• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/125

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

125 Cards in this Set

  • Front
  • Back
SOA stands for:
Start of Authority
Are Windows DNS Servers capable of integrating with DHCP services to manage DNS updates for non-Microsoft devices?
Yes, they are.
What are the steps to take to setup DNS?
Ensure your server has a fixed IP address
Add the DNS Role to your Windows Server
Create primary forward zone and reverse lookup zones
Configure DNS proxy services on your DHCP server.
Set your zone update security to 'Secured Dynamic Updates'
Each DNS zone must have one _________ record and one ___________ record.
SOA (Start of Authority)
NS (Name Server)
What is a split-horizon DNS infrastructure?
A company that maintains two sets of DNS servers, one for internal hosts, and another for external hosts.
You are the DNS administrator for Humongous Corp. Users are complaining that they cannot browse the web on the Internet, although they can browse to internal web sites without issue. The network engineer confirms that your company's Internet connection is up and functioning correctly. What do you do to resolve the issue?
Verify that your name servers Root Hints are up-to date and correct.
Verify that your name servers forwarder statements are correct.
DNS maps _________ to __________.
DNS maps IP addresses to host names.
You work for Humongous Corp. which uses humongous.com for its internal DNS. Humongous has just purchased a small start-up company OzCorp which has the internal DNS namespace oz.com. How do you integrate these two different DNS infrastructures?
Add conditional forwarders to the name servers in each company to point at the other.
What is a Primary Zone?
When a zone that this DNS server hosts is a primary zone, the DNS server is the primary source for information about this zone, and it stores the master copy of zone data in a local file or in AD DS.
What is a Reverse Lookup Zone?
Is hosted by a name server and contains IP address-to-name mapping information
What is an Active Directory-Integrated Zone?
The zone is replicated as part of Active Directory.
What is the PDC Emulator?
Provides NT4 style domain controller functionality for legacy clients
What is the RID Master?
Ensures all objects have unique IDs by handing a pool of RIDs to each domain controller in the domain. (One RID Master per domain)
What is the Infrastructure Master?
Replicates certain directory updates in other domains to the domain controllers in its domain
What is the Domain Naming Master?
Prevents the duplication of domain names in the forest
What is the Schema Master?
Manages the definition of all object classes and attributes in the forest
What does FSMO stand for?
Flexible Single Master Operation
What are the five Operation Masters?
PDC Emulator
RID Master
Infrastructure Master
Domain Naming Master
Schema Master
Which Operation Masters are Forest-wide?
Schema Master
Domain Naming Master
What is a SID?
It is the security identifier that is attached to every security principle. It is made up of the domain SID and a RID.
What is a RID?
It is taken from a pool of IDs managed by the RID master. Used to make up a SID.
What is a GUID?
A globally unique number.
Directory Replication information can be transferred over:
SMTP and RPC
When you try to log on to your Windows 7 PC, which is a member of theOzCorp.com AD domain, you receive the error message: "The relationship between the computer and the domain has failed." What is the most likely cause of this error?
Someone has deleted the computer's Active Directory account.
When should you transfer a FSMO role?
When you wish to distribute FSMO roles in either your domain or forest.

When you need to take down a DC for long maintenance.
All domains in a forest are interconnected via ________________ relationships.
Transitive Trust
What is the schema in Active Directory?
The extensible definition of all active directory classes and attributes.
Which is an example of an URGENT replication?
Password Change
Active Directory replication is _______?
multi-master
What is the Bridgehead server?
A domain controller that manages replication over a site link to another site.
Within a site, the site topology is maintained by:
Knowledge Consistency Checker (KCC)
Between sites, the replication topology is maintained by:
the ISTG
What is an Active Directory Site?
A collection of IP subnets connecting by simliar high-speed network bandwidth
Within an Active Directory Site, directory replication is completed using a ____________?
bi-directional ring topology
What is the replication sequence order?
Originate LDAP update to domain directory partition and increment USN.

Identify replication partner

Query DNS for IP address of replication partner

Send change notification to destination

Destination sends request for change (including tracking metadata)

Send Updates to partner

Use replication subsystem to apply updates to directory database
OU stands for:
Organizational Unit
Domain Local Group
Domain Local groups can include as members:
Accounts, Global Groups, Universal Groups from any domain.
Domain Local groups from the same domain as the parent group.

Domain Local groups can be assigned permissions in:
only within the same domain as the group.

Scope can be converted to:
Universal (as long as no other Domain Local group exists as members)
Describe a Universal Group:
Universal groups can include as members:
Accounts, Global groups, Universal groups from any domain within the forest.

Universal groups can be assigned permissions in:
Any domain or forest.

Scope can be converted to:
Domain Local
*Global (as long as no other universal group exists as members)
Global Group
Global groups can include as members:
Accounts and Global groups from the same domain as the parent global group

Global groups can be assigned permissions in:
Any domain

Scope can be converted to:
Universal (as long as no other global group exists as members)
When creating an OU hierarchy, your primary goal should be to _____________?
Support delegation of administrative control.
USN stands for:
Update Sequence Number
A security group is used to:
grant privileges to resources in an AD forest.
A distribution group is used to:
primarily deliver e-mail (e-mail groups)
UPN stands for:
user principal name
What is the difference between a Security Principal Account and a Principal Account?
A security principal has a SID, a principal does not.
Can Group Polices be applied to Windows NT 4.0
workstations?
No
When are Computer-based group policies applied?
at startup
When are User-based group policies applied?
at logon
Group policies are linked most frequently to:
OUs (Organizational Units)
What can GPO be linked to?
It can be linked to:
a Site,
an OU
a Domain

but not a security a principal (User or group)
What does RSOP stand for?
Resultant Set of Policy
You are the AD Administrator at Humongous Corp. You receive a call from a user who is not getting the standard Windows screensaver and corporate wallpaper. You need to troubleshoot this group policy-related issue. What do you do?
Open the Group Policy Management Console and use the RSOP Wizard to see what policies are being applied for that user on the PC they are using.
Group policies related to Windows system services, the file system, password and account lockout policies are to be found in the:
Computer Configuration section
Group Policy is best described as:
A feature which allows an administrator to make a decision about the state of a user or computer, and the rely on Group Policy to enforce that state from then on.
SDOU stands for:
Site Domain Organizational Unit
What tool would use to create and mange OUs, users and computers?
Active Directory Users and Computers
What tool would you use to manage Group Policy?
Group Policy Management Console
What tool would you use to manage site links?
Active Directory Sites and Services
What is the Root Hints file?
It contains host information that is needed to resolve names outside of the authoritative DNS domains. It contains the names and addresses of root DNS servers.
Active Directory replication is:
1) multi-master
2) handled by "bridgehead" servers when occurring between sites.
3) pull-based
You are the DNS administrator for a company which has just acquired a new business. You have direct network connectivity between your internal network and the new company, but you need to extend DNS so that users in both companies can query each other's resources. What do you you?
Configure conditional forwarders on the DNS servers in each company to forward queries for the other company's domain names to the appropriate DNS servers.
You have added a new Unix BIND 9.7.4 server to your corporate infrastructure, but you are having trouble transferring your DNS zones to it from your existing Windows DNS server. What do you need to do?
On the Windows DNS server, in the DNS Management console, add the IP address for the new BIND server to the list of Name Servers and then check the Zone Transfers tab and enable zone transfers to all name servers.
You are installing and configuring DNS for your company, which has a large number of Windows XP, Apple Macintosh and Ubuntu Linux desktops. It is important that all these devices have the correct A and PTR records in DNS. You use Windows Server DHCP services to manage IP addresses for all your desktops. How do you ensure that all these desktops are accurately represented in DNS?
Configure DNS to use Secure Dynamic Updates for its forward and reverse lookup zones, and then configure DHCP to proxy DNS updates for those devices which don't support dynamic update.
What does DNS stand for?
Domain Naming System
What does DHCP stand for?
Dynamic Host Configuration Protocol
What does CNAME stand for?
Canonical Name
What does TLD stand for?
Top Level Domain
Does a Windows domain represents a set of resources sharing a common security context?
Yes
What is Transitive Trust?
Transitivity determines whether a trust can be extended outside the two domains between which the trust was formed. You can use a transitive trust to extend trust relationships with other domains. You can use a nontransitive trust to deny trust relationships with other domains.
Zones which are transferred via Active Directory Replication are referred to as:
Active Directory-integrated zones
What is an example of a DNS Proxy?
A Windows DHCP server which can add/update DNS records on behalf of systems which don't support dynamic DNS update.
What is WINS?
A legacy naming system for Windows that doesn't route.
What is a zone transfer?
The process of copy all or part of a zone file to another name server.
What is a shortcut trust?
A transitive trust between a domain in the same domain tree or forest that shortens the trust path in a large and complex domain tree or forest.
What is a forest trust?
A transitive trust between a forest root domain and a second forest root domain.
What is a realm trust?
A transitive trust between an Active Directory domain and a Kerberos V5 realm
What is external trust?
A nontransitive trust between an Active Directory domain and a Windows NT domain or an Active Directory domain in another forest.
What are examples of non-transitive trusts?
When an Active Directory domain and a Windows NT domain form a trust relationship

An Active Directory domain in one forest and a domain in another forest form a trust relationship (when the forests are not joined by a forest trust)
What is an enterprise directory?
A enterprise directory service is a customizable information store that functions as a single point from which users can locate resources and services distributed throughout the network.
What are logical components of Active Directory?
Objects
Schema
Containers
Domains
Organizational Units
Tree
Forest
DNS Integration
What is an object class?
Logical grouping of objects
Share same set of attributes
Why should you use OUs?
Delegation and Group Policy application
What is part of the Active Directory Physical Structure?
Active Directory sites (physical subnets)
Domain controllers
All Domains in a Forest share:
Schema
Configuration
Global Catalog
What are the replication topologies in Active Directory?
Intra-site Bi-directional Ring Topology
Inter-site Spanning Tree Topology
Synchronous RPC over TCP/IP
Asynchronous SMTP
What is the Global Catalog?
GCs are DCs
Partial replica of all Forest objects
Configurable sub-set of Attributes
Fast Forest-wide searches
Required at logon for Universal Group membership
Reduces replication overhead
When should a server not be a Global Catalog?
Unless all of your DCs are GCs, the infrastructure master role should not be assigned to the domain controller that is hosting the global catalog. If the infrastructure master and global catalog are on the same domain controller, the infrastructure master will not function. The infrastructure master will never find data that is out of date, so it will never replicate any changes to the other domain controllers in the domain.
What site is the default location for domain controllers?
Default-First-Site-Name
Replication is the transfer of:
Directory information updates such as:
Object additions or removals
Object attribute changes
Object renames
How is replication tracked?
Via a USN (Update Sequence Number) and a time stamp
What partitions does Active Directory replicate?
Domain (domain-wide)
Schema (forest-wide)
Configuration (forest-wide)
Application Data (depends on configuration)
What is the ISTG?
The Intersite Topology Generator (ISTG) manages intersite replication and it assigns a bridgehead server (can be changed manually).

Site links are used to define the intersite replication topology.
Describe the Site-link configuration:
Cost
Lower cost routes are used first.
Default is 100; range 1 to 99,999.

Schedule
Default is availability 7 days per week, 24 hours per day.
Administrator can modify to exclude certain days and hours the link is not available.

Frequency
Specifies how often the link attempts to replicate information within the specified availability (schedule)
Default is 180 minutes; range is 15 minutes to once per week
Which two protocols can be used for replication?
Intrasite - RPC

Intersite - RPC or SMTP
Site Link Bridging:
Used to allow communication over two different site links
Bridge All Site Links is configured by default (can be manually changed)
Replication Tools:
Active Directory Sites And Services
Active Directory Replication Monitor (Replmon) (GUI for replication monitoring and control)
Repadmin (command-line for replication monitoring and control)
What is Dcdiag?
A command-line tool used to troubleshoot domain controllers.
Where should you place FSMO roles?
Keep schema master and domain naming master roles on same DC (Should be a GC too)

Put RID master and PDC emulator roles on the same DC

In multi-domain forest, the infrastructure master should not be a global catalog server
What is an InetOrgPerson?
An object class for a user in LDAP. It is supported by AD and makes migration from LDAP to AD easier.
What is an example of a Principal Account?
A contact or distribution group
What are the three group scopes:
Global, Domain Local, Universal
When should a Domain Local group be used?
Groups with Domain Local scope help you define and manage access to resources within a single domain.
When should a Global group be used?
Use Global Groups to manage directory objects that require daily maintenance, such as user and computer accounts. Because Global Groups are not replicated outside their own domain, you can change accounts in a Global Group frequently without generating replication traffic to the global catalog.

Rights and permissions assigned to Global Groups are valid only within the domain in which they are assigned
When should Universal groups be used?
Use Universal Groups to consolidate groups that span domains. To do this, add the accounts to Global Groups, and then nest these groups within Universal Groups.

When you use this strategy, any membership changes in the groups that have global scope do not affect the groups with universal scope.
What are the main functional areas in Group Policy?
The Software Settings Node contains software installation packages, which are used for software distribution to users or computers.

The Windows Settings Node contains security settings, scripts (computer startup and shutdown, and log on and log off), and folder redirection.

The Administrative Templates Node includes registry-based group policy settings, which you use to govern the behavior and appearance of the desktop.
Group Policy Security Settings:
Account Policies, Local Policies, Event Log, Restricted Groups, System Services, Registry, File System
What is the command to determine what Group Policy was applied?
gpresult /h results.html
What is no override/enforced?
It ensures deeper levels of Group Policies will not override the previously applied GPO.
What is replication frequency?
The replication frequency of a site link determines how often replication occurs over that site link. By default, the replication frequency for a site link is 180 minutes,
What is the replication interval?
The schedule (availability) for intersite replication.
What is a Downlevel name (user log on)?
DOMAIN\UserName
What is a glue record?
The glue records are simply additional A records that are returned with the DNS response when querying for example.com, which provides the IP address of nameservers such as ns1.example.com or ns2.example.com
What is a PTR record?
Reverse Lookup (IP to Host Name)
What is the Configuration Partition?
It specifies how the domain controllers communicate and how the domain is designed.

Exchange use this partition to hold data about the systems that provide the e-mail service; therefore, it replicates with AD DS.
What is the Application Partition?
Applications and services can use application directory partitions to store application-specific data. Application directory partitions can contain any type of object, except security principals.

An application directory partition is a directory partition that is replicated only to specific domain controllers
What is the Domain Partition?
The domain partition, which contains all objects that are stored by one domain. There is one domain directory partition for each domain in the forest.
What is the Schema Partition?
It contains all class and attribute definitions for the forest. There is one schema directory partition per forest.
What is Microsoft Audit Collection System (MACS)?
It allows to centralize logs from all domain controllers.
What are WMI filters (group policy)?
It allow you to specify the criteria the computer has to match to have the GPO apply.
What is Loopback processing (group policy)?
It is used to force the user settings from the computer’s GPOs to take precedence over the user settings from the user’s GPOs.
What is Periodic Processing (group policy)?
By default, GPOs are processed/applied every 90 minutes plus a random value that can be as much as 90 minutes.
What is a SACL (System Access Control List)?
A list of security principals that have auditing rules applied to them.
What is an Access token?
on login, a security principal is assigned an access token. It consists of the user’s SID, the SIDs of any groups to which the user belongs, and the user’s rights and privileges.
Where is the Active Directory database stored?
In the NTDS.dit (%systemroot%/NTDS)
What tool is used to modify the schema?
ADSI Edit