Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
40 Cards in this Set
- Front
- Back
What cipher command will perform a specified operation on all files and subdirectories in a given directory?
|
cipher /s:<directory>
|
|
What command is used to encrypt specified files?
|
cipher /e <filename>
|
|
What command will decrypt specified files?
|
cipher /d <filename>
|
|
When is IPSec Tunnel mode used?
|
when communication between two network gateways is occurring
|
|
Why does IPSec Tunnel mode add an additional header?
|
to denote the tunnel endpoint (the original IP header lists the destination header)
|
|
What two protocols make up the IKE?
|
the Internet Security Association Key Management Protocol (ISAKMP), and the Oakley protocol
|
|
What is a Security Parameters Index?
|
a unique value that identifies a given IPSec Security Association (SA)
|
|
What OSI layer does SSL operate at?
|
the Application layer
|
|
What happens during Phase 1 of IKE?
|
mechanisms for establishing a secure, authenticated channel are agreed upon
|
|
What cipher switch will force encryption on files already encrypted?
|
cipher /f
|
|
What does the cipher switch /q do?
|
reports only essential information
|
|
What command-line tool can be used to recover encrypted files?
|
EfsRecvr
|
|
When IPSec is used for client-to-client communication, what mode is used?
What network protocols can be used? |
transport mode, using TCP/IP
|
|
When IPSec is used for gateway-to-gateway communication, what mode is used?
What network protocols can be used? |
tunnel mode, using any network protocol
|
|
Why is using preshared keys for IPSec authentication not considered very scaleable?
|
the shared key must be manually entered into the IPSec policy
|
|
In order to run the MBSA tool on a system that does not have internet access, what file must be downloaded and installed manually?
|
mssecure.xml
|
|
What must be done to ensure that legacy applications can access resources on an Active Directory domain controller?
|
add Authenticated Users to the Pre-Windows 2000 Compatible Access group
|
|
When is IPSec Transport mode used?
|
when point-to-point communication between source and destination computers is occurring
|
|
What two methods can be used to prevent users from having to download and install the root certificate from an SSL-secured website every time they visit it?
|
the root certificate can be imported into the Trusted Root Certification Authorities folder in the domain GPO, or into the local computer certificate store for your Root CA
|
|
What is the shortest publication interval possible for CRL's?
|
sixty minutes
|
|
What two key pairs are created when a user is enrolled in KMS Advanced Security?
What are they used for? |
the KMS key pair, used for message encryption; and the Outlook key pair, used for digitally signing messages
|
|
What type of filesystem can use EFS?
|
NTFS5
|
|
In Windows 2000, why can't encrypted files be shared?
|
the File Encryption Key (FEK) is encrypted with the user's public key
|
|
Why is it that temp files are not considered a security hole in terms of encryption?
|
When a temp file is created, all attributes of the parent file (including encryption) are copied
|
|
What happens if User A creates an encrypted folder, and User B stores a file in it?
|
the file is encrypted with User B's public key
|
|
What major improvement to EFS does XP have?
|
the ability to share encrypted files
|
|
What does the cipher switch /a do?
|
performs the specified operation for both files and folders
|
|
What does the cipher switch /i do?
|
ignores errors (does not halt)
|
|
What cipher switch will force encryption on files already encrypted?
|
cipher /f
|
|
Where is the private key created by KMS stored?
Who can access it? |
stored in an encrypted database maintained by KMS; only available to the user it is issued to
|
|
What snap-in is used to define the Trusted Root CA?
|
the Certificate snap-in
|
|
When might a user need to recover a KMS-issued private key?
|
when a computer fails or is replaced, destroying the Outlook settings
|
|
What client OS's can use certificate auto-enrollment?
|
only Windows XP
|
|
How does certificate auto-enrollment work?
|
XP clients request a certificate normally, but certificate is automatically installed when the certificate is approved and issued
|
|
What are the two major services for Windows 2000 public key security?
|
the cryptographic service and the certificate management service
|
|
What certificates can be renewed?
|
automatically-enrolled XP certificates
|
|
What four things are the cryptographic service used for?
|
key generation, message hashing, digital signatures, and encryption
|
|
What happens when a non-XP client's certificate expires?
|
they must go through certificate enrollment again- only automatically-enrolled XP certificates can be renewed
|
|
A user must have administrative privileges on what objects to install Certificate Services?
|
domain controllers, DNS servers, and the local computer
|
|
Where is the public key created by KMS stored?
What is it used for? |
key is stored in Active Directory, and is used to decrypt and authenticate incoming emails
|