uestion 1

7 out of 10 points

Match description to terminology.

Answer

QuestionSelected Match

     An IP filter can be __________, meaning that traffic defined in one direction will also be defined in the opposite direction.

 H.mirrored

    Quick mode messages are __________ messages that are encrypted using the ISAKMP SA.

 A.Stateful

IKE main mode has a default lifetime of __________ hours, but this number is configurable from 5 minutes to a maximum of 48 hours.

 G.8, eight

IPSec policy information is stored in Active Directory and cached in the local __________ of the computer to which it applies.

 J.registry

    You can configure __________ policies to extend existing Active Directory–based or local IPSec policies, override Active Directory–based or local IPSec policies, and enhance security during computer startup.

 B.persistent

You can use the IP Security Policy Management console or the __________ command-line utility to manage an Active Directory–based policy.

 C.netsh

__________ are the source IP address or range of addresses from which inbound traffic will be permitted.

 E.Scopes

     A(n) __________ firewall is so named because it can track and maintain information based on the status of a particular connection.

 I.ISAKMP

     A(n) __________ connection security rule allows you to restrict inbound and outbound connections based on certain sets of criteria, such as membership in a particular Active Directory domain.

 F.isolation

A(n) __________ is a value contained in a received IKE message that is used to help identify the corresponding main mode SA.

 D.cookie

Question 2

3 out of 8 points

Match description to terminolody.Answer

Question Selected Match

     Previous versions of Windows supported what type of rule in IPSec, which was activated by default for all policies?

 A.RSOP

The Windows Firewall is enabled by default on all new installations of Windows Server 2008. How can it be managed?

 E.

Connection Security Rules

What standard defines a mechanism to establish SAs?  G.

Default Response rule

Which Diffie-Hellman process does not prevent a man-in-the-middle attack, in which a malicious user between the negotiating peers performs two Diffie-Hellman exchanges, one with each peer?

 B.

Internet Key Exchange, IKE

What does Windows Server 2008 IPSec also support, which is the determination of new keying material through a new Diffie-Hellman exchange on a regular basis?

 H.

dynamic rekeying

    The Windows Firewall with Advanced Security MMC snap-in enables you to incorporate IPSec into the Windows Firewall by configuring one or more what?

 E.

Connection Security Rules

What is the name of the concatenation of one or more IP filters, which define a range of network traffic?

 C.

IP Filter List

What can you use to determine the IPSec policies that are assigned but are not applied to IPSec clients?

 F.

Windows Firewall Control Panel

Monday, April 15, 2013 12:45:53 PM CDT