SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Protepcting Network Traffic With IPsec
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 42 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ______ provides data origin authentication - data integrity - and anti-replay protection for the entire IP packet.
AH
Connection Security Rules
negotiate
Windows Firewall with Advanced Security (WFAS) - WFAS
2. To ensure successful and secure communication - IKE performs a ______ negotiation operation - each with its own SAs.
rules
two-phase
AH
Connection Security Rules
3. You can use IPsec to ensure that data is not altered in transit. This describes what?
Data integrity
IPsec Policies or Connection Security Rules
quick mode
certificate
4. IPsec by default operates in ______ mode - which is used to provide end-to-end security between computers.
data authentication
Connection Security Rules
transport
specific
5. Every IPsec Policy rule have an IP filter list even if the ________________.
list has only one IP filter
AH
IPsec Policies or Connection Security Rules
Internet Key Exchange (IKE)
6. You can configure IPsec to ensure that each packet you receive from a trusted party in fact originates from that party and is not spoofed. This describes what?
Data origin authentication
list has only one IP filter
Internet Key Exchange (IKE)
Security Association (SA)
7. ______ provides data encryption - data origin authentication - data integrity - and anti-replay protection for the ESP payload.
ESP
Connection Security Rules
Data authentication - Encryption
Kerberos
8. IP ______ contain a set of one or more IP filters that capture IP traffic for an IPsec Policy.
automatically becomes unassigned
IPsec Policies or Connection Security Rules
filter lists
transport
9. The main advantage of using Connection Security Rules is that they are ______.
Windows Firewall with Advanced Security (WFAS) - WFAS
Data origin authentication
simpler to configure
certificate
10. With IPsec ______ mode - an entire IP packet is protected and then encapsulated with an additional - unprotected IP header.
Server (Request Security)
Kerberos
tunnel
Data authentication - Encryption
11. Every IPsec Policy is composed of one or more IPsec Policy ______ that determine when and how IP traffic should be protected.
Authentication Header (AH) and Encapsulating Security Payload (ESP)
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Active Directory domain
rules
12. Determines whether the traffic captured by an IP filter in a given policy rule is permitted - blocked - encrypted - or authenticated.
specific
Encryption
A filter action
filter lists
13. IPsec provides ______ in the form of data origin authentication - data integrity - and anti-replay protection.
rules
Internet Key Exchange (IKE)
data authentication
Kerberos (Active Directory) - Certificates - Preshared key
14. Security for an SA is provided by the two IPsec protocols: ______ and ______.
Client (Respond Only)
data authentication
A filter action
Authentication Header (AH) and Encapsulating Security Payload (ESP)
15. Each policy rule - in turn - is associated with one IP ______ and one filter action.
Internet Key Exchange (IKE)
filter list
automatically becomes unassigned
Encryption
16. If you need to implement IPsec in a production environment in which Kerberos authentication is not available - you should use a ______ infrastructure to authenticate the IPsec peers.
IPsec Policies
quick mode
Security Association (SA)
certificate
17. IPsec protects data between two IP addresses by providing the following services:
Data authentication - Encryption
Secure Server (Require Security)
data authentication
Security Association (SA)
18. You can use any of these three methods to authenticate the hosts communicating through IPsec:
Kerberos (Active Directory) - Certificates - Preshared key
simpler to configure
Security Association (SA)
quick mode
19. You can assign only one IPsec Policy to a computer at a time. If you assign a second IPsec Policy to a computer - the first IPsec Policy ______.
Server (Request Security)
Connection Security Rules
automatically becomes unassigned
Data origin authentication
20. To establish SAs dynamically between IPsec peers - the ______ protocol is used.
Client (Respond Only)
negotiate
Internet Key Exchange (IKE)
simpler to configure
21. You can use an Isolation rule to configure "domain isolation." This simply means that you can use Connection Security Rules to block traffic from computers originating from outside the local ______.
IPsec Policies
A filter action
Active Directory domain
Client (Respond Only)
22. You should assign the ______ policy to computers for which encryption is preferred but not required.
Anti-replay protection
Server (Request Security)
Connection Security Rules
Kerberos (Active Directory) - Certificates - Preshared key
23. Possible filter actions for a rule include block - permit - or ______ security.
Internet Key Exchange (IKE)
negotiate
Windows Firewall with Advanced Security (WFAS) - WFAS
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
24. When you assign ______ policy to a computer through a GPO - that computer will never initiate a request to establish an IPsec communications channel with another computer.
Secure Server (Require Security)
Client (Respond Only)
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Internet Key Exchange (IKE)
25. You can assign an IPsec Policy either to an individual computer by using Local Security Policy or to a group of computers by using ______.
Kerberos (Active Directory) - Certificates - Preshared key
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Group Policy
Anti-replay protection
26. ______ by default attempt to negotiate both authentication and encryption services.
rules
Kerberos (Active Directory) - Certificates - Preshared key
Windows Firewall with Advanced Security (WFAS) - WFAS
IPsec Policies
27. You configure Connection Security Rules for any one computer in the ______ console or the ______node in Server Manager.
Windows Firewall with Advanced Security (WFAS) - WFAS
filter list
A filter action
rules
28. Like IPsec Policies - ______ evaluate network traffic and then block - allow - or negotiate security for messages based on the criteria you establish.
Data origin authentication
Data integrity
Connection Security Rules
Secure Server (Require Security)
29. You should assign the ______ policy to intranet servers that require secure communications - such as a server that transmits highly sensitive data.
data authentication
ignores any
Secure Server (Require Security)
AH
30. In Group Policy - three IPsec Policies are predefined. You can thus configure an IPsec Policy for a domain or an OU by assigning any one of the following predefined policies:
Internet Key Exchange (IKE)
list has only one IP filter
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
Anti-replay protection
31. Remember that ______ authentication is preferable in an AD environment. Outside of an AD environment - a certificate infrastructure is your best option.
Connection Security Rules
Kerberos
ESP
Data integrity
32. If you need encryption - use ______. If you just need to authenticate the data origin or verify data integrity - use ______.
ignores any
ESP - AH
list has only one IP filter
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
33. You can configure IPsec to verify that each packet received is unique and not duplicated. This describes what?
Data integrity
Anti-replay protection
simpler to configure
Group Policy
34. Phase 1 negotiation is known as main mode negotiation - and Phase 2 is known as ______ negotiation.
quick mode
Client (Respond Only)
Group Policy
specific
35. Note that when matching a source or destination address - the most ______ IPsec filter always takes precedence.
AH
A filter action
specific
transport
36. In Win Vista - Win 7 - Win Srvr 2008 and Win Srvr 2008 R2 - IPsec is enforced either by ______ or ______.
A filter action
specific
IPsec Policies or Connection Security Rules
IPsec Policies
37. You can use IPsec to encrypt network data so that the data is unreadable if captured in transit. This describes what?
Connection Security Rules
Encryption
filter list
Data authentication - Encryption
38. After two computers negotiate an IPsec connection - whether through IPsec Policies or Connection Security Rules - the data sent between those computers is secured in what is known as a ______.
simpler to configure
Security Association (SA)
Kerberos
Encryption
39. You can summarize the steps for establishing an IPsec connection in the following way:
two-phase
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
automatically becomes unassigned
negotiate
40. Transport mode is also used in most IPsec-based VPNs - for which the ______is used to tunnel the IPsec connection through the public network.
Security Association (SA)
simpler to configure
Data integrity
Layer Two Tunneling Protocol (L2TP)
41. ______ by default attempt to negotiate only authentication services.
Kerberos (Active Directory) - Certificates - Preshared key
filter lists
Secure Server (Require Security)
Connection Security Rules
42. If Group Policy assigns an IPsec Policy to a computer - the computer ______ IPsec Policy assigned in its Local Security Policy.
Anti-replay protection
Internet Key Exchange (IKE)
Windows Firewall with Advanced Security (WFAS) - WFAS
ignores any