Test your basic knowledge |

MCTS: Protepcting Network Traffic With IPsec

Subjects : certifications, mcts, it-skills

Instructions:

Answer 42 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. IPsec provides ______ in the form of data origin authentication - data integrity - and anti-replay protection.
Kerberos (Active Directory) - Certificates - Preshared key
data authentication
rules
IPsec Policies

2. If you need encryption - use ______. If you just need to authenticate the data origin or verify data integrity - use ______.
Data origin authentication
ESP - AH
Kerberos (Active Directory) - Certificates - Preshared key
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.

3. In Win Vista - Win 7 - Win Srvr 2008 and Win Srvr 2008 R2 - IPsec is enforced either by ______ or ______.
AH
Encryption
IPsec Policies
IPsec Policies or Connection Security Rules

4. IPsec protects data between two IP addresses by providing the following services:
ESP - AH
Data authentication - Encryption
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Secure Server (Require Security)

5. Note that when matching a source or destination address - the most ______ IPsec filter always takes precedence.
specific
IPsec Policies or Connection Security Rules
Kerberos
Data origin authentication

6. You can assign an IPsec Policy either to an individual computer by using Local Security Policy or to a group of computers by using ______.
Group Policy
Client (Respond Only)
Windows Firewall with Advanced Security (WFAS) - WFAS
quick mode

7. Each policy rule - in turn - is associated with one IP ______ and one filter action.
two-phase
ignores any
Anti-replay protection
filter list

8. The main advantage of using Connection Security Rules is that they are ______.
Connection Security Rules
Client (Respond Only)
two-phase
simpler to configure

9. IPsec by default operates in ______ mode - which is used to provide end-to-end security between computers.
negotiate
ESP - AH
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
transport

10. When you assign ______ policy to a computer through a GPO - that computer will never initiate a request to establish an IPsec communications channel with another computer.
list has only one IP filter
Anti-replay protection
rules
Client (Respond Only)

11. Transport mode is also used in most IPsec-based VPNs - for which the ______is used to tunnel the IPsec connection through the public network.
Connection Security Rules
simpler to configure
Layer Two Tunneling Protocol (L2TP)
ESP - AH

12. You should assign the ______ policy to computers for which encryption is preferred but not required.
data authentication
Kerberos
Internet Key Exchange (IKE)
Server (Request Security)

13. After two computers negotiate an IPsec connection - whether through IPsec Policies or Connection Security Rules - the data sent between those computers is secured in what is known as a ______.
Security Association (SA)
Group Policy
Layer Two Tunneling Protocol (L2TP)
Data authentication - Encryption

14. You can use any of these three methods to authenticate the hosts communicating through IPsec:
Encryption
certificate
Kerberos (Active Directory) - Certificates - Preshared key
Data integrity

15. To establish SAs dynamically between IPsec peers - the ______ protocol is used.
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Kerberos
Anti-replay protection
Internet Key Exchange (IKE)

16. ______ provides data origin authentication - data integrity - and anti-replay protection for the entire IP packet.
Encryption
quick mode
Windows Firewall with Advanced Security (WFAS) - WFAS
AH

17. Like IPsec Policies - ______ evaluate network traffic and then block - allow - or negotiate security for messages based on the criteria you establish.
Group Policy
Encryption
Connection Security Rules
negotiate

18. Phase 1 negotiation is known as main mode negotiation - and Phase 2 is known as ______ negotiation.
Data authentication - Encryption
AH
IPsec Policies
quick mode

19. To ensure successful and secure communication - IKE performs a ______ negotiation operation - each with its own SAs.
two-phase
ESP - AH
certificate
filter list

20. You can configure IPsec to verify that each packet received is unique and not duplicated. This describes what?
Anti-replay protection
two-phase
data authentication
Kerberos (Active Directory) - Certificates - Preshared key

21. You can use IPsec to ensure that data is not altered in transit. This describes what?
negotiate
IPsec Policies
Secure Server (Require Security)
Data integrity

22. You can assign only one IPsec Policy to a computer at a time. If you assign a second IPsec Policy to a computer - the first IPsec Policy ______.
tunnel
quick mode
automatically becomes unassigned
two-phase

23. Remember that ______ authentication is preferable in an AD environment. Outside of an AD environment - a certificate infrastructure is your best option.
Kerberos
Windows Firewall with Advanced Security (WFAS) - WFAS
Internet Key Exchange (IKE)
certificate

24. You configure Connection Security Rules for any one computer in the ______ console or the ______node in Server Manager.
Kerberos (Active Directory) - Certificates - Preshared key
Data authentication - Encryption
Windows Firewall with Advanced Security (WFAS) - WFAS
filter list

25. With IPsec ______ mode - an entire IP packet is protected and then encapsulated with an additional - unprotected IP header.
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
ignores any
Data integrity
tunnel

26. Possible filter actions for a rule include block - permit - or ______ security.
two-phase
Encryption
negotiate
Security Association (SA)

27. You should assign the ______ policy to intranet servers that require secure communications - such as a server that transmits highly sensitive data.
transport
two-phase
Secure Server (Require Security)
Windows Firewall with Advanced Security (WFAS) - WFAS

28. ______ provides data encryption - data origin authentication - data integrity - and anti-replay protection for the ESP payload.
ESP
tunnel
transport
filter list

29. If Group Policy assigns an IPsec Policy to a computer - the computer ______ IPsec Policy assigned in its Local Security Policy.
Secure Server (Require Security)
Encryption
Layer Two Tunneling Protocol (L2TP)
ignores any

30. ______ by default attempt to negotiate only authentication services.
tunnel
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Connection Security Rules
IPsec Policies or Connection Security Rules

31. You can configure IPsec to ensure that each packet you receive from a trusted party in fact originates from that party and is not spoofed. This describes what?
IPsec Policies or Connection Security Rules
Data origin authentication
certificate
Internet Key Exchange (IKE)

32. Determines whether the traffic captured by an IP filter in a given policy rule is permitted - blocked - encrypted - or authenticated.
A filter action
Encryption
ESP
filter list

33. Every IPsec Policy rule have an IP filter list even if the ________________.
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
list has only one IP filter
Kerberos
ESP - AH

34. Every IPsec Policy is composed of one or more IPsec Policy ______ that determine when and how IP traffic should be protected.
rules
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
ESP - AH
Authentication Header (AH) and Encapsulating Security Payload (ESP)

35. IP ______ contain a set of one or more IP filters that capture IP traffic for an IPsec Policy.
Secure Server (Require Security)
specific
filter lists
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)

36. ______ by default attempt to negotiate both authentication and encryption services.
Group Policy
IPsec Policies
specific
Kerberos

37. Security for an SA is provided by the two IPsec protocols: ______ and ______.
Kerberos (Active Directory) - Certificates - Preshared key
negotiate
Layer Two Tunneling Protocol (L2TP)
Authentication Header (AH) and Encapsulating Security Payload (ESP)

38. You can use an Isolation rule to configure "domain isolation." This simply means that you can use Connection Security Rules to block traffic from computers originating from outside the local ______.
Connection Security Rules
filter list
tunnel
Active Directory domain

39. If you need to implement IPsec in a production environment in which Kerberos authentication is not available - you should use a ______ infrastructure to authenticate the IPsec peers.
Kerberos
certificate
transport
filter lists

40. You can use IPsec to encrypt network data so that the data is unreadable if captured in transit. This describes what?
two-phase
Layer Two Tunneling Protocol (L2TP)
Encryption
specific

41. You can summarize the steps for establishing an IPsec connection in the following way:
Data authentication - Encryption
certificate
Data origin authentication
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.

42. In Group Policy - three IPsec Policies are predefined. You can thus configure an IPsec Policy for a domain or an OU by assigning any one of the following predefined policies:
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
Encryption
Active Directory domain
tunnel

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

MCTS: Protepcting Network Traffic With IPsec

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests