Term
| By default, permissions set on a folder are automatically inherited by new files and folders created within that folder |
|
Definition
|
|
Term
| Share permissions apply to users connecting across the network or working at the local computer |
|
Definition
|
|
Term
Windows creates two built-in user accounts automatically: Administrator and User.
|
|
Definition
|
|
Term
|
Definition
| A security and administration boundary supported by one or more Domain Controllers. |
|
|
Term
|
Definition
A group of computers that may share a network but are not part of a domain.
|
|
|
|
|
Term
|
Definition
A device that directs traffic between different network subnets
|
|
|
|
|
Term
|
Definition
An IP address that has been manually and directly configured on a system.
|
|
|
|
|
Term
|
Definition
The service that is used to resolve host names to IP addresses.
|
|
|
|
|
Term
|
Definition
The service that is used to provide computers on a network with TCP/IP configuration.
|
|
|
|
|
Term
|
Definition
An IP address that has been assigned by a server.
|
|
|
|
|
Term
|
Definition
The address of a router connected to the local subnet.
|
|
|
|
|
Term
| Both share and NTFS permissions can be set on individual files |
|
Definition
|
|
Term
The randomly generated names created during Windows Server installation (such as WIN-R76Q9CV5R1) should be kept as server names because they are unique and more secure than a shorter computer name.
|
| |
|
|
Definition
|
|
Term
| When Share permissions for a user are combined with NTFS permissions for the same user account, the effective permissions are the ______________________ permissions. |
|
Definition
|
|
Term
| When Share permissions for a user are combined with Share permissions for a group that the user is a member of, the effective permissions are the ______________________ permissions. |
|
Definition
|
|
Term
| To simplify the administration process, you should always assign permissions to ____ rather than to individuals. |
|
Definition
|
|
Term
| The standard NTFS permissions are actually made up of groupings of more detailed, advanced permissions. |
|
Definition
|
|
Term
| What are an administrator's choices for managing file permissions on a drive formatted as FAT32? |
|
Definition
If the drive is a network share, then share permissions can be used.
|
|
|
|
Term
| When you try to connect to the infotechvm-04 server (that hosts the Instructors, Software and Students Shares), from the Server Host System, you are prompted for credentials. Explain why this happens and what credentials you must provide (this should be a general description; do not include your password). |
|
Definition
his occurs because you are trying to access a domain resource from a system that is outside the domain (the server install in the lab is not joined to the domain.)
When specifying the credential, it is infotech\first.last (no \\ in front. That is for a UNC name) |
|
|
Term
While you are working the help desk for a corporate network, a user named Leo calls to request access to the files for Trinity, a new classified project. The Trinity files are stored in a shared folder on a Windows Server 2016 file server, which is locked in a secure data storage facility in New Mexico. After verifying that he has the appropriate security clearance for the project, you create a new group on the file server called TRINITY_USERS and add Leo's user account to that group. Then, you add the TRINITY_USERS group to the access control list for the Trinity folder on the file server and assign the following NTFS permissions:
- Allow Modify
- Allow Read & Execute
- Allow List Folder Contents
- Allow Read
- Allow Write
|
|
Definition
ecause the system uses the least permissible permissions. the tech also added him to a very limited group that could also hinder leo
|
| Correct Answer: |
[image]
The most likely issue is that the share permissions for the folder are set to Read.
|
| Response Feedback: |
This is possible. The most likely issue is that the share permissions for the folder are set to Read
|
|
|
|
Term
|
Definition
Share: Change
NTFS: FC
Effective: Change |
|
|
Term
|
Definition
nothing she gets denied. NO ACCESS. just became of the deny read
|
|
|
|
Term
|
Definition
Share: FC
NTFS: FC
Effective: FC
|
|
|
Term
| The Change share permissions is the closest equivalent to the Modify NTFS permission. |
|
Definition
|
|
Term
You attempted to connect to a network file share but the connection failed. You pinged the server by it's name but did not receive a response. What is the next thing you should try? |
|
Definition
| Ping the server by it's IP address |
|
|
Term
By default, every drive on a Windows system is shared with a hidden, administrative share (such as C$ or D$).
|
| |
|
|
Definition
|
|
Term
When setting permissions, (share or NTFS) deny permissions override allow
|
| |
|
|
Definition
|
|
Term
Which of the following are considered special entities on a Windows system? Choose two.
|
| |
|
|
Definition
|
|
Term
|
Definition
Share: FC
NTFS: R & E
Effective: R & E |
|
|
Term
| When you manage permissions in any of the Windows Client or Server permission systems, you are actually creating and modifying the _______ in an _______. |
|
Definition
access control entries; access control list
|
|
|
Term
| What NTFS permission allows a user to delete objects? |
|
Definition
|
|
Term
Answer the following question either 'most restrictive' or 'least restrictive':
When NTFS permissions for a user are combined with NTFS permissions for a group that the user is a member of, the effective permissions are the ______________________ permissions |
|
Definition
|
|
Term
| An Access Token with a user’s permissions is generated at the time the user logs on to a Windows system |
|
Definition
|
|
Term
You can view all shares on a computer through Computer Management
|
|
|
Definition
|
|
Term
|
Definition
Share: Not Applicable
NTFS: Modify
Effective: Modify
|
|
|
Term
| Tamara is a network administrator and has configured a network share to store IT manuals and documents. All users on the network should be able to read and execute and Administrators should have full control of the content. She has configured the NTFS permissions to include the Administrators group with Full Control and the Users group with Read and Execute Permissions. She has shared the folder with Users, Full Control. Is this configuration appropriate? Explain your answer. |
|
Definition
Each group ends up with the appropriate desired permissions when the share and NTFS combine. |
|
|
Term
Answer the following question either 'most restrictive' or 'least restrictive':
When NTFS permissions for a group are combined with Share permissions for a user that is a member of that group, the effective permissions are the ______________________ permissions. |
|
Definition
|
|
Term
If you move or rename a shared folder, the sharing is removed
|
|
|
Definition
|
|
Term
|
Definition
| A collection of objects that share the same database o A group of computers that share security and can be centrally managed and administered |
|
|
Term
|
Definition
| A server that is authoritative for the domain; stores a copy of Active Directory |
|
|
Term
|
Definition
| each resource in Active Directory is represented as an object and each object has a set of attributes o common attributes for all objects include a unique name, a globally unique identifier (GUID), required object attributes, and optional object attributes |
|
|
Term
|
Definition
| A container object is an object that houses other objects |
|
|
Term
|
Definition
| Does not house other objects (Typically users, computers, printers) |
|
|
Term
|
Definition
| Define what type of information is stored about each object (example: first name, last name, password) o The data stored in the attribute is known as the attribute value |
|
|
Term
|
Definition
master database containing definitions of all objects in the Active Directory
the Schema contains rules and definitions for creating and modifying object classes within Active Directory |
|
|
Term
|
Definition
| an OU is a container that represents a logical grouping of resources that have similar security guidelines o nested in hierarchical fashion, allowing a parent OU to contain one or more child OUs o administration of an OU can be delegated to a manager o delegation of administration allows you to more efficiently distribute administrative responsibility in your organization, and reduce the number of users that must have domain-wide control |
|
|
Term
|
Definition
| o Multiple domains in the same forest that share a contiguous name space |
|
|
Term
|
Definition
| a forest enables a user to access resources across an entire Active Directory forest using a single logon o The first AD Domain is the Forest Root; Child domains and additional trees may be added to the forest |
|
|
Term
|
Definition
| interoperability with prior versions of Active Directory Service is available through domain functional levels o functional levels may be changed in Active Directory for a single domain within a multidomain environment o changing functional levels is an irreversible action that can be undone only through a system-wide restore o The administrator must be logged in as a member of the Domain Admins group to raise a domain |
|
|
Term
|
Definition
| The administrator must be logged in as a member of the Enterprise Admins group to raise the forest o The forest functional level cannot be raised until all domains in the forest are raised to a minimum of the domain functional level o Domain and forest functional levels provide backward compatibility with previous versions of Windows Server |
|
|
Term
|
Definition
| trust relationships allow access to multiple domains across enterprise networks |
|
|
Term
|
Definition
Contains information about each object in every domain in the forest o Stored on DCs that have been designated as GC servers o Data is distributed through replication o A GC contains full information about objects in its own domain and partial information about objects in other domains in the forest o Applications such as Exchange rely heavily on GC servers o The first DC in a New Forest has to be a GC server o In a single domain forest, it is recommended that you make every DC a GC server
Each site should have a GC server so that searches are not done over expensive WAN links o Configured in the NTDS settings properties (in AD Sites & Services) |
|
|
Term
|
Definition
| Directory Services Restore Mode (DSRM) is a safe mode boot option (F8) for Windows Server domain controllers. DSRM allows an administrator to repair or recover or restore an Active Directory database o This password provides the administrator with access to the AD database in case something goes wrong later on, but it does not provide access to the domain or to any services o Can be changed using ntdsutil |
|
|
Term
| ▪ Active Directory Recycling Bin |
|
Definition
| A deleted object is flagged as a deleted object for a specified amount of time o Once the deleted object lifetime expires, the object is flagged as a recycled object and is stripped of most of its attributes (it still resides in the Deleted Objects container and can be recovered for the duration of its lifetime) o Need at least one DC running Server 2012 R2 with AD Administration Center enabled; All other DCs and Forest Functional Level must be 2008 R2 or higher o Once enabled, it cannot be disabled o Enable in AD Administration Center |
|
|
Term
| Fine Grained Password Policy |
|
Definition
| By default, the Domain Password Policy is the only policy that configures Account Policy (Account policy configured and applied to an OU will only modify SAM accounts on systems in that OU, it will not affect domain accounts.) o Fine Grained Password Policy can be used to allow different users in the domain to have different password requirements |
|
|
Term
|
Definition
|
|
Term
|
Definition
- DNS is a hierarchical method of associating domain names with IP addresses
- The 13 root servers are the ultimate authorities
- DNS names are resolved using one or more queries to a server or servers that are ‘authoritative’ for a given name. The queries may follow the path of the FQDN from the top of the hierarchy (the TLD) down to the host
- A Domain Name must be registered with the appropriate managing authority so that the name and address is added to the namespace and can be resolved
- Internet Domains must be registered with an approved registrar and the addresses for DNS servers that will resolve the domain name must be provided. This process facilitates the appropriate creation of the namespace
|
|
|
Term
| What is Active Directory’s default name resolution method? |
|
Definition
|
|
Term
| what can inhibit the ability to set up AD? |
|
Definition
| The configuration of DNS is critical for proper functioning of Active Directory |
|
|
Term
| Why is DNS so important to AD? |
|
Definition
| Active Directory relies on DNS to be a locator service for clients on the network |
|
|
Term
| Why are SRV records important? |
|
Definition
| Without SRV records, clients will be unable to authenticate against Active Directory |
|
|
Term
| What command helps us verify that DNS was created on install? |
|
Definition
| dnscmd /EnumDirectoryPartitions |
|
|
Term
| Aging and scavenging for zones? What are they? |
|
Definition
- Aging and scavenging are processes for cleaning up the DNS database after DNS records become out of date
- o Configure aging and scavenging through the DNS Tool in the properties of the zone.
|
|
|
Term
- What are the Types of Resource records?
|
|
Definition
- SOA (Start of Authority)Indicates the server that is the best authoritative source for the zone Each zone must have and SOA record and only one SOA record can be in a zone
- ▪ NS (Name Server) Indicates a DNS server functioning as an authority for the zone
- ▪ A (Address) Name to IP v4 address mappings for hosts
- ▪ AAAA (Address) Name to IP v6 address mappings for hosts
- PTR (Pointers) Address to name mappings used in reverse lookup zones
- PTR (Pointers) Creates an alias that points to the canonical name of a host identified by an A record
|
|
|
Term
| what are dynamic updates? |
|
Definition
must be selected for domain controllers to register their records with DNS.
Verify that dynamic updates are selected through the zone properties in the DNS tool. |
|
|
Term
|
Definition
Reverse Lookup Zones answer queries in which a client provides an IP address and DNS resolves the IP address to a hostname
Reverse lookup zones can be created through the DNS tool. |
|
|
Term
|
Definition
| hosts that need names resolved |
|
|
Term
|
Definition
| (Name Servers) contain databases and work to resolve names to IP addresses |
|
|
Term
|
Definition
| a cache held on each computer of names that have already been resolved (to save time). |
|
|
Term
|
Definition
| the distributed database of Internet IP addresses and their associated names. |
|
|
Term
|
Definition
| defined areas that have been divided up for management purposes. Zones may consist of one or more domains (such as in the case of TLDs) |
|
|
Term
|
Definition
| stores the information about hosts in the zone |
|
|
Term
|
Definition
| individual entries in the zone file. These store the addresses of the hosts on the network. |
|
|
Term
|
Definition
| A client communicates with a DNS server or servers to request an IP address lookup |
|
|
Term
|
Definition
| A DNS server communicates with several other DNS servers to complete an IP address lookup and return an answer to the client |
|
|
Term
|
Definition
| Responsible for high level organization and coordination of the DNS namespace |
|
|
Term
|
Definition
| is the specific part of the ICANN organization that allocates IP addresses to five Regional Internet Registries (RIRs). The RIRs then allocate addresses to Internet Service Providers, who sub-allocate to networks and individual users. |
|
|
Term
|
Definition
| American Registry for Internet Numbers (One of the 5 RIRs) |
|
|
Term
|
Definition
| Manages the .ca namespace; oversees .ca registrars |
|
|
Term
| Describe Read permissions |
|
Definition
- Display folder and file names ▪ View attributes ▪ Read file data ▪ Run programs ▪ Access subfolders
|
|
|
Term
|
Definition
Create files and folders ▪ Change and append data in files ▪ Change attributes ▪ Delete folders and files
also includes Read property
Display folder and file names ▪ View attributes ▪ Read file data ▪ Run programs ▪ Access subfolders |
|
|
Term
Description of Full Control
|
|
Definition
Change permissions ▪ Take ownership of files
Change:
-Create files and folders ▪ Change and append data in files ▪ Change attributes ▪ Delete folders and files
-Create files and folders ▪ Change and append data in files ▪
Read:
Change attributes ▪ Delete folders and files
Display folder and file names ▪ View attributes ▪ Read file data ▪ Run programs ▪ Access subfolders
|
|
|
Term
|
Definition
▪ Apply to local and network users
▪ When combined – result is most permissive
▪ Can be applied to folders and files
▪ Are only available on NTFS partitions (volumes) |
|
|
Term
Who overrides who?
Do groups override users
or do users override groups? |
|
Definition
| USER DOES NOT OVERRIDE GROUP!!!! GROUP DOES NOT OVERRIDE USER!!!! |
|
|
Term
| is permission inheritance on by default? T or F |
|
Definition
|
|
Term
Permissions Inheritance
list as many as you know. |
|
Definition
When permissions appear to be greyed out, it is usually because they are being inherited
Turn inherited permissions off in the ‘Advanced’ window o Recommendation: when you disable inherited permissions, copy the existing permissions to the object and then edit them o When permissions are not inherited, they are said to be ‘Explicit’ permissions |
|
|
Term
|
Definition
| Every object (file or folder) has an owner ▪ By default, the owner is the person that created the object ▪ The owner can always change permissions on an object ▪ There is a special identity called ‘creator owner’ that can be used in more advanced permissions scenarios ▪ Anyone with Full Control NTFS permissions can take or transfer ownership of an object to a different user. This can be used to gain access to resources in special circumstances. |
|
|
