Import Settings:

advertisement
Lesson 10: Maintaining Network Health
Multiple Choice
1. In a PKI, each user/computer possesses a piece of information that is known only to the
individual user or computer that is called a __________.
a) public key
b) private packet
c) private key
d) shared secret key
2. Which digital document contains identifying information about a particular user, computer,
service, and so on?
a) digital signature
b) digital certificate
c) certificate revocation list
d) smart card
3. Which of the following provides a detailed explanation of how a particular Certification
Authority manages certificates and keys?
a) smart card
b) certificate template
c) Certificate Revocation List
d) Certificate Practice Statement
4. Which service responds to requests from clients concerning the revocation status of a
particular certificate, sending back a digitally signed response indicating the certificate’s current
status?
a) Web enrollment
b) Network Device Enrollment Service
c) Online Responder
d) Simple Certificate Enrollment Protocol
5. Which CA integrates with an Active Directory domain and can use certificate templates to
allow autoenrollment of digital certificates, as well as store the certificates themselves within the
Active Directory database?
a) standalone
b) enterprise
c) subordinate
d) none of the above
6. Certificate templates can be used to automate the deployment of PKI certificates by
controlling the __________.
a) security settings associated with each template
b) user settings associated with each template
c) configuration settings associated with each template
d) networking settings associated with each template
7. Which security role is tasked with issuing and managing certificates, including approving
certificate enrollment and revocation requests?
a) CA Administrator
b) Certificate Manager
c) Backup Operator
d) Auditor
8. Which of the following is not a privilege granted to certificate managers?
a) modify Certificate Revocation List (CRL) publication schedules
b) recover archived keys
c) issue, approve, deny, revoke, reactivate, and renew certificates
d) read records and configuration information in the CA database
9. To indicate the health status of a particular SHA, each SHA creates what kind of statement
that it transmits to the NAP Agent?
a) System Health Agent
b) Statement of Health
c) Statewide Statement of Health
d) System Statement of Health
10. Who maintains information about the health of the NAP client computer and transmits
information between the NAP Enforcement Clients and the System Health Agents?
a) Health Registration Authority
b) System Health Agent
c) NAP Agent
d) System Health Validator
11. A server that operates the NAP Enforcement Server components is referred to as a NAP
__________.
a) Agent
b) enforcement point
c) enforcement server
d) none of the above
12. Depending on the enforcement method in use, a NAP enforcement point can take a number
of different forms, such as what?
a) 802.1X-capable Wireless Access Point for 802.1X enforcement
b) Health Registration Authority (HRA) that can obtain health certificates from client computers
when the IPSec enforcement method is used
c) Windows Server 2008 DHCP server for the DHCP enforcement method
d) All of the above
13. To distribute the load of issuing certificates in a geographically dispersed location, an
organization can have one or more __________ CAs.
a) intermediate
b) subordinate
c) standalone
d) enterprise
14. Which enforcement method allows authorized remote users to connect to resources on an
internal corporate or private network from any Internet-connected device?
a) Internet Protocol Security (IPSec) enforcement
b) VPN enforcement
c) 802.1X enforcement
d) Terminal Services Gateway (TS Gateway) enforcement
15. The IPSec NAP enforcement method relies on which type of PKI certificate to perform its
enforcements?
a) IPSec certificate
b) NAP certificate
c) health certificate
d) recovery certificate
16. The NPS service combines each Statement of Health Response into what?
a) System Statement of Health Response
b) System Statement of Health Requirement
c) Statement of Health Requirement
d) System Statement of Health Policy
17. What is an optional component that can be deployed to allow non-compliant client computers
to achieve network compliance and gain network access?
a) enforcement server
b) health policy server
c) health requirement server
d) remediation server
18. Which feature enables users to request their own PKI certificates, typically through a Web
browser?
a) self-enrollment
b) recovery agents
c) autoenrollment
d) Web enrollment
19. What feature allows users or computers to manually request a certificate based a template?
a) Enroll ACL
b) Write ACL
c) Read ACL
d) Autoenroll ACL
20. Which element of Active Directory Certificate Services utilizes the Online Certificate Status
Protocol to act in response to client requests?
a) NDES
b) subordinate CA
c) Certificate Revocation List
d) Online Responder
.
True/False
21. DHCP is the only NAP enforcement method that can be deployed in a non-Active Directory
environment.
22. If a client cannot provide the necessary health certificate, they will still be able to participate
in IPSec-secured traffic.
23. Windows Server 2008, Windows Vista, and Windows XP with Service Pack 3 all have a
built-in NAP client, and third-party vendors can use the NAP API to write additional clients for
additional operating systems, such as Macintosh and Linux computers.
24. DHCP enforcement is the least secure enforcement method because a user can simply
configure their computer with a static IP configuration to bypass any DHCP enforcement method
that is in place.
25. Depending on the configuration item that is being monitored for compliance,
autoremediation may not be possible.
Fill-in-the-Blank
26. Group Policy can be used to establish __________ settings for an Active Directory domain.
27. __________ is an extremely flexible command-line utility for administering Active Directory
Certificate Services.
28. NAP can perform __________ if it detects that the client is out of compliance.
29. The top-level CA in any PKI hierarchy is the __________ CA.
30. A(n) __________ CA integrates with an Active Directory domain, and it can use certificate
templates to allow autoenrollment of digital certificates, as well as store the certificates
themselves within the Active Directory database.
31. Simple Certificate Enrollment __________ allows network devices to enroll for PKI
certificates.
32. The __________ service combines each Statement of Health Response into a System
Statement of Health Response (SSOHR).
33. Windows Server 2008, Windows Vista, and Windows XP with Service Pack 3 all have a
built-in NAP client, and third-party vendors can use the NAP __________ to write additional
clients for additional operating systems, such as Macintosh and Linux computers.
34. Enforcement __________ receive information from the Enforcement Clients on each client,
which is then consumed by other components of the NAP server-side architecture.
35. To deploy the DHCP enforcement mechanism within Network Access Protection, you must
first deploy a(n) __________ server running Windows Server 2008.
Short Answer
36. The new Active Directory Certificate Services (AD CS) role in Windows Server 2008 is a
component within Microsoft’s larger what?
37. PKI consists of a number of elements that allow two parties to communicate securely without
any previous communication through the use of a mathematical algorithm called what?
38. Users can use a smart card to authenticate to an Active Directory domain, access a Web site,
or authenticate to other secured resources through the use of what type of physical device that
attaches to a workstation?
39. What is the network protocol that allows network devices to enroll for PKI certificates?
40. Certification Authority Web Enrollment allows users to manually request certificates using a
Web interface, which is located where by default on a CA that is running the Certification
Authority Web Enrollment role service?
41. An escrow copy of a private key can be restored by one or more of what item?
42. What solution controls access to corporate network resources based on the identity of the
computer attempting to connect to the resource, as well as the connecting computer’s compliance
with corporate policies and standards like patching levels and Windows Firewall configurations?
43. What is the name of the specially configured PKI certificates used by the Internet Protocol
Security (IPSec) enforcement method that are issued to clients that meet defined compliance
standards?
Download