Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
81 Cards in this Set
- Front
- Back
What are the 3 types of objects that can be assigned permission to access Active Directory?
|
-Users
-Groups -Computers |
|
The active directory objects; Users, Groups, and Computers, are collectively referred to as what?
|
Security Principles
|
|
A list of security principals, with each having a set of permissions that define access to the object is known as what?
|
DACL (Discretionary access control list)
|
|
Each entry in the DACL is referred to as what?
|
ACE (Access control entry)
|
|
If a security principal or a group the security principal belongs to isn't in the DACL, does the security principal have access to the object?
|
No
|
|
If the owner of an object isn't in the object's DACL can the owner still assign permissions to that object?
|
Yes
|
|
What are the 5 standard permissions available for most objects?
|
-Full Control
-Read -Write -Create all child objects -Delete all child objects |
|
What are the 3 different ways users can be assigned permission to an object?
|
-Explicit permission (user account is added to the DACL)
-A group the user belongs to is added to the object's DACL -The permission is inherited from a parent object's DACL to which the user or group account has been added |
|
What term describes a combination of the of the assigned permissions?
|
Effective permissions
|
|
What permission overrides Allow permissions?
|
Deny permissions
|
|
What is the exception to the deny permission?
|
When the deny permission is inherited from a parent object and the Allow permission is explicitly added to the DACL
|
|
By default, all objects in active directory are child object of what?
|
The domain
|
|
What determines the replication topology, which defines the domain controller path that AD changes flow through and ensures no more than three hops exist between any two DCs?
|
KCC (knowledge consistency checker)
|
|
What is the process used by AD for replicating objects in which changes to the database can occur on any domain controller and are propagated, or replicated, to all other domain controllers?
|
Multimaster replication
|
|
The path of the KCC that controls the flow of replication is configured as what?
|
A ring
|
|
How long does intrasite replication occur after a change is made on a domain controller?
|
15 seconds
|
|
What defines whether and how security principals from one domain can access network resources in another domain?
|
Trust relationship
|
|
True or False, Starting with Windows 2000 and Active Directory trust relationships are established automatically between all domains in the forest.
|
True
|
|
True or False, Although trusts between domains in the same forest are created automatically there's no automatic trust between domains in separate forests.
|
True
|
|
Trusts must be configured only when your Active Directory environment has what?
|
2 or more forests
|
|
What is the process of maintaining a consistent database of information when the database is distributed among several locations?
|
Replication
|
|
What term defines replication between domain controllers in the same site?
|
Intrasite replication
|
|
What term defines replication between two or more sites?
|
Intersite replication
|
|
What protocol is Active Directory based on and runs over TCP/IP and is designed to facilitate access to directory services and directory objects?
|
LDAP (lightweight directory access protocol)
|
|
LDAP is based on what?
|
x.500 DAP (Directory access protocol)
|
|
What are the 5 directory partition types in the active directory database?
|
-Domain directory partition
-Schema directory partition -Global catalog partition -Application directory partition -Configuration partition |
|
Which directory partition contains all object in a domain, including users, groups, computers, OUs, and so forth?
|
Domain directory partition
|
|
Which directory partition contains information needed to define AD objects and object attributes?
|
Schema directory partition
|
|
Which directory partition holds the global catalog, which is a partial replica of all objects in the forest?
|
Global catalog partition
|
|
What directory partition is used by applications and services to hold information that benefits from automatic active directory replication and security such as DNS?
|
Application directory partition
|
|
What directory partition holds configuration information that can affect the entire forest such as details on how domain controllers should replicate with one another?
|
Configuration partition
|
|
What are the 5 operations master roles (aka FSMO roles)?
|
-Schema master
-Infrastructure master -Domain naming master -RID master -PDC emulator master |
|
Which domain controller in a forest generally takes on the role of the operations master?
|
First domain controller
|
|
Which FSMO role is responsible for replicating the schema directory partition to all other domain controllers in the forest when changes occur?
|
Schema master
|
|
Which FSMO role is responsible for ensuring that changes made to object names in one domain are updated in references to these objects in other domains?
|
Infrastructure master
|
|
Which domain controller, by default, is usually the infrastructure master for that domain?
|
The first DC
|
|
Which FSMO role manages adding, removing, and renaming domains in the forest?
|
Domain naming master
|
|
How many domain naming master roles are there per forest?
|
1
|
|
If you want to add, delete, or rename a domain in a forest what must you ensure before implementing one of these actions?
|
That the domain naming master is available
|
|
What FSMO role is responsible for issuing unique pools of RIDs to each domain controller guaranteeing unique SIDs throughout the domain?
|
RID master
|
|
There is one RID master for every what?
|
Domain
|
|
In active directory, all objects in a domain are identified internally by a what, that is the same for all objects in the domain?
|
Secure identifier (SID)
|
|
What identifier is unique in active directory for each object?
|
Relative identifier (RID)
|
|
What FSMO role provides backward compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers and manages password changes to help ensure that user authentication occurs without lengthy delays?
|
PDC emulator master
|
|
What method of replication is used by active directory for replicating object data such as user and computer accounts?
|
Multimaster replication
|
|
What is a collection of a user's personal files and settings that define his or her working environment?
|
A user profile
|
|
By default, a local user profile is created from a default profile when the user does what?
|
Logs in for the first time
|
|
What type of profile follows the user no matter which computer he or she logs on to?
|
Roaming profile
|
|
What are the 2 locations where a roaming profile is created from?
|
-NETLOGON share
-Default profile on the local system |
|
What type of profile is used when you don't want users to be able to change their profile or only have the ability to make temporary changes?
|
Mandatory profile
|
|
How would you change a profile to a mandatory profile?
|
Rename Ntuser.dat file as Ntuser.man and check Read-only
|
|
In a single domain environment what is the mnemonic for creating groups and assigning permissions according to Microsoft's best practices?
|
-Accounts are made members of
-Global groups, which are made members of -Domain local groups, which are assigned -Permissions to resources |
|
In a multidomain environment, what is the mnemonic for creating groups and assigning permissions?
|
-Accounts are made members of
-Global groups, which are nested in other -Global groups, which are made members of -Universal groups, which are then made members of -Domain local groups, which are assigned -Permissions to resources |
|
Where are local groups created?
|
SAM database on a member server or workstation
|
|
When a windows computer becomes a domain member, windows adds the membership of what 2 local groups automatically?
|
-Domain Administrators Global group
-Domain Users Global group |
|
What is the command used for adding an object to active directory?
|
DSADD
|
|
What is the command used for removing or deleting an object from active directory?
|
DSRM
|
|
What is the command used for querying an active directory object?
|
DSQUERY
|
|
What 2 commands are used to bulk import and export active directory data?
|
-CSVDE
-LDIFDE |
|
What command used for bulk import and export in active directory can only create objects in AD?
|
CSVDE
|
|
What command used for bulk import and export in active directory can create or modify object?
|
LDIFDE
|
|
Microsoft's terminology for a physical printer is what?
|
Print device
|
|
Microsoft's terminology for the icon in the printers folder that represents the print device is called what?
|
Printer
|
|
Microsoft's terminology for a storage location for print jobs awaiting printing is known as what?
|
Print queue
|
|
What is the name given to two or more print devices that are represented by a single printer and where the print server sends the job to the print device that is least busy?
|
Printer pooling
|
|
What groups shared folders from multiple servers into a single folder hierarchy, with replication for fault tolerance?
|
Distributed File System (DFS)
|
|
A DFS hierarchy is referred to as what?
|
Namespace
|
|
DFS provides what process that deals with heavy network traffic?
|
Load balancing
|
|
Does DFS require AD?
|
No
|
|
Fault tolerance and load balancing are available only on a what?
|
Domain-based namespace
|
|
What are the 3 shares on computers that aren't domain controllers?
|
-Admin$
-Drive$ -IPC$ |
|
What share provides network access to the windows folder on the boot volume?
|
Admin$
|
|
What default share is used for temporary connections between clients and servers to provide communication between network programs?
|
IPC$
|
|
What are the 2 additional shares that reside on domain controllers?
|
-NETLOGON
-Sysvol |
|
What domain controller share is used for storing defualt user profiles as well as user logon scripts for pre-Windows 2000 clients?
|
NETLOGON
|
|
What domain controller share is used by active directory for replication between DCs and also contains group policy files that are downloaded and applied to windows 2000 and later clients?
|
Sysvol
|
|
Can both compression and encryption be enabled on the same file?
|
No
|
|
Compressed files moved to a new location on the same volume or a different volume will retain their compression attributes. True or False?
|
False, if a file is compressed and moved to a folder that does not contain the compression attribute then that file inherits the noncompressed attribute.
|
|
Can an entire volume be compressed?
|
Yes
|
|
True or false. An encrypted file, when moved, regardless of the parent folder or volume attribute, will remain encrypted.
|
True, unless the volume doesn't support encryption such as FAT
|
|
What feature allows access to previous versions of files and the ability to restore files that were deleted or corrupted?
|
Shadow copies
|