Chapter 1: Active Directory Fundamentals

Question 1

What are 5 main concerns of implementing a hybrid identity infrastructure?

Answer 1

1. Maintaining 1:1 identity between platforms (Federation)
2. Enabling SSO
3. How are identities protected externally (cloud, etc.)
4. How is compliance maintained
5. How are potential breaches detected/handled

Question 2

Define a “digital identity”

Answer 2

A user’s username, or devices, applications, services, groups,
and organizations.

Question 3

What is the modern approach to solving the issue of identities living outside of the corporate network (remote work, cloud, etc.)?

Answer 3

Zero trust

Question 4

What are the 3 main principles of “Zero Trust”?

Answer 4

1. Verify explicitly
2. Least privilege
3. Assume breach

Question 5

What must be done to ensure the concept of “assume breach” is always constant in zero trust?

Answer 5

Collect logs, analyze logs, detect anomalies

Question 5

Define the concept of “verify explicitly” in zero trust

Answer 5

Continuously monitor and verify user and device access

Question 6

Where does AD store digital identities?

Answer 6

In a multi-master database file called ntds.dit

Question 8

What are the two types of replication in Microsoft Active Directory?

Answer 8

Outbound replication and inbound replication

Outbound replication occurs when a domain controller advertises changes to neighboring domain controllers, while inbound replication occurs when a domain controller accepts changes from neighboring domain controllers.

Question 9

What is outbound replication?

Answer 9

When a domain controller advertises changes made on itself to neighboring domain controllers

This type of replication ensures that changes are communicated to other domain controllers.

Question 10

What is inbound replication?

Answer 10

When a domain controller accepts changes advertised by neighboring domain controllers

This allows a domain controller to update its data based on the changes made by others.

Question 11

How does AD provide high availability by default?

Answer 11

A multi-master database and the replication of domain
controllers

Question 12

What is the structure of any kind of database called?

Answer 12

Schema

Question 13

What type of database structure is applicable to an Active Directory database?

Answer 13

Schema

Question 14

What are the two main types of information contained in the Active Directory schema?

Answer 14

• A definition of every object class in Active Directory
• A definition of every attribute in an Active Directory object

Question 15

What is the primary consideration when designing an Active Directory setup?

Answer 15

Matching it with the company hierarchical layout

Question 16

Why is it important to align Active Directory with company hierarchy?

Answer 16

To effectively manage resources and security

Question 17

What are the two types of objects in the Active Directory logical structure?

Answer 17

Container objects and leaf objects

Question 18

What are container objects in the Active Directory logical structure?

Answer 18

Objects that can be associated with other objects in the logical structure

Question 19

What are leaf objects in the Active Directory logical structure?

Answer 19

The smallest components that will not have any other child objects associated with them

Question 20

What are the 4 logical components of AD?

Answer 20

1. Forests
2. Domains
3. Domain trees
4. OUs

Question 21

Define an AD Forest

Answer 21

It represents a complete Active Directory instance made of one or more domains and domain trees.

Question 22

Describe the connection between two domains in a forest

Answer 22

Two-way trust relationship

Question 23

What is the significance of the first domain controller in Active Directory?

Answer 23

It is important for creating the first domain and forest.

Question 24

What is created when you establish the first domain in Active Directory?

Answer 24

The forest is created.

Question 25

What does the first domain become in the Active Directory structure?

Answer 25

The forest root domain.

Question 26

What does a domain tree contain?

Answer 26

Its own root domain.

Question 27

Can forests contain multiple root domains?

Answer 27

Yes, forests can contain multiple root domains.

Question 28

What is two-way transitive trust (trust relationship)?

Answer 28

A logical link between domains where the trusting domain honors the logon authentication of the trusted domain.

Question 29

How do domains in the same forest interact with a two way trust?

Answer 29

Inherently trusts other objects in other domains in the same forest.

Question 30

Is two-way transitive trust within a forest the same as authentication between forests?

Answer 30

No, it is not the same.

Question 31

What is the logical security boundary for objects in AD?

Answer 31

The domain

Question 32

What is Active Directory divided into to improve efficiency?

Answer 32

Multiple partitions ## Footnote This structure helps manage data and replication more effectively.

Question 33

What is a partition of Active Directory that contains domain information?

Answer 33

Domain ## Footnote The domain partition stores data about objects specific to that domain.

Question 34

What do domain controllers have a copy of?

Answer 34

Domain partition ## Footnote Each domain controller within the same domain tree shares this copy.

Question 35

Who shares the domain partition?

Answer 35

Domain controllers within the same domain tree ## Footnote This ensures consistency and availability of domain data.

Question 36

What type of data is saved in the domain partition?

Answer 36

Information about objects in that particular domain ## Footnote This includes user accounts, groups, and other directory objects.

Question 37

What does the partitioning of Active Directory ensure regarding data replication?

Answer 37

Only the required data is replicated across the domain trees and forests ## Footnote This optimizes network resources and improves performance.

Question 38

What do the Active Directory domain's functional levels define?

Answer 38

The Active Directory capabilities ## Footnote This includes features and functionalities available within the domain.

Question 39

What happens with each new version of the directory services?

Answer 39

New features are added to the domain's functional level ## Footnote These new features may require an upgrade to the functional level to be utilized.

Question 40

What is required to use new features within the domain?

Answer 40

The domain functional level needs to be upgraded ## Footnote Upgrading allows access to the latest features introduced in newer versions.

Question 41

What determines the version of the domain's functional level that can run on the domain?

Answer 41

The forest's functional level ## Footnote The forest's functional level sets an upper limit on the domain's functional level.

Question 42

True or False: You can have a domain's functional level that is higher than the forest's functional level.

Answer 42

False ## Footnote The domain's functional level cannot exceed the forest's functional level.

Question 43

Define a "Domain Tree"

Answer 43

A collection of domains that reflects the organization's structure.

Question 44

Describe the relationship between the domains in a domain tree and the root/parent domain

Answer 44

A parent-child relationship

Question 45

If two child domains on different domain trees want to authenticate, how is it performed?

Answer 45

Authenticated traffic must pass through the forest root domains.

Question 46

Describe the role/function of a global catalog domain server

Answer 46

Holds the full writable copy of objects in its host domain, and the partial copy of the objects in child domain

Question 47

Are all domain controllers in a domain a global catalog server?

Answer 47

No, by default the only global catalog server is the initial domain controller