, what template is applied?
|
WUAU.adm
|
|
At what layer of the OSI model do SSL communications take place at?
|
Application layer
|
|
Where can parameters be set to registry-based settings for configuring application settings and user desktop environments?
|
in the Administrative Templates section of a GPO
|
|
What is IPSec's default method of authentication?
|
Kerberos 5 authentication
|
|
In terms of clients, what advantage does SMS have over SUS?
|
clients do not need Active Directory
|
|
What encryption algorithm does WEP use?
|
RC4
|
|
What are the first 24 bits of a WEP key known as?
|
the Initialization Vector (IV)
|
|
If 802.1x is uses, what network option should be deselected?
|
Authenticate as computer when computer information is available
|
|
What kind of attacks does mutual authentication prevent?
|
Man-in-the-Middle
|
|
Where are server certificates for IIS configured?
|
from the Directory Security tab of the website/FTP site
|
|
Where are server certificates for IIS configured?
|
from the Directory Security tab of the website/FTP site
|
|
What needs to be installed to enable NTLMv2 on 9x clients?
|
Directory Services Client (from the 2000 Server CD)
|
|
What registry edit must be performed to allow NT and 9x clients to use NTLMv2?
|
in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA, add LMCompatibilityLevel DWORD:3
|
|
For what two reasons might trust relationships be created manually?
|
for shortcut trusts or for external trusts
|
|
What kind of trusts are shortcut trusts?
|
two-way transitive trusts
|
|
What kind of trusts are external trusts?
|
one-way non-transitive
|
|
What two methods can be used to manage trusts?
|
Netdom command or the Active Directory Domains and Trusts snap-in
|
|
What format does basic authentication send information in?
|
Base64 cleartext
|
|
What version of IE is required for NTLM IIS authentication?
|
IE2 or higher
|
|
What two pieces are necessary for Integrated Windows authentication to use Kerberos?
|
the client must be in a trusted domain, and the client must have Windows 2000 and IE5 or higher
|
|
What are the three options for certificate mapping?
|
one-to-one; many-to-one; Directory Service (DS) mapping
|
|
What does Directory Service mapping use to authenticate users with certificates?
|
Active Directory
|
|
What advantage does Directory Service mapping have over one-to-one and many-to-one mapping?
What disadvantage? |
client certificate information can be shared across servers, but wildcard mapping is not as advanced
|
|
Can Directory Services mapping work with one-to-one and many-to-one mapping?
|
no
|
|
After making changes to the mapping rules on a website, what must be done to ensure the changes take effect?
|
stop and restart the website
|
|
If a client with a many-to-one mapping gets a new certificate, do they need to be re-mapped?
|
not if the new certficate still fulfills the requirements of the many-to-one mapping
|
|
What network architecture issue does Integrated Windows authentication have?
|
does not work through proxies or firewalls
|
|
What is the major advantage of Integrated Windows authentication?
|
single signon
|
|
What permission must users have on an IIS server for basic authentication to work?
|
Log On Locally
|
|
In terms of IIS authentication, what advantage does Kerberos have over NTLM?
|
Kerberos is not limited to resources on the IIS server
|
|
What two groups is IUSR_servername a member of? What permission does it have?
|
Guests and Everyone groups; has Log On Locally permission
|
|
What two authentication methods are used for Integrated Windows authentication?
|
NTLM and Kerberos
|