Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
65 Cards in this Set
- Front
- Back
What forms the base around which Active Directory is built and allows applications to integrate with Active Directory? |
Lightweight Directory Access Protocol (LDAP)
|
|
Lightweight Directory Access Protocol is based on what protocol?
|
X.500
|
|
What are the building blocks of the active directory structure in a domain?
|
Organizational Units (OU's)
|
|
What are the benefits of using OU's?
|
Hierarchical structures for easy resource access
Delegation of administrative authority Able to change OU structure easily Can hide AD objects for confidentiality |
|
A person with higher security privileges assigns authority to a person of lesser security privileges to perform certain tasks, is know as what?
|
Delegation of control
|
|
What are the 3 types of object that can be assigned permission to access an Active Directory object?
|
Users
Groups Computers |
|
Within active directory object permission, users, groups, and computers are referred to as what?
|
Security Principles
|
|
What are the 3 components that make up an Active Directory's object security settings?
|
Discretionary Access Control List (DACL)
Object Owner System Access Control List (SACL) |
|
Each entry in the DACL is referred to as what?
|
Access control entry (ACE)
|
|
What defines the settings for auditing access to an object?
|
System Access Control List (SACL)
|
|
What are the 5 standard permissions that can be assigned to a security principal?
|
Full control
Read Write Create all child objects Delete all child objects |
|
What are the 3 ways users can be assigned permission to an object?
|
-User's account is added to the object's DACL (aka effective permissions)
-A group the user belongs to is added to the object's DACL -The permission is inherited from a parent objects DACL |
|
What permission overrides Allow permissions?
|
Deny
-exception is when the deny permission is inherited from a parent object and the allow permission is explicitly added to the object's DACL |
|
If a security principal isn't represented in an object's DACL, does it have access to the object?
|
No
|
|
What defines how permissions are transmitted from a parent object to a child object?
|
Permission Inheritance
|
|
All object in Active Directory are child object of what?
|
The domain
|
|
What wizard is used to assign users the authority to perform certain tasks on Active Directory objects?
|
Delegation of control wizard
|
|
By default, AD Users and Computers hide some system folders and advanced features, but you can display them by enabling what?
|
Advanced Features from the view menu
|
|
What are the 4 new folders available after enabling the advanced features in Active Directory Users and computers?
|
-Lost and Found
-Program Data -System -NTDS |
|
Which advanced features option stores quota information that limits the number of Active Directory objects a user, group, computer, or service can create?
|
NTDS
|
|
What term describes a combination of the allowed and denied permissions assigned to a security principal?
|
Effective permissions
|
|
What term refers to permissions that override inherited permissions and can create some exceptions to the rule that "deny permissions override allow permissions"?
|
Explicit permissions
|
|
Permission inheritance is enabled by default on child objects but can be disabled. True or False?
|
True
|
|
Each Active Directory database is referred to as a what?
|
Directory partition
|
|
What are the 5 directory partition types in the Active Directory database?
|
-Domain directory partition
-Schema directory partition -Global catalog partition -Application directory partition -Configuration partition |
|
Which partition contains all objects in a domain, including users, groups, computers, OU's and so forth?
|
Domain directory partition
|
|
Which directory partition contains information needed to define AD objects and object attributes?
|
Schema directory partition
|
|
Which directory partition is a partial replica of all objects in the forest and holds the global catalog?
|
Global catalog partition
|
|
Which directory partition is used by applications and services to hold information that benefits from Active Directory replication and security such as DNS?
|
Application directory partition
|
|
Which directory partition holds configuration information that can affect the entire forest, such as details on how domain controllers should replicate with one another?
|
Configuration partition
|
|
What is the name for a number of operations in a forest having a single domain controller with sole responsibility for the function?
|
Operations master
|
|
Which domain controller in the forest generally takes on the role of the operations master?
|
First domain controller
|
|
Can the responsibility for operations master roles be transferred to another domain controller?
|
Yes
|
|
The 5 operations master roles are referred to as what?
|
Flexible single master operation roles (FSMO)
|
|
What are the 5 Operations Master Roles?
|
-Schema master
-Infrastructure master -Domain naming master -RID master -PDC emulator master |
|
Which FSMO role provides backward compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers?
|
PDC emulator master
|
|
Which Operations Master role is responsible for replicating the schema directory partition to all other domain controllers in the forest when changes occur?
|
Schema master
|
|
Which Operations Master role is responsible for ensuring that changes made to object names in one domain, are updated in references to these objects in other domains?
|
Infrastructure master
|
|
Which FSMO role manages adding, removing, and renaming domains in the forest?
|
Domain naming master
|
|
Which FSMO role is responsible for ensuring that no 2 object have the same RID (relative identifier) and issuing unique pools of RID's to each domain controller thereby guaranteeing unique SID's?
|
RID master
|
|
What is the process of maintaining a consistent database of information when the database is distributed among several locations?
|
Replication
|
|
What is the term for replication between domain controllers in the same site?
|
Intrasite replication
|
|
What is the term for replication between two or more sites?
|
Intersite replication
|
|
What type of replication is used for replicating Active Directory Objects, such as users and computer accounts, which means changes to these objects can occur on any domain controller and are propagated, or replicated to all other domain controllers?
|
Multimaster replication
|
|
What process runs on every domain controller to determine the replication topology, which defines the domain controller path that Active Directory changes flow through?
|
Knowledge Consistency Checker (KCC)
|
|
In Active Directory, what defines how security principals from one domain can access network resources in another domain?
|
Through a trust relationship
|
|
What role provides the following vital funtions:
-Facilitate domain and forestwide searches -facilitate logon across domains -Hold universal group membership information |
Global catalog servers
|
|
If A=B and B=C, then A=C. This is an example of what?
|
Transitive Trust
|
|
What type of trust can be used to integrate users of other OS's into a Windows Server 2008 domain or forest?
|
Realm Trust
|
|
The protocol for accessing active directory objects and services is based on what standard?
|
LDAP
|
|
What MMC do you use to create OUs?
|
Active directory users and computers
|
|
User, computer, and group accounts can be referred to as what?
|
Security principals
|
|
What must you modify if you want to change an active directory object's permissions?
|
DACL
|
|
An object's owner automatically has full control permission for the object. True or False?
|
False
|
|
JDoe is a member of a group that has Full control permission for an OU, which the group inherited from a parent OU. What is the best way to stop him from having Write permission to this OU without affecting any other permissions?
|
Add an explicit Deny ACE for JDoe to the OU
|
|
If you can't view an object's permissions, what is the most likely problem?
|
You need to enable Advanced Features
|
|
A user's permissions to an object that are a combination of inherited and explicit permissions assigned to the user's account and groups that a user belongs to are referred to as what?
|
Effective permissions
|
|
Do inherited permissions always overide explicit permissions?
|
No
|
|
What FSMO role is responsible for management of adding, removing, and renaming domains in a forest?
|
Domain naming master
|
|
What is responsible for determining the replication topology?
|
KCC
|
|
How would you give access to company users of domain resources from one forest to another?
|
Forest trust
|
|
All domains in a forest have what 2 common partitions?
|
Schema and Global catalog
|
|
What can you do to reduce the delay caused by authentication referral?
|
Create a shortcut trust
|
|
What can you do to integrate user authentication between Linux and Active Directory?
|
Create a realm trust
|
|
Trust relationships between all domains in a forest are two-way transitive trusts. True or False?
|
True
|