Term
| Active Directory for Sites and Services |
|
Definition
| A Microsoft Management Console (MMC) snap-in that you can use to administer the replication of directory data among all sites in an _____________________ Domain Services (__ DS) forest. This snap-in also provides a view of the service-specific objects that are published in __ DS. |
|
|
Term
| Active Directory for Users and Computers |
|
Definition
| A Microsoft Management Console (MMC) snap-in that you can use to administer and publish information in the directory. |
|
|
Term
|
Definition
| Provides the appropriate Web Agent software that are necessary for authenticating and authorizing federated access to locally hosted, Web-based applications. |
|
|
Term
| administrator role separation |
|
Definition
| The ability to delegate local administrative permissions for a read-only domain controller (RODC) to any domain user without granting that user any user rights for the domain or other domain controllers. |
|
|
Term
| Arp (Address Resolution Protocol) cache |
|
Definition
| Is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. To keep the number of broadcasted ____Request frames to a minimum, many TCP/IP protocol stacks incorporate an ____cache |
|
|
Term
|
Definition
| Configure and maintain the CA. This is a CA role and includes the ability to assign all other CA roles and renew the CA certificate. This is a separate role from the local _________ role. |
|
|
Term
| Certificate Practice Statement (CPS) |
|
Definition
| Is a document from a Certificate Authority or a member of a web of trust which describes their practice for issuing and managing public key certificates |
|
|
Term
| certificate renewal period |
|
Definition
| Is the amount of time prior to the end of the validity period when the subject will ______ the certificate using auto enrollment. |
|
|
Term
| Certificate Revocation List (CRL) |
|
Definition
| Is a list of certificates (or more specifically, a list of serial numbers for certificates) that have been revoked, and therefore should not be relied upon. |
|
|
Term
|
Definition
| Are statements (for example, name, identity, key, group, privilege, or capability) made about users — and understood by both partners in an Active Directory _________ Service (ADFS) federation |
|
|
Term
|
Definition
| User’s password is retrieved from a writable DC the first time the user logs on, and thereafter, the password is retrieved from the RODC to prevent cracks on locally stored passwords. |
|
|
Term
|
Definition
| Another option for installing an RODC that isn’t available with a regular DC that doesn’t require domain administrator credentials; a regular user at the branch office can perform the installation. |
|
|
Term
| Denied RODC Password Replication Group |
|
Definition
| This group is a security measure to ensure that passwords for sensitive accounts don’t get stored on RODCs. |
|
|
Term
|
Definition
| Server role provides automatic IP address assignment and configuration for client computers. |
|
|
Term
|
Definition
| Data that binds a sender's identity to the information being sent. _________ may be bundled with any message, file, or other digitally encoded information, or transmitted separately. _________ are used in public key environments and provide no repudiation and integrity services. |
|
|
Term
|
Definition
| Server resolves the names of Internet computers and computers that are members of a Windows domain to their assigned IP addresses |
|
|
Term
|
Definition
The main DNS configuration tool, used to perform most DNS configuration
tasks, monitor zone data and the DNS cache’s contents, and configure event logging and debug logging. |
|
|
Term
|
Definition
| is any computer registered to join the Domain Name System |
|
|
Term
|
Definition
| A Windows server that has Active Directory installed and is responsible for allowing client computers access to _______ resources. |
|
|
Term
| EFS (Encrypted File System) |
|
Definition
| A Microsoft file-based encryption technology that enables users to encrypt files and folders on NTFS volumes. _____helps protect the confidentiality of data by ensuring that only authorized users can decrypt the encrypted files or folders. |
|
|
Term
|
Definition
Used to view the DNS Server event log (can also be viewed in the Global
Logs node in DNS Manager). |
|
|
Term
|
Definition
| A one-way or two-way nontransitive trust between two domains that aren’t in the same forest. |
|
|
Term
|
Definition
| A computer that has been configured to host the _______ Service role service of Active Directory _______ Services (AD FS). _________ can authenticate or route requests from user accounts in other organizations and from clients that can be located anywhere on the Internet. |
|
|
Term
|
Definition
| A collection of attribute data used to specify domain objects that aren’t replicated to RODCs, thereby increasing the security of sensitive information. |
|
|
Term
|
Definition
| A trust that provides a one-way or two-way transitive trust between forests, which enables security principals in one forest to access resources in any domain in another forest. |
|
|
Term
|
Definition
| is a housekeeping process that is designed to free space within the Active Directory database |
|
|
Term
| Garbage Collection - Frequencty |
|
Definition
| The Times when free space within the Active Directory Database is accessible. |
|
|
Term
|
Definition
| A mathematical function that takes a string of data as input and produces a fixed-size hash value as output. Hash values are used to verify that the original data hasn’t been changed and to sign CA certificates and certificates issued by the CA. |
|
|
Term
|
Definition
| A CA in a multilevel CA hierarchy that issues certificates to issuing CAs, which respond to user and device certificate requests. |
|
|
Term
|
Definition
Displays extended IP configuration information, such as the computer name, domain
name, network adapter description, physical (MAC) address, whether DHCP is used, and
DNS address. |
|
|
Term
|
Definition
Windows caches the most recent DNS lookup request results, and this option
displays the contents of the local DNS cache. |
|
|
Term
|
Definition
Deletes cached DNS information from memory. This option can be useful if a
computer’s IP address or hostname was changed recently, and the cache contains obsolete
information. |
|
|
Term
|
Definition
| A CA that interacts with clients to field certificate requests and maintain the CRL. |
|
|
Term
|
Definition
| A method of backing up private keys and restoring them if users’ private keys are lost. |
|
|
Term
|
Definition
| A designated user with the right to recover archived keys |
|
|
Term
| Network Device Enrollment Service (NDES) |
|
Definition
| A service that allows network devices, such as routers and switches, to obtain certificates by using Simple Certificate Enrollment Protocol (SCEP), a Cisco proprietary protocol. |
|
|
Term
|
Definition
| When a transitive trust relationship is not appropriate, but this trust relationship must be created explicitly. |
|
|
Term
|
Definition
| A trust relationship between two domains in which only one of the two domains trusts the other domain. For example, domain A trusts domain B, and domain B does not trust domain A_________ are often used to enable authenticated access to resource domains. |
|
|
Term
|
Definition
A CA installation on a Windows Server 2008 server that’s integrated with
Active Directory. |
|
|
Term
|
Definition
| A role service that enables clients to check a certificate’s revocation status without having to download the certificate revocation list (CRL). |
|
|
Term
|
Definition
| A CA installation that isn’t integrated with Active Directory. |
|
|
Term
|
Definition
| A key that’s held by a person or system and is unknown to anyone else. |
|
|
Term
|
Definition
| A key owned by a person or system that’s distributed to whoever wants to have a secure communication session with the key owner |
|
|
Term
| Public Key Infrastructure |
|
Definition
| A security system that binds a user’s or device’s identity to a cryptographic key that secures data transfer with encryption and ensures data authenticity with digital certificates. |
|
|
Term
| RDOC (Read Domain Only Controller) |
|
Definition
| Maintains a copy of all objects in the domain and all attributes except password related properties |
|
|
Term
|
Definition
| A DNS zone placed on a DNS RODC (Read Only Domain Controller) |
|
|
Term
|
Definition
| A trust used to integrate users of other OSs into a Windows Server 2008 domain or forest; requires the OS to be running Kerberos V5 authentication. |
|
|
Term
|
Definition
| A server configured with the Web Enrollment role service. |
|
|
Term
|
Definition
| A component of Windows Reliability and Performance Monitor that displays real-time CPU, memory, disk, and network performance information collected from the Windows Kernel Trace provider and performance counters. |
|
|
Term
|
Definition
| A federation partner that trusts the Federation Service to issue claims-based security tokens for Web-based applications (that is, applications in the resource partner organization) that users in the account partner can access. |
|
|
Term
| Restricted Enrollment Agent |
|
Definition
| An enrollment agent that’s limited to enrolling only specific users or security groups. Restricted enrollment agents are available only with an enterprise CA. |
|
|
Term
|
Definition
| A domain controller that has read-only copies of directory partitions. |
|
|
Term
|
Definition
| The first CA installed in a network. Clients are configured to trust the Root CA’s certificate, and then implicitly trust the certificate of any CA that’s subordinate to the root. |
|
|
Term
|
Definition
| A network device that forwards communication packets from one network to another. Routers are the basis for the Internet. |
|
|
Term
|
Definition
A key used to both encrypt and decrypt data in a secure transaction. The ______ ___ must be known by both parties because it’s used in both ends of the cryptography
process. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A logical connection between two sites that determines the replication schedule and frequency between the sites. |
|
|
Term
|
Definition
| The process of replicating Active Directory information from one site to another. |
|
|
Term
|
Definition
| The device that connects a computer to the rest of the network. In a wireless network, this device is called an access point. |
|
|
Term
|
Definition
| A PC that is unable to replicate to other DC on the network due to the network configuration problem. |
|
|
Term
|
Definition
| A trust relationship based on the transitive rule of mathematics; therefore, if Domain A trusts Domain B and Domain B trusts Domain C, then Domain A trusts Domain C. |
|
|
Term
|
Definition
| Trust in which both domains in the relationship trust each other, so users from both domains can access resources in the other domain. |
|
|
Term
| Unidirectional Replication |
|
Definition
| A replication method used with RODCs in which Active Directory data is replicated to the RODC, but the RODC doesn’t replicate the data to other domain controllers |
|
|
Term
|
Definition
| Provides single sign-on access to multiple Web applications for users who are external to the corporate network. |
|
|
Term
| WINS (Windows Internet Name Service) |
|
Definition
| Is a legacy name service used to resolve NetBIOS names, sometimes referred to as single-label names. A central database of name-to-address mappings is maintained on a server where client computers update their own records dynamically. |
|
|
Term
|
Definition
| A computer that has been configured to host the _______ Service role service of Active Directory _______ Services (AD FS). _________ can authenticate or route requests from user accounts in other organizations and from clients that can be located anywhere on the Internet. |
|
|
