MCSE: Windows(r) Server 2003 Network Security Design Study Guide (70-298)

Assigning specific tasks to the appropriate user or group without giving them any more rights than are required in order to perform the tasks you have delegated to them.

Assigning the responsibility of managing Active Directory objects to another user, group, or organization. By delegating control, you negate the need to have several high-level administrative accounts because any user or group can be delegated to control an object without it being added to an administrator group.

Hierarchy in which a CA for each department in the organization is installed so each department can control the deployment of their certificates.

Authentication that provides support for encrypting passwords, even over an unencrypted connection. Digest authentication hashes the user credentials using the Message Digest 5 (MD5) algorithm. This will prevent someone that intercepts the credentials from reading the password.

The simplest of the out-of-band connections to a server. You can establish the connection by using a null modem cable between the management computer and the server running Emergency Management Services (EMS).

The part of the security descriptor that grants or denies specific users and groups access to an object.

A trust relationship between Windows domains. It can be between domains within the same tree, in separate trees, or in separate forests.