Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
29 Cards in this Set
- Front
- Back
|
What operating systems will support RODC's?
|
2008 only
|
|
|
What forest functional levels support RODC's?
|
2003 and 2008
|
|
|
What two tools can be used to raise a domain's functional level?
|
AD Users and Computers, and AD Domains and Trusts
|
|
|
What sort of trusts exist between domains in a forest?
|
transitive two-way trusts
|
|
|
What happens to the original objects when they are moved between forests?
|
the original is preserved
|
|
|
What tool is used to move objects between domains?
|
Active Directory Migration Tool (ADMT)
|
|
|
What two ACL's are described in security descriptors?
|
discretionary ACL's (DACL's) and system ACL's (SACL's)
|
|
|
What does a discretionary ACL describe?
|
resource permissions
|
|
|
What does a system ACL describe?
|
auditing
|
|
|
What is an Access Control Entry (ACE)?
|
Part of a discretionary ACL that links a security principal to a permission
|
|
|
What component checks a user's SID against an ACL when they try to access resources?
|
the Local Security Authority Subsystem (LSASS)
|
|
|
What is the range of a SID
|
the domain
|
|
|
What two tools can be used to reconcile a migrated account with its original permissions?
|
sIDHistory and security translation
|
|
|
How do you prevent users from losing access granted by global groups when migrating users between forests?
|
migrate the group first, then migrate the user
|
|
|
What is a trusted domain?
|
A domain that authenticates credentials for another domain, allowing users from the first domain to access resources in the second
|
|
|
What is a trusting domain?
|
A domain that allows or denies access to resources based on authentication from another domain
|
|
|
What two protocols does Active Directory use for authentication?
|
Kerberos and NTLM
|
|
|
What are the three characteristics of a parent-child trust?
|
It is automatic, transitive, and two-way
|
|
|
What are the three characteristics of a tree-root trust?
|
It is automatic, transitive, and two-way
|
|
|
What are the four types of manual trusts?
|
Shortcut trusts, external trusts, realm trusts, and forest trusts
|
|
|
What two groups are able to manually create trusts?
|
domain admins and enterprise admins
|
|
|
Are shortcut trusts transitive or intransitive?
|
transitive
|
|
|
When is a realm trust used?
|
When a trust needs to be established with a non-Windows Kerberos 5 realm
|
|
|
What is another name for domain quarantine?
|
SID filtering
|
|
|
What tool is used to validate a trust between Windows domains?
|
AD Domains and Trusts
|
|
|
Why is domain quarantine (SID filtering) used?
|
so that users from trusted domains are authorized using only SIDs that originated in that domain
|
|
|
What tool is used to manage domain quarantine?
|
netdom
|
|
|
What are the two modes of authentication for external or forest trusts?
|
selective authentication and domain/forest-wide authentication
|
|
|
What additional permission is required for users under selective authentication?
|
Allowed to Authenticate on each computer object required
|
