70-214 Set 3
Terms
undefined, object
copy deck
- What free tool does Microsoft provide to check event logs for multiple servers in a domain?
- EventCombMT
- What tunneling protocols does Windows 95 support?
- PPTP (with the Windows Dial-Up Networking 1.3 Performance and Security Upgrade for Windows 95)
- What tunneling protocols does Windows 98 support?
- PPTP
- What tunneling protocols does NT 3.51 support?
- none
- What tunneling protocols does NT 4.0 support?
- PPTP
- What tunneling protocols does Windows 2000 support?
- PPTP and L2TP
- What is the highest-level authentication protocol supported by Windows 2000?
- EAP
- What is the highest authentication protocol supported by NT 4.0?
- MS-CHAPv2 (with SP4 or higher)
- What is the highest-level authentication protocol supported by Windows 98?
- MS-CHAPv2 (with SP1 or higher)
- What is the highest-level authentication protocol supported by Windows 95?
- MS-CHAPv2 (with Windows Dial-Up Networking 1.3 Performance and Security Upgrade for Windows 95)
- What character-length passwords does MS-CHAPv1 support?
- up to 14 characters
- In a native-mode network, what controls remote-access permissions?
- Group Policy
- In a native-mode network, what are the remote-access permissions on each user account set to?
- Control Access Through Remote Access Policy
- In a mixed-mode network, what is the remote-access permission on each user account set to?
- Allow Access
- When logging on to a Terminal Server running in Remote Administration mode, what is indicated by the message "you do not have access to logon to this session"?
- the account being used does not have administrative privileges
- What is the purpose of the Connection Manager Administration Kit?
- to create dial-up connections to distribute to users
- What additional installation requirement does an enterprise CA have that other CA's do not?
- Active Directory must be present
- What URL is used to request a certificate via Web Enrollment?
- http://server_name/certsrv
- What are the seven pre-configured reasons for certificate revocation?
- Unspecified; Key Compromise; CA Compromise; Change of Affiliation; Superseded; Cease of Operation; Certificate Hold
- What is the best way to back up and restore a CA?
- back up the entire System Store of the CA server
- What are KMS-issued keys used for?
- email security
- When a KMS-issued key is recovered, how is the user notified?
- by email
- What is a System Access Control List?
- a list which specifies which events are to be audited per user or group
- What folder are IIS logs stored in by default?
- %systemroot%\System32\Logfilesm
- When dealing with Active Directory database updates, what is the name for the replication type used for security-sensitive changes, such as account lockout?
- Urgent Replication
- What is NTLM used for?
- authenticating clients unable to use Kerberos (NT4 and below)
- What DLL controls the NTLM authentication protocol?
- Msv1_0.dll
- What DLL controls SSL?
- Schannel.dll
- What does the LSA server service do?
- enforces defined security policies within Active Directory
- Why is the SAM not present on domain controllers?
- the SAM control local security accounts, which are not allowed on domain controllers
- What DLL controls the Directory Service module?
- ntdsa.dll
- What three things does the Directory Service module control?
- replication between Windows 2000 domain controllers; LDAP access to Active Directory; management of naming contexts stored in Active Directory
- What DLL controls the Multiple Authentication Provider?
- Secur32.dll
- What does the Multiple Authentication Provider do?
- supports all security packages available on the system
- What ability is provided by secure channel (SChannel) services?
- the ability to authenticate via public key -based protocols, such as SSL and TLS
- What requirement exists for File System settings to be defined in a security template?
- file system must be NTFS
- What file can be modified to alter registry values when combined with a security template?
- sceregvl.inf
- When is a Kerberos referral ticket issued?
- when a user attempts to connect to a server in a different domain
- What kind of extensions does Kerberos use to support smart cards?
- PKINIT extensions
- What three OS clients can use Kerberos authentication in a Windows 2000 domain?
- 2000; XP; and UNIX
- Why are DHCP servers normally made members of the DNSUpdate Proxy global group?
- in order to allow DNS record updating for legacy clients
- How is the RunAs option enabled on a shortcut menu?
- hold Shift while right-clicking the shortcut
- How is a service ticket obtained?
- the ticket-granting ticket is presented to the KDC, which grants the service ticket
- Who grants a ticket-granting ticket?
- the Key Distribution Center (KDC)
- Why is deploying security templates harder in a workgroup than in a domain?
- Group Policy can't be used to distribute them
- How are security-sensitive changes within Active Directory replicated?
- they are immediately replicated to all domain controllers within the site
- What does the Netlogon service do?
- maintains a computer's secure channel to a domain controller