Lesson 9: Securing Infrastructure Services

Question 1

1. Which of the following types of connections is established between two computers involved in the tunneling process?
   a) VPN
   b) PPP
   c) PPTP
   d) SSTP

Answer 1

b) PPP

Question 2

2. For authentication, PPTP supports all of the following authentication protocols except __________.
   a) Microsoft Challenge Handshake Authentication Protocol version 1
   b) Microsoft Challenge Handshake Authentication Protocol version 2
   c) Microsoft Point-to-Point Encryption (MPPE)
   d) Extensible Authentication Protocol

Answer 2

c) Microsoft Point-to-Point Encryption (MPPE)

Question 3

3. Secure Socket Tunneling Protocol (SSTP) is supported only on clients running which of the following operating systems?
   a) Windows Vista
   b) Windows Vista with Service Pack 1
   c) Windows Server 2008
   d) Windows XP with Service Pack 2

Answer 3

b) Windows Vista with Service Pack 1

Question 4

4. Which of the following do attackers use if they want to find an organization’s dial-up ports?
   a) VPN requests
   b) port scanner
   c) war dialer
   d) application fuzzer

Answer 4

c) war dialer

Question 5

5. Which of the following is the strongest authentication protocol supported by Windows Server 2008?
   a) Microsoft Encrypted Authentication Version 2
   b) Challenge Handshake Authentication Protocol
   c) Password Authentication Protocol (PAP)
   d) Extensible Authentication Protocol (EAP)

Answer 5

d) Extensible Authentication Protocol (EAP)

Question 6

6. Which of the following methods enables the server to support authentication with smart cards or other types of digital certificates?
   a) Extensible Authentication Protocol-Transport Level Security (EAP-TLS)
   b) Protected EAP (PEAP)
   c) Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAPv2)
   d) Encrypted Authentication

Answer 6

a) Extensible Authentication Protocol-Transport Level Security (EAP-TLS)

Question 7

7. Which of the following allows designated recovery agents to create public keys that can decode encrypted information?
   a) Internet authentication
   b) digital signatures
   c) Encrypting File System
   d) IP Security

Answer 7

c) Encrypting File System

Question 8

8. Which of the following authentication devices verifies the identity of a user during logon?
   a) IP Security
   b) smart card
   c) software code signing
   d) Internet authentication

Answer 8

b) smart card

Question 9

9. Which of the following terms specifies the functions for which a digital certificate can be used?
   a) public key
   b) key usage
   c) enhanced key usage
   d) subject

Answer 9

c) enhanced key usage

Question 10

10. Which of the following specifies a value assigned by the CA that uniquely identifies the certificate?
    a) signature algorithm
    b) serial number
    c) version
    d) subject

Answer 10

b) serial number

Question 11

11. Which of the following contains a digest of the certificate data used for digital signing?
    a) certificate policies
    b) friendly name
    c) thumbprint algorithm
    d) thumbprint

Answer 11

d) thumbprint

Question 12

12. Which of the following is not a factor that administrators should consider when choosing the length for a certificate’s lifetime?
    a) provider of the certificate
    b) standard practices in the industry
    c) government regulations
    d) type of certificate

Answer 12

a) provider of the certificate

Question 13

13. In Windows Server 2008, a root CA’s self-generated certificate defaults to a validity period of __________.
    a) 6 months
    b) 1 year
    c) 3 years
    d) 5 years

Answer 13

d) 5 years

Question 14

14. Which of the following is not a role that can be selected when you install Active Directory Certificate Services on a Windows Server 2008 computer?
    a) subordinate
    b) enterprise
    c) standalone
    d) intermediate

Answer 14

d) intermediate

Question 15

15. Which of the following is not a required permission that must be granted to the same user or group for the autoenrollment certificate template permission to function correctly?
    a) Allow Autoenroll
    b) Allow Enroll
    c) Allow Read
    d) Allow Write

Answer 15

d) Allow Write

Question 16

16. Which of the following template versions provides backward compatibility for CAs running Windows Server 2003, Standard Edition and Windows 2000 family operating systems?
    a) version 1
    b) version 2
    c) version 3
    d) version 4

Answer 16

a) version 1

Question 17

17. Which of the following Windows Server 2008 Certificate templates allows user authentication, EFS encryption, secure email, and certificate trust list signing?
    a) administrator
    b) user
    c) computer
    d) domain controller

Answer 17

a) administrator

Question 18

18. Smartcard User is a version __________ certificate template.
    a) 1
    b) 2
    c) 3
    d) 4

Answer 18

a) 1

Question 19

19. Which of the following steps is not part of the certificate enrollment process?
    a) generating keys
    b) requesting the certificate
    c) verifying the certificate
    d) sending or posting the certificate

Answer 19

c) verifying the certificate

Question 20

20. Which of the following is not a reason code for revoking a certificate?
    a) key compromise
    b) CA compromise
    c) certificate compromise
    d) superseded

Answer 20

c) certificate compromise

Question 21

21. Secure Socket Tunneling Protocol (SSTP) is supported only on clients running which of the following operating systems? (Choose all that apply.)
    a) Windows 7
    b) Windows Vista with Service Pack 1
    c) Windows Server 2008
    d) Windows XP with Service Pack 2

Answer 21

a) Windows 7

b) Windows Vista with Service Pack 1

Question 22

22. Which of the following is the strongest authentication protocol supported by Windows Server 2008?
    a) Microsoft Encrypted Authentication Version 2
    b) Challenge Handshake Authentication Protocol
    c) Password Authentication Protocol (PAP)
    d) Extensible Authentication Protocol (EAP)

Answer 22

d) Extensible Authentication Protocol (EAP)

Question 23

23. Which of the following methods enables the server to support authentication with smart cards or other types of digital certificates?
    a) Extensible Authentication Protocol-Transport Level Security (EAP-TLS)
    b) Protected EAP (PEAP)
    c) Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAPv2)
    d) Encrypted Authentication

Answer 23

a) Extensible Authentication Protocol-Transport Level Security (EAP-TLS)

Question 24

24. Which VPN protocol supports data confidentiality, data integrity, data authentication, and VPN Reconnect?
    a) L2TP with IPSec
    b) IKEv2
    c) PPTP
    d) SSTP

Answer 24

b) IKEv2

Question 25

25. Which port is used by IKEv2?
    a) TCP port 80
    b) TCP port 443
    c) TCP port 500
    d) TCP port 8080

Answer 25

c) TCP port 500

Question 26

26. Within the PKI, the certificate authority binds a public key with respective user identities and issues digital certificates containing the public key. For this system to work, the CA must be ___________.
    a) independent
    b) bypassed
    c) trusted
    d) linked

Answer 26

c) trusted

Question 27

27. Which of the following uses a cryptographic system that uses two keys (public and private) to encrypt data and whose public key is published in a digital certificate that confirms the Web server’s identity of Web server?
    a) S/MIME
    b) PGP
    c) EFS
    d) SSL

Answer 27

d) SSL

Question 28

28. Which of the following are factors that you should consider when choosing the length for a certificate’s lifetime? (Choose all that apply.)
    a) The provider of the certificate
    b) The standard practices in the industry
    c) The government regulations
    d) The type of certificate

Answer 28

b) The standard practices in the industry
c) The government regulations
d) The type of certificate

Question 29

29. Which basic type of CA integrates into the Active Directory environment?
    a) subordinate
    b) enterprise
    c) standalone
    d) intermediate

Answer 29

b) enterprise

Question 30

30. Which basic type of CA does not integrate into the Active Directory environment and does not use certificate templates?
    a) subordinate
    b) enterprise
    c) standalone
    d) intermediate

Answer 30

c) standalone

Question 31

31. In which location is a Enterprise Root CA installed?
    a) The domain controller.
    b) The stand-alone server.
    c) The dedicated Windows workstation.
    d) The member server that is part of the Active Directory domain.

Answer 31

a) The domain controller.

Question 32

32. Which of the following template versions provides backward compatibility for CAs running Windows Server 2003, Standard Edition and Windows 2000 family operating systems?
    a) version 1
    b) version 2
    c) version 3
    d) version 4

Answer 32

a) version 1

Question 33

33. Which certificate template version can be issued only by CAs running Windows Server 2008 or Windows Server 2008 R2?
    a) 1
    b) 2
    c) 3
    d) 4

Answer 33

c) 3

Question 34

34. Which term best describes the process in which a client automatically receives a digital certificate?
    a) autoenrollment
    b) web enrollment
    c) self-signed enrollment
    d) manual enrollment

Answer 34

a) autoenrollment

Question 35

35. Which Internet protocol is used to obtain the revocation status of an X.509 digital certificate?
    a) CRL
    b) SCEP
    c) OSCP
    d) CSP

Answer 35

c) OSCP