IST 253 Exam3 Ch15

AUTHENTICATION

TRUSTING

REALMS

DOMAINS

FUNCTIONS

100

Trusts that can be created and configured manually.

What are external, forest, shortcut, and realm?

100

The netdom command switch used to ensure trust validation is performed.

What is /validate

100

Manually created trusts can be created to connect two domains within the same forest to one another, or to a forest or domain in a completely separate enterprise. List the attributes for these trusts.

What is, these trusts can be one-way or two-way trusts and can be transitive or nontransitive in nature.

100

Realm trusts are used to allow users to authenticate and access resources here.

What is a non-Windows Kerberos v5 realm, or to allow users in a non-Windows Kerberos v5 realm access to resources in an AD DS domain.

100

An explicit trust between two domains, ignoring any existing trusts in the external or internal domain or forest; the domains in the trust only trust each other and will not traverse any existing or future trust paths of either domain.

What is non-transitive?

200

Two companies are merging. Users in company 1 needs to access resources in company 2. Explain how this is done.

What is, you create a one-way incoming trust in Company 1, a user with domain admin or enterprise admin privileges in the Company 2 needs to create a one-way outgoing trust in the external domain.

200

The downside of implementing selective authentication is this.

What is the administrative overhead involved to configure and maintain user access to resources. Each member server or computer account in the trusting domain that holds a required resource needs to be configured to allow authentication to the users in the trusted domain.

200

In a one-way trust, the trust direction is this.

What is from the trusting domain to the trusted domain?

200

This allows explicit authentication and access to resources in an external trust or forest trust.

What is selective authentication?

200

The domain that provides resources to another domain.

What is a resource domain?

300

You are attempting to create a one-way outgoing trust to an external domain that has resources in it that your domain’s users will need to access. The authorized users will be able to access the resources without entering any additional credentials once they have successfully logged in to your domain. When you attempt to create the trust, it fails. You have verified that the domain controllers in the external domain are online. List your next step.

What is, you can configure Domain Name System (DNS) to properly resolve authoritative zones in forests or domains that are part of the trust.

300

When a new child domain or tree domain is created within the forest,this trust with the root domain or the parent is created.

What is a two-way transitive trust?

300

External trusts are this, thus any existing trusts already in place with the trusting domain cannot be traversed by members of the external trust’s trusted domain users.

What is nontransitive?

300

Users of the trusted domain are unable to access resources in the trusting domain until they are explicitly configured on the computer object’s this, in the Active Directory Users and Computers tool by checking the Allowed to Authenticate check box.

What is Discretionary Access Control List (DACL)?

300

A domain that contains users that access resources in another domain.

What is a user domain?

400

List the three scopes of trust authentication.

What are selective authentication, domain-wide authentication, and forest-wide authentication?

400

To create this type of trust, both domains of the trust must be the forest root domain and have a forest functional level of Windows Server 2003 or higher.

What is a forest trust?

400

To accommodate external trusts, the trusting domain generates and stores these in AD DS, for each security principal (Users, Computers, and Groups) of the trusted domain. This allows users of the trusted domain to become members of domain local groups in AD DS and to be added to Access Control Lists (ACLs) of resources in the trusting domain.

What are Foreign Security Principals?

400

Trusts that are internal to a forest and that are created automatically during domain creation.

What are automatically generated trusts?

400

Users in a specified external domain or forest can authenticate with the internal domain or forest.

What is a one-way outgoing trust direction?

500

User accounts have been involved in a domain migration. If a domain migration has been done, a user will be given a new principle SID in relation to the domain he or she has been migrated to while maintaining the old SID in the sIDHistory attribute. If the administrator migrated the previous SIDs, the sIDHistory attribute will be populated with the old SID. Explain what happens if SID filtering is used.

What is The previous SID might have been kept to retain access to network resources in the old domain. This can cause problems because if the old SID is filtered off within a trust, the user will lose access to resources still pointing to the old SID.

500

When you create a shortcut trust, both domains must be here.

What is in the same forest?

500

Shortcut trusts are primarily used to improve this when authenticating to and accessing resources in an internal forest.

What is performance ?

500

A one-way or two-way nontransitive trust between domains that are not in the same forest and that are not already included in a forest trust.

What is an external trust?

500

A trust that allows users from one forest to access resources in another forest, but not vice versa.

What is a One-way forest trust?