Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
55 Cards in this Set
- Front
- Back
|
Alookup table that allows users to associate a name with specific data pointsabout that name. Example: Domain Name Service (DNS) |
Directory
|
|
|
TheInternational Telecommunication Union’s directory format.
|
ITU X.500
|
|
|
Usesa Directory Information Tree (DIT) to represent a hierarchical structure ofDistinguished Names (DNs) of entities.
|
ITU X.500
|
|
|
Nearly everything on the Internet uses some form of ____ guidance for naming and organization. Therefore a full X.500 DIT is _____.
|
X.500; unwieldy
|
|
|
The most common directory structure. Designedto provide a “lightweight” alternative to X.500. Most common directory structure. Uses a localized DIT to arrange DNs in a logical hierarchy |
Lightweight Directory Access Protocol (LDAP)
|
|
|
Microsoft's directory service implementation with LDAP. Allows administrators to create Domains of objects controlled by the Domain Controller server. |
Active Directory |
|
|
What product provides: - Central authentication service (Kerberos) - Access control/auditing mechanisms - Ntwk info/naming standards through DNS - Infrastructure access/config. through LDAP |
Active Directory
|
|
|
CSTs primarily use what two tools to manage Active Directory?
|
1) Directory and Resource Administrator (DRA) 2) Active Directory Usersand Computers (ADUC) |
|
|
What is the Air Force’s primary web-based tool for CST administration ofan Active Directory domain?
|
Directory and Resource Administrator (DRA)
|
|
|
In regards to Active Directory, the _______ is a server object that must be activated on a Windows installation. While it is considered to be a powerful tool, its reduced availability has pushed the Air Force towards the easier-to-access, web-based DRA.
|
Active Directory Users and Computers (ADUC)
|
|
|
What Active Directory component has the following characteristics? - Web-based management interface; only one object ismanipulated at a time - Designed tominimize potential accidents by making mass actions more difficult to carry out |
Directory and Resource Administrator (DRA)
|
|
|
In DRA, all user accounts can be grouped into one of two categories: ______ and ______.
|
Local and domain
|
|
|
True/False Only Domain Accounts can be managed within DRA. |
True |
|
|
An object shell that represents a set of attributes for a user or computer object that will interact with and authenticate to a domain.
|
Domain account |
|
|
Accounts unassociated with a domain, called ____ ____, are most commonly used for troubleshooting purposes are created exclusively for use within the metal confines of the machine to which they are localized.
|
Local accounts
|
|
|
______ accounts are created on a Domain Controller and have access to the full enterprise domain. ______ accounts can only affect hardware. |
Domain; Local
|
|
|
True/False Every Microsoft Windows-based client will have built-in local accounts. |
True |
|
|
A local computer account will have a default local group account called _______.
|
WORKGROUP |
|
|
Computers do not necessarily require an account to function. |
ALL computers require an account to function. |
|
|
What two accounts are necessary for access to domain resources?
|
1) Valid domain computer 2) Valid domain user |
|
|
Domain accounts are created and stored on a central server called the _____ ______.
|
Domain Controller |
|
|
Local computer accounts are not recognized on the _____ until a corresponding computer ______ has been created and associated with the host machine.
|
Domain; object
|
|
|
CSTs must add computer accounts to the domain by using the computer's _____.
|
name |
|
|
User accounts set up on a Domain Controller for the purpose of providing network access are also called ______ _______.
|
network accounts |
|
|
Each user account must be given a name and is identified internally by a unique ______ ______.
|
Security Identifier (SID)
|
|
|
Used for tracking rights and permission assignments throughout the domain. Stored in the object's Access Control List (ACL) along with the specific permission information. |
Security Identifier (SID)
|
|
|
______ control access to an object, such as a folder or file. Determines whether you can access/modify an object.
|
Permissions |
|
|
_____ enable a user account or group to perform predefined tasks. Examples: ability to access server, authority to create accounts and manage server functions. |
Rights |
|
|
All _____ accounts are stored in a _____ database on the Domain Controller server for that domain.
|
Domain; central
|
|
|
True/False As a CST, you may interact with multiple Domain Controllers while working within a single domain. |
True |
|
|
______ ______ typically provide a common username shared among multiple users who perform a common function.
|
Group accounts |
|
|
Name the two built-in local user accounts created when first installing an Operating System. |
2) Guest |
|
|
Due to inherent vulnerabilities, the ______ account must be disabled on Air Force computers as a security best practice.
|
Guest
|
|
|
A ____ is a collection of objects: a collection of user and computer accounts, contacts, etc. that can be managed as a single unit.
|
Group |
|
|
Users and computers that belong to a particular group are referred to as ____ _____.
|
group members |
|
|
Any rights or permissions assigned to a group are inherited by its ____ _____. |
group members |
|
|
Groups in Active Directory are directory _____ that reside within a domain or an organizational unit container object, and are called _____ _____.
|
objects; domain groups |
|
|
True/False User accounts, Admin accounts, Computer accounts, and Security Groupsall have the same SID. |
FALSE User accounts, Admin accounts, Computer accounts, and Security Groupsall have unique SIDs |
|
|
Similar to local users, ____ ____ can be created on computers configured as domain member servers, workgroup member servers, domain workstations, and stand-alone computers (unaffiliated with a domain)
|
local groups
|
|
|
_____ groups reside on the local computer and provide access to only its resources. _____ groups reside on a Domain Controller and provide access to network resources throughout the domain. |
Local; Domain
|
|
|
When creating a group, a CST must consider that groups are characterized by their ____ and ____.
|
Scope and type
|
|
|
The _____ of a group determines the extent to which the group is applied within a domain. The group ____ determines whether a group can be used to assign permissions to a shared resource (security groups) or if I group can be used for e-mail distribution lists only (distribution groups) |
Scope; type
|
|
|
What are the two types of Domain Groups?
|
2) Security Groups |
|
|
This type of Domain Group is used to define collections of users for non-security purposes. Applications designed to be used in an Active Directory environment can use this group for their own purpose. For example: distribution group for e-mail to send email to all group members |
Distribution Group |
|
|
This type of Domain Group is used by Windows Server to manage user rights assignments and access permissions. Rights and permissions assigned to this type of group are inherited by the group's members. |
Security Groups |
|
|
_____ _____ is when you add a group as a member of another group in order to reduce security management overhead.
|
Group nesting
|
|
|
A user account without a user. This type of account exists on the domain to be shared as an email resource for multiple users from a specific organization. All members of a workcenter can send/receive email as that account w/o using their specific identities. |
Organizational account |
|
|
To support email security, organizational accounts must be ___-enabled. An organizational account requires its own _____ certificate and corresponding _____ key.
|
PKI digital private |
|
|
Group accounts on a domain must be _____ ______ in scope and ability.
|
severely limited
|
|
|
A user account with no additional rights assigned.
It is a security feature that prevents exploitation of accounts before proper rights have been assigned. |
Limited access account |
|
|
Modifications can be made to a user's account by updating the _____ _______.
|
Users properties
|
|
|
Containers used to logically organize accounts into specialized groups for various purposes.
|
Organizational Units (OUs) |
|
|
The creation, management, and maintenance of an end-user's objects and characteristics in relation to accessing resources available in one or more systems. Basically, the management of user rights and privileges. |
Account provisioning |
|
|
As a CST, your role when it comes to Guest account is to make sure they are ______.
|
Disabled |
|
|
What is a Distribution Group's sole purpose?
|
Grouping users for sending messages that do not have a Security Identifier (SID) |
