SSO
Group Policy
Server Farms
KCC
ISTG
100
Setting that takes precedence when a GPO value is found in both computer configuration and user configuration.
What is computer configuration?
100
Use this service to implement single sign-on.
What is Active Directory Federation Services
100
THIS can be used to create a trust between the claims provider and the relying party.
What is federation metadata?
100
The limitation of using WID for AD FS.
What is WID caps out and is limited to five federation servers per farm?
100
Items needed for a client computer to have SSO access to applications and services.
What is the trusted SSL certificate locally installed, and the browser settings for each user profile will need to be configured to trust the account federation server?
200
Two ways logon scripts can be applied to a user.
What is Group Policy and User Account settings in AD?
200
It is the account partner’s responsibility to store and authenticate user accounts, create the user’s claim, and package claims into THESE which are used by the resource partner for authentication into their applications and services.
What are security tokens?
200
Besides grouping multiple federation servers together in a server farm. Name an additional requirement for the server farm to function.
What is some sort of network load balancer?
200
This must be removed before using non-Microsoft browsers for single sign-on (SS0) and accessing cloud applications.
What is - You may have to remove all of the Extended Protection for Authentication patches from the local machine. (client machine)?
300
Reason(s) folder redirection is a good idea.
What is single location for all users documents and this makes backups easier.
300
Number of AD FS configuration databases present for each individual federation server farm.
What is one?
300
Every AD FS client must have the ability to have an to accept this item.
What is certificates?
300
One key component needed for client computers to use SSO and Internet applications.
What is cookies must be enabled?
400
A standard domain user ( like ISTuser) has been granted local admin rights. Explain how only server administrators and domain admins are the only accounts in the local admins group.
What is - By applying a security template that says that “only Administrator and Domain Admins can be in the local Administrators,” reapplying the template kicks everybody out who’s not supposed to be there.
400
Databases which can be used to store data when using AD FS.
What is WID and Windows SQL Server?
400
Types of certificates required for Single sign-on.
What are token-signing, token decryption, secure sockets layer cert, and server communication certificates?
400
Requirements needed before adding an additional server to an AD FS server farm.
What is - The server must be domain joined to your Active Directory forest, it must have the AD FS roles and features installed, and it must have the required AD FS certificates installed locally to the machine?
500
GPOs are refreshed every 90 minutes = - 30 minutes. How often are security settings reapplied?
What is every 16 hours?
500
THESE identify a group of attributes for a user account such as the user's name or role.
What is claims?
500
The potential drawback of adding AD FS single sign-on to an enterprise environment.
What is there is no functionality to roll back a deployment once it has been configured and users have been fully federated?
500
Requirements for adding an AD FS proxy server.
What is - There must be a federation server on the internal corporate network to communicate with. The proxy server must have a trusted SSL certificate with a subject name that matches the federation service name. Proper DNS entries will need to be configured.
M
e
n
u