To encrypt the network traffic between clients and servers

To secure and control access to resources based on claims

To configure domain controllers for user authentication

To monitor user activity across the network

A piece of information that defines the user's identity or attributes

A policy for user access to applications

A password used to authenticate the user

A network resource that the user wants to access

A Windows Server 2008 domain controller

A specialized access control list on each resource

A third-party authentication service

A trusted identity provider and Windows Server 2012 or higher

The user’s SID, group membership, and claims

A password hash and encryption key

The user’s role-based access control policies

The resource access logs of the user

Kerberos Key Distribution Center (KDC)

Active Directory Domain Services (AD DS)

Security Token Service (STS)

File Server Resource Manager (FSRM)

It creates and stores the claims for users or devices

It verifies the authenticity of the claims and issues the token

It provides the Kerberos authentication tickets for users

It manages the file permissions on the server

To encrypt documents for storage

To provide a Virtual Private Network (VPN) for secure document sharing

To restrict who can access a document and control what actions can be performed on it

To create backups of confidential documents