Chapter 3

Question 1

What does UAC stand for?

Answer 1

User Account Control

Question 2

How do you disable UAC for a specific user account?

Answer 2

You cannot.

Question 3

What is the differance between a Workgroup and a Domain.

Answer 3

Workgroups are decentralized, Domains are centralized.

Question 4

What is the Computer Management Console?

Answer 4

One of the primary tools used to manage windows 7 that includes the most commonly used MMC snap-ins.

Question 5

What are the built in accounts in windows that services start under?

Answer 5

Local System, NT authority/LocalService, NT authority/Network service

Question 6

What level of access does the Local System account have (related to services)?

Answer 6

Highly privledged account that can access most resources on local computer.

Question 7

What level of access does NT Authority/Local Service have?

Answer 7

The same as a user account, when accessing network services it has no credentials and a null session

Question 8

What level of access does NT authority/NetworkService have?

Answer 8

The same level of access as the Users Group on the local computer, and it accesses network resources under the context of a Local Computer Account

Question 9

What does the Server Service do?

Answer 9

Supports file, print, and named-pipe sharing over the network.

Question 10

What does the Workstation service do?

Answer 10

Creates and maintains client network connections to remote servers using the SMB protocol (allows you to share folders via samba)

Question 11

What is Authentication?

Answer 11

The process of indentifying an individual (E.G. via a password)

Question 12

What is Authorization?

Answer 12

The process of giving individuals access to system objets based on their indentity

Question 13

What is Auditing

Answer 13

The process of keeping track of a users activity while accessing the network resources.

Question 14

What does a user account allow the system to do?

Answer 14

It allows the system to determine what a user can access and how they can access it (Authorization) and to audit a user by recording what was done on each individual user account.

Question 15

What are the three ways to authenticate a user?

Answer 15

Based off What they know (password) What they own/possess (ID card) What they are (biometrics.

Question 16

What are the two types of user accounts.

Answer 16

Local and Domain.

Question 17

What is an object?

Answer 17

An object is a distinct named set of attributes or characteristics that represent a network resource.

Question 18

What is the security table created on the local user account called?

Answer 18

SAM

Question 19

SAM

Answer 19

Security Accounts Manager

Question 20

What is a GUID?

Answer 20

It is called a globally unique identifier sometimes referred to as security identifier. It is to uniquely identify an object.

Question 21

Where can you create and edit a user account?

Answer 21

User accounts in the control panel AND The Local Users and Groups MMC snap-in

Question 22

What are windows computer accounts for?

Answer 22

It provides a mean for authenticating and auditing the computers access to a windows network and its access to domain resources.

Question 23

What is a user profile?

Answer 23

A collection of folders and data that store the users current desktop environment and application settings.

Question 24

What is a group?

Answer 24

A group is a collection or list of user accounts or computer accounts.

Question 25

what are the Roles of a Domain admin?

Answer 25

Can perform administrative tasks on any computer within the domain. By default, the Admin account is a member.

Question 26

What is a user profile?

Answer 26

A collection of folders and data that store the users current desktop environment and application settings, and records all network connections.

Question 27

What can Account operators do?

Answer 27

They can create, delete, and modify user accounts and groups.

Question 28

What can Backup operators do?

Answer 28

They can backup and restore all files using Windows Backup

Question 29

What does Credential Manger do?

Answer 29

It allows you to store credentials I.E. Usernames and passwords that you use to logon to websites or other computers on a network. This allows windows to automatically log you into websites/computers. Credentials are saved in special folders called vaults.

Question 30

What does the Authenticated users group include?

Answer 30

It includes all users with a valid user account on the computer or in Active Directory.

Question 31

What is the built in group Everyone

Answer 31

All users who access the computer even if the user does not have a valid account.

Question 32

What does a Directory Service do?

Answer 32

It stores, organizes, and provides access to information in a directory. It’s used for locating, managing, administering, and organizing common items and network resources such as volumes, folders, files, printers, users, groups, devices, telephone numbers, and other objects. AD is an example of a Directory Service.

Question 33

What is the definition of Group Policy?

Answer 33

It is one of the most powerful features of Active Directory that controls the working environment for user accounts and computer accounts. It provides the centralized management and configuration of operating systems and applications.

Question 34

Active Directory provides what network services?

Answer 34

LDAP Kerberos-based and SSO authentication DNS-based naming and other network information Central location for network administration and delegation of authority.

Question 35

What is LDAP?

Answer 35

Lightweight Directory Access Protocol

Question 36

SSO

Answer 36

Single sign-on authentication

Question 37

What does the GPO system settings control?

Answer 37

Application settings, desktop appearance, and behavior of system services.

Question 38

What does the GPO security settings control?

Answer 38

Local computer, domain, and network security settings

Question 39

What does The GPO software installation settings control?

Answer 39

Management of software installation, updates and removal.

Question 40

What is LDAP?

Answer 40

It’s an application profile used for querying and modifying data using directory services over TCP/IP. It users TCP port 389

Question 41

What does the GPO scripts settings control?

Answer 41

Scripts for when a computer starts or shuts down and when a user logs on and off.

Question 42

What is SSO?

Answer 42

It allows you to login once, but access multiple related but independant software systems without having to login again. With AD, you are assigneda token which can be used to login to other systems automatically.

Question 43

What does the GPO folder redirection settings control?

Answer 43

Storage for users folders on the network.

Question 44

What does GPO stand for?

Answer 44

Group policy Objects are collections of user and computer settings.

Question 45

What is Kerberos?

Answer 45

It’s a computer network authentication protocol which allows hosts to prove their indentity over a non-secure network in a secure manner. It can also provide mutual authentication so that both the user and server verify each other’s indentity.

Question 46

What does Active Directory do?

Answer 46

It allows you to organize all your network resources E.G. users, groups, printers, computers, and other objects so you can assign passwords, permissions, rights, and so on to the intendity that needs it. You can also assign who can manage a group of objects.

Question 47

What is a domain?

Answer 47

A logical unit of computers and network resources that defines a security boundry, that uses a single AD database to share its common security and user account information.

Question 48

What is the Account lockout duration?

Answer 48

It ranges from 1 to 99,999

Question 49

What is a tree?

Answer 49

Domains linked in a transistive trust Heirarchy

Question 50

what is the Account lockout threshold?

Answer 50

How many failed log-ons it will take until the account becomes locked. Ranges from 1 to 999

Question 51

What is a forest?

Answer 51

A collection of Domain Trees

Question 52

What is a Domain Controller?

Answer 52

A promoted windows server that stores a replica of the account and security information of a domain and defines the domain boundries.

Question 53

What is the Reset account lock out counter after?

Answer 53

How long does it take after a failed logon attempt before the counter tracking failed logons is reset to zero. Range is 1 to 99,999

Question 54

What MMC snap-ins are added to a domain controller?

Answer 54

AD Users and Computers AD Domains and Trusts AD Sites and Services AD Administrative center GPMC

Question 55

UPN

Answer 55

User Principal Name

Question 56

AD DS

Answer 56

Active directory Domain Services

Question 57

What is the definition of Minimum password length?

Answer 57

Determines the minimum number of characters that a users password must contain you can set a value between 1 to 14.

Question 58

GPMC

Answer 58

Group Policy Management Console

Question 59

What is a server that is not running as a domain controller?

Answer 59

A member Server

Question 60

What happens when a user logs on?

Answer 60

AD clients locate an AD server (Using DNS SRV resource records) known as a domain controller in the same site as the computer.