Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/49

Click to flip

49 Cards in this Set

  • Front
  • Back
By default, how often is IPSec policy checked?
every three hours
What commands will stop and restart the IPSec Policy Agent?
net stop policyagent and net start policyagent
Why does IP Security use computer certificates, rather than user certificates?
IP Security is in effect even if no one is logged in
What are the three main parts of an IPSec policy?
IP Security Rules; IP Filter Lists; IP Filter Actions
What are the three main filter actions of an IPSec policy?
Permit, Block, and Negotiate Security
What port does an IPSec negotiation take place on?
UDP port 500
What are the protocol ID's for ESP and AH?
50 and 51
What three frame types are used by 802.11b networks?
control, management, and data
What disadvantages does the Hermes wireless chipset have?
does not support promiscuous mode
What are the two main chipsets for wireless network cards?
Hermes and PRISM2
What advantage does the Hermes chipset have over PRISM2?
ability to detect multiple AP's
What is virtually the only defense against rogue AP's?
frequent site surveys?
What OSI layer does WEP operate at?
the MAC sublayer of the Data Link layer
What makes WEP vulnerable to plaintext attacks?
the fact that encryption occurs at the data link layer, where much of each frame is well-known
What is one of the primary advantages of WPA?
it can be implemented through firmware updates (new equipment is not necessary)
In Windows 2000, how is WEP configured for a wireless client?
through utilities provided by the NIC manufacturer
What two services does Kerberos provide a network?

What ticket does each service provide?
Authentication Service (AS), granting a ticket-granting ticket (TGT); and the Ticket-Granting Service (TGS), granting service tickets
What is the default lifespan of a Kerberos ticket?
ten hours
What are the two forms of delegation in Kerberos?
proxy tickets and forwarded tickets
Where is the KDC located?
on every Windows 2000 domain controller
What does the KDC use as its account database?
Active Directory
What user account does the KDC use?
domain\krbtgt
What level is Kerberos policy set at?
at the domain level
What entities are allowed to modify Kerberos policy?
domain admins
What entities are allowed to modify Kerberos policy?
domain admins
For delegation via forwarded tickets to occur, what four conditions must be met?
client's AD account must have delegation enabled; service's AD account must have delegation enabled; client computer must be 2000 in a 2000 AD domain; service computer must be 2000 in a 2000 AD domain
For delegation via forwarded tickets to occur, what four conditions must be met?
client's AD account must have delegation enabled; service's AD account must have delegation enabled; client computer must be 2000 in a 2000 AD domain; service computer must be 2000 in a 2000 AD domain
LM and NTLM are forms of what type of authentication?
challenge/response
Client certificate mapping requires the use of what security protocol?
SSL
Why is using certificates more efficient than using user accounts?
certificates can be examined without connecting to a database
Why are certificates considered more secure than passwords?
it is harder to forge a certificate than to crack a password
What five authentication methods does 2000 support?
NTLM, Kerberos 5, Distributed Password Authority (DPA), EAP, and Secure Channel (Schannel)
What command is used to create trusts?
netdom
What authentication method do 95 and 98 default to?
LM
What are the two main types of VPN's?
remote access VPN and site-to-site VPN
What log are remote access events logged to?
the Application log
What does PPTP use to encrypt the link between a VPN client and the server?
MPPE
What does PPTP use to encapsulate data?
Generic Routing Encapsulation (GRE)
What three protocols can be encapsulated with PPTP?
IP, IPX, and NetBEUI
What does L2TP require that makes it more secure, but more expensive, than PPTP?
machine PKI certificates
What major network feature is NOT supported by IPSec?
NAT
If a network is using NAT, what VPN protocol should be used?
PPTP
If the IPSec Policy Agent must be stopped and restarted, what other step is necessary for IPSec to function?
the RRAS server must be restarted
Where are remote access policies stored?
on the RRAS server
What is necessary in order to store Remote Access policies centrally?
RADIUS
What does CHAP use to encrypt authentication?
MD5
What is CHAP primarily used for?
connecting to third-party (non-Microsoft) PPP servers
What should be done if numerous events in the Application Log indicate that GPO templates cannot be accessed?
restore the Policies folder from backup
Where are GPO security templates stored?
%systemroot%\Sysvol\Domain\Policies