BitLocker drive encryption (BDE): a disk encryption method provided in Windows t

1. BitLocker drive encryption (BDE): a disk encryption method provided in Windows that can use the TPM to securely store the cryptographic material used in the encryption.
2. BitLocker To Go: feature that enables users to encrypt removable USB devices, such as flash drives and external hard disks.
3. data recovery agent (DRA): a use that can recover EFS encrypted files for a domain.
4. decryption: the process of converting data from encrypted format back to its original format.
5. Encrypting File System (EFS): a file encryption method that can encrypt files on an NTFS volume that cannot be used unless the user has access to the keys required to decrypt the information.
6. encryption: the process of converting data into a format that cannot be read by another user.
7. Network Unlock: a new feature in Windows 8 and Windows Server 2012 that provides an automatic unlock of operating system volumes at system reboot when connected to a trusted wired corporate network.
8. pre-provisioning: allows BitLocker to be enabled before the operating system is installed.
9. Trusted Platform Module (TPM): a microchip that is built into a computer. It is used to store cryptographic information, such as encryption keys.
10. caching-only server: a DNS server that receives client requests, and as the other DNS servers fulfill DNS queries, the server adds the information to its cache.
11. conditional forwarding: forward specific queries to other DNS servers based on the DNS domain names in the query.
12. dnscmd.exe: a command-line utility that allows an administrator to display and change properties of the DNS servers, zones, and resource records.
13. Domain Name System (DNS): a naming service that is used by TCP/IP network and is an essential service used by the Internet.
14. forward lookup zone: used primarily to resolve host names to IP addresses.
15. forwarder: another DNS server that requests are sent to for resolution.
16. aging: the process in DNS of using timestamps to track the age of dynamically registered resource records.
17. Canonical Name (CNAME) records: sometimes referred to as an alias, maps an alias DNS domain name to another primary or canonical name.
18. DNS zone database: made up of a collection of resource records, which are sued to answer DNS queries.
19. dynamic updates: resource records for the clients are automatically created and updated at the host’s primary DNS server.
20. Host (A and AAAA) records: maps a host name to an IP address.
21. Pointer (PTR) records: maps an IP address to a host name
22. round robin: a DNS balancing mechanism that distributes network load among multiple servers by rotating resource records retrieved from a DNS server.
23. scavenging: the mechanism to remove stale resource records.
24. secure dynamic updates: only updates from the same computer can update a registration for a resource record.
25. Service Location (SRV) records: maps a DNS domain name to a specified list of host computers that offer a specific type of service, such as Active Directory domain controllers.
26. Start of Authority (SOA) record: specifies authoritative information about a DNS zone, including the primary name server, the e-mail of the domain administrator, the domain serial number, and the expiration and reload timers of the zone.
27. Challenge Handshake Authentication Protocol (CHAP): a challenge-response authentication that uses the industry standard md5 hashing scheme to encrypt the response.
28. Extensible Authentication Protocol (EAP-MS-CHAPv2): a universal authentication framework that allows third-party vendors to develop custom authentication schemes including retinal scans, voice recognition, fingerprint identifications, smart cards, Kerberos, and digital certificates.
29. IKEv2: a tunneling protocol that uses IPsec Tunnel Mode protocol over UDP port 500.
30. Microsoft CHAP version 2 (MS-CHAP v2): an authentication method that provides two-way authentication (mutual authentication).
31. network address translation (NAT): used to hide an entire IP address space behind a single IP address.
32. Password Authentication Protocol (PAP): an authentication method that uses plain text (unencrypted passwords). PAP is the least secure authentication and is not recommended.
33. Point-to-Point Tunneling Protocol (PPTP): a VPN protocol based on the legacy Point-to-Point protocol used with modems.
34. preauthentication: The process by which users and devices are authenticated before they access an application.
35. remote access server (RAS): a server that enables users to connect remotely to a network using various protocols and connection types.
36. Routing and Remote Access (RRAS): Microsoft’s implementation of the remote access server.
37. Routing Information Protocol (RIP): a dynamic route definition protocol, typically used on only very small networks
38.  
39. DirectAccess: a feature introduced with Windows 7 and Windows Server 2008 R2 that provides seamless intranet connectivity to DirectAccess client computers when they are connected to the Internet
40. access client: a computer or device that contacts or connects to a RADIUS client, which requires authentication and authorization to connect.
41. authentication, authorization, and accounting (AAA): features provided by RADIUS servers to authenticate, authorize, and audit remote access to the network.
42. authorization: the process that determines what a user is permitted to do on a computer system or network.
43. Network Policy Server (NPS): Microsoft’s implementation of the RADIUS server defined in RFC 2865 and 2866.
44. RADIUS clients: are servers (such as servers running RRAS) and devices (such as wireless access points and 802.1X switch) that forward RADIUS requests to a RADIUS server.
45. RADIUS proxy: a server that forwards authentication and accounting messages to other RADIUS servers.