Fill This Form To Receive Instant Help
Homework answers / question archive / Test Bank, Lesson 15 Configuring Service Authentication Multiple Choice 1) What is the default authentication protocol for non-domain computers? a
Test Bank, Lesson 15 Configuring Service Authentication
Multiple Choice
1) What is the default authentication protocol for non-domain computers?
a. NTLM
b. PAP
c. CHAP
d. Kerberos
2. What does the acronym NTLM stand for?
a. NT Link Messenger
b. NT Link Manager
c. NT LAN Manager
d. NT LAN Messenger
3. NTLM uses a challenge-response mechanism for authentication without doing what?
a. revealing the client’s operating system to the server
b. revealing the protocol to the server
c. sending a password to the server
d. sending an encrypt/decrypt message to the server
4. What type of protocol is Kerberos?
a. a secure network authentication protocol
b. a simple Microsoft-only protocol
c. a uni-directional authentication protocol
d. a certificate-based authentication protocol
5. Kerberos security and authentication are based on what type of technology?
a. secure transmission
b. secret key
c. challenge-response
d. legacy code
6. What is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly?
a. 1 minute
b. 5 minutes
c. 15 minutes
d. 45 minutes
7. Which three components make up a service principal name (SPN)?
a. service name, IP address, and port number
b. service name, URL, and host name
c. service name, host name, and IP address
d. service class, host name, and port number
8. What happens if a client submits a service ticket request for an SPN that does not exist in the identity store?
a. An event is written to the Kerberos server’s event log.
b. The client receives an access denied error.
c. The Kerberos server receives an access denied error.
d. The Kerberos ticket for that service is destroyed.
9. Which tool can you use to add SPNs to an account?
a. Notepad
b. LDAP
c. Microsoft Word
d. ADSI Edit
10. What are the two restrictions for adding SPNs to an account?
a. Domain Administrator privileges
b. full control permissions for the folder
c. local administrator privileges
d. the editor runs from the domain controller
11. Identify another utility that you can use to add SPNs to an account.
a. dnscmd
b. spnedit
c. setspn
d. netsh
12. What type of account is an account under which an operating system, process, or service runs?
a. user
b. system
c. service
d. network
13. When creating accounts for operating systems, processes, and services, you should always configure them with what two things in mind?
a. using strong passwords
b. using cryptic user names
c. granting the least rights possible
d. using built-in accounts
14. Name two benefits to using Managed Service Accounts (MSAs).
a. Microsoft technology
b. automatic password management
c. simplified SPN management
d. simplified account troubleshooting
15. By default, which service accounts will the Windows PowerShell cmdlets manage?
a. standalone MSAs
b. standard local service accounts
c. group MSAs
d. domain user accounts designated as service accounts
16. Which of the following is the format for a virtual account used with Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?
a. domainname\servicename
b. computername\servicename
c. NT Service\servicename
d. NT Service\servicename$
Short Answer
17. Kerberos is more secure than NTLM but it is also more __________________.
18. For Kerberos to work properly, which service needs to be accurate and generally synchronized between systems?
19. Name the two ways that Kerberos authentication improves overall authentication performance.
20. What is meant by the term double-hop authentication?
21. How do you make double-hop authentication more secure?
22. A service or application that is secured by Kerberos must have an identity in the domain. What is an identity?
Best Answer
23. What is the default authentication protocol for contemporary domain computers?
a. NTLM
b. PAP
c. CHAP
d. Kerberos
24. What is the name by which a client uniquely identifies an instance of a service?
a. service instance name
b. service account name
c. service provider name
d. service principal name
25. Before you can create an MSA object type, you must create what?
a. a key services MSA group
b. a key services MSA distributed domain account
c. a key distribution services root key
d. a key distribution services Master MSA
26. What service right does an MSA account automatically receive upon creation?
a. log on interactively
b. log on as a service
c. domain administrator
d. domain power user
Build List
27. Order the following steps required to use the SPN with a service.
a. Connect to the domain.
b. Expand Default Naming Context in the console tree, expand the domain, and then expand the nodes representing the OUs.
c. Open the ADSI Edit console.
d. Add SPN to the service account.
e. Select the OU where the service account exists.
28. Order the following steps required to create a service account.
a. Open the Domain node.
b. Open Active Directory Users and Computers.
c. Open the OU where you want to add the user account.
d. Select Password never expires.
e. Create the new user account.
29. Order the following steps required to use the MSA with a service.
a. Open the service to show the properties.
b. Select Log On As a Service.
c. Restart the service.
d. Click the Log On tab.
e. Clear the Password and Confirm password text boxes.
f. Open the Service console.
g. Select This account option and enter the name of the service account.
Repeated Answer
30. Which Kerberos setting defines the maximum time skew that can be tolerated between a ticket’s timestamp and the current time at the KDC?
a. maximum lifetime for service ticket
b. maximum lifetime for user ticket
c. maximum lifetime for user ticket renewal
d. maximum tolerance for computer clock synchronization
31. Which Kerberos setting defines the maximum lifetime ticket for a Kerberos TGT ticket?
a. maximum lifetime for service ticket
b. maximum lifetime for user ticket
c. maximum lifetime for user ticket renewal
d. maximum tolerance for computer clock synchronization
32. Which Kerberos setting defines the maximum lifetime of a Kerberos ticket?
a. maximum lifetime for service ticket
b. maximum lifetime for user ticket
c. maximum lifetime for user ticket renewal
d. maximum tolerance for computer clock synchronization
33. Which Kerberos setting defines how long a service or user ticket can be renewed?
a. maximum lifetime for service ticket
b. maximum lifetime for user ticket
c. maximum lifetime for user ticket renewal
d. maximum tolerance for computer clock synchronization
Already member? Sign In