Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

41 Cards in this Set

  • Front
  • Back
How many remote access profiles can be associated with a single remote access policy?
What is the default remote access policy?
allow access if dial-in permission is enabled
What four options are available for encryption for a remote access profile?
no encryption, basic, strong, and strongest
On a remote access profile, what does basic-level encryption specify?
DES for IPSec and 40-bit MPPE for PPTP
On a remote access profile, what does strong-level encryption specify?
DES for IPSec and 56-bit MPPE for PPTP
On a remote access profile, what does strongest-level encryption specify?
3DES for IPSec and 128-bit MPPE for PPTP
What two additional requirements are necessary to use CHAP?
"Store password using reversible encryption for all users" must be enabled at the domain level, and each CHAP user must change their password
What tool can be used to convert RRAS logs into a readable summary?
Which RFC governs DHCP relay agents?
RFC 1542
What two components will prevent the DHCP relay agent from being installed?
DHCP server and NAT
Can which DHCP server a DHCP relay agent forwards requests to be configured on a per-interface basis?
no, only at the server level
What tool is used to install the DHCP relay agent?
the RRAS snap-in
How can a DHCP relay agent be configured to allow local DHCP servers an opportunity to respond to DHCP requests?
by adjusting the boot threshold setting, which controls how long a relay agent waits before forwarding requests
What three steps are necessary to configure a RAS server to forward DHCP requests?
install the DHCP relay agent on the RAS server, install the agent on the interface remote users are using, and configure the relay agent
What does the Network Monitor driver do?
puts the NIC in promiscuous mode
What are the two pieces of Network Monitor?
the application and the driver
What is a capture buffer?
an area of RAM that Network Monitor uses to store captured packets
What does Network Monitor use to screen out packets you're not interested in?
capture filters
What two types of filters does Network Monitor use?
capture filters and display filters
What do capture filters do?
screen out traffic before it's recorded to the capture filter
What do display filters do?
display some packets, but not others
How can you determine if anyone else is using a network analyzer?
in Network Monitor, select Tools | Identify Network Monitor Users
What four connection types does L2TP support?
PPP over IP, Frame Relay, X.25, and ATM
Which VPN protocol supports header compression?
Which portion of the CIA triad does PPTP not support, but L2TP does?
With L2TP, what prerequisite step is necessary before authentication requests are sent?
the machines must be authenticated
How many VPN connections is Windows 2000 capable of supporting?
How many PPTP and L2TP ports does RRAS configure by default?
5 PPTP ports and 5 L2TP ports
What is the easiest way to deny remote access requests from non-VPN users?
create a remote access policy that requires a NAS-Port-Type attribute value of "Virtual (VPN)"
What is the most likely result if authentication settings at the VPN server and profile levels don't match?
incoming callers won't be able to authenticate
What provides the initial connection for PPTP and L2TP?
What OSI layer does IPSec work at?
network layer
What does a security filter do?
ties security protocols to a particular IP address
What are the two predefined IPSec security methods?
High and Medium
How does ISAKMP decide which security method to use on a given connection?
it uses the most secure method supported by both ends
What are the five IPSec security filter actions?
Permit; Block; Accept unsecured communication, but always respond using IPSec; Allow unsecured communication with non-IPSec aware computers; and Use these security settings
What are the three pre-built IPSec security policies?
Client (Respond Only), Secure Server (Require Security), and Server (Request Security)
What happens if a machine is assigned an IPSec security policy through AD, and is later removed from the assigning container?
the machine retains the policy until another replaces it or it is manually removed
When would pre-shared keys usually be used for IPSec machine authentication?
when dealing with a third-party product that doesn't support certificates or Kerberos
What is the easiest way to force a single machine to update its IPSec policy?
stop and restart that machine's IPSec Policy Agent
By default, how often does the IPSec Policy Agent refresh the IPSec policy?
every three hours