Module1 Intro Active Directory Domain Services

Question 0

What does AAA stand for?

Answer 0

Authentication
Authorization
Accounting

Question 1

What does IDA stand for?

Answer 1

Identity and access

Question 2

What does CIA stand for?

Answer 2

Confidentiality
Integrity
Availability
Authenticity

Question 3

What is another name for identity store?

Answer 3

Directory database

Question 5

Another word for Identity in AD.

Answer 5

Security principal

Question 6

What does SID stand for?

Answer 6

Security identifier

Question 7

What does DACL stand for?

Answer 7

Discretionary access control list

Question 8

What Does ACE stand for?

Answer 8

Access control entry (allow or deny)

Question 9

What does LSA stand for?

Answer 9

Local security authority

Question 10

User’s access token require?

Answer 10

User SID
Member Group SIDs
Privileges “user rights”
Other access info

Question 10

Are access tokens ever transmitted over a network?

Answer 10

No LSAs generate local tokens for local access and server side tokens for file access

Question 11

Another name for Privileges in AD.

Answer 11

User Rights

Question 13

What is SACL?

Answer 13

System access control list

Question 14

What is authorization?

Answer 14

The process that determines whether to grant or deny a user access to a requested level of access to a resource

Question 14

What does SAM stand for?

Answer 14

Security Accounts Manager database

Question 15

3 components of authorization are?

Answer 15

Resource
Access Request
Security token

Question 16

What is pass through authentication?

Answer 16

Transparent authentication, when the local workgroup user name and password are I debit all to the server or machine being accessed remotely

Question 17

Kerberos is?

Answer 17

The AD Authenticator and TGT issuer

Question 18

What is TGT?

Answer 18

Ticket Granting Ticket

Question 20

What is AD LDS?

Answer 20

AD LIGHTWEIGHT DS

A standalone version of AD used with LDAP AND REPLACED ADAM

Question 21

What is AD CS?

Answer 21

AD CERTIFICATE SERVICE

Question 22

What is AD RMS?

Answer 22

AD RIGHTS MANAGEMENT SERVICES

Question 22

What is inetOrgPerson?

Answer 22

An object class used to support interoperability with a handful of third-party DSs, it is a security principal and is similar to a user account.

Question 23

What is AD FS?

Answer 23

AD FEDERATION SERVICES

Question 25

What is API?

Answer 25

Application Programming Interfaces aka LDAP

Question 25

NTDS.DIT databases are?

Answer 25

Schematic
Configuration
Domains
DNS
PAS

Question 26

What is Ntds.dit?

Answer 26

Where AD DS stored it’s identities. Usually in C:\ntds\

Question 27

What is Schema?

Answer 27

Defines the attributes and types of objects that can be stored in the directory.

Question 29

What is a Domain naming context (domain NC)?

Answer 29

Contains the data about the objects within a domain. Users groups and computers.

Question 30

What is Configuration (ntds.dit) in AD?

Answer 30

Contains info about domains, services and topology.

Question 31

What is DNS in (AD)?

Answer 31

In AD integrated DNS, the DNS zones and resource records are stored in a partition.

Question 32

What is PAS (Partial Attribute Set)?

Answer 32

This partition is used by global catalog,

Question 33

What is SYSVOL?

Answer 33

In c:\windows used by AD to store info such as login scripts and files related to GPOs

Question 34

What is KDC SERVICE?

Answer 34

Kerberos Key Distribution Center

Question 35

What is a Server core?

Answer 35

Command Prompt version of Windows Server 2008 r2 with no Windows Explorer.

Question 36

What is RODCs?

Answer 36

Read-only DC that caches credentials only, no changes to AD, no passwords are replicated to it

Question 37

What is ObjectSID (Schema)?

Answer 37

Security identifier

Question 38

What is sAMAccountName (Schema)?

Answer 38

The pre-windows 2000 server login name aka Username

Question 39

What is unicodePwd (Schema)?

Answer 39

This attribute stores a password as a hashtag code, only a brute force dictionary attack can derive the password.

Question 40

What is member (Schema?

Answer 40

The attribute that stores the membership list for a group object.

Question 41

What is Classes (Schema)?

Answer 41

This container defines the type of objects that can be created in the directory, including user and group.

Question 42

What is a Forrest?

Answer 42

Is a collection of one or more AD domains. The first is called the Forrest root domain. Only one Schema for all other domains.

Question 43

What is DNS?

Answer 43

Domain Name System

Question 44

What is Replication?

Answer 44

Replication services distribute directory data across a network

Question 45

What is Multimaster Replication?

Answer 45

No DC is a single master, the replicate to each other

Question 45

A zone in AD DS is?

Answer 45

DNS data stored in AD

Question 46

What is Sites in (AD)?

Answer 46

An AD site is an object that represents a portion of the enterprise within which network connectivity is good, it creates a boundary of replication and service utilization

Question 48

What is Global catalog?

Answer 48

A partition of the data store also known as PAS contains info about every object in the directory.

Question 49

What is an INTEGRATED ZONE?

Answer 49

A database within AD used to store data from other applications and replicated using AD replication services.

Question 49

Where do you edit GPO settings?

Answer 49

Group Policy Manager

Question 50

What are Trust Relationships?

Answer 50

When a trusting domain extends it’s realm of trust so that it trusts the identity store and authentication services of the trusting domain

Question 51

Where do you install AD DS roles?

Answer 51

In Server Manager

Question 52

What are the steps for Installing and Configuring a DC

Answer 52

Configure Time Zone
Install AD DS role in Server Manager
Run the ADDS Install Wizard
Choose Deployment Configuration
Select the additional domain controller Features
Select the location for database, log files and Sysvol
Configure the DS Restore Mode Administrator Password

Question 53

Information need to create a Domain Controller.

Answer 53

Domain Name
DNS Name
NetrBios Name (Short Name)
Function Level (OS Functionality Level)
DNS Implementation for SD Support
IP Configuration for Domain Controller (Static IP)
DNS Server Address for name resolution
Admin Username and Password for Admin Group
Data Store Location

Question 54

What must the first domain controller in a forest be?

Answer 54

A Global Catalog Server, and cannot be an RODC