Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/65

Click to flip

65 Cards in this Set

  • Front
  • Back

What forms the base around which Active Directory is built and allows applications to integrate with Active Directory?

Lightweight Directory Access Protocol (LDAP)
Lightweight Directory Access Protocol is based on what protocol?
X.500
What are the building blocks of the active directory structure in a domain?
Organizational Units (OU's)
What are the benefits of using OU's?
Hierarchical structures for easy resource access
Delegation of administrative authority
Able to change OU structure easily
Can hide AD objects for confidentiality
A person with higher security privileges assigns authority to a person of lesser security privileges to perform certain tasks, is know as what?
Delegation of control
What are the 3 types of object that can be assigned permission to access an Active Directory object?
Users
Groups
Computers
Within active directory object permission, users, groups, and computers are referred to as what?
Security Principles
What are the 3 components that make up an Active Directory's object security settings?
Discretionary Access Control List (DACL)
Object Owner
System Access Control List (SACL)
Each entry in the DACL is referred to as what?
Access control entry (ACE)
What defines the settings for auditing access to an object?
System Access Control List (SACL)
What are the 5 standard permissions that can be assigned to a security principal?
Full control
Read
Write
Create all child objects
Delete all child objects
What are the 3 ways users can be assigned permission to an object?
-User's account is added to the object's DACL (aka effective permissions)
-A group the user belongs to is added to the object's DACL
-The permission is inherited from a parent objects DACL
What permission overrides Allow permissions?
Deny
-exception is when the deny permission is inherited from a parent object and the allow permission is explicitly added to the object's DACL
If a security principal isn't represented in an object's DACL, does it have access to the object?
No
What defines how permissions are transmitted from a parent object to a child object?
Permission Inheritance
All object in Active Directory are child object of what?
The domain
What wizard is used to assign users the authority to perform certain tasks on Active Directory objects?
Delegation of control wizard
By default, AD Users and Computers hide some system folders and advanced features, but you can display them by enabling what?
Advanced Features from the view menu
What are the 4 new folders available after enabling the advanced features in Active Directory Users and computers?
-Lost and Found
-Program Data
-System
-NTDS
Which advanced features option stores quota information that limits the number of Active Directory objects a user, group, computer, or service can create?
NTDS
What term describes a combination of the allowed and denied permissions assigned to a security principal?
Effective permissions
What term refers to permissions that override inherited permissions and can create some exceptions to the rule that "deny permissions override allow permissions"?
Explicit permissions
Permission inheritance is enabled by default on child objects but can be disabled. True or False?
True
Each Active Directory database is referred to as a what?
Directory partition
What are the 5 directory partition types in the Active Directory database?
-Domain directory partition
-Schema directory partition
-Global catalog partition
-Application directory partition
-Configuration partition
Which partition contains all objects in a domain, including users, groups, computers, OU's and so forth?
Domain directory partition
Which directory partition contains information needed to define AD objects and object attributes?
Schema directory partition
Which directory partition is a partial replica of all objects in the forest and holds the global catalog?
Global catalog partition
Which directory partition is used by applications and services to hold information that benefits from Active Directory replication and security such as DNS?
Application directory partition
Which directory partition holds configuration information that can affect the entire forest, such as details on how domain controllers should replicate with one another?
Configuration partition
What is the name for a number of operations in a forest having a single domain controller with sole responsibility for the function?
Operations master
Which domain controller in the forest generally takes on the role of the operations master?
First domain controller
Can the responsibility for operations master roles be transferred to another domain controller?
Yes
The 5 operations master roles are referred to as what?
Flexible single master operation roles (FSMO)
What are the 5 Operations Master Roles?
-Schema master
-Infrastructure master
-Domain naming master
-RID master
-PDC emulator master
Which FSMO role provides backward compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers?
PDC emulator master
Which Operations Master role is responsible for replicating the schema directory partition to all other domain controllers in the forest when changes occur?
Schema master
Which Operations Master role is responsible for ensuring that changes made to object names in one domain, are updated in references to these objects in other domains?
Infrastructure master
Which FSMO role manages adding, removing, and renaming domains in the forest?
Domain naming master
Which FSMO role is responsible for ensuring that no 2 object have the same RID (relative identifier) and issuing unique pools of RID's to each domain controller thereby guaranteeing unique SID's?
RID master
What is the process of maintaining a consistent database of information when the database is distributed among several locations?
Replication
What is the term for replication between domain controllers in the same site?
Intrasite replication
What is the term for replication between two or more sites?
Intersite replication
What type of replication is used for replicating Active Directory Objects, such as users and computer accounts, which means changes to these objects can occur on any domain controller and are propagated, or replicated to all other domain controllers?
Multimaster replication
What process runs on every domain controller to determine the replication topology, which defines the domain controller path that Active Directory changes flow through?
Knowledge Consistency Checker (KCC)
In Active Directory, what defines how security principals from one domain can access network resources in another domain?
Through a trust relationship
What role provides the following vital funtions:
-Facilitate domain and forestwide searches
-facilitate logon across domains
-Hold universal group membership information
Global catalog servers
If A=B and B=C, then A=C. This is an example of what?
Transitive Trust
What type of trust can be used to integrate users of other OS's into a Windows Server 2008 domain or forest?
Realm Trust
The protocol for accessing active directory objects and services is based on what standard?
LDAP
What MMC do you use to create OUs?
Active directory users and computers
User, computer, and group accounts can be referred to as what?
Security principals
What must you modify if you want to change an active directory object's permissions?
DACL
An object's owner automatically has full control permission for the object. True or False?
False
JDoe is a member of a group that has Full control permission for an OU, which the group inherited from a parent OU. What is the best way to stop him from having Write permission to this OU without affecting any other permissions?
Add an explicit Deny ACE for JDoe to the OU
If you can't view an object's permissions, what is the most likely problem?
You need to enable Advanced Features
A user's permissions to an object that are a combination of inherited and explicit permissions assigned to the user's account and groups that a user belongs to are referred to as what?
Effective permissions
Do inherited permissions always overide explicit permissions?
No
What FSMO role is responsible for management of adding, removing, and renaming domains in a forest?
Domain naming master
What is responsible for determining the replication topology?
KCC
How would you give access to company users of domain resources from one forest to another?
Forest trust
All domains in a forest have what 2 common partitions?
Schema and Global catalog
What can you do to reduce the delay caused by authentication referral?
Create a shortcut trust
What can you do to integrate user authentication between Linux and Active Directory?
Create a realm trust
Trust relationships between all domains in a forest are two-way transitive trusts. True or False?
True