The flashcards below were created by user tttran1 on FreezingBlue Flashcards.

  1. Compare and contrast Windows 2008 O/S family products.
    • -Windows 2008 Server Standard Edition
    •   -32 or 64-bit versions, up to 4GB/32GB RAM
    • -Windows 2008 Server Enterprise Edition
    •   -up to 64 GB of RAM (32-bit) version or 2TB RAM (64-bit version), Hot Add Memory, fault tolerance memory sync, clustering, unlimited remote users
    • -Windows 2008 Server Datacenter Edition
    •   -up to 64 GB of RAM(32-bit) or up to 2TB RAM (64-bit), up to 64 SMP, hot-add memory, hot-add processor, hot-replace processor, Hyper-V
    • -Windows 2008 Server Web Edition
    •   -optimized for IIS, up to 4GB (32-bit) or up to 32 GB (64-bit), can’t host AD, no Hyper-V
    • -Windows 2008 Server for Itanium-based
    • Systems
    •   -up to 512 SMP, up to 2TB of RAM, hot-add memory, hot-add and hot-replace processor, clustering (no longer an option in Server 2012)
    • -Also available: Standard, Enterprise and Datacenter editions without Hyper-V
  2. Clustering
    • the ability to increase the access to server resources and provide fail-safe services by linking two or more discrete computer systems so they appear to function as though they are one
    •   -advantages: increase computer speed to complete server tasks faster, provides more computing power for handling resource-hungry applications
  3. Server Core
    • minimum server configuration
    • -advantages: no GUI overhead
    • Less disk space and memory needed
    • Smaller attack surface
    • -interact with server via command line
  4. Hyper-V (virtualization)
    • -enables Windows Server 2008 to offer a virtualization environment
    • -advantages of Hyper-V compared with Microsoft’s earlier Virtual Server 2005 R2
    • Can run 32-bit and 63-bit operating systems at the same time
    • Can run on SMP computers
    • Can access larger memory segments
  5. Peer-to-peer (workgroups) vs Server-based (domain) networking.
    Know definitions for each, compare and contrast.
    • Peer-to-peer networking (workgroup)
    • -Spreads resource administration among server and nonserver members of network
    • -Used by small businesses
    • -Workgroup: logical grouping of network devices for resources sharing; peer-to-peer arrangement; decentralized
    • -no special computer needed
    • -disadvantages: network management decentrailized
    • Security is responsibility of each user
    • Less effective as number of workstations exceed 10
    • -Server-based networking (domain)
    • -centralizes network administration on servers
    • -used by medium and large networks
    • -domain: logical grouping of network devices for resource sharing; centralized
    • -single server can act as file and print server, Web server, network administration server, database server, e-mail server
    • -can handle many users at once
    • -advantages: single log on
    • Stronger security
    • Sharing of files and resources
  6. -Explain which situation calls for workgroup, and which for domain.
  7. -Explain log on/authentication process – to a workstation and to a domain.
  8. Be familiar with TCP/IP addressing basic
    -Transmission Control Protocol/ Internet Protocol (TCP/IP): suite of protocols and utilities that support communication across LANs and the Internet
  9. Static vs dynamic addressing
    • Static addressing
    • -assign permanent IP address
    • -gives consistency for monitoring
    • -can be laborious for large networks
    • -Dynamic addressing
    • -IP address assigned during logon
    • -Uses the Dynamic Host Configuration Protocol (DHCP)
  10. compare and contrast clean install and upgrade.
    • -Clean install
    • -starting from scratch, you erase or start blank partition
    • -nothing on it you start with brand new operating system
    • -you install configuring if you are user account restoring or populating your data and the event that is because it is a clean slate install
    • -don’t have any leftover from previous operating system
    • -setting up fresh operating system, you can configure any way you want but it’ll take significant time you actually applying it, the actual install itself might not take much time but the process of configuring, planning
    • -Upgrade
    • -upgrade may take less time because all you have to do is upgrade, already in the GUI interface in the upgrade process right there it reserve all you data and configuration
    • -disadvantages: you’re left with reminiscence of the old documentation, could be some files, old files left there that not clean out, could be some conflict between the old installation of the application and the operating system because sometime it require to be ..
  11. What are server roles – in general, be able to give a few examples.
    • -Server roles
    • -design as modular function of server operating system
    • -list of server roles: AD Certificate Services, AD Domain Services, AD Federation Services, AD Lightweight DS, AD Rights Managements Services, Application Server, DHCP Server, DNS Server, Fax Server, File Services, Hyper-V, Network Policy and Access Services, Print Services, Terminal Services, UDDI Services, Web Server, Windows Deployment Services
  12. Active Directory basics: definitions
    • Active Directory: Microsoft’s consolidation of the major enterprise-wide directory services within a single, replicable data store and administration interface
    • -Is a network-based object and service that locates and manages resources, and makes these resources available to authorized users and groups
  13. Active Directory basics: advantages
    • -provided centralized logon and authentication point for users to access resources
    • -a focal point for centralized administration and management
    • -a searchable store for info about every network object and its attributes
    • -standard-based structures and interfaces allow for product interoperability and compatibility with 3rd party products
    • -scalable (virtually no limit on number of objects)
  14. Active Directory Organization
    • -an underlying principle of the Active Directory is that everything is considered and object – people, servers, workstations, printers, etc.
    • -each object also has certain attributes
    • -object classes are definitions of the object types that can be created in the Active Directory
    • -Active Directory objects are organized around a hierarchical domain model that allows scalability and expandability
    • -Domain model building blocks are: domains, domain trees, forests, organization units
  15. -Schema
    • -a set of object definitions (object classes) and their associated attributes
    • -provides info on what objects and attributes are available to the Directory
    • -allows administrators to modify and add new object classed, objects and attributes as needed, making the schema extensible
    • -because of this flexibility, AD is capable of being the single point of administration for all published resources (files, peripheral devices, host connections, databases, Web access, users)

    -Controlling object access

    • -every object has an ACL that contains information about who has access to it and what they can do with it
    • -controlling access to the object in AD is not the same as access to the object itself. AD permissions only specify whether a user, group, or computer can view or modify an object’s properties in AD
    • -access can be setup for individual object properties
    • Explain how AD is dependent on DNS and how they integrate (AD-integrated DNS zones vs standard DNS zones, secure vs unsecure DNS updates)
  16. -Active Directory and DNS integration
    • -Active Directory and DNS have the same hierarchical structure
    • -all Active Directory names follow DNS conventions
    • -DNS records (zones) can be stored in Active Directory
    • -Active Directory clients use DNS to locate domain controllers
  17. -Domains:
    • logical partition comprised of users, computers and network resources that share a common logical security boundary and utilize a common namespace
    • Ex.
    • -domains can be arranged into a hierarchical parent-child structure
    • -all domains maintain their own security policies and security relationships with other domains
    • -requires at least 1 Domain Controller (where AD database is stored)
    • -if more than 1 DC (recommended) – they use multi-master replication
  18. -Domain Trees:
    • consists of hierarchy of domains sharing a common schema, security trust relationship, and a Global Catalog
    • -formed through the expansion of child domains, and there’s one root domain (the first created domain)
    • -defined by a common and contiguous namespace
  19. -Domain Forests:
    • domain trees with different namespaces connected by trust relationships
    • -all tress within the forest share a Global Catalog, configuration and schema
    • -simply a reference point between trees and doesn’t have its own name
  20. -Organizational Unit (OUs):
    • administrative substructure of domains, arranged hierarchically, can be nested
    • -special type of object called container; includes users, computer systems, printer, etc.
    • -a logical subset defined by security or administrative parameters where specific system admin functions can be easily segment and delegated
  21. -Sites:
    • -address physical network structure
    • -a site is a region of your network infrastructure made up of one or more well-connected IP subnets
    • -sites are used to allow all AD clients belonging to the same physical network area to access services (DCs, GC and DNS servers) from the servers in close proximity, rather than across slow, expensive WAN links
    • -sites allow AD have more efficient DC replication – can configure DC replication differently inter – and intra-sites
  22. -Trusts:
    • logical connections between domains to allow users from one domain to access resources in another domain
    • -can be one- or two- way
    • -can be transitive, intransitive or explicit
    • -trust terminology: trusting trusts Trusted Domain
    • -Transitive trusts: a trust between two domains in the same domain tree/forest that can extend beyond these two domains to other trusted domains within the same domain tree/forest
    • -transitive trust is always a 2-way trust – both of the domains trust each other
    • -by default, all Windows Server 2008 trusts within a domain tree/forest are transitive trusts
  23. -Global Catalog
    • -AD uses a global catalog in order for users to find objects quickly, even in a large multidomain environment
    • -GC contains all the objects in the AD, inclusive of all domains and trees in a forest, but with only a subset of their attributes
    • -Serves as an index to the entire structure
    • -serves as a central point for user authentication
  24. -Name space (DNS and AD) and naming conventions
    • -AD is based on the concept of a namespace, that is a name is used to resolve the location of an object
    • -AD domain names correspond to DNS domain names
    • -each object has different ways to refer to it, and each name pinpoints the location of object in AD
  25. -Computer accounts
    • -to access Windows 2008 domain a computer needs an account
    • -joining a domain creates a computer account object in the AD
    • -each computer account has SID (other security principals, such as users and groups have SIDs as well)
  26. -User Accounts
    • -to access Windows 2008 network a user needs an account
    • -account determines 3 factors:
    • -when a user may log on, -where within the domain/workgroup,
    • -what privilege level a user is assigned
    • -each account has SID that serves as security credentials
    • -any object trying to access resource must do it through a user account
    • -Windows 2008 has 2 types of accounts: local and domain
  27. -Explain different types of user accounts (built-in, you create)
    • -Two types of accounts:
    • -Local account
    • -supported on all Windows 2000, 2003, and 2008 systems except DCs (on member servers participating in domains and on standalone systems participating in workgroups)
    • -maintained on the local system, not distributed to other system
    • -local user account authenticates the user for local machine access only; access to resources on other computers is not supported
    • -built-in local accounts: Guest; Administrator
    • -Domain account
    • -permit access throughout a domain and provide centralized user administration through AD
    • -created within a domain container in AD database and propagated to all other DCs
    • -once authenticated against AD database using GC, a user obtains an access token for the logon session, which determines permissions to all resources in the domain
  28. -Explain where accounts are created (local computer vs. domain)

    -Planning new User Accounts – naming convention, user account properties
    • -Naming conventions
    • -domain accounts names must be unique within the domain, although the same logon name can be used on several systems with local logon
    • -logon names are not case sensitive, must not contain more than 20 chars, and must not contain +,*,?,<,>,/,\,[,],:,;.
    • -passwords are case sensitive, must be secure – not easy to guess
    • -User account properties
    • -As with all AD objects, user accounts have a number of associated properties or attributes
    • -once the account is created, those properties maybe modified using Computer Management tool (local accounts) or AD Users and Computers (domain accounts)
  29. -Deleting, disabling, renaming User Accounts – what happens when you delete or rename a user account
    • -Renaming account doesn’t affect any of the user account properties, except the name
    • -accounts can be moved from one container to another
    • -disabled accounts can’t be accessed
    • -deleting account – permanently removes its, and all of its group memberships, permissions and user rights. The new account with the same name has different SID and GUID
    • -disabling an account may be a better option
    • -Administrator and Guest can be renamed, but not deleted
  30. -When is it appropriate to rename or to delete or disable the account?
    • -disable the account: when a user takes a leave of absence
    • -have practice of disabling accounts when someone leaves, and then later renaming and enabling the account for that person’s replacement (this is easier than deleting the account and creating a new one)
  31. -Interactive logon process:
    • a process to verify user’s credentials for logon to a Win2008 computer
    • -if the local account – it’s checked against the local user account database
    • -domain account – using encryption process, user credentials are verified at a DC, and after successful authentication a logon key/logon token is granted for the session
  32. -Network authentication process:
    • process of verifying user’s credentials to allow access to network resources
    • -when a user attempts to access a resources, user’s credentials and session key/token are compared against resources’ ACL list to grant access
  33. -Logon token
  34. -Group Accounts
    • -Group – AD objects that contain users, computers and other entities (have SIDS)
    • -Groups are used for easier mgmt. of users/computers/resources
    • -access token identifies groups to which users belongs/rights assigned
  35. -2 types of groups; compare and contrast
    • -Distribution: group for e-mail
    • -Security: group to assign limited permission to groups that need access to resources or to deny access
  36. -Know how groups can be nested
    • -Ex. Managers: name … (top-level global group)
    • Finance: name … (second-level global group)
    • Budget: name … (third-level global group)
  37. -How users/groups inherit rights and privileges through group membership.
  38. -Know that for any membership changes a user needs to log off/log back on.
  39. -Scope of influence (or scope):
    reach of a group for gaining access to resources in Active Directory
  40. -4 group scopes:
    local, domain local, global, universal
  41. -Know default user/group membership (Everyone, Domain Users, Domain Admins, etc.)
    • -built-in groups are automatically created in Windows Server 2003 to reflect most common attributes and tasks
    • -Domain Users/Users -Domain Admins/Administrators
  42. -Know special groups/default membership (EVERYONE, NETWORK, INTERACTIVE, etc.)
    • -Everyone -Network -Interactive -Service -System -Authenticated Users
Card Set:
2013-10-01 14:55:03
Exam is451m

first exam for Is451m
Show Answers: