Windows 10 & 11
description
Transcript of Windows 10 & 11
Question 1
1 out of 1 points
DHCP is the only NAP enforcement method that can be deployed in a non-Active Directory environment.Answer
Selected Answer: True
Correct Answer: True
Question 2
1 out of 1 points
If a client cannot provide the necessary health certificate, they will still be able to participate in IPSec-secured traffic.Answer
Selected Answer: False
Correct Answer: False
Question 3
1 out of 1 points
Windows Server 2008, Windows Vista, and Windows XP with Service Pack 3 all have a built-in NAP client, and third-party vendors can use the NAP API to write additional clients for additional operating systems, such as Macintosh and Linux computers.Answer
Selected Answer: True
Correct Answer: True
Question 4
1 out of 1 points
DHCP enforcement is the least secure enforcement method because a user can simply configure their computer with a static IP configuration to bypass any DHCP enforcement method that is in place.Answer
Selected Answer: True
Correct Answer: True
Question 5
1 out of 1 points
Depending on the configuration item that is being monitored for compliance, autoremediation may not be possible.Answer
Selected Answer: True
Correct Answer: True
Question 6
1 out of 1 points
In a PKI, each user/computer possesses a piece of information that is known only to the individual user or computer that is called a __________.
Answer
Selected Answer:private key
Correct Answer:private key
Question 7
1 out of 1 points
Which digital document contains identifying information about a particular user, computer, service, and so on?Answer
Selected Answer:digital certificate
Correct Answer:digital certificate
Question 8
1 out of 1 points
Which of the following provides a detailed explanation of how a particular Certification Authority manages certificates and keys?Answer
Selected Answer:Certificate Practice Statement
Correct Answer:Certificate Practice Statement
Question 9
1 out of 1 points
Which service responds to requests from clients concerning the revocation status of a particular certificate, sending back a digitally signed response indicating the certificate’s current status?Answer
Selected Answer:Online Responder
Correct Answer:Online Responder
Question 10
1 out of 1 points
Which CA integrates with an Active Directory domain and can use certificate templates to allow autoenrollment of digital certificates, as well as store the certificates themselves within the Active Directory database?Answer
Selected Answer:enterprise
Correct Answer:enterprise
Question 11
1 out of 1 points
Certificate templates can be used to automate the deployment of PKI certificates by controlling the __________.Answer
Selected Answer:security settings associated with each template
Correct Answer:security settings associated with each template
Question 12
1 out of 1 points
Which security role is tasked with issuing and managing certificates, including approving certificate enrollment and revocation requests?Answer
Selected Answer:Certificate Manager
Correct Answer:Certificate Manager
Question 13
1 out of 1 points
Which of the following is not a privilege granted to certificate managers?Answer
Selected Answer:modify Certificate Revocation List (CRL) publication schedules
Correct Answer:modify Certificate Revocation List (CRL) publication schedules
Question 14
1 out of 1 points
To indicate the health status of a particular SHA, each SHA creates what kind of statement that it transmits to the NAP Agent?Answer
Selected Answer:Statement of Health
Correct Answer:Statement of Health
Question 15
0 out of 1 points
Who maintains information about the health of the NAP client computer and transmits information between the NAP Enforcement Clients and the System Health Agents?Answer
Selected Answer:System Health Agent
Correct Answer:NAP Agent
Question 16
1 out of 1 points
A server that operates the NAP Enforcement Server components is referred to as a NAP __________.Answer
Selected Answer:enforcement point
Correct Answer:enforcement point
Question 17
1 out of 1 points
Depending on the enforcement method in use, a NAP enforcement point can take a number of different forms, such as what?Answer
Selected Answer:All of the above
Correct Answer:All of the above
Question 18
1 out of 1 points
To distribute the load of issuing certificates in a geographically dispersed location, an organization can have one or more __________ CAs.Answer
Selected Answer:intermediate
Correct Answer:intermediate
Question 19
1 out of 1 points
Which enforcement method allows authorized remote users to connect to resources on an internal corporate or private network from any Internet-connected device?Answer
Selected Answer:Terminal Services Gateway (TS Gateway) enforcement
Correct Answer:Terminal Services Gateway (TS Gateway) enforcement
Question 20
1 out of 1 points
The IPSec NAP enforcement method relies on which type of PKI certificate to perform its enforcements?Answer
Selected Answer:health certificate
Correct Answer:health certificate
Question 21
0 out of 1 points
The NPS service combines each Statement of Health Response into what?Answer
Selected Answer:System Statement of Health Requirement
Correct Answer:System Statement of Health Response
Question 22
1 out of 1 points
What is an optional component that can be deployed to allow non-compliant client computers to achieve network compliance and gain network access?Answer
Selected Answer:remediation server
Correct Answer:remediation server
Question 23
1 out of 1 points
Which feature enables users to request their own PKI certificates, typically through a Web browser?Answer
Selected Answer:self-enrollment
Correct Answer:self-enrollment
Question 24
1 out of 1 points
What feature allows users or computers to manually request a certificate based a template?Answer
Selected Answer:Enroll ACL
Correct Answer:Enroll ACL
Question 25
1 out of 1 points
Which element of Active Directory Certificate Services utilizes the Online Certificate Status Protocol to act in response to client requests?Answer
Selected Answer:Online Responder
Correct Answer:Online Responder
Question 26
8 out of 10 points
Match description to terminology.Answer
Question Correct Match Selected Match
Group Policy can be used to establish __________ settings for an Active Directory domain.
I.autoenrollment
D.autoremediation
__________ is an extremely flexible command-line utility for administering Active Directory Certificate Services.
E.Certutil
E.Certutil
NAP can perform __________ if it detects that the client is out of compliance.
D.autoremediation
I.autoenrollment
The top-level CA in any PKI hierarchy is the __________ CA.
H.root
H.root
A(n) __________ CA integrates with an Active Directory domain, and it can use certificate templates to allow autoenrollment of digital certificates, as well as store the certificates themselves within the Active Directory database.
J.enterprise
J.enterprise
Simple Certificate Enrollment __________ allows network devices to enroll for PKI certificates.
G.Protocol
G.Protocol
The __________ service combines each Statement of Health Response into a System Statement of Health Response (SSOHR).
B.NPS
B.NPS
Windows Server 2008, Windows Vista, and Windows XP with Service Pack 3 all have a built-in NAP client, and third-party vendors can use the NAP __________ to write additional clients for additional operating systems, such as Macintosh and Linux computers.
A.API
A.API
Enforcement __________ receive information from the Enforcement Clients on each client, which is then consumed by other components of
F.Servers
F.Servers
the NAP server-side architecture.
To deploy the DHCP enforcement mechanism within Network Access Protection, you must first deploy a(n) __________ server running Windows Server 2008
C.DHCP
C.DHCP
Question 27
6 out of 8 points
Match the description to terminology.Answer
Question Correct Match Selected Match
The new Active Directory Certificate Services (AD CS) role in Windows Server 2008 is a component within Microsoft’s larger what?
E.
Identity Lifecycle Management strategy
E.
Identity Lifecycle Management strategy
PKI consists of a number of elements that allow two parties to communicate securely without any previous communication through the use of a mathematical algorithm called what?
G.
public key cryptography
G.
public key cryptography
Users can use a smart card to authenticate to an Active Directory domain, access a Web site, or authenticate to other secured resources through the use of what type of physical device that attaches to a workstation?
B.
smart card reader
B.
smart card reader
What is the network protocol that allows network devices to enroll for PKI certificates?
F.
Simple Certificate Enrollment Protocol
F.
Simple Certificate Enrollment Protocol
Certification Authority Web Enrollment allows users to manually request certificates using a Web interface, which is located where by default on a CA that is running the Certification Authority Web Enrollment role service?
C.
https://<CA Name>/certsrv
C.
https://<CA Name>/certsrv
An escrow copy of a private key can be D. D.
restored by one or more of what item?key recovery agents
key recovery agents
What solution controls access to corporate network resources based on the identity of the computer attempting to connect to the resource, as well as the connecting computer’s compliance with corporate policies and standards like patching levels and Windows Firewall configurations?
H.NAP
A.
health certificates
What is the name of the specially configured PKI certificates used by the Internet Protocol Security (IPSec) enforcement method that are issued to clients that meet defined compliance standards?
A.
health certificates
H.NAP
CHAPTER 11