Вы находитесь на странице: 1из 2

Quiz Week 6 Chapters 9 and 10

Windows Server 2008, Windows Vista, and Windows XP with Service Pack 3 all have a
built-in NAP client, and third-party vendors can use the NAP API to write additional
clients for additional operating systems, such as Macintosh and Linux computers.
True

If a client cannot provide the necessary health certificate, they will still be able to
participate in IPSec-secured traffic.
False

What allows traffic that is defined in one direction to also be defined in the opposite
direction?
mirroring

What does Windows Server 2008 IPSec also support, which is the determination of new
keying material through a new Diffie-Hellman exchange on a regular basis?
Dynamic Rekeying

What rule allows you to restrict inbound and outbound connections based on certain
sets of criteria, such as membership in a particular Active Directory domain?
Isolation

The Windows Firewall with Advanced Security MMC snap-in enables you to incorporate
IPSec into the Windows Firewall by configuring one or more what?
Connection Security Rules

What is the default authentication protocol in an Active Directory network?
Kerberos v5

Which statistic represents the number of failed outbound requests that occurred to
establish the SA since the IPSec service started?
Acquire Failures

The command "set config property=ipsecloginterval value=value" can be set to what
range of values?
60 - 86,400

IKE main mode has a default lifetime of __________ hours, but this number is
configurable from 5 minutes to a maximum of 48 hours.
16

Who maintains information about the health of the NAP client computer and transmits
information between the NAP Enforcement Clients and the System Health Agents?
NAP Agent

The __________ service combines each Statement of Health Response into a System
Statement of Health Response (SSOHR).
NPS

To distribute the load of issuing certificates in a geographically dispersed location, an
organization can have one or more __________ CAs.
intermediate

Which digital document contains identifying information about a particular user,
computer, service, and so on?
digital certificate

Which security role is tasked with issuing and managing certificates, including approving
certificate enrollment and revocation requests?
Certificate Manager

Which enforcement method allows authorized remote users to connect to resources on
an internal corporate or private network from any Internet-connected device?
Terminal Services Gateway (TS Gateway) enforcement

What is an optional component that can be deployed to allow non-compliant client
computers to achieve network compliance and gain network access?
remediation server

The top-level CA in any PKI hierarchy is the __________ CA.
root

To identify a specific SA for tracking purposes, a 32-bit number known as the Security
Parameters Index (SPI) is used.
True

The Authentication Header (AH) protocol provides confidentiality and data encryption.
False