1. A. You can think of a template as having predetermined settings that can be applied to multiple objects, either at the same time or at different times. You can use a template to build a Group Policy.
Only answer A matches the purpose and use of a template. For more information, see Chapter 1.
2. C, D. When you take a long step back from Windows Server 2003 you’ll find that there are really two parts to a GPO: one for the computer and the other for the user. For more informa-tion, see Chapter 1.
3. A. L2TP is unable to work through NAT. For more information, see Chapter 8.
4. A, B, C. Windows XP Professional offers some improvements on EFS from Windows 2000 Professional, including sharing EFS-encrypted files, encrypting offline files cached on a lap-top, using web folders for storing encrypted files, using 3DES, and the ability to reset pass-words without breaking EFS by using a special reset disk. For more information, see Chapter 10.
5. B. Auditing is the process by which you define the kinds of events that you want to display in the Security Log. Process tracking is one type of event that can be audited. For more information, see Chapter 11.
6. A, B. You use the IIS Lockdown tool to configure IIS to work with only some types of requests based on the type of website that you want to lock down. This tool is rather useful and is popular too. URLScan runs as part of IIS Lockdown. For more information, see Chapter 2.
7. A. Nonrepudiation describes the assurance that the person who claims they sent the message is the same person who actually sent the message. Although similar, the terms in the other answers really have different foci. For more information, see Chapter 9.
8. A. If the CRL does not list his certificate as being revoked, the certificate is assumed to be good.
The next time the CRL is published, the certificate will be on it, and it will no longer work. For more information, see Chapter 9.
9. B. Unlike nonrepudiation, which assures that the sender really sent the message, integrity assures that the message itself has not been altered in transit. It is important to have integrity so that you know that the message received was the same as the message sent. For more informa-tion, see Chapter 9.
10. D. IAS works with your wireless users to ensure that they can be authenticated to Active Direc-tory. Although your server may use Kerberos as the authentication protocol, the point that wire-less users interact with is the IAS. For more information, see Chapter 2.
11. D. Only Windows 2000 and later support Kerberos authentication. For more information, see Chapter 7.
12. C. Microsoft Baseline Security Analyzer is the graphical equivalent to HFNetChk. MBSA does more than just identify computer missing service packs and hotfixes. MBSA also scans comput-ers for known vulnerabilities. For more information, see Chapter 3.
Answers to Assessment Test xli
13. D. None of the other answers deal with service pack file incorporation into the source install files. Slipstreaming is a method for ensuring that the latest version of each file is installed the first time, and it eliminates the need to install a service pack after the initial operating system instal-lation. For more information, see Chapter 3.
14. D. This free software—Software Update Services (SUS)—is designed to ensure that your servers and workstations are kept up-to-date with the latest hotfix installations. Employing this tool helps you close known vulnerabilities quickly. For more information, see Chapter 3.
15. C. Although digital signatures can sign an entire message as a single package, SMB signing signs each packet while it is in transit between two points. This type of signature gives added security and assures nonrepudiation. For more information, see Chapter 4.
16. B. Impersonation is the process of acting and looking like another person on the network.
Successful impersonation damages nonrepudiation. For more information, see Chapter 9.
17. A. The SSID is used by wireless access points to identify different wireless networks. For more information, see Chapter 5.
18. A, B, C, D. Windows 2000 Professional supports all of these authentication methods. For more information, see Chapter 7.
19. B. Loopback is the process of ensuring that the computer portion of a GPO that would not have been assigned based on the user’s logged-in security context is still assigned. This usually hap-pens in the context of having multiple GPOs assigned or inherited by a given object in the folder.
For more information, see Chapter 1.
20. D. A security association (SA) is the term used to describe the process of two computers nego-tiating all the aspects of security so that they can talk to each other. The other three answers are all part of the SA negotiations. For more information, see Chapter 4.
21. B. L2TP is more secure than PPTP. For more information, see Chapter 8.
22. A. You’ll see these two terms—tunnel mode and transport mode—on the exam. Just remember that in tunnel mode the packet is encrypted all the way to its final destination endpoint. In trans-port mode, this is not the case. For more information, see Chapter 4.
23. B, D. How do you know that an IPSec policy assignment is really working? You can use either PING (Packet Internet Groper) or IPSec Monitor. For more information, see Chapter 4.
24. B. Check event logs every day. Warning messages can be especially problematic if they are dif-ficult to troubleshoot. Although you can skim past the blue information icons, be sure to stop and read the warning and error messages. For more information, see Chapter 11.
25. A, B, D. SSL can be used with SMTP, HTTP, and IMAP4 to secure these protocols. For more information, see Chapter 6.
26. A, B, C. Certificates do not list the CRL publication interval because it can be changed on the CA well after certificates have been issued. For more information, see Chapter 9.
27. A. Directory Services auditing audits events related to objects in Active Directory. Object Access auditing can refer to objects outside AD such as a printer. For more information, see Chapter 11.
4332.book Page xli Sunday, June 6, 2004 1:52 PM
28. C. Network Monitor is Microsoft’s sniffer. It can capture packets that flow on the network line for later analysis. For more information, see Chapter 11.
29. D. EventComb is the tool used to coalesce multiple log entries. For more information, see Chapter 11.
30. A. The MAC address of network devices is a combination of a manufacturer identifier and a manufacturer-assigned address that is supposed to be unique among all other network devices.
For more information, see Chapter 5.
31. A, B. EFS and S/MIME are user certificate templates and are stored in the user profile. For more information, see Chapter 10.
32. B. WPA is considered a replacement for WEP. WPA provides encryption for wireless networks that is not susceptible to the same attacks as WEP. For more information, see Chapter 5.
33. A, B, C. 802.1x authentication requires Windows XP Professional client operating systems, a Windows Active Directory domain, a certificate authority to issue certificates, a RADIUS server, and remote access policies. For more information, see Chapter 5.
34. A. Public/private keys use asymmetric keys. When one key is used to encrypt, the other key is used to decrypt. For example, if you send an e-mail to somebody encrypted with their public key, they use their private key (the matching one of the pair) to decrypt the e-mail. For more infor-mation, see Chapter 6.
35. D. Unauthorized wireless access points are often called rogue access points. These devices can cause considerable problems with existing wireless networks and are considered security risks.
For more information, see Chapter 5.