Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
29 Cards in this Set
- Front
- Back
|
Access Control Entry (ACE)
|
an entry in a DACL or SACL that lists a security principal (by SID), a type of action, and whether that SID is allowed or denied the action.
|
|
|
access token
|
a binary structure that lists the identit, rights, and group membership of a user on a network.
|
|
|
An ___________ contains, among other items, the user's SID and the SID of each group to which the user belongs.
|
access token
|
|
|
delegation of control
|
refers to assigning permissions on Active Directory objects to that data owners can manage their own objects.
|
|
|
discretionary access control list (DACL)
|
a list of ACEs used to control access to an object or resource
|
|
|
domain identifier
|
three 32-bit numbers that are statistically unique and identify a particular domain
|
|
|
down-level clients
|
a computer running an operating system that is not Active Directory-aware or Kerberos-capable.
|
|
|
File Allocation Table (FAT)
|
an older file format used by down-level clients and DOS. Don't support file based permissions, auditing, or journaling.
|
|
|
inheritance
|
the concept that a security setting on one objec can be inherited by objects lower in the hierarchy
|
|
|
Kerberos
|
an authentication protocol first developed at MIT to allow for a wide-area, distributed method of securely authenticating users before they are allowed to access network resources
|
|
|
Key Distribution Center (KDC)
|
a network service that is made up of an Authentication Service and Ticket-granting Service.
|
|
|
NT LAN Manager (NTLM)
|
older network authentication protocol used by all Windows Sytems prior to Windows 2000.
|
|
|
objectSID
|
the active directory attribute that stores a security principal's security identifier (SID)
|
|
|
private/public key pair
|
a set of two mathematically related keys used in public key cryptography
|
|
|
Public Key Infrastructure (PKI)
|
an organized system that issues and manages certificates and key pairs to support teh use of public key cryptography in an organization
|
|
|
registry hives
|
Major sections of the Windows registry that contain a set of related registry keys
|
|
|
registry keys
|
one or more related settings stored in teh Windows registry.
|
|
|
security descriptor
|
a package of binary information associated with an object or a resource, whcih contains the DACL, SACL, object owner, and related security information.
|
|
|
Security Descriptor Definition Language (SDDL)
|
a format that afficiently describes SIDs
|
|
|
Security Identifier (SID)
|
a binary number that uniquely represents a security principal. For most security, principals, the two key components are a domain identifier and a RID that are unique within the domain
|
|
|
security principal
|
an object in the directory to which resource permissions can be granted
|
|
|
service ticket (ST)
|
a Kerberos ticket presented to a resource server allowing it to authenticate the user
|
|
|
special permissions
|
a specific, granular permission available from Advanced dialog box when setting permissions
|
|
|
standard permissions
|
Permissions shown on the main security tab in an object's properties that represent the most common permissions granted to users
|
|
|
system access control list (SACL)
|
a list of ACEs used to determine which actions are audited or logged for a particular object or resource
|
|
|
symmetric keys
|
encryption keys that can be used to encrypt or decrypt a message. the same key is used for both encryption and decryption
|
|
|
ticket-granting ticket (TGT)
|
a Kerberos ticket used to request service tickets from a KDC
|
|
|
two-factor authentication
|
authentication systems that require possession of a physical object and a password or PIN
|
|
|
X.509 digital certificate
|
a specially structured electronic document that describes the identity of a person or service. the certificate is digitally signed by its issuer.
|
