SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Protepcting Network Traffic With IPsec
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 42 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You can configure IPsec to verify that each packet received is unique and not duplicated. This describes what?
Group Policy
Kerberos (Active Directory) - Certificates - Preshared key
Anti-replay protection
quick mode
2. Determines whether the traffic captured by an IP filter in a given policy rule is permitted - blocked - encrypted - or authenticated.
A filter action
certificate
Secure Server (Require Security)
Authentication Header (AH) and Encapsulating Security Payload (ESP)
3. If you need encryption - use ______. If you just need to authenticate the data origin or verify data integrity - use ______.
A filter action
ESP - AH
two-phase
IPsec Policies
4. If you need to implement IPsec in a production environment in which Kerberos authentication is not available - you should use a ______ infrastructure to authenticate the IPsec peers.
two-phase
certificate
Data origin authentication
data authentication
5. IPsec provides ______ in the form of data origin authentication - data integrity - and anti-replay protection.
certificate
two-phase
data authentication
Encryption
6. You can summarize the steps for establishing an IPsec connection in the following way:
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Server (Request Security)
Connection Security Rules
simpler to configure
7. Each policy rule - in turn - is associated with one IP ______ and one filter action.
tunnel
filter list
automatically becomes unassigned
Client (Respond Only)
8. You can use any of these three methods to authenticate the hosts communicating through IPsec:
Anti-replay protection
Server (Request Security)
filter lists
Kerberos (Active Directory) - Certificates - Preshared key
9. The main advantage of using Connection Security Rules is that they are ______.
Layer Two Tunneling Protocol (L2TP)
simpler to configure
IPsec Policies
ignores any
10. You can assign an IPsec Policy either to an individual computer by using Local Security Policy or to a group of computers by using ______.
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
IPsec Policies
Group Policy
11. Possible filter actions for a rule include block - permit - or ______ security.
Kerberos (Active Directory) - Certificates - Preshared key
negotiate
Encryption
Data authentication - Encryption
12. To ensure successful and secure communication - IKE performs a ______ negotiation operation - each with its own SAs.
AH
two-phase
Kerberos
IPsec Policies or Connection Security Rules
13. Every IPsec Policy rule have an IP filter list even if the ________________.
automatically becomes unassigned
list has only one IP filter
specific
Internet Key Exchange (IKE)
14. ______ by default attempt to negotiate both authentication and encryption services.
Internet Key Exchange (IKE)
Anti-replay protection
Data authentication - Encryption
IPsec Policies
15. You can use an Isolation rule to configure "domain isolation." This simply means that you can use Connection Security Rules to block traffic from computers originating from outside the local ______.
specific
Server (Request Security)
Active Directory domain
Layer Two Tunneling Protocol (L2TP)
16. To establish SAs dynamically between IPsec peers - the ______ protocol is used.
Internet Key Exchange (IKE)
Group Policy
rules
filter list
17. Note that when matching a source or destination address - the most ______ IPsec filter always takes precedence.
Windows Firewall with Advanced Security (WFAS) - WFAS
Encryption
specific
list has only one IP filter
18. You can assign only one IPsec Policy to a computer at a time. If you assign a second IPsec Policy to a computer - the first IPsec Policy ______.
automatically becomes unassigned
Kerberos (Active Directory) - Certificates - Preshared key
Security Association (SA)
IPsec Policies or Connection Security Rules
19. ______ provides data encryption - data origin authentication - data integrity - and anti-replay protection for the ESP payload.
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
Data authentication - Encryption
transport
ESP
20. After two computers negotiate an IPsec connection - whether through IPsec Policies or Connection Security Rules - the data sent between those computers is secured in what is known as a ______.
Security Association (SA)
Data authentication - Encryption
two-phase
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
21. IPsec by default operates in ______ mode - which is used to provide end-to-end security between computers.
Connection Security Rules
Authentication Header (AH) and Encapsulating Security Payload (ESP)
transport
Server (Request Security)
22. When you assign ______ policy to a computer through a GPO - that computer will never initiate a request to establish an IPsec communications channel with another computer.
specific
IPsec Policies or Connection Security Rules
Client (Respond Only)
Data integrity
23. If Group Policy assigns an IPsec Policy to a computer - the computer ______ IPsec Policy assigned in its Local Security Policy.
IPsec Policies or Connection Security Rules
ignores any
ESP - AH
Secure Server (Require Security)
24. ______ provides data origin authentication - data integrity - and anti-replay protection for the entire IP packet.
Windows Firewall with Advanced Security (WFAS) - WFAS
AH
quick mode
list has only one IP filter
25. Every IPsec Policy is composed of one or more IPsec Policy ______ that determine when and how IP traffic should be protected.
Group Policy
Client (Respond Only)
rules
simpler to configure
26. With IPsec ______ mode - an entire IP packet is protected and then encapsulated with an additional - unprotected IP header.
A filter action
ignores any
ESP
tunnel
27. Like IPsec Policies - ______ evaluate network traffic and then block - allow - or negotiate security for messages based on the criteria you establish.
negotiate
Kerberos
Connection Security Rules
automatically becomes unassigned
28. You can use IPsec to ensure that data is not altered in transit. This describes what?
quick mode
Connection Security Rules
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Data integrity
29. Phase 1 negotiation is known as main mode negotiation - and Phase 2 is known as ______ negotiation.
quick mode
ignores any
rules
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
30. Transport mode is also used in most IPsec-based VPNs - for which the ______is used to tunnel the IPsec connection through the public network.
filter lists
Layer Two Tunneling Protocol (L2TP)
Server (Request Security)
Kerberos (Active Directory) - Certificates - Preshared key
31. You should assign the ______ policy to computers for which encryption is preferred but not required.
Server (Request Security)
filter list
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Layer Two Tunneling Protocol (L2TP)
32. You configure Connection Security Rules for any one computer in the ______ console or the ______node in Server Manager.
Windows Firewall with Advanced Security (WFAS) - WFAS
AH
Layer Two Tunneling Protocol (L2TP)
filter lists
33. You should assign the ______ policy to intranet servers that require secure communications - such as a server that transmits highly sensitive data.
IPsec Policies or Connection Security Rules
Layer Two Tunneling Protocol (L2TP)
Server (Request Security)
Secure Server (Require Security)
34. ______ by default attempt to negotiate only authentication services.
Connection Security Rules
Group Policy
rules
data authentication
35. You can configure IPsec to ensure that each packet you receive from a trusted party in fact originates from that party and is not spoofed. This describes what?
Data origin authentication
ESP
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
ESP - AH
36. IP ______ contain a set of one or more IP filters that capture IP traffic for an IPsec Policy.
Active Directory domain
filter lists
IPsec Policies or Connection Security Rules
list has only one IP filter
37. In Group Policy - three IPsec Policies are predefined. You can thus configure an IPsec Policy for a domain or an OU by assigning any one of the following predefined policies:
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
Windows Firewall with Advanced Security (WFAS) - WFAS
specific
Internet Key Exchange (IKE)
38. Remember that ______ authentication is preferable in an AD environment. Outside of an AD environment - a certificate infrastructure is your best option.
specific
Kerberos
list has only one IP filter
Group Policy
39. In Win Vista - Win 7 - Win Srvr 2008 and Win Srvr 2008 R2 - IPsec is enforced either by ______ or ______.
IPsec Policies or Connection Security Rules
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Kerberos
Layer Two Tunneling Protocol (L2TP)
40. Security for an SA is provided by the two IPsec protocols: ______ and ______.
data authentication
Anti-replay protection
Kerberos (Active Directory) - Certificates - Preshared key
Authentication Header (AH) and Encapsulating Security Payload (ESP)
41. IPsec protects data between two IP addresses by providing the following services:
certificate
automatically becomes unassigned
Encryption
Data authentication - Encryption
42. You can use IPsec to encrypt network data so that the data is unreadable if captured in transit. This describes what?
Encryption
filter list
simpler to configure
tunnel