labs
DESCRIPTION
Labs Chapter 9:Securing Data TransmissionWindows server 2008 network infrastructure Configuration Exam 70-642Definition MatchingTRANSCRIPT
uestion 1
7 out of 10 points
Match description to terminology.
Answer
QuestionSelected Match
An IP filter can be __________, meaning that traffic defined in one direction will also be defined in the opposite direction.
H.mirrored
Quick mode messages are __________ messages that are encrypted using the ISAKMP SA.
A.Stateful
IKE main mode has a default lifetime of __________ hours, but this number is configurable from 5 minutes to a maximum of 48 hours.
G.8, eight
IPSec policy information is stored in Active Directory and cached in the local __________ of the computer to which it applies.
J.registry
You can configure __________ policies to extend existing Active Directory–based or local IPSec policies, override Active Directory–based or local IPSec policies, and enhance security during computer startup.
B.persistent
You can use the IP Security Policy Management console or the __________ command-line utility to manage an Active Directory–based policy.
C.netsh
__________ are the source IP address or range of addresses from which inbound traffic will be permitted.
E.Scopes
A(n) __________ firewall is so named because it can track and maintain information based on the status of a particular connection.
I.ISAKMP
A(n) __________ connection security rule allows you to restrict inbound and outbound connections based on certain sets of criteria, such as membership in a particular Active Directory domain.
F.isolation
A(n) __________ is a value contained in a received IKE message that is used to help identify the corresponding main mode SA.
D.cookie
Question 2
3 out of 8 points
Match description to terminolody.Answer
Question Selected Match
Previous versions of Windows supported what type of rule in IPSec, which was activated by default for all policies?
A.RSOP
The Windows Firewall is enabled by default on all new installations of Windows Server 2008. How can it be managed?
E.
Connection Security Rules
What standard defines a mechanism to establish SAs? G.
Default Response rule
Which Diffie-Hellman process does not prevent a man-in-the-middle attack, in which a malicious user between the negotiating peers performs two Diffie-Hellman exchanges, one with each peer?
B.
Internet Key Exchange, IKE
What does Windows Server 2008 IPSec also support, which is the determination of new keying material through a new Diffie-Hellman exchange on a regular basis?
H.
dynamic rekeying
The Windows Firewall with Advanced Security MMC snap-in enables you to incorporate IPSec into the Windows Firewall by configuring one or more what?
E.
Connection Security Rules
What is the name of the concatenation of one or more IP filters, which define a range of network traffic?
C.
IP Filter List
What can you use to determine the IPSec policies that are assigned but are not applied to IPSec clients?
F.
Windows Firewall Control Panel
Monday, April 15, 2013 12:45:53 PM CDT