Home > Articles

  • Print
  • + Share This
This chapter is from the book

Exam Prep Questions

Question 1

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

  1. AH transport mode

  2. ESP transport mode

  3. ESP tunnel mode

  4. AH tunnel mode

Answer B is correct. ESP transport mode should be used to ensure the integrity and confidentiality of data that is exchanged within the same LAN. AH transport would only ensure the integrity of the LAN data, not the confidentiality; therefore, answer A is incorrect. ESP tunnel mode should be used to secure the integrity and confidentiality of data between networks and not within a network; therefore, answer C is incorrect. AH tunnel mode should be used to secure the integrity of data between networks and not within a network; therefore, answer D is incorrect.

Question 2

Which two types of encryption protocols can be used to secure the authentication of computers using IPSec?

  1. Kerberos V5

  2. Cerificates

  3. SHA

  4. MD5

Answers C and D are correct. SHA or MD5 can be used. Kerberos V5 is an authentication protocol, not an encryption protocol; therefore, answer A is incorrect. Certificates are a type of authentication that can be used with IPSec, not an encryption protocol; therefore, answer B is incorrect.

Question 3

Which type of authentication should a company that has all computers in one domain use to ensure authentication of all clients and servers with the least administrative effort? Assume that all client computers run Windows XP Professional and all servers run Windows Server 2003.

  1. Certificates

  2. Preshared keys

  3. Kerberos V5

  4. MD5

Answer C is correct. Kerberos V5 is the default authentication protocol for clients running Windows XP Professional and servers running Windows Server 2003 in a domain environment. Certificates would require much more administrative effort in comparison to Kerberos V5; therefore, answer A is incorrect. Preshared keys should only be used when absolutely necessary; therefore, answer B is incorrect. MD5 is an encryption protocol and not an authentication protocol; therefore, answer D is incorrect.

Question 4

Which two types of IPSec can be used to secure communications between two LANs?

  1. AH tunnel mode

  2. ESP tunnel mode

  3. AH transport mode

  4. ESP transport mode

Answers A and B are correct. A tunnel mode IPSec should be used. AH transport mode is for protection of the integrity of data transferred between computers on a LAN; therefore, answer C is incorrect. ESP transport mode protects the integrity and confidentiality of data transferred by computers within a LAN; therefore, answer D is incorrect.

Question 5

Which part of an IPSec policy contains filters and filter actions and controls the behavior of the policy?

  1. Authentication

  2. Encryption

  3. Tunneling

  4. Rules

Answer D is correct. Rules contain filters and filter actions and control the behavior of an IPSec policy. Authentication is the process of proving an identity; therefore, answer A is incorrect. Encryption is the process of scrambling data to protect its confidentiality; therefore, answer B is incorrect. Tunneling is the process of encapsulating one protocol into another; therefore, answer C is incorrect.

Question 6

Which of the following are settings in an IPSec rule? (Choose two.)

  1. Types of operating systems allowed

  2. Filters

  3. Connection types

  4. RAM required

Answers B and C are correct. Parts of an IPSec rule can include filters, filter actions, authentication methods, connection types, and tunnel endpoints. Types of operating systems allowed is not a rule setting; therefore, answer A is incorrect. RAM required is not a rule setting; therefore, answer D is incorrect.

Question 7

Which IPSec rule setting defines traffic that is to be identified?

  1. Filter action

  2. Filter

  3. Tunnel endpoint

  4. Connection type

Answer B is correct. A filter defines traffic that is to be identified. Filter action identifies how traffic will be handled after it is identified; therefore, answer A is incorrect. Tunnel endpoint identifies the predefined IP address of the router of a remote network; therefore, answer C is incorrect. Connection type identifies whether the connection can be LAN, dial-up, or both; therefore, answer D is incorrect.

Question 8

Which two components of a rule work together to identify packets and then make decisions that affect traffic flow and security?

  1. Kerberos V5

  2. Filters

  3. Filter actions

  4. Connection types

Answers B and C are correct. Filters and filter actions work together to identify packets and then make decisions that affect traffic flow and security. Kerberos V5 is an authentication protocol that runs by default; therefore, answer A is incorrect. Connection types identify whether a rule applies to a LAN, dial-up, or both; therefore, answer D is incorrect.

Question 9

Which AD service should you use to distribute IPSec policies that affect all of the computers in a single domain?

  1. AD replication

  2. Kerberos V5

  3. Group Policy

  4. Remote Installation Services (RIS)

Answer C is correct. You should use Group Policy to distribute IPSec policies that affect all of the computers in a single domain. AD replication is not involved in the distribution of IPSec policies to a domain; therefore, answer A is incorrect. Kerberos V5 is the default authentication protocol for AD, but is not involved in distributing IPSec policies; therefore, answer B is incorrect. You can use RIS to install new clients and servers, but RIS is not involved in distributing IPSec policies; therefore, answer D is incorrect.

Question 10

Which two tools should you use to create, manage, and deploy IPSec policies?

  1. Local Security Policy MMCs for each computer

  2. IP Security Policy Management Console

  3. netsh ipsec

  4. Active Directory Sites and Services

Answers B and C are correct. The IP Security Policy Management Console and the netsh ipsec command can both be used to create and deploy IPSec policies. Local security policies on each computer cannot be used to control an entire domain; therefore, answer A is incorrect. Active Directory Sites and Services cannot be used to control the IPSec policies for a domain; therefore, answer D is incorrect.

  • + Share This
  • 🔖 Save To Your Account