SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
MCTS: Protepcting Network Traffic With IPsec
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 42 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You configure Connection Security Rules for any one computer in the ______ console or the ______node in Server Manager.
Secure Server (Require Security)
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Kerberos
Windows Firewall with Advanced Security (WFAS) - WFAS
2. Note that when matching a source or destination address - the most ______ IPsec filter always takes precedence.
ESP
Encryption
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
specific
3. IP ______ contain a set of one or more IP filters that capture IP traffic for an IPsec Policy.
ESP
Kerberos
filter lists
Data authentication - Encryption
4. Possible filter actions for a rule include block - permit - or ______ security.
Data origin authentication
negotiate
Anti-replay protection
Active Directory domain
5. To establish SAs dynamically between IPsec peers - the ______ protocol is used.
quick mode
ESP - AH
Internet Key Exchange (IKE)
A filter action
6. Each policy rule - in turn - is associated with one IP ______ and one filter action.
two-phase
Anti-replay protection
rules
filter list
7. ______ provides data origin authentication - data integrity - and anti-replay protection for the entire IP packet.
IPsec Policies or Connection Security Rules
two-phase
certificate
AH
8. Every IPsec Policy rule have an IP filter list even if the ________________.
negotiate
Anti-replay protection
Internet Key Exchange (IKE)
list has only one IP filter
9. After two computers negotiate an IPsec connection - whether through IPsec Policies or Connection Security Rules - the data sent between those computers is secured in what is known as a ______.
Client (Respond Only)
Security Association (SA)
transport
ignores any
10. Like IPsec Policies - ______ evaluate network traffic and then block - allow - or negotiate security for messages based on the criteria you establish.
Connection Security Rules
Windows Firewall with Advanced Security (WFAS) - WFAS
transport
automatically becomes unassigned
11. You can configure IPsec to ensure that each packet you receive from a trusted party in fact originates from that party and is not spoofed. This describes what?
Group Policy
Windows Firewall with Advanced Security (WFAS) - WFAS
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
Data origin authentication
12. If you need encryption - use ______. If you just need to authenticate the data origin or verify data integrity - use ______.
ESP - AH
Windows Firewall with Advanced Security (WFAS) - WFAS
Security Association (SA)
Data authentication - Encryption
13. You can assign only one IPsec Policy to a computer at a time. If you assign a second IPsec Policy to a computer - the first IPsec Policy ______.
Active Directory domain
Connection Security Rules
automatically becomes unassigned
list has only one IP filter
14. You can use IPsec to ensure that data is not altered in transit. This describes what?
Data integrity
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
two-phase
filter list
15. In Win Vista - Win 7 - Win Srvr 2008 and Win Srvr 2008 R2 - IPsec is enforced either by ______ or ______.
Security Association (SA)
Group Policy
IPsec Policies or Connection Security Rules
Connection Security Rules
16. ______ provides data encryption - data origin authentication - data integrity - and anti-replay protection for the ESP payload.
transport
Data origin authentication
Server (Request Security)
ESP
17. The main advantage of using Connection Security Rules is that they are ______.
Kerberos
A filter action
AH
simpler to configure
18. IPsec by default operates in ______ mode - which is used to provide end-to-end security between computers.
transport
Secure Server (Require Security)
A filter action
ignores any
19. You can assign an IPsec Policy either to an individual computer by using Local Security Policy or to a group of computers by using ______.
Group Policy
Internet Key Exchange (IKE)
filter list
Security Association (SA)
20. You can summarize the steps for establishing an IPsec connection in the following way:
specific
transport
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Layer Two Tunneling Protocol (L2TP)
21. Every IPsec Policy is composed of one or more IPsec Policy ______ that determine when and how IP traffic should be protected.
ignores any
Group Policy
rules
IPsec Policies
22. ______ by default attempt to negotiate only authentication services.
ESP - AH
Internet Key Exchange (IKE)
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Connection Security Rules
23. Determines whether the traffic captured by an IP filter in a given policy rule is permitted - blocked - encrypted - or authenticated.
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
simpler to configure
Layer Two Tunneling Protocol (L2TP)
A filter action
24. Phase 1 negotiation is known as main mode negotiation - and Phase 2 is known as ______ negotiation.
Client (Respond Only)
simpler to configure
AH
quick mode
25. Transport mode is also used in most IPsec-based VPNs - for which the ______is used to tunnel the IPsec connection through the public network.
filter lists
Layer Two Tunneling Protocol (L2TP)
Data origin authentication
data authentication
26. IPsec provides ______ in the form of data origin authentication - data integrity - and anti-replay protection.
Data integrity
Internet Key Exchange (IKE)
data authentication
Group Policy
27. You can use any of these three methods to authenticate the hosts communicating through IPsec:
ESP
Kerberos (Active Directory) - Certificates - Preshared key
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
filter lists
28. In Group Policy - three IPsec Policies are predefined. You can thus configure an IPsec Policy for a domain or an OU by assigning any one of the following predefined policies:
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Data origin authentication
Internet Key Exchange (IKE)
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
29. Remember that ______ authentication is preferable in an AD environment. Outside of an AD environment - a certificate infrastructure is your best option.
Windows Firewall with Advanced Security (WFAS) - WFAS
ESP
list has only one IP filter
Kerberos
30. With IPsec ______ mode - an entire IP packet is protected and then encapsulated with an additional - unprotected IP header.
tunnel
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Kerberos
ESP - AH
31. ______ by default attempt to negotiate both authentication and encryption services.
IPsec Policies
Kerberos
AH
filter list
32. If Group Policy assigns an IPsec Policy to a computer - the computer ______ IPsec Policy assigned in its Local Security Policy.
ignores any
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Data origin authentication
IPsec Policies or Connection Security Rules
33. Security for an SA is provided by the two IPsec protocols: ______ and ______.
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Connection Security Rules
Group Policy
list has only one IP filter
34. You can use an Isolation rule to configure "domain isolation." This simply means that you can use Connection Security Rules to block traffic from computers originating from outside the local ______.
Active Directory domain
Data origin authentication
Security Association (SA)
Data authentication - Encryption
35. You can configure IPsec to verify that each packet received is unique and not duplicated. This describes what?
ignores any
Secure Server (Require Security)
Anti-replay protection
automatically becomes unassigned
36. To ensure successful and secure communication - IKE performs a ______ negotiation operation - each with its own SAs.
Data origin authentication
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
two-phase
37. You should assign the ______ policy to intranet servers that require secure communications - such as a server that transmits highly sensitive data.
rules
Connection Security Rules
tunnel
Secure Server (Require Security)
38. IPsec protects data between two IP addresses by providing the following services:
specific
Data authentication - Encryption
tunnel
ESP
39. If you need to implement IPsec in a production environment in which Kerberos authentication is not available - you should use a ______ infrastructure to authenticate the IPsec peers.
Data authentication - Encryption
Layer Two Tunneling Protocol (L2TP)
certificate
two-phase
40. You can use IPsec to encrypt network data so that the data is unreadable if captured in transit. This describes what?
quick mode
Secure Server (Require Security)
IPsec Policies or Connection Security Rules
Encryption
41. You should assign the ______ policy to computers for which encryption is preferred but not required.
list has only one IP filter
quick mode
Kerberos
Server (Request Security)
42. When you assign ______ policy to a computer through a GPO - that computer will never initiate a request to establish an IPsec communications channel with another computer.
Kerberos
Group Policy
two-phase
Client (Respond Only)