7 - LDAP & Active Directory

Question 1

____________ serves as a centralized “command and control” for configuring devices that fall under its control.

Answer 1

Active Directory

Question 2

What is LDAP?

[Define]

Answer 2

An open standard protocol for accessing object oriented databases, known as Directory Servers.

Question 3

What does LDAP define?

Answer 3

Defines how clients access the directory server and perform database operations over an IP network.

Question 4

The information present in your directory such as object classes, names and functions.

Answer 4

Data Models

Question 5

Uniquely identifies an entity in a directory

Answer 5

Distinguished Name (DN)

Question 6

Requests LDAP users make to alter the data associated with an entry. Defined modification types include adding, deleting, replacing, and increasing.

Answer 6

Modifications

Question 7

A component of a DN. Typically the first (first what?)

Answer 7

Relative Distinguished Name (RDN)

Question 8

Defines all the objects and attributes that the directory service uses to store data

Answer 8

Schema

Question 9

String of characters that is used as a unique identifier. In AD FS, URIs are used to identify both partner network addresses and configuration objects.

Answer 9

Uniform Resource Identifier (URI)

Question 10

What is a Domain?

Answer 10

An administrative grouping of multiple private computer networks or local hosts within the same infrastructure.

Question 11

Domains can allow greater management of their internal devices and assist in blocking external ones.

[TRUE / FALSE]

Answer 11

TRUE

Question 12

Domains are often used synchronously with domain name.

[TRUE / FALSE]

Answer 12

TRUE

Question 13

Made up of several domains that share a common schema and configuration, forming a contiguous namespace.

Answer 13

Trees

Question 14

Active Directory is a set of one or more trees.

[TRUE / FALSE]

Answer 14

TRUE

Question 15

What is a “Forest”?

Answer 15

One or more trees that do not form a contiguous namespace.

Question 16

Name the three things that all trees in a forest share.

Answer 16

1. Common Schema
2. Configuration
3. Global catalog

Question 17

What is the first Domain created in a Forest?

Answer 17

The Forest Root Domain

Question 18

What port does LDAP use?

Answer 18

389

Question 19

A _______ is a relationship established between domains to enable users in one domain to access resources in another domain.

Answer 19

trust

Question 20

How do Trusts authenticate Users across the trust?

Answer 20

Via Kerberos or NTLM

Question 21

In the Parent-Child Trust, when are child domains created?

Answer 21

Child domains are automatically added when created.

Question 22

When is the Tree-Root trust created?

Answer 22

When new root domains are added to an Active Directory forest.

Question 23

When is the Forest Trust created?

Answer 23

Must be created by a privileged administrator.

Question 24

What trust relationship does the Forest trust establish?

Answer 24

It establishes a trust relationship between two AD forests.

Question 25

This trust exists between two distant child domains; used to improve logon.

Answer 25

Shortcut Trust

Question 26

Access between two Active Directory domains located in different forests (no forest trust exists).

Can be one direction.

Answer 26

External Trust

Question 27

What protocol do queries on the domain for Windows systems use?

Answer 27

LDAP

Question 28

Name the 4 steps of the Domain Query process.

Answer 28

1. Client queries DNS for LDAP SRV record.
2. Once the LDAP service is identified, the client connects to Port 389.
3. The connection is made to a Domain controller.
4. Client authenticates and performs the search.

Question 29

Looking for something within the forest will require a ___________.

Answer 29

Global catalog

Question 30

How does the Global Catalog (GC) identify the location of every object in the forest.

Answer 30

the GC uses Distinguished Names

Question 31

Name the 3 Forest-Wide queries that need the Global Catalog (GC) service:

Answer 31

1. Search for a resource (printer, fileshare) in a forest that contains more than one domain
2. A User Principal Name (UPN) logon in a forest that contains more than one domain
3. Email address search from the Global Address List (GAL)

Question 32

Name the 3 steps of the Forest wide query process.

Answer 32

1. Client queries DNS for GC SRV record.
2. Once the GC service is identified, client connects to port 3268 or 3269. This connection is made to a domain controller running the GC service.
3. Client authenticates and performs search.

Question 33

In Windows systems, what is “Local Security Policy”?

Answer 33

A combination of settings used by Windows systems to control security on a computer.

Question 34

What are policy settings commonly used for?

Answer 34

to edit account and password policies

Question 35

How is “Local Policy” a valuable tool?

Answer 35

It is a valuable tool for computer compliance and centrally manage users, applications, and components.

Question 36

Name three things you can find using Local Security Policy

Answer 36

1. The Domains trusted to authenticate logon attempts
2. Privileges and Rights assigned to accounts
3. Security Auditing Policy

Question 37

___________ is an infrastructure that allows you to specify managed configurations for users and computers through Group Policy settings and Group Policy Preferences.

Answer 37

Group Policy

Question 38

Without an Active Directory, there’s one Group Policy available - what is it?

Answer 38

Local Group Policy

Question 39

Group Policy administration only works in conjunction with _______.

Answer 39

Active Directory

Question 40

What is a Group Policy object (GPO)?

Answer 40

A collection of Group Policy settings that define what a system will look like and how it will behave for a defined group of users.

Question 41

Every GPO contains two parts. What are they?

Answer 41

1. User configuration
2. Computer configuration

Question 42

Contains policy settings that are relevant only for users.

Answer 42

User configuration

Question 43

Contains policy settings that are relevant only for computers. Every setting is relevant to the computer itself.

Answer 43

Computer configuration

Question 44

One or more trees that do not form a contiguous namespace are in a what?

Answer 44

Forest