Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
70 Cards in this Set
- Front
- Back
What are the two main server types in an NT domain?
|
PDC and BDC
|
|
Two types of domains in and NT - Multi-master domain topology?
|
Master Domain
(trust) Resource Domain |
|
3 Advantages of old NT over workgroups?
|
Centralised Admin
Database replication Could scale to 1000's of users |
|
4 Limitations of NT model?
|
Didn't scale/work well for very/large org
Trust relationships needed a lot of work Excessive replication BAD for low-bandwidth WAN links Difficult to delegate admin duties |
|
3 Features of AD?
|
LDAP for transferring information
Reliance on DNS for name resolution Ability to extend the schema |
|
Functions of Domains
|
Create security boundaries to protect resources and ease of administration
Ease admin of usrs, grps, comps etc Provide central DB of NW obj's |
|
Type of server for remote locale with questionable security?
|
Read-only domain Controller
|
|
True or False:
Two objects can have the same relative distinguished name |
True.
Jane Doe can be in AD twice (or more) in different OU's |
|
True of False?:
Two objects can have the same distinguished name. |
False.
DN is unique to each AD object |
|
AD Trust Relationships - 3 truths
|
1. Trusts are transitive
2. By default, trusts are two-way relationships. 3. Trusts are used to allow the authentication of users between domains. |
|
Protocol used to query AD
|
LDAP
|
|
Policy that allows for different password and account lockout policies for different sets of users in the same domain?
|
Fine-grained password policy
|
|
What is the Server role that allows/provides for single sign-on capability for multiple apps?
|
AD Federation Services
|
|
Advantages of using Server 2008 AD Certificate Services?
|
Web enrollment
Network Device Enrollment Service Online Responder |
|
Which role allows a user to secure an email while using Microsoft Office 2007 Outlook?
|
AD Rights Management Services (AD RMS)
|
|
Identity and access (IDA) has five distinct categories. What are they?
|
Directory services,
strong authentication, Federated Identities, information protection, and Identity Lifecycle Management |
|
Another administrator has changed a user's group settings. What is the easiest way to get the original setting back for the user?
|
Perform Auditing.
Review logs. Undo what he did - the dunce! |
|
What is the feature of AD that allows info to remain in sync between DC's?
|
Replication
|
|
Which component of AD should you implement at remote sites to improve the performance of searches conducted for objects in all domains?
|
Global Catalog Server
|
|
Name of the server that is a repository of Active Directory topology and schema information for Active Directory?
|
Schema Master
|
|
You need to install the Active Directory Federation Services. What application do you use to do the install?
|
Server Manager
|
|
What term is used to refer to the actual structure that contains the information stored within Active Directory?
|
Data store
|
|
NW admin for a 200-node network. Only 30 need a new app.
What can you do? |
Create an OU with the 30 in it.
Deploy app/update to the OU |
|
Used to create a logical structure in AD is an ______?
|
Organisational Unit
|
|
List 8 Advantages of AD
|
Heirarchical Organisation
Extensible Schema Centralised Data Storage Replication - DNS & AD Ease of Admin Network Security Scalability Search |
|
3 Components of AD
|
Datastore - central
Schema Global Catalog |
|
2 Mechanisms of AD?
|
Replication
Search |
|
3 Logical Structures of AD?
|
Domains
Trees and Forests |
|
What does the AD Schema Specify?
|
Type of Info - Object classes & attributes
How the data is stored - structure |
|
The Global Catalog. What is it?
|
Index database that contains a subset of all the information in the AD Forest.
|
|
What does AD replication do?
|
Provides fault tolerance and improved performance for remote sites by copying GPO's and other AD data between DC's
|
|
A Domain is ______
|
a logical security boundary that allows for the:
creation administration & management of related resources |
|
A Domain uses what resources?
|
Uses resources exclusive to its domain but also shares and uses other resources from other domains who it trusts.
|
|
Name 4 characteristics of Domain Objects.
|
GP & Sec permissions
Hierarchical Obj Naming Hierarchical Inheritance Trust Relationships |
|
How can security be applied in a domain? (2 ways)
|
Security can be applied via GPO or via the actual ACL of the Object (User, Group etc)
|
|
What does Hierarchical Obj Naming provide for or allow?
|
Allows for each object to have a unique Name
|
|
What does a child Obj inherit from its parent Obj?
|
Security and Configuration settings
|
|
What does a Trust do?
|
Allows two domains to share security and resources
|
|
When are Trusts created?
|
Automatically between domains in the
same Tree same Forest between Forests (W2k8 only) |
|
What is the default type of Trust?
|
Two-way transitive
|
|
A Tree in AD is _____
|
a hierachical collection of one or more domains that share a contiguous namespace
|
|
A Forest in AD is _____-
|
one or more domains that share a non-contiguous namespace
|
|
The first domain in the Forest is called the
|
Forest Root Domain
|
|
What is a GUID?
|
Security ID placed on applications in AD. Huge but not unique.
|
|
What is a SID?
|
Security ID placed on each Object in AD. Guaranteed unique
|
|
If you want Alice to become John in AD as a user, and retain all the same security and groups that John's user account had, what can you do?
|
Rename John's user account to Alice.
SID remains the same |
|
If you deleted Steven's user account and Steven came back to work, would recreating Steven's account with the same name recreate all of Steven's old settings?
|
No.
New account, same name but different SID |
|
What is a distinguished name?
|
Uniquely ID's obj in domain.
|
|
What do these parts of a distiguished name represent?
/O /DC /CN |
O = Organisation - company root domain
DC = Domain Component CN = Common Name |
|
What can you do with the DN that you can't with the SID?
|
The DN can change by re-organising OU structure.
The SID can't. Ever. |
|
What can you apply security and other configuration against?
|
OU's
|
|
What can you do if you don't want a child OU to inherit from its parent OU?
|
Block inheritance.
|
|
What are the 5 AD roles in Windows Server 2008?
|
AD CS
AD DS AD FS AD LDS AD RMS |
|
AD CS allows admins to
|
Config SVCs for issuing and managing public key Certificates
|
|
What can AD CS Certificates be used with?
|
AD Obj's
Devices Services |
|
What are the four components of AD CS?
|
Web Enrollment
Certification Authorities Network Device Enrollment Online Responder Service |
|
AD CS Web Enrollment allows ___
|
users to request and receive Certificate Revocation Lists (CRLs) from web browser
|
|
What are the 3 types of CA's and what do the each do?
|
EA - hold cert's for whole enterprise
SRA - standalone and provied cert's for Internet SCA - sub ordinate to EA. Hand out certs on behalf of EA |
|
What does the AD CS NW Device Enrollment Service do?
|
Allows NW devices to obtain a certificate even if it doesn't have an AD Account
|
|
The AD CS Online Responder Service responds to _____
|
Valid certification requests with signed/unsigned response
|
|
An AD DS Fine-grained password policy allows ___
|
Allows an Organisation to have different password and account policies for different sets of users in the same domain
|
|
What is the improvement to Auditing in W2k8?
|
Can see success/failure AND
what actions were done. |
|
AD services can now be _______ whilst allowing other services such as DNS and DHCP to run?
|
Restarted or Stopped
|
|
What is DSAMain.exe and what does it allow an Admin to do?
|
Database Mounting Tool.
Allows viewing of AD data that has been backed up to find the actual backup set that is required. |
|
AD FS does what?
|
Provides internet based clients a secure ID .
Also does Single sign-on |
|
AD LDS does what?
|
AD-enabled apps and devices can store and retrieve data without the dependencies that AD DS requires
|
|
AD RMS requires an _____ _____ ____ to enable _______________
|
An AD RMS-enabled client to enable admins or users to determine who can open what type of files, even after they've left the organisation.
|
|
What is IDA's purpose?
|
Used to simplify securly the number of different credentials required to log-onto mutiple apps
|
|
What are the five components of IDA?
|
Directory Services (AD DS)
Strong Authentication (AD CS) Federated Identities (AD FS) Information Protection (AD RMS) Identity Lifecycle Management |
|
What does IDA Identity Lifecycle Management do?
|
Attempts to free up Admin's time by delegating simple tasks like password resets to other users
|