Answering the following questions will reinforce key information presented in this chapter. If you are unable to answer a question, review the appropriate lesson and then try the question again. Answers to the questions can be found in the appendix.
- As network administrator, you've received many calls that authentication is failing on the network for several clients. On inspection, you find that the system log displays a 5502 error message saying that the time difference with the primary DC name exceeds the maximum allowed number of seconds. What action must you take?
- How does the Kerberos Authentication Service Exchange differ from the Kerberos Ticket Granting Exchange?
- You've decided to implement strong authentication on the network by using smart card logons. Are there any restrictions with smart card logons that will affect your design decision?
- You've developed a three-tiered client server application. The application depends on running stored procedures at the security context of the user running the application. How does Kerberos provide this support to your application?
- Your network has several Windows 98 computers deployed. You want to migrate these client computers to Windows 2000 by the end of the year. What interim step can you take to increase logon security and performance for the Windows 98 computers?
- You've noticed that users at a remote site are continually logging on with cached credentials. New group memberships that have been created aren't taking effect. What could be causing this?