Académique Documents
Professionnel Documents
Culture Documents
Windows Server 2008, Windows Vista, and Windows XP with Service Pack 3 all have a
built-in NAP client, and third-party vendors can use the NAP API to write additional
clients for additional operating systems, such as Macintosh and Linux computers.
True
If a client cannot provide the necessary health certificate, they will still be able to
participate in IPSec-secured traffic.
False
What allows traffic that is defined in one direction to also be defined in the opposite
direction?
mirroring
What does Windows Server 2008 IPSec also support, which is the determination of new
keying material through a new Diffie-Hellman exchange on a regular basis?
Dynamic Rekeying
What rule allows you to restrict inbound and outbound connections based on certain
sets of criteria, such as membership in a particular Active Directory domain?
Isolation
The Windows Firewall with Advanced Security MMC snap-in enables you to incorporate
IPSec into the Windows Firewall by configuring one or more what?
Connection Security Rules
What is the default authentication protocol in an Active Directory network?
Kerberos v5
Which statistic represents the number of failed outbound requests that occurred to
establish the SA since the IPSec service started?
Acquire Failures
The command "set config property=ipsecloginterval value=value" can be set to what
range of values?
60 - 86,400
IKE main mode has a default lifetime of __________ hours, but this number is
configurable from 5 minutes to a maximum of 48 hours.
16
Who maintains information about the health of the NAP client computer and transmits
information between the NAP Enforcement Clients and the System Health Agents?
NAP Agent
The __________ service combines each Statement of Health Response into a System
Statement of Health Response (SSOHR).
NPS
To distribute the load of issuing certificates in a geographically dispersed location, an
organization can have one or more __________ CAs.
intermediate
Which digital document contains identifying information about a particular user,
computer, service, and so on?
digital certificate
Which security role is tasked with issuing and managing certificates, including approving
certificate enrollment and revocation requests?
Certificate Manager
Which enforcement method allows authorized remote users to connect to resources on
an internal corporate or private network from any Internet-connected device?
Terminal Services Gateway (TS Gateway) enforcement
What is an optional component that can be deployed to allow non-compliant client
computers to achieve network compliance and gain network access?
remediation server
The top-level CA in any PKI hierarchy is the __________ CA.
root
To identify a specific SA for tracking purposes, a 32-bit number known as the Security
Parameters Index (SPI) is used.
True
The Authentication Header (AH) protocol provides confidentiality and data encryption.
False