Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
136 Cards in this Set
- Front
- Back
A domain controller may hold domain-wide roles and forest-wide roles.
|
T
|
|
If the forest consists of only a single domain, you may place the infrastructure master on a server that is also a global catalog server
|
T
|
|
You can bring a PDC emulator back online after seizure if necessary.
|
T
|
|
When a domain controller is demoted , any operations master roles it holds are arbitrarily moved to other domain controllers
|
T
|
|
If the RID master becomes unavailable, domain controllers can get new RID Blocks
|
F
|
|
A GUID is updated whenever the object is renamed
|
F
|
|
The terms permission and right are often used interchangeably
|
T
|
|
The NTLM protocol is significantly more secure than kerberos
|
f
|
|
The KRB_AS_REQ packet includes the username and timestamp, encrypted using the user's long term key
|
T
|
|
You can create ACEs that allow or deny access
|
T
|
|
The Ticket-granting service issues sessions tickets for access to a network
|
T
|
|
A SACL has the different basic structure as compared with a DACL
|
F
|
|
FSMO stand for __________ Single Master OPERation
|
Flexible
|
|
The __________ master is the domain controller that has a writable copy of the schema naming context for the entire forest
|
Schema
|
|
The domain __________ master is responsible for removing domains from the forest.
|
Naming
|
|
When a role must be moved to a different domain controller either for initial configuration of the forest/domain or a forest/domain restructuring, the preferred method is to perform a(n) __________ operation
|
Transfer
|
|
In some instances, it may become necessary to move a FSMO role from one domain controller to another even if the original role holder is unavailable. This process of forcibly moving a role is called __________ the role
|
seizing
|
|
Objects in active directory that have a SID are referred to as security __________
|
principals
|
|
Microsoft defines the __________ attribute as a binary value that specifies the SID of a user object
|
Object sid
|
|
Windows builds an access __________ that contains several important pieces of information, including the user's SID
|
token
|
|
Logon __________ define how a user can logon to a system. are specific tasks a user can perform once they are logged on to a system.
|
rights
|
|
The older clients (pre-windows 2000) are referred to as __________ clients
|
down-level
|
|
The DACL along with SACL and owner ship informaion is stored in a security __________ attribute
|
descriptor
|
|
Delegation of __________ is all about giving data owners the ability to manage their own objects
|
control
|
|
Special permissions represent the exact and __________ permissions available, and can be very specific
|
granular
|
|
Share permissions control access via the __________
|
network
|
|
To store configuration setting about the computer, windows operating systems use a hierarchical database called the __________
|
Registry
|
|
the forest-wide operations master that controls the addition and removal of domains in the forest
a. RID f. RID master b. PDC emulator g. NTDSUTIL c. infrastructure master h. object in Active Directory d. operations master i. object's GUID e. domain naming master j. schema master |
domain naming master
|
|
domain controller that manages specific changes to Active directory that would be impractical to manage using a multi master replication model
a. RID f. RID master b. PDC emulator g. NTDSUTIL c. infrastructure master h. object in Active Directory d. operations master i. object's GUID e. domain naming master j. schema master |
operations master
|
|
combined with the domain SID to create the SID for a Security principle such as a user, group, or computer account
a. RID f. RID master b. PDC emulator g. NTDSUTIL c. infrastructure master h. object in Active Directory d. operations master i. object's GUID e. domain naming master j. schema master |
RID
|
|
because it is never changed, it can be used by the infrastructure master to identify changes if the object is renamed or moved
a. RID f. RID master b. PDC emulator g. NTDSUTIL c. infrastructure master h. object in Active Directory d. operations master i. object's GUID e. domain naming master j. schema master |
Object's GUID
|
|
a command-line utility called to seize any of the five operations master roles
a. RID f. RID master b. PDC emulator g. NTDSUTIL c. infrastructure master h. object in Active Directory d. operations master i. object's GUID e. domain naming master j. schema master |
NTDSUTIL
|
|
a binary number that uniquely represents a security principal
a. ST f. PKI b. X.509 digital certificate g. FAT c. RID h. NTFS d. DACL i. ACE e. KDC j. SID |
SID
|
|
a list of ACEs used to control access to an object or ressource
a. ST f. PKI b. X.509 digital certificate g. FAT c. RID h. NTFS d. DACL i. ACE e. KDC j. SID |
DACL
|
|
a network service that is made up of an Authentication Service and Ticket-granting Service
a. ST f. PKI b. X.509 digital certificate g. FAT c. RID h. NTFS d. DACL i. ACE e. KDC j. SID |
KDC
|
|
an organized system that issues and manages certificates and key pairs to support the use of public key cryptograpthy in a organization
a. ST f. PKI b. X.509 digital certificate g. FAT c. RID h. NTFS d. DACL i. ACE e. KDC j. SID |
PKI
|
|
If a network link fails and clocks start to drift, it is possible that data could be lost or the directory may be corrupted.
|
T
|
|
It is impossible to compare USNs from the same domain controller.
|
F
|
|
The configuration and schema naming contexts have different replication topologies
|
F
|
|
SYSVOL replication is dependent on Active Directory object replication
|
F
|
|
In a role seizure, any recent changes that were performed on the original role holder can be replicated to the new role holder and may be lost
|
F
|
|
The Operation of updating references to objects in other domains is resource intensive
|
F
|
|
LM authentication is easier to crack than NTLM
|
T
|
|
With Active Directory, delegation is largely an all-or-nothing proposition
|
F
|
|
Replication occurring within a site is called _______ replication
|
intra-site
|
|
The knowledge __________ checker is a process that runs on each DC to create the replication topology within a site
|
consistency
|
|
The delay or "lag time" between a change made in one replica being recognized in another is called the __________
|
latency
|
|
A __________ update is a change to active directory that was made on the local domain controller
|
originating
|
|
The process of preventing a domain controller from replicating an update to another domain controller that already has the update is called the propagation __________
|
dampening
|
|
A(n) __________ update is a change that was made through replication
|
replicated
|
|
The process of updating Active Directory on all domain controllers on the network is known as __________
|
replication
|
|
a domain controller that replicates with another domain controller is called the replication __________
|
partner
|
|
The replication __________ is the set of connections used by domain controllers to replicate directory updates among domain controllers in both the same and different sites
|
topology
|
|
USN stands for the Update ________ Number
|
sequence
|
|
When a role must be moved to a different domain controller either for initial configuration of the forest/domain or a forest/domain restructuring, the preferred method is to perform a __________ operation
|
transfer
|
|
Objects in Active Directory that have a SID are referred to as security __________
|
principals
|
|
Windows builds an access __________ that contains several important pieces of information, including the user's SID
|
token
|
|
Domain controllers track object changes using ____
a. FRSs b. SYSVOLs c. ISTGs d. USNs |
USNs
|
|
The USN is a ____ -bit number used to identify changes to data in Active Directory
a. 16 b. 32 c. 64 d. 128 |
64
|
|
The ____ helps the source domain controller to filter out attributes that don not need to be replicated
a. high-watermark value b. up-to-dateness vectory c. DCI d. up-to-dateness timestamp |
up to dateness vectory
|
|
Connection objects are created automatically by the ____
a KCC b. IST c. STG d. ITG |
`KCC
|
|
Connection objects are created manually by the ____
a. NTDS b. KCC c. ISTG d. Active directory administrator |
active directory admin
|
|
Intra site communications always use uncompressed ___
a. SMTP b. IP c. RPC over TCP/IP d. TCP/IP over RPC |
RPC over TCP/IP
|
|
A global catalog server holds a partial ____ replica of the domain naming context for each domain in the forest
a. read-and-write b. read only c. root d. master |
read only
|
|
In order to create the inter site replication topology, one domain controller in each site is designated as the ____
a. IP b. RPC c. ISTG d. KCC |
ISTG
|
|
The ____ is the oldest server in a site by default and is responsible for creating connection objects with domain controllers located in other sites
a. KCC b. ISTG c. DC d. RPC |
ISTG
|
|
Windows NT 4.0 domains follow the architectural model known as ____ replictaion
a. single master b. split c. read only d. read write |
single master
|
|
Which of the following is the main factor hat controls the replication frequency
a. the cost b. the bandwidth c. the stackholders d. the location of the replication partners |
the location of the replication partners
|
|
The server globally unique identifier GUID is used to identify ____
a. USNs b. replication partners c. DSAs d. the high watermark value |
replication partners
|
|
in order to support ____ partitions, the domain naming master must be placed on a domain controller running windows server 2003
a. basic b. application c. master d. naming |
application
|
|
The ____ is used for snchronizing the system clock of computers in the domain
a. PDC emulator b. RID master c. Infrastructure master d. domain naming master |
PDC emulator
|
|
The ____ identifies references that need to be checked by locating references to objects that are not contained in its local directory database
a. PDC emulator b. RID master c. domain naming master d. infrastructure master |
infrastructure master
|
|
Which of the following groups is authorized to move the domain naming master role between domain controllers
a. Schema Admins b. enterprise admins c. domain admins d. admins |
enterprise admins
|
|
only seize a role if the orginal domain controller that held the role ___
a. is not available during 30 seconds b. 3 minutes c. 30 mins d. cannot be restored |
cannot be restored
|
|
Bringing a domain controller back online after it has had the ____ role seized can cause no adverse effects or damage to the directory
a. schema master b. domain naming master c. PDC emulator d. infrastructure master |
infrastructure master
|
|
SIDs are expressed in a format called ____
a. ADSI b. KCC c. SSL d. SDDL |
SDDL
|
|
The domain identifier has a set of ____ long integer numbers
a. two b. three c. four d. seven |
three
|
|
The ____ authentication protocol is used when a Windows N-based computer authenticates to a windows 2000 server or windows server 2003 domain controller
a. NTLM b. SID c. RID d. GUID |
NTLM
|
|
Smart cards are part of a ____
a. KCC b. PKI c. RSA d. SSA |
PKI
|
|
A ____ permission overrides all other permissions
a. access b. deny c. read d. write |
deny
|
|
in Windows server 2000 ownership is a ____ process
a. one way b. two way c. bidirectional d. one to many |
one way
|
|
A ____ is used for audition object access
a. SACL b. DACL c. ACL d. ACE |
SACL
|
|
the operations master for a domain that updates references to objects in other domains
a. RID f. RID master b. PDC emulator g. NTDSUTIL c. infrastructure master h. object in Active Directory d. operations master i. object's GUID e. domain naming master j. schema master |
infrastructure master
|
|
an operations master for a domain that simulates a windows NT 4.0 PDC for backward compatibility
with older windows clients and servers a. RID f. RID master b. PDC emulator g. NTDSUTIL c. infrastructure master h. object in Active Directory d. operations master i. object's GUID e. domain naming master j. schema master |
PDC emulator
|
|
the forest wide operations master that controls changes to the active directory schema
a. RID f. RID master b. PDC emulator g. NTDSUTIL c. infrastructure master h. object in Active Directory d. operations master i. object's GUID e. domain naming master j. schema master |
schema master
|
|
has a GUID in addition to a distinguished name
a. RID f. RID master b. PDC emulator g. NTDSUTIL c. infrastructure master h. object in Active Directory d. operations master i. object's GUID e. domain naming master j. schema master |
object in active directory
|
|
a tool used to monitor, troubleshoot, and verify active directory replication
a. FRS f. active directory replication monitor b. GUID g. replica c. bridgehead server h. PDC emulator d. connection object i. ISTG e. convergence j. Inter-site replication |
active directory replication monitor
|
|
a domain controller that is configured to perform replication to and from other sites
a. FRS f. active directory replication monitor b. GUID g. replica c. bridgehead server h. PDC emulator d. connection object i. ISTG e. convergence j. Inter-site replication |
bridgehead server
|
|
a connection between two domain controllers that is used for replication
a. FRS f. active directory replication monitor b. GUID g. replica c. bridgehead server h. PDC emulator d. connection object i. ISTG e. convergence j. Inter-site replication |
connection object
|
|
the state when all replicas of a database have the same version of the data
a. FRS f. active directory replication monitor b. GUID g. replica c. bridgehead server h. PDC emulator d. connection object i. ISTG e. convergence j. Inter-site replication |
convergence
|
|
a multi-threaded, muliti master replication engine that replaces the LMREPL service in Microsoft windows NT 4.0
a. FRS f. active directory replication monitor b. GUID g. replica c. bridgehead server h. PDC emulator d. connection object i. ISTG e. convergence j. Inter-site replication |
FRS
|
|
a 16 byte value generated by an algorithm and should be different form every other GUID generated anywhere in the world
a. FRS f. active directory replication monitor b. GUID g. replica c. bridgehead server h. PDC emulator d. connection object i. ISTG e. convergence j. Inter-site replication |
GUID
|
|
an operations master for a domain that simulates a windows NT 4 PDC for backward compatibility with older windows clients and servers
a. FRS f. active directory replication monitor b. GUID g. replica c. bridgehead server h. PDC emulator d. connection object i. ISTG e. convergence j. Inter-site replication |
PDC emulator
|
|
A conflict occurs if the same attribute is changed on the same object at the same time on two different domain controllers
|
T
|
|
During the inter site replication, domain controllers can be notified of updates that they then pull
|
F
|
|
Replication between sites observes normal replication intervals and restrictions -- even if the replication is urgent
|
T
|
|
Once replication has finished and all domain controllers contain the same information for every object, the directory database is said to have ____
a. merged b. converged c. replicated d. restored |
converged
|
|
The ____ is the highest known USN
a. high watermark value b. up to dateness vector c. DCI d. up to dateness timestsmp |
high watermark value
|
|
The up to dateness vector can be used to provide propagation ___
a. speed b. bandwidth c. dampening d. tolerance |
dampening
|
|
A ___ model allows changes to be made on any domain controller
a. split b. multi master c. multi domain d. hierarchical |
multi master
|
|
Every naming context has its own replication ____
a. map b. database c. topology d. schema |
topology
|
|
Each domain controller is identified by a ___ object
a. network b. shortcut c. connection d. link |
connection
|
|
Connection objects are ___
a. unidirectional b. bidirectional c. two way d. one to many |
unidirectional
|
|
Automatically created connection objects use the site link's replication intervals if the connection is ____
a. in site b. out site c. intra site d. inter site |
inter site
|
|
by default, the KCC checks the replication topology every ____ minutes to ensure that the replication topology is up to date
a. 5 b. 15 c. 30 d. 45 |
15
|
|
A ____ server is used to designate a particular domain controller for replication purposes
a. local catalog b. bridgehead c. domain d. master |
bridgehead
|
|
Which of the following is the main factor that controls the replication frequency
a. the cost b. the bandwidth c. the type of network d. the type of data being replicated |
the type of data being replicated
|
|
By default, a windows server 2003 domain controller waits ____ after the first change is made and then sends out a notification to its first replication partner that it has updates
a. 3 sec b. 15 sec c. 3 min d. 15 min |
15 sec
|
|
___ secrets store password used for establishing trust relationships and service accounts
a. RID b. LSA c. ISTG d. KCC |
LSA
|
|
If you have the time difference between servers, ensure that ___ port 123 is not blocked between domain controllers
a. DNS b. UDP c. WAN d. LAN |
UDP
|
|
replication occurring between sites
a. FRS f. active directory replication monitor b. GUID g. replica c. bridgehead server h. PDC emulator d. connection object i. ISTG e. convergence j. Inter-site replication |
inter site replication
|
|
a process that runs on one domain controller in every site and is responsible for creating the replication topology between its site and other sites
a. FRS f. active directory replication monitor b. GUID g. replica c. bridgehead server h. PDC emulator d. connection object i. ISTG e. convergence j. Inter-site replication |
ISTG
|
|
Operations masters are smetie called ____ role holders
a. RPM b. KCC c. FSMO d. RID |
FSMO
|
|
Which of the following is the forest wide FSMO role
a. PDC emulator b. domain naming master c. RID master d. infrastructure master |
domain naming master
|
|
By default, the schema master FSMO role is assigned to the ___ domain controller in the forest
a. first b. second c. highest priority d. last |
first
|
|
The PDC emulator acts as if it is a windows ____ PDC for the domain
a. NT4.0 b. NT5.0 c. 2000 d. XP |
NT4.0
|
|
The job of the ____ to replicate the appropriate changes to any windows NT4.0 BDCs in the domain
a. domain naming master b. infrastructure master c. PDC emulator d. RID master |
PDC emulator
|
|
Bringing a domain controller back online after it has had the ____ role seized can case that user authentication may be temporarily erratic
a. schema master b. domain naming master c. PDC emulator d. RID master |
PDC emulator
|
|
Novell's Novell directory services use the ____ object to represent a user
a. GIID b. inetorgperson c. SID d. RID |
interorgperson
|
|
A Sid in security descriptor definition language format begins with ____
a. C b. I c. S d. T |
S
|
|
____ is based on request for comments number 1510
a. LM b. NTLM c. RID d. Kerberos V5 |
Kerberos V5
|
|
In the windows server 2003 implementation of kerberos, the ____ is a domain controller that stores the directory database containing all users and passwords
a. TGT b. KDC c. SID d. RID |
KDC
|
|
Authentication service authenticates and issues ____ to users
a. rights b. privileges c. certificates d. ticket granting tickets |
ticket granting tickets
|
|
By default, a TGT is valid for ____ hours
a. 5 b. 10 c. 12 d. 24 |
10
|
|
The session ticket has a default lifetime of ___ minutes
a. 3 b. 6 c. 10 d. 600 |
600
|
|
The directory services client provides ____
a. search capabilities in active directory b. ipsec support c. group polic support d. dynamic DNS support |
search cap
|
|
A ___ is defined an an access control list that is controlled by the owner of an object and that specifies the access that particular users or groups can have to the object
a. SACL b. DACL c. SIDL d. RIDL |
DACL
|
|
A windows server 2003 security group is a ____ object that is used to organize a collection of users, computer, or other groups into a single security principal
a. container b. frame c. pane d. box |
container
|
|
You can use the ____ to create the appropriate ACEs in the DACL on the organizational unit
a. Admin wiz b. config wiz c. inheritance wiz d. Delegation of control wiz |
del of con wiz
|
|
a ____ is used for auditing objec access.
a. SACL b. DACL c. ACL d. ACE |
SACL
|
|
Which of the following applications uses active directory for authentication, but provides their own authorization
a. notepad b. microsoft SQL server c. FAT d. NTFS |
microsoft SQL server
|
|
If the forest is set to a functional level of windows 2000, you can only place the domain naming master on a ____ server
a. configuration b. global catalog c. root d. DC |
global catalog
|
|
the ____ identifies references that need to be checked by location references to objects that are not contained in its local directory database
a. PDC emulator b. RID master c. domain naming master d. infrastructure master |
infrastructure master
|
|
____ are what the windwos security subsystem uses to identify security principals
a. SIDS b. RIDs c. GUIDs d. RDNs |
SIDs
|
|
Assume an SID is S-1-2-3-4-5-6-7 which of the following numbers is the RID
a. 4 b. 5 c. 6 d. 7 |
7
|
|
The ____ permissions allow you to choose who can print to a printer, who can change printer settings, and who can manage documents
a. standard b. split c. granular d. share |
standard
|