70-214 Set 5
Terms
undefined, object
copy deck
- What does the URLScan tool do?
- scans incoming HTTP requests to ensure they comply with rules
- What are the six Operations Master roles?
- Global Catalog Server; PDC Emulator; Schema Master; Domain-Naming Master; Relative Identifier (RID) Master; Infrastructure Master
- What Operations Master role always stays with the first DC in an organization?
- Global Catalog Server
- What console is used to configure site-level GPO's?
- Active Directory Sites and Services
- Can groups be converted to and from distribution groups?
- only in a native-mode domain
- What are the three group scopes?
- universal, global, and domain local
- What group scope changes are allowed in mixed-mode domains?
- none
- What group scope changes are allowed in native-mode domains?
- global to universal and domain local to universal
- What limitation does secedit.exe have that Security Configuration and Analysis does not?
- results of a security analysis can't be viewed with secedit.exe
- Where can gpresult and gpotool.exe be found?
- in the Windows 2000 Server Resource Kit
- What is the gpresult.exe tool used for?
- displaying the net Group Policy settings applied to a computer
- What is the gpotool.exe tool used for?
- checking the validity of GPO's across multiple domains
- At what levels can password policies be set?
- at the domain level only
- What two conditions will prevent a global group from being converted to a universal group?
- group is a member of another global group, or domain is in mixed mode
- What two conditions will prevent a domain local group from being converted to a universal group?
- group contains another domain local group as a member, or domain is in mixed mode
- What part(s) of the CIA triad are provided by IPSec's Authentication Header (AH)?
- authentication and integrity
- What part(s) of the CIA triad are provided by IPSec's Encapsulating Security Payload (ESP)?
- confidentiality, integrity, and authentication
- What protocol handles IPSec connection negotiations?
- Internet Security Association and Key Management Protocol (ISAKMP)
- What template is installed by default on all domain controllers?
- basicdc.inf
- What security changes does the securedc.inf template make from the basicdc.inf template?
- stronger password, account lockout, and auditing settings; uses only NTLMv2 responses; uses SMB signing
-
What do legacy clients need to communicate with domain controllers using the securedc.inf or hisec.inf security templates?
Why? - Directory Services Client (DSClient)- the securedc.inf and hisec.inf templates require NTLMv2
- What sort of SQL 2000 attack is the most common?
- buffer overrun attacks
- How can user files and settings be migrated when upgrading to Windows 2000?
- by using the User State Migration Tool
- What must be installed for legacy clients to utilize NTLMv2?
- the Directory Services client (DSClient)
- At what level is the URLScan ISAPI filter deployed?
- at the global level
- What event ID occurs when Group Policy is successfully deployed?
- 1704
- What are the four types of CA's included with the Microsoft Certificate Service?
- Enterprise Root CA; Enterprise Subordinate CA; Standalone Root CA; Standalone Subordinate CA
- Who signs an Enterprise Root CA's certificate?
- the Enterprise Root CA
- What is the Enterprise Root CA normally used for?
- authenticating Enterprise Subordinate CA's
- What two types of Enterprise Subordinate CA's are there?
- intermediate and issuing
- What is necessary for signing code for customers?
- a trusted third-party Root CA, such as VeriSign
- What two tools can users use to request a certificate?
- the Certificate Request Wizard or the Certificate Services webpage
- In terms of infrastructure, what is necessary to use Web Enrollment?
- an Enterprise CA infrastructure
- What kind of message is used to request a certificate?
- a PCKS-10 message
- What kind of message is used to contrain an issued certificate or certificate chain?
- a PCKS-7 message
- What port does PPTP use?
- 1723
- What advantage does L2TP have over PPTP?
- L2TP can tunnel over non-IP media
- How often are CRL's published by default?
- once a week
- What three types of locations can CRL Distribution Points (CDP's) be configured as?
- Active Directory, HTTP, and file-based
- What URL points to the Windows Update Catalog?
- http://windowsupdate.microsoft.com/catalog