SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
MCTS: Protepcting Network Traffic With IPsec
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 42 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If you need encryption - use ______. If you just need to authenticate the data origin or verify data integrity - use ______.
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Layer Two Tunneling Protocol (L2TP)
ESP - AH
Group Policy
2. ______ by default attempt to negotiate both authentication and encryption services.
ESP - AH
Internet Key Exchange (IKE)
simpler to configure
IPsec Policies
3. You can assign only one IPsec Policy to a computer at a time. If you assign a second IPsec Policy to a computer - the first IPsec Policy ______.
Security Association (SA)
negotiate
automatically becomes unassigned
simpler to configure
4. If you need to implement IPsec in a production environment in which Kerberos authentication is not available - you should use a ______ infrastructure to authenticate the IPsec peers.
certificate
Internet Key Exchange (IKE)
two-phase
data authentication
5. You can summarize the steps for establishing an IPsec connection in the following way:
Connection Security Rules
Layer Two Tunneling Protocol (L2TP)
transport
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
6. Like IPsec Policies - ______ evaluate network traffic and then block - allow - or negotiate security for messages based on the criteria you establish.
Kerberos (Active Directory) - Certificates - Preshared key
AH
two-phase
Connection Security Rules
7. ______ provides data origin authentication - data integrity - and anti-replay protection for the entire IP packet.
negotiate
Data integrity
Connection Security Rules
AH
8. You configure Connection Security Rules for any one computer in the ______ console or the ______node in Server Manager.
Security Association (SA)
two-phase
Windows Firewall with Advanced Security (WFAS) - WFAS
filter list
9. IPsec provides ______ in the form of data origin authentication - data integrity - and anti-replay protection.
Anti-replay protection
Data authentication - Encryption
data authentication
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
10. Phase 1 negotiation is known as main mode negotiation - and Phase 2 is known as ______ negotiation.
quick mode
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Kerberos
Internet Key Exchange (IKE)
11. Possible filter actions for a rule include block - permit - or ______ security.
ESP - AH
data authentication
negotiate
Active Directory domain
12. If Group Policy assigns an IPsec Policy to a computer - the computer ______ IPsec Policy assigned in its Local Security Policy.
ignores any
Layer Two Tunneling Protocol (L2TP)
Data authentication - Encryption
list has only one IP filter
13. When you assign ______ policy to a computer through a GPO - that computer will never initiate a request to establish an IPsec communications channel with another computer.
Data integrity
Data authentication - Encryption
tunnel
Client (Respond Only)
14. After two computers negotiate an IPsec connection - whether through IPsec Policies or Connection Security Rules - the data sent between those computers is secured in what is known as a ______.
ESP
Security Association (SA)
tunnel
Kerberos
15. In Win Vista - Win 7 - Win Srvr 2008 and Win Srvr 2008 R2 - IPsec is enforced either by ______ or ______.
Connection Security Rules
IPsec Policies or Connection Security Rules
AH
Authentication Header (AH) and Encapsulating Security Payload (ESP)
16. With IPsec ______ mode - an entire IP packet is protected and then encapsulated with an additional - unprotected IP header.
transport
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
tunnel
Active Directory domain
17. You can configure IPsec to verify that each packet received is unique and not duplicated. This describes what?
Anti-replay protection
IPsec Policies or Connection Security Rules
Layer Two Tunneling Protocol (L2TP)
ESP
18. Determines whether the traffic captured by an IP filter in a given policy rule is permitted - blocked - encrypted - or authenticated.
data authentication
ESP
certificate
A filter action
19. You can assign an IPsec Policy either to an individual computer by using Local Security Policy or to a group of computers by using ______.
specific
Encryption
Server (Request Security)
Group Policy
20. You can use IPsec to ensure that data is not altered in transit. This describes what?
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Data integrity
Internet Key Exchange (IKE)
Group Policy
21. IPsec by default operates in ______ mode - which is used to provide end-to-end security between computers.
Layer Two Tunneling Protocol (L2TP)
Secure Server (Require Security)
Client (Respond Only)
transport
22. You can use an Isolation rule to configure "domain isolation." This simply means that you can use Connection Security Rules to block traffic from computers originating from outside the local ______.
list has only one IP filter
negotiate
A filter action
Active Directory domain
23. You should assign the ______ policy to intranet servers that require secure communications - such as a server that transmits highly sensitive data.
Kerberos (Active Directory) - Certificates - Preshared key
tunnel
ignores any
Secure Server (Require Security)
24. ______ provides data encryption - data origin authentication - data integrity - and anti-replay protection for the ESP payload.
Encryption
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
ESP
Authentication Header (AH) and Encapsulating Security Payload (ESP)
25. Each policy rule - in turn - is associated with one IP ______ and one filter action.
transport
filter list
Encryption
Authentication Header (AH) and Encapsulating Security Payload (ESP)
26. Security for an SA is provided by the two IPsec protocols: ______ and ______.
negotiate
A filter action
data authentication
Authentication Header (AH) and Encapsulating Security Payload (ESP)
27. ______ by default attempt to negotiate only authentication services.
ignores any
Client (Respond Only)
Connection Security Rules
transport
28. In Group Policy - three IPsec Policies are predefined. You can thus configure an IPsec Policy for a domain or an OU by assigning any one of the following predefined policies:
Windows Firewall with Advanced Security (WFAS) - WFAS
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
two-phase
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
29. You should assign the ______ policy to computers for which encryption is preferred but not required.
A filter action
ignores any
Server (Request Security)
transport
30. IP ______ contain a set of one or more IP filters that capture IP traffic for an IPsec Policy.
simpler to configure
automatically becomes unassigned
filter lists
ignores any
31. Remember that ______ authentication is preferable in an AD environment. Outside of an AD environment - a certificate infrastructure is your best option.
filter list
automatically becomes unassigned
Kerberos
certificate
32. You can use IPsec to encrypt network data so that the data is unreadable if captured in transit. This describes what?
two-phase
list has only one IP filter
Client (Respond Only)
Encryption
33. IPsec protects data between two IP addresses by providing the following services:
negotiate
Secure Server (Require Security)
Data authentication - Encryption
Connection Security Rules
34. To ensure successful and secure communication - IKE performs a ______ negotiation operation - each with its own SAs.
Internet Key Exchange (IKE)
two-phase
simpler to configure
tunnel
35. You can configure IPsec to ensure that each packet you receive from a trusted party in fact originates from that party and is not spoofed. This describes what?
simpler to configure
ignores any
certificate
Data origin authentication
36. Transport mode is also used in most IPsec-based VPNs - for which the ______is used to tunnel the IPsec connection through the public network.
AH
transport
IPsec Policies
Layer Two Tunneling Protocol (L2TP)
37. Every IPsec Policy is composed of one or more IPsec Policy ______ that determine when and how IP traffic should be protected.
automatically becomes unassigned
Kerberos
Data authentication - Encryption
rules
38. The main advantage of using Connection Security Rules is that they are ______.
certificate
list has only one IP filter
Kerberos
simpler to configure
39. Every IPsec Policy rule have an IP filter list even if the ________________.
list has only one IP filter
ignores any
two-phase
A filter action
40. You can use any of these three methods to authenticate the hosts communicating through IPsec:
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Server (Request Security)
Kerberos (Active Directory) - Certificates - Preshared key
filter list
41. Note that when matching a source or destination address - the most ______ IPsec filter always takes precedence.
IPsec Policies
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
specific
ESP
42. To establish SAs dynamically between IPsec peers - the ______ protocol is used.
Connection Security Rules
rules
Internet Key Exchange (IKE)
Data authentication - Encryption