Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
61 Cards in this Set
- Front
- Back
What is the user right "Profile Single Process" used for?
|
Profiling a non-system process
|
|
What utility will show which Group Policies were applied to a computer or user?
|
Gpresult
|
|
What two permissions must a security group have in order to apply a Group Policy?
|
Read Group Policy and Apply Group Policy
|
|
What kind of file does MBSA store its results in?
|
an XML file
|
|
What OS's does Hfnetchk work on?
|
NT 4.0 and above
|
|
What OS's can MBSA run on?
|
Windows 2000 and above
|
|
What OS's is MBSA capable of scanning?
|
NT 4.0 and above
|
|
What two types of command-line scans can MBSA perform?
|
MBSA-style scans and HFNetchk-style scans
|
|
How many clients can an SUS server support?
|
15000 clients
|
|
What are the hardware requirements for SUS Server?
|
2000 Server SP2; P3 700 Mhz; 512 Mb RAM; network adapter; 100 Mb free space (+ space for updates); IE 5.5 or higher; IIS
|
|
What is the Initialization Vector used for?
|
creating keys used to create a random number for encryption
|
|
What three weaknesses does EAP-MD5 have?
|
use of username/password is vulnerable to offline dictionary attacks; no mutual authentication; inadequate number of nonces to derive session key
|
|
What two 802.1x authentication methods are available for XP prior to SP1?
|
EAP-TLS and EAP-MD5
|
|
What two 802.1x authentication methods does XP SP1 support?
|
EAP-TLS and Protected EAP (PEAP)
|
|
What does EAP-TLS use for authentication?
|
certificates
|
|
What two locations can EAP-TLS certificates be located in?
|
the registry or on smart cards
|
|
What security issue does EAP have?
|
authentication occurs before WEP encryption is enabled
|
|
How does PEAP address EAP security concerns?
|
a secure channel is created with TLS for authentication, then a new channel is created for data transfer
|
|
What two versions of PEAP are supported by XP SP1?
|
PEAP with MS-CHAPv2 and PEAP with EAP-TLS
|
|
What Windows server can act as the IAS server for 802.1x?
|
2000 Server SP3
|
|
What two methods does 2000 use to provide authenticity and integrity of transmitted data?
|
SMB signing and digital signing
|
|
What algorithm is used for SMB signing?
|
MD5
|
|
What size message digest does MD5 create?
|
128-bit message digest for every 512-bit data block
|
|
Is SMB signing considered to be vulnerable to replay attacks?
Why or why not? |
no- the packet sequence number is hashed as well as the data
|
|
What OS's support SMB signing?
|
Windows 98 and above (excluding ME)
|
|
What versions of NT4 can support SMB signing?
|
SP3 and higher
|
|
What two registry values control NT4 server SMB signing?
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\LanManServer\Parameters values: EnableSecuritySignature and RequireSecuritySignature |
|
What two registry values control NT4 server SMB signing?
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\LanManServer\Parameters values: EnableSecuritySignature and RequireSecuritySignature |
|
What two registry values control NT4 client SMB signing?
|
HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\Rdr\Parameters values: EnableSecuritySignature and RequireSecuritySignature |
|
What two registry values control Windows 98 SMB signing?
|
HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\VxD\Vnetsup values: EnableSecuritySignature and RequireSecuritySignature |
|
What do digital signatures require that SMB signing does not?
|
a Public Key Infrastructure (PKI) to deploy public/private key pairs
|
|
What two protocols provide digital signatures for email?
|
PGP and S/MIME
|
|
When run from the command line, what is the syntax for the RUNAS command?
|
RUNAS /user:username command
|
|
When in mixed mode, what entities are allowed membership in a Domain Local group?
|
user accounts from any domain and global groups from any domain
|
|
When in native mode, what entities are allowed membership in a Domain Local group?
|
user accounts from any domain; global groups from any domain; universal groups from any domain; domain local groups from same domain
|
|
What advantage does RC2 have over DES and 3DES?
|
optimized for speed- faster than DES or 3DES
|
|
What port does SSL-encrypted IMAP traffic use?
|
993
|
|
What port does SSL-encrypted LDAP traffic use?
|
636
|
|
What port does SSL-encrypted NNTP traffic use?
|
563
|
|
What port does SSL-encrypted POP3 traffic use?
|
995
|
|
What port does SSL-encrypted SMTP traffic use?
|
465
|
|
What makes IPSec transparent to applications?
|
IPSec encryption occurs below the application layer
|
|
What are the three default Windows 2000 IPSec policies?
|
Secure Server (Require Security); Server (Request Security); Client (Respond Only)
|
|
When using the SMS Network Monitor to troubleshoot IPSec, what type of packet indicates that IKE negotiation has taken place?
|
ISAKMP packets
|
|
When using the SMS Network Monitor to troubleshoot IPSec, what type of packet indicates that IPSec negotiation succeeded?
|
AH and ESP packets
|
|
What kind of attack is SPAP vulnerable to?
|
server impersonation
|
|
What important security function is enabled by MS-CHAPv2?
|
mutual authentication
|
|
What standard do most digital certificates adhere to?
|
X.509
|
|
When in mixed mode, what entities are allowed membership in a global group?
|
user accounts from the same domain
|
|
When in native mode, what entities are allowed to be members of global groups?
|
user accounts from the same domain and global groups from the same domain
|
|
When in mixed mode, what entities are allowed to be members of a Universal group?
|
N/A- Universal groups cannot exist in mixed mode
|
|
When in native mode, what entities are allowed to be members of a Universal group?
|
user accounts from any domain; global groups from any domain; and universal groups from any domain
|
|
When in mixed mode, what entities are allowed to be members of computer local groups?
|
local user accounts; domain user accounts from any domain; and global groups from any domain
|
|
When in native mode, what entities are allowed to be members of computer local groups?
|
user accounts from any domain and global groups from any domain
|
|
Why is Account Policy an exception to the L-S-D-OU order of applying Group Policy settings?
|
Account Policy is always set by the Default Domain Policy
|
|
What command will list which users can decrypt a file?
|
efsinfo /U /C
|
|
What command will list which recovery agents can decrypt a file?
|
efsinfo /R /C
|
|
To import or export an EFS private key, what kind of file would be used?
|
a PKCS#12 file
|
|
What entity might be assigned the user right "Act As Part Of The Operating System"?
|
a service account that must authenticate as a user
|
|
What OU must the user right "Add Workstations To A Domain" be assigned at to be effective?
|
the Domain Controllers OU
|
|
What does the user right "Enable Computer And User Accounts To Be Trusted For Delegation" do?
|
allows a computer or process hosting an application to authenticate to a back-end service using the credentials of the user running the application
|