Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

40 Cards in this Set

  • Front
  • Back
What cipher command will perform a specified operation on all files and subdirectories in a given directory?
cipher /s:<directory>
What command is used to encrypt specified files?
cipher /e <filename>
What command will decrypt specified files?
cipher /d <filename>
When is IPSec Tunnel mode used?
when communication between two network gateways is occurring
Why does IPSec Tunnel mode add an additional header?
to denote the tunnel endpoint (the original IP header lists the destination header)
What two protocols make up the IKE?
the Internet Security Association Key Management Protocol (ISAKMP), and the Oakley protocol
What is a Security Parameters Index?
a unique value that identifies a given IPSec Security Association (SA)
What OSI layer does SSL operate at?
the Application layer
What happens during Phase 1 of IKE?
mechanisms for establishing a secure, authenticated channel are agreed upon
What cipher switch will force encryption on files already encrypted?
cipher /f
What does the cipher switch /q do?
reports only essential information
What command-line tool can be used to recover encrypted files?
When IPSec is used for client-to-client communication, what mode is used?

What network protocols can be used?
transport mode, using TCP/IP
When IPSec is used for gateway-to-gateway communication, what mode is used?

What network protocols can be used?
tunnel mode, using any network protocol
Why is using preshared keys for IPSec authentication not considered very scaleable?
the shared key must be manually entered into the IPSec policy
In order to run the MBSA tool on a system that does not have internet access, what file must be downloaded and installed manually?
What must be done to ensure that legacy applications can access resources on an Active Directory domain controller?
add Authenticated Users to the Pre-Windows 2000 Compatible Access group
When is IPSec Transport mode used?
when point-to-point communication between source and destination computers is occurring
What two methods can be used to prevent users from having to download and install the root certificate from an SSL-secured website every time they visit it?
the root certificate can be imported into the Trusted Root Certification Authorities folder in the domain GPO, or into the local computer certificate store for your Root CA
What is the shortest publication interval possible for CRL's?
sixty minutes
What two key pairs are created when a user is enrolled in KMS Advanced Security?

What are they used for?
the KMS key pair, used for message encryption; and the Outlook key pair, used for digitally signing messages
What type of filesystem can use EFS?
In Windows 2000, why can't encrypted files be shared?
the File Encryption Key (FEK) is encrypted with the user's public key
Why is it that temp files are not considered a security hole in terms of encryption?
When a temp file is created, all attributes of the parent file (including encryption) are copied
What happens if User A creates an encrypted folder, and User B stores a file in it?
the file is encrypted with User B's public key
What major improvement to EFS does XP have?
the ability to share encrypted files
What does the cipher switch /a do?
performs the specified operation for both files and folders
What does the cipher switch /i do?
ignores errors (does not halt)
What cipher switch will force encryption on files already encrypted?
cipher /f
Where is the private key created by KMS stored?

Who can access it?
stored in an encrypted database maintained by KMS; only available to the user it is issued to
What snap-in is used to define the Trusted Root CA?
the Certificate snap-in
When might a user need to recover a KMS-issued private key?
when a computer fails or is replaced, destroying the Outlook settings
What client OS's can use certificate auto-enrollment?
only Windows XP
How does certificate auto-enrollment work?
XP clients request a certificate normally, but certificate is automatically installed when the certificate is approved and issued
What are the two major services for Windows 2000 public key security?
the cryptographic service and the certificate management service
What certificates can be renewed?
automatically-enrolled XP certificates
What four things are the cryptographic service used for?
key generation, message hashing, digital signatures, and encryption
What happens when a non-XP client's certificate expires?
they must go through certificate enrollment again- only automatically-enrolled XP certificates can be renewed
A user must have administrative privileges on what objects to install Certificate Services?
domain controllers, DNS servers, and the local computer
Where is the public key created by KMS stored?

What is it used for?
key is stored in Active Directory, and is used to decrypt and authenticate incoming emails