10

Question 1

___________ is the primary authentication package used in Windows Domain (Active Directory) enviroments. It is implemented via two .dll files. on the client side ________ enables secure communication and authentication with __________ on the server side.

uses port _________ to communicate between client and server machines

Answer 1

Kerberos

kerberos.dll
kdcsvc.dll

88 TCP and UDP

Question 2

What are the four advantages of Kerberos and it’s one major weakness?

FMSSU

Answer 2

Provides faster authentication using a ticketing system

Supports mutual authentication

Provides single sign-on between Active Directory systems

Relies on a simpler and faster symmetric keying algortithim

Secret keys are temporarily stored on user’s workstation

Question 3

Kerbros functionality terms

________ Domain controllers act as _____. The LSA usses kdcsvc.dll to provide two main services, Authenication service and Ticket GRanting Service

_________ The collection of computer/accounts secured by the KDC. In windows the ________ is the same as the domain

______________ is responsible for verifying the validity of teh client computer and the user

_________ serves as the users proof taht they provided the correct credentials during their intital login

___________ is responsible for issuing Service Tickets

_____ is verified by a resource provider to allow a user to access a specific resources

_________ is the account used by the KDC

_____________ is the password hash of the user attempting to login. Additional keys are generated during the exchanges

Answer 3

(KDC) Key Distribution Centers

Realm

(AS) Authentication Service

(TGT) Ticket Granting Ticket

(TGS) Ticket Granting Services

(ST) Service Ticket

Krbtgt account

(SK) Session Key

Question 4

What is the process of Kerberos traffic?

Client/TGS SK - encrypted using the secret key of the user.

The client sends a clear text “request to authenticate” message to the AS of the KDC.

TGT - encrypted using the secret key of the Kerberos account (krbtgt).

An ST, which contains a copy of the Client/Server SK, encrypted with
the specific service’s (i.e., print server) secret key.

The first message includes the encrypted TGT (used to prove authentication) and the identity of the requested service.

The second message is an authenticator (typically the client identity and a timestamp) encrypted with the SK.

The encrypted ST received previously

Client/Server SK - encrypted with the Client/TGS SK.

A new authenticator, encrypted using the Client/Server SK.

The server retrieves the timestamp from the authenticator and sends it
back to the client, encrypting it with the Client/Server SK. This provides the
mutual authentication portion of the exchange.

Answer 4

Message 1
The client sends a clear text “request to authenticate” message to the AS of the KDC.

Message 2
Client/TGS SK - encrypted using the secret key of the user.

Message 3
TGT - encrypted using the secret key of the Kerberos account (krbtgt).

Message 4
The first message includes the encrypted TGT (used to prove authentication) and the identity of the requested service.

Message 5
The second message is an authenticator (typically the client identity and a timestamp) encrypted with the SK.

Message 6
An ST, which contains a copy of the Client/Server SK, encrypted with
the specific service’s (i.e., print server) secret key.

Message 7
Client/Server SK - encrypted with the Client/TGS SK.

Additional service tickets after Logon

Message 6a
The encrypted ST received previously

Message 8
A new authenticator, encrypted using the Client/Server SK.

Message 9
The server retrieves the timestamp from the authenticator and sends it
back to the client, encrypting it with the Client/Server SK. This provides the
mutual authentication portion of the exchange.

Question 5

__________ is an extremely powerful command-line tool that allows administrators to query and manage Active Directory objects

_____ ______ _________, ___dc=<name>\_\_\_ dc=<name>\_\_\_\_ lists users in the Staff OU</name></name>

________ ________ ________ _ | _______
find and remove computers tht have been inactive for four weeks

________ ____ _________ Lists all the organizational untis starting at the “domainroot”

Answer 5

Dsquery.exe

Dsquery user ou=staff

Dsquery computer -inactive 4 | dsrm

Dsquery ou domainroot

Question 6

_______ is a GUI tool that performs operations against a directory, it allows viewing of stored objects and their metadata, such as security descriptors

_______ is a CLI too used for object creation, queries, and modification of Active Directory objects

Answer 6

LDP.exe

LDIFDE.exe

Question 7

__________ is a key feature of active directory, providing for ease of administration and security, its primary purpose is to apply policy settings to computers and users in an active directory domain

Answer 7

Group Policy

Question 8

_____ are a collection of settings contained in a file that efficiently apply user and computer configurations for a domain

What are the four things there linked too?

Answer 8

GPOs

Sites
Domain
OUs

Question 9

What are the two default GPOs?

________ Policy for the domain and linked to the domain

_________ domain controller policy and linked to the domain controller’s OU.

Answer 9

Default Domain Policy

Default Domain Controller Policy

Question 10

_________ is a collection of folders that exist on each domain controller to store elements of GPOs and domain public files

Answer 10

SYSVOL

Question 11

What are the sub-folders of SYSVOL?

________ Contains Registry settings to be applied to computer HKEY_LOCAL_MACHINE settings.

______ Contains Registry settings to be applied to the user’s HKEY_CURRENT_USER settings

Answer 11

Machine

User

Question 12

The ____________ setting of the GPO customizes the users environment at the computer level

What functions does it perform?

Answer 12

Computer Configuration

Deploys software application policies

specifies security settings to restrict access to files/folders, configure account policies, and control user rights

Question 13

The _________ setting of the GPO customizes the user’s environment at the user level.

Do these perform the same functions as Computer configuration?

Computer configuration usually overwrites user configuration settings T/F?

Answer 13

User Configuration

Yes

T

Question 14

Computer and user configuration settings include

_____________ Apply to the implementation of programs in Active Directory. They are either published or assigned.

_____________ Hold startup/logon/logoff/shutdown scripts. Security settings are also available here.

_________________ Hold group policy settings from the registry. To change the start menu or Desktop, configure a template.

Answer 14

Software settings

Window Settings

Administrative Templates

Question 15

What is the Group Policy processing order?

Domain GPOs
Local Policies
Site GPOS
OU GPOS

What are the exceptions too group Policy processing order?

_______ Previously processed policies are not overwritten

________ Policy settings are not inherited from above

______ is disabled

__________

Answer 15

1. Local policies
2. Site GPOs
3. Domain GPOs
4. OU GPOs

Enforce
Block Policy inheritance
GPO
Permissions

Question 16

________ are a collection of predefined policy settings in a single file. Predefined templates provide a policy starting point and may be customized to meet organizational requirements.

Where is it stored?

Answer 16

Security templates

\Winows\Security\Templates