Lesson 9: Securing Data Transmission and Authentication Multiple Choice 1. Where is the checksum located?

a) footer of each packet b) header of each packet c) payload of each packet d) application data of each packet 2. What suite of protocols was introduced to provide a series of cryptographic algorithms that can be used to provide security for all TCP/IP hosts at the Internet layer, regardless of the actual application that is sending or receiving data? a) IPSec b) checksum c) TCP d) UDP 3. What are the IPSEC default settings for the key lifetime in minutes? a) 350 b) 380 c) 450 d) 480 4. What rule allows you to restrict inbound and outbound connections based on certain sets of criteria, such as membership in a particular Active Directory domain? a) Tunnel b) Authentication exemption c) Isolation d) Server to server 5. Which rule allows you to specify one or more computers that do not need to be authenticated to pass traffic? a) Tunnel b) Authentication exemption c) Isolation d) Server to server 6. Before secure data is sent, what must occur to determine the type of traffic to be secured and how it will be secured? a) quick mode negotiations b) quick mode messages c) IKE main mode negotiations d) IKE main mode messages

7. IKE main mode has a default lifetime of __________ hours. a) 6 b) 8 c) 10 d) 12 8. To set the Netsh IPSec context, what is the first command you enter at the command prompt? a) netsh b) ipsec c) static d) dynamic 9. Which statistic represents the number of failed outbound requests that occurred to establish the SA since the IPSec service started? a) Receive Failures b) Acquire Failures c) Send Failures d) Authentication Failures 10. The command set config property=ipsecloginterval value=value can be set to what range of values? a) 0 7 b) 0, 1 c) 60 86,400 d) 0, 1, 2 11. Which middle-of-the-road form of NTLM authentication was used to improve upon the security of LM Authentication? a) LMv2 Authentication b) NTLM Authentication c) NTLMv2 Authentication d) None of the above 12. Which type of attack is one in which a malicious user masquerades as the legitimate sender or recipient of network traffic? a) data modification b) denial of service c) man in the middle d) identity spoofing 13. Which process is used to establish trust between communicating systems, after which only trusted systems can communicate with each other? a) shared cryptography b) cryptographic checksum c) mutual authentication d) filtered methodology

14. Which default authentication method is used by IPSec policies deployed within an Active Directory domain and can only be used in an Active Directory environment? a) Kerberos v5 protocol b) PKI certificate from a Certification Authority (CA) c) preshared key d) IPSec Authentication mode 15. What allows traffic that is defined in one direction to also be defined in the opposite direction? a) manifestation b) reflection c) mirroring d) evidencing 16. The driving factor behind combining administration of the Windows Firewall with IPSec policies is to streamline network administration on which type of computer? a) Windows Server 2008 b) Windows Server 2003 c) Windows Vista d) Windows 2000 17. Which field does the IPSec driver use to match the correct SA with the correct packet? a) IPSec Driver field b) IKE Authentication field c) IP Filter field d) SPI field 18. What is used to determine encryption key material and security protection for use in protecting subsequent main mode or quick mode communications? a) quick mode negotiations b) quick mode messages c) main mode negotiations d) main mode messages 19. What statistic shows the total number of failed outbound quick mode SA addition requests that have been submitted by IKE to the IPSec driver since the IPSec service was last started? a) Key Addition Failures b) Key Update Failures c) Get SPI Failures d) Receive Failures 20. What is the default authentication protocol in an Active Directory network? a) Kerberos v5 b) LM Authentication c) NTLM Authentication d) NTLMv2 Authentication

True/False 21. Each TCP/IP packet protected with IPSec contains a cryptographic checksum in the form of a keyed hash. 22. Use Tunnel mode when you require packet filtering and end-to-end security. 23. The Authentication Header (AH) protocol provides confidentiality and data encryption. 24. For IPSec, the only exception to complete protected cipher suite negotiation is the negotiation of the cipher suite of the initial ISAKMP SA, which is sent as XML. 25. To identify a specific SA for tracking purposes, a 32-bit number known as the Security Parameters Index (SPI) is used. Fill-in-the-Blank 26. An IP filter can be __________, meaning that traffic defined in one direction will also be defined in the opposite direction. 27. Quick mode messages are __________ messages that are encrypted using the ISAKMP SA. 28. IKE main mode has a default lifetime of __________ hours, but this number is configurable from 5 minutes to a maximum of 48 hours. 29. IPSec policy information is stored in Active Directory and cached in the local __________ of the computer to which it applies. 30. You can configure __________ policies to extend existing Active Directorybased or local IPSec policies, override Active Directorybased or local IPSec policies, and enhance security during computer startup. 31. You can use the IP Security Policy Management console or the __________ command-line utility to manage an Active Directorybased policy. 32. __________ are the source IP address or range of addresses from which inbound traffic will be permitted. 33. A(n) __________ firewall is so named because it can track and maintain information based on the status of a particular connection. 34. A(n) __________ connection security rule allows you to restrict inbound and outbound connections based on certain sets of criteria, such as membership in a particular Active Directory domain. 35. A(n) __________ is a value contained in a received IKE message that is used to help identify

the corresponding main mode SA. Short Answer 36. Previous versions of Windows supported what type of rule in IPSec, which was activated by default for all policies? 37. The Windows Firewall is enabled by default on all new installations of Windows Server 2008. How can it be managed? 38. What standard defines a mechanism to establish SAs? 39. Which Diffie-Hellman process does not prevent a man-in-the-middle attack, in which a malicious user between the negotiating peers performs two Diffie-Hellman exchanges, one with each peer? 40. What does Windows Server 2008 IPSec also support, which is the determination of new keying material through a new Diffie-Hellman exchange on a regular basis? 41. The Windows Firewall with Advanced Security MMC snap-in enables you to incorporate IPSec into the Windows Firewall by configuring one or more what? 42. What is the name of the concatenation of one or more IP filters, which define a range of network traffic? 43. What can you use to determine the IPSec policies that are assigned but are not applied to IPSec clients? Essay 44. What is the purpose of a checksum? 45. You can use the Windows Event Viewer to view which IPSec-related events? 46. What are the components of an IPSec policy? 47. When you add the IP Security Policy Management snap-in to an MMC console, what four options do you have for managing IPSec policies? 48. What is the driving factor behind combining administration of the Windows Firewall with IPSec policies? 49. What are the available versions of NTLM Authentication? 50. The Windows Firewall with Advanced Security MMC snap-in is a new feature in Windows Vista and Windows Server 2008 that allows you to configure new features within the Windows

Firewall, including what?