Address the following in your response:

1)What are some of the additional tabs that are available in the Active Directory Users and Computers "Advanced Features" mode?

2)What are some of the specific challenges and risks associated with accountmanagement in a large infrastructure?

3)How can inadequate access controls or access management leave critical information vulnerable?

4)What protections does encryption offer and how important is key management tokeeping any encryption system secured?

5)Considera cloud-hosted Infrastructure as a Service (IaaS) environment with many users accessing these systems from all over the world. What advantages or challenges might there be managing these identities and associated keys?

below I have solved the required Question in step by step fashion.

 

 

Step-by-step explanation

The step by step explanation answer is given below.

 

 

Explain the types of information that can be stored in an Active Directory user record.

 

Active Directory (AD) may be a directory service developed by Microsoft for Windows domain networks. it's enclosed in most Windows Server operative systems as a group of processes associate degreed services. Initially, Active Directory was solely to blame of centralized domain management. However, Active Directory became an umbrella title for a broad vary of directory-based identity-related services.

Active Directory Domain Services (AD DS) is that the cornerstone of each Windows domain network. It stores info concerning members of the domain, together with devices and users, verifies their credentials and defines their access rights. The server running this service is named a site controller. a site controller is contacted once a user logs into a device, accesses another device across the network, or runs a line-of-business Metro-style app sideloaded into a device.

It has the flexibility to record differing types of data concerning completely different objects. Active directory trend towards wishing on normal protocols that stores in an activity directory user record.

Some of the informations that may be keep in Active directory are:

1. Organization personal informations

2. Sites

3. Computers

4.Users

5. Shares

6. info or data about the other network object.

What are some of the additional tabs that are available in the Active Directory Users and Computers "Advanced Features" mode?

Ans:

Many administrators are familiar with Additional Account Info tab since there have been AD domains based on Windows Server 2003. It is to be reminded that the Additional Account Info tab to appear in the User Properties of Active Directory Users and Computers (ADUC) console, you had to download Windows 2003 Resource Kit and register a special library Acctinfo.dll .

After that if you open the properties window of any AD user, you can see a new tab containing different information useful for a domain administrator, like:

• Password Last Set - time when a user password has been changed
• Password Expires - a period of time when the password expires
• User Account Control / Locked - the account status (enabled, disabled, locked, etc.)
• Last logon (logoff) - the time of the last logon (logoff) of the user on the domain controller
• Information on the counters of failed/successful logons
• SID, GUID information and SID History

So, to add Acctinfo.dll to the Active Directory Users and Computers in the x64 version of Windows (Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012 / R2), you have to:

• Download the Account Lockout and Management Tools from Microsoft website (the archive as of 8/22/2012, contains the self-extracting archive ALTools.exe with the size of 850 KB) and unpack it.
• Copy the library file acctinfo.dll to C:\Windows\SysWOW64 directory
• Start a command prompt as an administrator and register the library in the system:

1	regsvr32 C:\Windows\SysWOW64\acctinfo.dll

• 
  Create a shortcut for Active Directory Users and Computer (dsa.msc) snap-in, and specify in the shortcut properties that you want to run the console in the 32-bit mode:

1	C:\Windows\System32\dsa.msc -32

• Open ADUC console with this shortcut and enable the display of the advanced features (View->Advanced Features)
• Left open the properties of any domain user and make sure that the new Additional Account Info tab has appeared.
• You can expand the features of this tab by integrating a separate Account Lockout Status button into it, which allows to start LockoutStatus.exe (Microsoft Account Lockout Status) directly from the ADUC console. This utility can analyze the logs of the AD domain controllers and determine which domain controller has locked the account

 

-------------------------

-------------------------

What are some of the specific challenges and risks associated with accountmanagement in a large infrastructure?

 

1.There is an inherent conflict between the aspiration of data to limit the number of records and volatility of potential future.

2.It is important to maintain flexibility to respond to unforeseen changes over the life cycle of a project when there is larger infrastructure.

3.It requires an end-to-end risk-management view, as opposed, individualized process-step responsibility when the capacity of data is vulnerable.

4.The mitigation capabilities causes risks with account management in a large infrastructure

 

How can inadequate access controls or access management leave critical information vulnerable?

Ans:

1.If there is no proper access management,there will be problem in loosing security of which data is viewed by whom.

2.It is important to access and maintain employees only to access their job or function.

3.There is no urgency to remove access at any time before checking data concurrency.

4.Major problem with incorrect access management is audits and compliance issues.

 

What protections does encryption offer and how important is key management tokeeping any encryption system secured?

Ans:

1.Private key and public key gives protection which improves complexity, and in particular this means dealing with encryption keys.

2.It Encouraged organisations to encrypt their data more and more,removable media such as tapes and mobile devices like laptops.

3.checking the protection of ensure the central key repository.

4.It provides a public key to encrypt data and a private key to decrypt data.

 

 

-

Considera cloud-hosted Infrastructure as a Service (IaaS) environment with many users accessing these systems from all over the world. What advantages or challenges might there be managing these identities and associated keys?

Ans:

1.Insufficient iteration between client and contractor's top team is the challange in managing associated keys

2.Proactive risk activation is a major advantage in cloud-hosted Infrastructure as a Service (IaaS) environment with many users accessing these systems.

3.On site visual management and onsite change handling can be done in cloud hosted Iaas.

4.Consistency over management approval of multiple adjustments.

 

--

Note: If you still have doubts or want me to update the answer then ask it in comments
I will be happy to help you there as well.

Any further queries, if any, can be conveyed through comments.

Please do support if you find it helpful :)