Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
41 Cards in this Set
- Front
- Back
|
How does a NAT server know who to rout packets to?
|
it places a random source port on each packet and records that in the NAT table
|
|
|
What does a NAT editor do?
|
changes addressing information within packet payloads
|
|
|
How many public IP addresses can ICS handle?
|
one
|
|
|
What address block does ICS use?
|
192.168.x.y
|
|
|
How many adapters are required to run ICS?
|
two
|
|
|
Which adapter should ICS be installed on?
|
the internet-facing adapter
|
|
|
When using ICS, what IP address and subnet mask are assigned to the non-Internet facing NIC?
|
IP address of 192.168.0.1/24
|
|
|
What two services are configured when ICS is installed?
|
Internet Connection Sharing and DHCP Address Allocator
|
|
|
How is ICS installed?
|
check "Enable Internet Connection Sharing For This Connection" on an internet-facing interface
|
|
|
How would a local mail server be made Internet-accessible with ICS?
|
by using the Services tab
|
|
|
What six services has Microsoft pre-configured for use with ICS?
|
FTP, IMAP3, IMAP4, POP3, SMTP, and Telnet
|
|
|
What are the three components of NAT?
|
translation component, addressing component, and name resolution component
|
|
|
With NAT, what static route needs to be added to the internet-facing adapter?
Why? |
0.0.0.0/0- this forces RRAS to send all traffic across this interface
|
|
|
What tool is used to install NAT?
|
RRAS snap-in
|
|
|
What order should NAT interfaces be created in?
|
the local NIC interface should be created first, followed by the Internet-facing interface
|
|
|
In terms of addressing, what ability is provided with NAT that ICS lacks?
|
the ability to provide a custom pool of IP addresses for clients
|
|
|
In NAT, what check box specifies whether the NAT editors are active?
|
Translate TCP/UDP headers
|
|
|
In NAT, what is defined on the Address Pool tab?
|
the list of public IP addresses available
|
|
|
On the NAT Address Pool tab, what does the Reservations button do?
|
reserves specific public IP addresses for specific internal hosts (e.g., webservers, mail servers)
|
|
|
What does the NAT Special Ports tab do?
|
channels incoming traffic on a particular port to a particular port on an internal host
|
|
|
What are the two parts of a certificate?
|
public key and attributes
|
|
|
How are a certificate's public key and attributes tied together?
|
the entire certificate is digitally signed by the issuing CA
|
|
|
How is a client configured to trust an enterprise CA in its domain?
|
it is configured automatically- clients always trust enterprise CA's in their own domain
|
|
|
Where do enterprise CA's publish certificates and CRL's to?
|
Active Directory
|
|
|
What does an enterprise CA do with certificate requests?
|
automatically approves or denies them- enterprise CA's never place requests in pending status
|
|
|
What does a standalone CA do with certificate requests?
|
places them in pending status
|
|
|
What is a policy module?
|
a set of rules that governs how a CA handles a certificate request
|
|
|
What is an exit module?
|
a set of rules that specifies where and how a new certificate is published
|
|
|
What three things does Microsoft's standard policy module do?
|
marks certificate requests as approved, denied, or pending; adds an attribute listing the location of the issuing CA's certificate; and lists the location of the issuing CA's CRL
|
|
|
What three things can Microsoft's standard exit module do with issued certificates?
|
publish them to AD; store them in a shared folder; and e-mail them to the requestor
|
|
|
What two things can't be done to a computer once a certificate authority has been installed?
|
it can't be renamed, and it can't be added to or removed from an AD domain
|
|
|
Why is it impossible to change any identifying information once a CA has been installed?
|
identifying information is encoded in the CA's certificate
|
|
|
What happens if a CA's certificate is lost?
|
all certificates issued by that CA must be reissued
|
|
|
What five folders appear below each CA in the Certification Authority snap-in?
|
Revoked Certificates, Issued Certificates, Pending Requests, Failed Requests, and Policy Settings
|
|
|
What does the Policy Settings folder in the Certification Authority snap-in show?
|
certificate templates available for use
|
|
|
What are the two steps to backing up a CA?
|
use the Certificate Authority Backup wizard to copy the CA's data, and back up the files using Windows Backup or another backup utility
|
|
|
Why is it important to use the Certificate Authority Backup Wizard to back up CA data, rather than backing it up manually?
|
the Certificate Authority Backup Wizard can back up a CA's data while that CA is running
|
|
|
What format are a CA's private key and certificate backed up in?
|
a PKCS#12 file
|
|
|
What filename is assigned for a backup of a CA's private key and certificate?
|
<ca_name>.p12
|
|
|
What is the name assigned to a CA's backed-up data?
|
database
|
|
|
What requirement exists for the directory that a CA's data is backed up to?
Why? |
the directory must be empty- existing backups in the directory will be overwritten
|
