SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Protepcting Network Traffic With IPsec
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 42 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You should assign the ______ policy to computers for which encryption is preferred but not required.
Kerberos
Anti-replay protection
Data origin authentication
Server (Request Security)
2. If you need to implement IPsec in a production environment in which Kerberos authentication is not available - you should use a ______ infrastructure to authenticate the IPsec peers.
Connection Security Rules
Anti-replay protection
certificate
data authentication
3. IPsec protects data between two IP addresses by providing the following services:
Data authentication - Encryption
Connection Security Rules
A filter action
Connection Security Rules
4. IPsec by default operates in ______ mode - which is used to provide end-to-end security between computers.
Client (Respond Only)
Secure Server (Require Security)
transport
data authentication
5. You can use an Isolation rule to configure "domain isolation." This simply means that you can use Connection Security Rules to block traffic from computers originating from outside the local ______.
ESP - AH
Active Directory domain
Internet Key Exchange (IKE)
Connection Security Rules
6. You configure Connection Security Rules for any one computer in the ______ console or the ______node in Server Manager.
list has only one IP filter
Data authentication - Encryption
Windows Firewall with Advanced Security (WFAS) - WFAS
Active Directory domain
7. You can use IPsec to encrypt network data so that the data is unreadable if captured in transit. This describes what?
Client (Respond Only)
Internet Key Exchange (IKE)
Encryption
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
8. Determines whether the traffic captured by an IP filter in a given policy rule is permitted - blocked - encrypted - or authenticated.
Data integrity
Windows Firewall with Advanced Security (WFAS) - WFAS
ignores any
A filter action
9. You can configure IPsec to ensure that each packet you receive from a trusted party in fact originates from that party and is not spoofed. This describes what?
Data origin authentication
Client (Respond Only)
data authentication
Active Directory domain
10. Like IPsec Policies - ______ evaluate network traffic and then block - allow - or negotiate security for messages based on the criteria you establish.
Internet Key Exchange (IKE)
Connection Security Rules
ESP
transport
11. You can configure IPsec to verify that each packet received is unique and not duplicated. This describes what?
Connection Security Rules
Data authentication - Encryption
Anti-replay protection
Active Directory domain
12. If Group Policy assigns an IPsec Policy to a computer - the computer ______ IPsec Policy assigned in its Local Security Policy.
Connection Security Rules
ignores any
Windows Firewall with Advanced Security (WFAS) - WFAS
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
13. You should assign the ______ policy to intranet servers that require secure communications - such as a server that transmits highly sensitive data.
filter list
Group Policy
Secure Server (Require Security)
tunnel
14. IPsec provides ______ in the form of data origin authentication - data integrity - and anti-replay protection.
Kerberos
data authentication
Data authentication - Encryption
A filter action
15. Note that when matching a source or destination address - the most ______ IPsec filter always takes precedence.
specific
ESP
tunnel
Kerberos (Active Directory) - Certificates - Preshared key
16. When you assign ______ policy to a computer through a GPO - that computer will never initiate a request to establish an IPsec communications channel with another computer.
certificate
two-phase
Client (Respond Only)
quick mode
17. The main advantage of using Connection Security Rules is that they are ______.
Internet Key Exchange (IKE)
Layer Two Tunneling Protocol (L2TP)
simpler to configure
Encryption
18. You can summarize the steps for establishing an IPsec connection in the following way:
quick mode
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
Active Directory domain
Authentication Header (AH) and Encapsulating Security Payload (ESP)
19. Transport mode is also used in most IPsec-based VPNs - for which the ______is used to tunnel the IPsec connection through the public network.
Data authentication - Encryption
Layer Two Tunneling Protocol (L2TP)
Data integrity
Kerberos
20. If you need encryption - use ______. If you just need to authenticate the data origin or verify data integrity - use ______.
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
ESP - AH
A filter action
certificate
21. To establish SAs dynamically between IPsec peers - the ______ protocol is used.
Internet Key Exchange (IKE)
Windows Firewall with Advanced Security (WFAS) - WFAS
Connection Security Rules
ESP - AH
22. Every IPsec Policy is composed of one or more IPsec Policy ______ that determine when and how IP traffic should be protected.
data authentication
IPsec Policies or Connection Security Rules
Secure Server (Require Security)
rules
23. Possible filter actions for a rule include block - permit - or ______ security.
ignores any
rules
IPsec Policies
negotiate
24. Phase 1 negotiation is known as main mode negotiation - and Phase 2 is known as ______ negotiation.
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
IPsec Policies or Connection Security Rules
AH
quick mode
25. Every IPsec Policy rule have an IP filter list even if the ________________.
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
list has only one IP filter
Kerberos
tunnel
26. With IPsec ______ mode - an entire IP packet is protected and then encapsulated with an additional - unprotected IP header.
Layer Two Tunneling Protocol (L2TP)
automatically becomes unassigned
tunnel
filter lists
27. You can use any of these three methods to authenticate the hosts communicating through IPsec:
Kerberos (Active Directory) - Certificates - Preshared key
Data origin authentication
A filter action
two-phase
28. Security for an SA is provided by the two IPsec protocols: ______ and ______.
Group Policy
simpler to configure
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Internet Key Exchange (IKE)
29. After two computers negotiate an IPsec connection - whether through IPsec Policies or Connection Security Rules - the data sent between those computers is secured in what is known as a ______.
tunnel
Security Association (SA)
Active Directory domain
two-phase
30. Each policy rule - in turn - is associated with one IP ______ and one filter action.
filter list
negotiate
Data origin authentication
filter lists
31. ______ by default attempt to negotiate both authentication and encryption services.
Authentication Header (AH) and Encapsulating Security Payload (ESP)
two-phase
Data origin authentication
IPsec Policies
32. Remember that ______ authentication is preferable in an AD environment. Outside of an AD environment - a certificate infrastructure is your best option.
Kerberos
Layer Two Tunneling Protocol (L2TP)
Anti-replay protection
1. Set up a main mode SA. 2. Agree upon the terms of communication and encryption algorithm. 3. Create a quick mode SA. 4. Send data.
33. IP ______ contain a set of one or more IP filters that capture IP traffic for an IPsec Policy.
Security Association (SA)
ignores any
Encryption
filter lists
34. To ensure successful and secure communication - IKE performs a ______ negotiation operation - each with its own SAs.
two-phase
Secure Server (Require Security)
A filter action
ESP
35. ______ provides data encryption - data origin authentication - data integrity - and anti-replay protection for the ESP payload.
Kerberos
ESP
Data origin authentication
rules
36. In Group Policy - three IPsec Policies are predefined. You can thus configure an IPsec Policy for a domain or an OU by assigning any one of the following predefined policies:
Layer Two Tunneling Protocol (L2TP)
Connection Security Rules
Client (Respond Only) - Server (Request Security) - Secure Server (Require Security)
simpler to configure
37. You can assign an IPsec Policy either to an individual computer by using Local Security Policy or to a group of computers by using ______.
IPsec Policies
list has only one IP filter
IPsec Policies or Connection Security Rules
Group Policy
38. ______ provides data origin authentication - data integrity - and anti-replay protection for the entire IP packet.
AH
Client (Respond Only)
rules
Kerberos
39. ______ by default attempt to negotiate only authentication services.
Secure Server (Require Security)
filter lists
Connection Security Rules
IPsec Policies
40. You can use IPsec to ensure that data is not altered in transit. This describes what?
Data origin authentication
Windows Firewall with Advanced Security (WFAS) - WFAS
Group Policy
Data integrity
41. You can assign only one IPsec Policy to a computer at a time. If you assign a second IPsec Policy to a computer - the first IPsec Policy ______.
ignores any
filter list
Internet Key Exchange (IKE)
automatically becomes unassigned
42. In Win Vista - Win 7 - Win Srvr 2008 and Win Srvr 2008 R2 - IPsec is enforced either by ______ or ______.
list has only one IP filter
IPsec Policies or Connection Security Rules
Encryption
transport