Shared Flashcard Set

Details

Windows Server 2012 - 70-412 DAC
Dynamic Access Control topics for 70-412 cert. test
10
Computer Networking
Professional
09/12/2013

Additional Computer Networking Flashcards

 


 

Cards

Term
Dynamic Access Control (DAC) controls file access in a third way dependent not on group membership or file location. What is it?
Definition
By object attributes cited in access rules.
Term
Dynamic Access Control (DAC) relies on what elements?
Definition
File classifications, user and device attributes called "claims" and rules and policies built from these elements.
Term
When DAC is combined with NTFS and share permissions, which permission dominates?
Definition
The most restrictive permission always applies.
Term
User and device attributes are called what?
File attributes are called what?
Definition
User & Device attributes = Claims
File Attributes = classifications (or resource properties)
Term
What are 3 advantages of DAC?
Definition
allows management of file access centrally, dramatically reduces the # of groups needed, allows rule creation based on attributes rather than access through ACLs
Term
What operating systems are required for the use of Dynamic Access Control (DAC)?
Definition
Server 2012 file server, Server 2012 Domain Controller, Windows 7. Access-denied assistance requires Windows 8.
Term
To configure a DAC policy what steps must be completed?
Definition
Define the types of claims about users and devices to include in the Kerberos tokens
Configure AD DS to use the expanded Kerberos tokens
Term
How is Kerberos support enabled for claims-based access control?
Definition
Through a GPO applied to the Domain Controllers OU
Computer Configuration/Policies/Administrative Templates/System/KDC/KDC Support for Claims, Compound Authentication, and Kerberos Armoring
Term
In DAC, what does "file classification" mean?
Definition
The process of adding attributes to the properties of files and folders. These attributes enable you to construct access rules that apply to these resources.
Term
Configuring file classification requires 4 steps. What are the steps?
Definition
Enable or create selected resource properties - use ADAC
Add resource properties to a resource property list. use ADAC
Update AD file and folder objects - use Powershell cmdlet "Update-FSRMClassificationPropertyDefinition"
Classify files and folders - manually or Automatic (in FSRM)
Supporting users have an ad free experience!