Active Directory Ch-16

AD RMS client
AD RMS works with a special ______ to protect sensitive information.
MSSQL Server 2005 or 2008
In test environments, you can rely on the Windows Internal Database (WID) included in Win Server 2008 R2, but in production environments, you should rely on a formal
database engine such as ______ running on a separate server.
Microsoft Message Queuing
Internet Information Services (IIS) 7.0 provides the web services upon which AD RMS relies, and the ______ service ensures transaction coordination in distributed environments.
root cluster
The first time you install an AD RMS server, you create an AD RMS ______ by default.
certification and licensing
A root cluster is designed to handle both ______ and ______ requests.
forest
Only one root cluster can exist in an AD DS ______.
1. Root clusters handle all AD RMS operations and are, therefore, multifunctional.
2. Root and licensing-only clusters are independent; that is, they cannot share load balancing of the service. If you install all your servers as root servers, they automatically load balance each other.
Microsoft recommends that you rely on the root role more than the licensing-only role for two reasons:
cluster
Remember that any server installation in AD RMS automatically creates a ______.
AD Federation Services
AD RMS includes direct integration with ______, allowing you to extend your rights management policies beyond the firewall with your partners.
Enterprise Administrators
AD RMS ______, which can manage all aspects of AD RMS. This group includes the user account used to install the role as well as the local administrators group.
Template Administrators
AD RMS ______, which supports the ability to read info about the AD RMS infrastructure as well as list, create, modify, and export rights policy templates.
AD RMS Auditors
AD RMS ______, which allows members to manage logs and reports. These members have read-only access to AD RMS infrastructure information.
AD RMS Service
AD RMS ______, which contains the AD RMS service account that is identified during the role installation.
Server licensor certificate (SLC)
The ______ is a self-signed certificate generated during the AD RMS setup of the first server in a root cluster.
Rights account certificate (RAC)
______ are issued to trusted users who have an email-enabled account in AD DS.
Client licensor certificate (CLC)
The ______ includes the client licensor public key, the client licensor private key that is encrypted by the user’s public key, and the AD RMS cluster’s public key.
publishing license
The ______ license is created when the user saves content in a rights-protected mode.
use license
The ______ license is assigned to a user who opens rights-protected content.
domain controller
Do not install AD RMS on a ______.
AD RMS
______ is designed to provide support for data protection services through digital rights management.
email-enabled
Users must have an ______ account in an AD DS domain to use AD RMS services.
Word, Outlook, PowerPoint, Internet Explorer
Users must also rely on AD RMS-enabled applications to protect content. These applications can be productivity tools such as ______, or a custom AD RMS-enabled application. Without an AD RMS-enabled application, you cannot view or work with protected content.
AD RMS client
Win 7 includes the ______ by default, as does Win Vista, but Win XP does not.
extranet URL
When you want to extend your AD RMS infrastructure to mobile users or teleworkers outside your internal network, you must configure an ______.
the installation
Certificates are created by default during ______ of AD RMS.
1. Specify the duration of rights account certificates.
2. Enable certification for mobile devices.
3. Enable certification of server services.
4. Authenticate clients through smart cards.
Four activities can be performed in terms of certificate administration:
You can deploy only a single AD RMS root cluster per AD DS forest. This is because AD RMS creates an SCP during installation, and only one SCP can exist per forest.
How many AD RMS root clusters can you deploy in an Active Directory Domain Services forest?
The root cluster offers all AD RMS capabilities, whereas the licensing-only cluster simply manages licenses. Use licensing-only clusters in rare occasions when root-only deployments are not practical.
What is the difference between a root cluster and a licensing-only cluster, and which is preferable to use?
1. AD RMS Enterprise Administrators can manage every aspect of AD RMS.
2. AD RMS Template Administrators can prepare and modify protection templates.
3. AD RMS Auditors have read-only access to AD RMS logs.
4. AD RMS Service Account grants proper access rights to the AD RMS service account.
Which delegation roles does AD RMS support?
1. The built-in client included in Win 7, Win Vista, and Win Server 2008 R2.
2. A client that runs on Win 2000, Win 2003, and Win XP.
AD RMS relies on a local client to give users access to its capabilities. Two clients exist:
A server licensor certificate (SLC) is a self-signed certificate that is generated during setup of the first server in a root cluster and assigned to the cluster as a whole.
What is a server licensor certificate?
1. The configuration database
2. The logging database
3. The directory services database
AD RMS relies on three databases to operate:
configuration data
The configuration database is used to store all AD RMS ______.
root or a licensing-only
The logging database stores data about every activity in either a ______ or a ______ cluster.
users
The directory services database stores information about ______ and all their corresponding data.
extranet, trust policies
When you work with AD RMS, you need to perform several configuration tasks to complete your installation. These tasks include creating an ______ URL if you want to give external users access to your DRM system. They also include configuring ______ in support of additional external access.
server licensor certificates
If you want to work with other AD RMS installations, each installation must exchange _____ with the other. This means exporting certificates from the source cluster and importing them in the target cluster.
exclusion
If you need to exclude users from your DRM system, you must create ______ policies.
rights policy
To facilitate user content creation, create ______ templates. These templates simplify users’ work and ensure that your DRM strategy is used in a standard manner.