SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Protepcting Network Traffic With IPsec
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 42 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To establish SAs dynamically between IPsec peers - the ______ protocol is used.
rules
Internet Key Exchange (IKE)
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
Kerberos (Active Directory) - Certificates - Preshared key
2. You can use IPsec to encrypt network data so that the data is unreadable if captured in transit. This describes what?
filter list
Encryption
list has only one IP filter
Secure Server (Require Security)
3. With IPsec ______ mode - an entire IP packet is protected and then encapsulated with an additional - unprotected IP header.
tunnel
Client (Respond Only)
simpler to configure
Active Directory domain
4. Possible filter actions for a rule include block - permit - or ______ security.
negotiate
Group Policy
Kerberos (Active Directory) - Certificates - Preshared key
ignores any
5. You can assign only one IPsec Policy to a computer at a time. If you assign a second IPsec Policy to a computer - the first IPsec Policy ______.
automatically becomes unassigned
certificate
Kerberos
ignores any
6. If Group Policy assigns an IPsec Policy to a computer - the computer ______ IPsec Policy assigned in its Local Security Policy.
Layer Two Tunneling Protocol (L2TP)
list has only one IP filter
IPsec Policies or Connection Security Rules
ignores any
7. If you need encryption - use ______. If you just need to authenticate the data origin or verify data integrity - use ______.
Encryption
IPsec Policies or Connection Security Rules
certificate
ESP - AH
8. You should assign the ______ policy to intranet servers that require secure communications - such as a server that transmits highly sensitive data.
Security Association (SA)
IPsec Policies or Connection Security Rules
Secure Server (Require Security)
ignores any
9. Determines whether the traffic captured by an IP filter in a given policy rule is permitted - blocked - encrypted - or authenticated.
certificate
Active Directory domain
A filter action
IPsec Policies
10. IPsec by default operates in ______ mode - which is used to provide end-to-end security between computers.
Kerberos
Windows Firewall with Advanced Security (WFAS) - WFAS
Connection Security Rules
transport
11. You can configure IPsec to verify that each packet received is unique and not duplicated. This describes what?
Anti-replay protection
Connection Security Rules
Group Policy
AH
12. ______ by default attempt to negotiate only authentication services.
Windows Firewall with Advanced Security (WFAS) - WFAS
Connection Security Rules
two-phase
Client (Respond Only)
13. You configure Connection Security Rules for any one computer in the ______ console or the ______node in Server Manager.
Windows Firewall with Advanced Security (WFAS) - WFAS
list has only one IP filter
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
rules
14. Remember that ______ authentication is preferable in an AD environment. Outside of an AD environment - a certificate infrastructure is your best option.
Data origin authentication
Kerberos
Encryption
Kerberos (Active Directory) - Certificates - Preshared key
15. You can use an Isolation rule to configure "domain isolation." This simply means that you can use Connection Security Rules to block traffic from computers originating from outside the local ______.
negotiate
ESP - AH
Active Directory domain
Security Association (SA)
16. The main advantage of using Connection Security Rules is that they are ______.
simpler to configure
Data integrity
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
AH
17. IP ______ contain a set of one or more IP filters that capture IP traffic for an IPsec Policy.
filter lists
negotiate
transport
Kerberos (Active Directory) - Certificates - Preshared key
18. Each policy rule - in turn - is associated with one IP ______ and one filter action.
Client (Respond Only)
Kerberos (Active Directory) - Certificates - Preshared key
Data origin authentication
filter list
19. In Group Policy - three IPsec Policies are predefined. You can thus configure an IPsec Policy for a domain or an OU by assigning any one of the following predefined policies:
Kerberos (Active Directory) - Certificates - Preshared key
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
IPsec Policies
transport
20. You can summarize the steps for establishing an IPsec connection in the following way:
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Encryption
data authentication
quick mode
21. After two computers negotiate an IPsec connection - whether through IPsec Policies or Connection Security Rules - the data sent between those computers is secured in what is known as a ______.
negotiate
two-phase
Group Policy
Security Association (SA)
22. You can use IPsec to ensure that data is not altered in transit. This describes what?
Data integrity
data authentication
Secure Server (Require Security)
Group Policy
23. If you need to implement IPsec in a production environment in which Kerberos authentication is not available - you should use a ______ infrastructure to authenticate the IPsec peers.
filter lists
Connection Security Rules
filter list
certificate
24. You can assign an IPsec Policy either to an individual computer by using Local Security Policy or to a group of computers by using ______.
A filter action
Data integrity
automatically becomes unassigned
Group Policy
25. Phase 1 negotiation is known as main mode negotiation - and Phase 2 is known as ______ negotiation.
list has only one IP filter
quick mode
transport
Security Association (SA)
26. You can use any of these three methods to authenticate the hosts communicating through IPsec:
Kerberos (Active Directory) - Certificates - Preshared key
IPsec Policies or Connection Security Rules
Group Policy
Windows Firewall with Advanced Security (WFAS) - WFAS
27. In Win Vista - Win 7 - Win Srvr 2008 and Win Srvr 2008 R2 - IPsec is enforced either by ______ or ______.
filter list
Anti-replay protection
IPsec Policies or Connection Security Rules
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
28. ______ by default attempt to negotiate both authentication and encryption services.
simpler to configure
two-phase
Encryption
IPsec Policies
29. ______ provides data encryption - data origin authentication - data integrity - and anti-replay protection for the ESP payload.
A filter action
Kerberos
Group Policy
ESP
30. Note that when matching a source or destination address - the most ______ IPsec filter always takes precedence.
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Layer Two Tunneling Protocol (L2TP)
Authentication Header (AH) and Encapsulating Security Payload (ESP)
specific
31. IPsec provides ______ in the form of data origin authentication - data integrity - and anti-replay protection.
two-phase
tunnel
data authentication
A filter action
32. Every IPsec Policy rule have an IP filter list even if the ________________.
list has only one IP filter
rules
Client (Respond Only)
filter list
33. To ensure successful and secure communication - IKE performs a ______ negotiation operation - each with its own SAs.
Data integrity
filter lists
specific
two-phase
34. Every IPsec Policy is composed of one or more IPsec Policy ______ that determine when and how IP traffic should be protected.
IPsec Policies
Server (Request Security)
rules
Authentication Header (AH) and Encapsulating Security Payload (ESP)
35. Like IPsec Policies - ______ evaluate network traffic and then block - allow - or negotiate security for messages based on the criteria you establish.
Windows Firewall with Advanced Security (WFAS) - WFAS
two-phase
ESP
Connection Security Rules
36. When you assign ______ policy to a computer through a GPO - that computer will never initiate a request to establish an IPsec communications channel with another computer.
AH
Client (Respond Only)
transport
ignores any
37. IPsec protects data between two IP addresses by providing the following services:
Kerberos
Data authentication - Encryption
Layer Two Tunneling Protocol (L2TP)
Anti-replay protection
38. You can configure IPsec to ensure that each packet you receive from a trusted party in fact originates from that party and is not spoofed. This describes what?
Internet Key Exchange (IKE)
Data origin authentication
Secure Server (Require Security)
negotiate
39. You should assign the ______ policy to computers for which encryption is preferred but not required.
filter lists
quick mode
ignores any
Server (Request Security)
40. ______ provides data origin authentication - data integrity - and anti-replay protection for the entire IP packet.
quick mode
Server (Request Security)
Data integrity
AH
41. Transport mode is also used in most IPsec-based VPNs - for which the ______is used to tunnel the IPsec connection through the public network.
specific
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
Layer Two Tunneling Protocol (L2TP)
data authentication
42. Security for an SA is provided by the two IPsec protocols: ______ and ______.
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Connection Security Rules
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Windows Firewall with Advanced Security (WFAS) - WFAS