Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
49 Cards in this Set
- Front
- Back
By default, how often is IPSec policy checked?
|
every three hours
|
|
What commands will stop and restart the IPSec Policy Agent?
|
net stop policyagent and net start policyagent
|
|
Why does IP Security use computer certificates, rather than user certificates?
|
IP Security is in effect even if no one is logged in
|
|
What are the three main parts of an IPSec policy?
|
IP Security Rules; IP Filter Lists; IP Filter Actions
|
|
What are the three main filter actions of an IPSec policy?
|
Permit, Block, and Negotiate Security
|
|
What port does an IPSec negotiation take place on?
|
UDP port 500
|
|
What are the protocol ID's for ESP and AH?
|
50 and 51
|
|
What three frame types are used by 802.11b networks?
|
control, management, and data
|
|
What disadvantages does the Hermes wireless chipset have?
|
does not support promiscuous mode
|
|
What are the two main chipsets for wireless network cards?
|
Hermes and PRISM2
|
|
What advantage does the Hermes chipset have over PRISM2?
|
ability to detect multiple AP's
|
|
What is virtually the only defense against rogue AP's?
|
frequent site surveys?
|
|
What OSI layer does WEP operate at?
|
the MAC sublayer of the Data Link layer
|
|
What makes WEP vulnerable to plaintext attacks?
|
the fact that encryption occurs at the data link layer, where much of each frame is well-known
|
|
What is one of the primary advantages of WPA?
|
it can be implemented through firmware updates (new equipment is not necessary)
|
|
In Windows 2000, how is WEP configured for a wireless client?
|
through utilities provided by the NIC manufacturer
|
|
What two services does Kerberos provide a network?
What ticket does each service provide? |
Authentication Service (AS), granting a ticket-granting ticket (TGT); and the Ticket-Granting Service (TGS), granting service tickets
|
|
What is the default lifespan of a Kerberos ticket?
|
ten hours
|
|
What are the two forms of delegation in Kerberos?
|
proxy tickets and forwarded tickets
|
|
Where is the KDC located?
|
on every Windows 2000 domain controller
|
|
What does the KDC use as its account database?
|
Active Directory
|
|
What user account does the KDC use?
|
domain\krbtgt
|
|
What level is Kerberos policy set at?
|
at the domain level
|
|
What entities are allowed to modify Kerberos policy?
|
domain admins
|
|
What entities are allowed to modify Kerberos policy?
|
domain admins
|
|
For delegation via forwarded tickets to occur, what four conditions must be met?
|
client's AD account must have delegation enabled; service's AD account must have delegation enabled; client computer must be 2000 in a 2000 AD domain; service computer must be 2000 in a 2000 AD domain
|
|
For delegation via forwarded tickets to occur, what four conditions must be met?
|
client's AD account must have delegation enabled; service's AD account must have delegation enabled; client computer must be 2000 in a 2000 AD domain; service computer must be 2000 in a 2000 AD domain
|
|
LM and NTLM are forms of what type of authentication?
|
challenge/response
|
|
Client certificate mapping requires the use of what security protocol?
|
SSL
|
|
Why is using certificates more efficient than using user accounts?
|
certificates can be examined without connecting to a database
|
|
Why are certificates considered more secure than passwords?
|
it is harder to forge a certificate than to crack a password
|
|
What five authentication methods does 2000 support?
|
NTLM, Kerberos 5, Distributed Password Authority (DPA), EAP, and Secure Channel (Schannel)
|
|
What command is used to create trusts?
|
netdom
|
|
What authentication method do 95 and 98 default to?
|
LM
|
|
What are the two main types of VPN's?
|
remote access VPN and site-to-site VPN
|
|
What log are remote access events logged to?
|
the Application log
|
|
What does PPTP use to encrypt the link between a VPN client and the server?
|
MPPE
|
|
What does PPTP use to encapsulate data?
|
Generic Routing Encapsulation (GRE)
|
|
What three protocols can be encapsulated with PPTP?
|
IP, IPX, and NetBEUI
|
|
What does L2TP require that makes it more secure, but more expensive, than PPTP?
|
machine PKI certificates
|
|
What major network feature is NOT supported by IPSec?
|
NAT
|
|
If a network is using NAT, what VPN protocol should be used?
|
PPTP
|
|
If the IPSec Policy Agent must be stopped and restarted, what other step is necessary for IPSec to function?
|
the RRAS server must be restarted
|
|
Where are remote access policies stored?
|
on the RRAS server
|
|
What is necessary in order to store Remote Access policies centrally?
|
RADIUS
|
|
What does CHAP use to encrypt authentication?
|
MD5
|
|
What is CHAP primarily used for?
|
connecting to third-party (non-Microsoft) PPP servers
|
|
What should be done if numerous events in the Application Log indicate that GPO templates cannot be accessed?
|
restore the Policies folder from backup
|
|
Where are GPO security templates stored?
|
%systemroot%\Sysvol\Domain\Policies
|