This site is 100% ad supported. Please add an exception to adblock for this site.

70-214 Set 3

Terms

undefined, object
copy deck
What free tool does Microsoft provide to check event logs for multiple servers in a domain?
EventCombMT
What tunneling protocols does Windows 95 support?
PPTP (with the Windows Dial-Up Networking 1.3 Performance and Security Upgrade for Windows 95)
What tunneling protocols does Windows 98 support?
PPTP
What tunneling protocols does NT 3.51 support?
none
What tunneling protocols does NT 4.0 support?
PPTP
What tunneling protocols does Windows 2000 support?
PPTP and L2TP
What is the highest-level authentication protocol supported by Windows 2000?
EAP
What is the highest authentication protocol supported by NT 4.0?
MS-CHAPv2 (with SP4 or higher)
What is the highest-level authentication protocol supported by Windows 98?
MS-CHAPv2 (with SP1 or higher)
What is the highest-level authentication protocol supported by Windows 95?
MS-CHAPv2 (with Windows Dial-Up Networking 1.3 Performance and Security Upgrade for Windows 95)
What character-length passwords does MS-CHAPv1 support?
up to 14 characters
In a native-mode network, what controls remote-access permissions?
Group Policy
In a native-mode network, what are the remote-access permissions on each user account set to?
Control Access Through Remote Access Policy
In a mixed-mode network, what is the remote-access permission on each user account set to?
Allow Access
When logging on to a Terminal Server running in Remote Administration mode, what is indicated by the message "you do not have access to logon to this session"?
the account being used does not have administrative privileges
What is the purpose of the Connection Manager Administration Kit?
to create dial-up connections to distribute to users
What additional installation requirement does an enterprise CA have that other CA's do not?
Active Directory must be present
What URL is used to request a certificate via Web Enrollment?
http://server_name/certsrv
What are the seven pre-configured reasons for certificate revocation?
Unspecified; Key Compromise; CA Compromise; Change of Affiliation; Superseded; Cease of Operation; Certificate Hold
What is the best way to back up and restore a CA?
back up the entire System Store of the CA server
What are KMS-issued keys used for?
email security
When a KMS-issued key is recovered, how is the user notified?
by email
What is a System Access Control List?
a list which specifies which events are to be audited per user or group
What folder are IIS logs stored in by default?
%systemroot%\System32\Logfilesm
When dealing with Active Directory database updates, what is the name for the replication type used for security-sensitive changes, such as account lockout?
Urgent Replication
What is NTLM used for?
authenticating clients unable to use Kerberos (NT4 and below)
What DLL controls the NTLM authentication protocol?
Msv1_0.dll
What DLL controls SSL?
Schannel.dll
What does the LSA server service do?
enforces defined security policies within Active Directory
Why is the SAM not present on domain controllers?
the SAM control local security accounts, which are not allowed on domain controllers
What DLL controls the Directory Service module?
ntdsa.dll
What three things does the Directory Service module control?
replication between Windows 2000 domain controllers; LDAP access to Active Directory; management of naming contexts stored in Active Directory
What DLL controls the Multiple Authentication Provider?
Secur32.dll
What does the Multiple Authentication Provider do?
supports all security packages available on the system
What ability is provided by secure channel (SChannel) services?
the ability to authenticate via public key -based protocols, such as SSL and TLS
What requirement exists for File System settings to be defined in a security template?
file system must be NTFS
What file can be modified to alter registry values when combined with a security template?
sceregvl.inf
When is a Kerberos referral ticket issued?
when a user attempts to connect to a server in a different domain
What kind of extensions does Kerberos use to support smart cards?
PKINIT extensions
What three OS clients can use Kerberos authentication in a Windows 2000 domain?
2000; XP; and UNIX
Why are DHCP servers normally made members of the DNSUpdate Proxy global group?
in order to allow DNS record updating for legacy clients
How is the RunAs option enabled on a shortcut menu?
hold Shift while right-clicking the shortcut
How is a service ticket obtained?
the ticket-granting ticket is presented to the KDC, which grants the service ticket
Who grants a ticket-granting ticket?
the Key Distribution Center (KDC)
Why is deploying security templates harder in a workgroup than in a domain?
Group Policy can't be used to distribute them
How are security-sensitive changes within Active Directory replicated?
they are immediately replicated to all domain controllers within the site
What does the Netlogon service do?
maintains a computer's secure channel to a domain controller

Deck Info

47

permalink