Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
43 Cards in this Set
- Front
- Back
What does AD Domain Services (AD DS) do? |
provides Identity and Access (IDA) solutions for enterprise networks |
|
What does IDA refer to?
|
Identity and Access
|
|
What 4 things should an IDA infrastructure do?
|
store information about users, groups, computers, and objects; authenticate identities; control access; provide and audit trail |
|
What 5 technologies comprise a Microsoft IDA solution?
|
AD Domain Services; AD Lightweight Directory Services; AD Certificate Services; AD Rights Management Services
*AD Federation Services |
|
What part of IDA does AD Domain Services provide?
|
identity management |
|
What part of IDA does AD Lightweight Directory Services provide?
|
applications management
|
|
What part of IDA does AD Certificate Services provide?
|
trust management
|
|
What part of IDA does AD Rights Management Services provide?
|
integrity
|
|
What part of IDA does AD Federation Services provide?
|
partnership with external organizations
|
|
What did AD Lightweight Directory Services used to be called?
|
Active Directory Application Mode
|
|
What does AD Lightweight Directory Services do?
|
stores and replicates application-related database information
|
|
What best practice should be used when using AD Certificate Services to provide certificate services to external communities?
|
get a root certificate from a trusted third-party CA |
|
What does AD Rights Management Services do?
|
provides persistent rights management, even after authentication (similar to Acrobat controls)
|
|
What 5 components does AD Rights Management Services require to function?
|
AD domain with Server 2000 SP3 or higher DC's, IIS, database server AD RMS client, RMS-enabled browser |
|
What does AD Federation Services do?
|
allows organizations to project rights and access controls across organizational boundaries
|
|
What is a schema?
|
a set of rules that defines classes of objects and attributes in a directory
|
|
What do replication services do?
|
distribute directory data across a network
|
|
What does a global catalog contain?
|
limited information about every object in the directory
|
|
What is another name for a global catalog?
|
partial attribute set
|
|
What command is used to launch configuration of a domain controller?
|
dcpromo.exe
|
|
What are the components of an AD infrastructure?
|
AD data store, DC's, domains, forest, trees, functional level, OU's, sites
|
|
What is the directory also known as?
|
the AD data store
|
|
How is the directory stored?
|
as a single file (Ntds.dit)
|
|
Where is the directory located by default?
|
%SystemRoot%\Ntds folder on all domain controllers
|
|
What 4 partitions are usually found in the AD data store?
|
schema, configuration, global catalog, domain naming context
|
|
What important authentication service is run by all domain controllers?
|
Kerberos Key Distribution Center (KDC)
|
|
Where can a user receive authentication from?
|
any DC in their domain
|
|
What serves as a scope for administrative policies (password expiration, etc.)?
|
a domain
|
|
What is considered best practice when replication cannot occur reliably between domain controllers?
|
place them in separate domains
|
|
What is a forest?
|
a collection of one or more Active Directory domains
|
|
What is the first domain in a forest known as?
|
the forest root domain |
|
What entity defines a security boundary?
|
a forest |
|
What is a security boundary?
|
an entity outside which no data is replicated
|
|
What defines a tree?
|
the DNS namespace
|
|
What determines whether domains are part of the same tree?
|
whether those domains are part of a contiguous DNS namespace
|
|
What are the 3 domain functional levels?
|
Windows 2000 native, Windows Server 2003, and Windows Server 2008
|
|
What are the 2 forest functional levels?
|
Windows Server 2003 and Windows Server 2008
|
|
What requirement exists for the Windows Server 2008 domain functional level?
|
all DC's must be running Server 2008
|
|
What requirement exists for the Windows Server 2008 forest functional level?
|
all domains must be Windows Server 2008 domains
|
|
What MMC is used to administer roles?
|
Server Manager
|
|
What are the two primary steps in creating a new DC?
|
add roles through Server Manager and promote server to DC
|
|
What command-line command can be used to promote a server to DC?
|
dcpromo.exe
|
|
What two names do all DC's require?
|
a valid DNS name and a valid NetBIOS name
|