Assessment 10 Windows Server 2008:NIC
Content
Question 1
1 out of 1 points DHCP is the only NAP enforcement method that can be deployed in a non-Active Directory environment. Answer Selected Answer: Correct Answer: True True
Question 2
1 out of 1 points If a client cannot provide the necessary health certificate, they will still be able to participate in IPSec-secured traffic. Answer Selected Answer: Correct Answer: False False
Question 3
1 out of 1 points Windows Server 2008, Windows Vista, and Windows XP with Service Pack 3 all have a built-in NAP client, and third-party vendors can use the NAP API to write additional clients for additional operating systems, such as Macintosh and Linux computers. Answer Selected Answer: Correct Answer: True True
Question 4
1 out of 1 points DHCP enforcement is the least secure enforcement method because a user can simply configure their computer with a static IP configuration to bypass any DHCP enforcement method that is in place. Answer Selected Answer: Correct Answer: True True
Question 5
1 out of 1 points Depending on the configuration item that is being monitored for compliance, autoremediation may not be possible. Answer Selected Answer: Correct Answer: True True
Question 6
1 out of 1 points In a PKI, each user/computer possesses a piece of information that is known only to the individual user or computer that is called a __________. Answer Selected Answer: private key Correct Answer: private key
Question 7
1 out of 1 points Which digital document contains identifying information about a particular user, computer, service, and so on? Answer Selected Answer: digital certificate Correct Answer: digital certificate
Question 8
1 out of 1 points Which of the following provides a detailed explanation of how a particular Certification
Authority manages certificates and keys? Answer Selected Answer: Certificate Practice Statement Correct Answer: Certificate Practice Statement
Question 9
1 out of 1 points Which service responds to requests from clients concerning the revocation status of a particular certificate, sending back a digitally signed response indicating the certificate’s current status? Answer Selected Answer: Online Responder Correct Answer: Online Responder
Question 10
1 out of 1 points Which CA integrates with an Active Directory domain and can use certificate templates to allow autoenrollment of digital certificates, as well as store the certificates themselves within the Active Directory database? Answer Selected Answer: enterprise Correct Answer: enterprise
Question 11
1 out of 1 points Certificate templates can be used to automate the deployment of PKI certificates by controlling the __________. Answer
Selected Answer: security settings associated with each template Correct Answer: security settings associated with each template
Question 12
1 out of 1 points Which security role is tasked with issuing and managing certificates, including approving certificate enrollment and revocation requests? Answer Selected Answer: Certificate Manager Correct Answer: Certificate Manager
Question 13
1 out of 1 points Which of the following is not a privilege granted to certificate managers? Answer Selected Answer: modify Certificate Revocation List (CRL) publication schedules Correct Answer: modify Certificate Revocation List (CRL) publication schedules
Question 14
1 out of 1 points To indicate the health status of a particular SHA, each SHA creates what kind of statement that it transmits to the NAP Agent? Answer Selected Answer: Statement of Health Correct Answer: Statement of Health
Question 15
0 out of 1 points Who maintains information about the health of the NAP client computer and transmits information between the NAP Enforcement Clients and the System Health Agents? Answer Selected Answer: System Health Agent Correct Answer: NAP Agent
Question 16
1 out of 1 points A server that operates the NAP Enforcement Server components is referred to as a NAP __________. Answer Selected Answer: enforcement point Correct Answer: enforcement point
Question 17
1 out of 1 points Depending on the enforcement method in use, a NAP enforcement point can take a number of different forms, such as what? Answer Selected Answer: All of the above Correct Answer: All of the above
Question 18
1 out of 1 points
To distribute the load of issuing certificates in a geographically dispersed location, an organization can have one or more __________ CAs. Answer Selected Answer: intermediate Correct Answer: intermediate
Question 19
1 out of 1 points Which enforcement method allows authorized remote users to connect to resources on an internal corporate or private network from any Internet-connected device? Answer Selected Answer: Terminal Services Gateway (TS Gateway) enforcement Correct Answer: Terminal Services Gateway (TS Gateway) enforcement
Question 20
1 out of 1 points The IPSec NAP enforcement method relies on which type of PKI certificate to perform its enforcements? Answer Selected Answer: health certificate Correct Answer: health certificate
Question 21
0 out of 1 points The NPS service combines each Statement of Health Response into what? Answer Selected Answer: System Statement of Health Requirement
Correct Answer: System Statement of Health Response
Question 22
1 out of 1 points What is an optional component that can be deployed to allow non-compliant client computers to achieve network compliance and gain network access? Answer Selected Answer: remediation server Correct Answer: remediation server
Question 23
1 out of 1 points Which feature enables users to request their own PKI certificates, typically through a Web browser? Answer Selected Answer: self-enrollment Correct Answer: self-enrollment
Question 24
1 out of 1 points What feature allows users or computers to manually request a certificate based a template? Answer Selected Answer: Enroll ACL Correct Answer: Enroll ACL
Question 25
1 out of 1 points Which element of Active Directory Certificate Services utilizes the Online Certificate Status Protocol to act in response to client requests? Answer Selected Answer: Online Responder Correct Answer: Online Responder
Question 26
8 out of 10 points Match description to terminology. Answer Question
Group Policy can be used to establish __________ settings for an Active Directory domain. __________ is an extremely flexible commandline utility for administering Active Directory Certificate Services.
Correct Match Selected Match I.
autoenrollment
D.
autoremediation
E.
Certutil
E.
Certutil
NAP can perform __________ if it detects that the D. I. client is out of compliance. autoremediation autoenrollment
H. The top-level CA in any PKI hierarchy is the root __________ CA.
A(n) __________ CA integrates with an Active Directory domain, and it can use certificate templates to allow autoenrollment of digital certificates, as well as store the certificates themselves within the Active Directory database. Simple Certificate Enrollment __________ allows network devices to enroll for PKI certificates.
H.
root
J.
enterprise
J.
enterprise
G.
Protocol
G.
Protocol
The __________ service combines each Statement of Health Response into a System Statement of Health Response (SSOHR). Windows Server 2008, Windows Vista, and Windows XP with Service Pack 3 all have a built-in NAP client, and third-party vendors
B.
NPS
B.
NPS
A.
API
A.
API
can use the NAP __________ to write additional clients for additional operating systems, such as Macintosh and Linux computers.
Enforcement __________ receive information from the Enforcement Clients on each client, which is then consumed by other components of the NAP server-side architecture. To deploy the DHCP enforcement mechanism within Network Access Protection, you must first deploy a(n) __________ server running Windows Server 2008
F.
Servers
F.
Servers
C.
DHCP
C.
DHCP
Question 27
6 out of 8 points Match the description to terminology. Answer Question
The new Active Directory Certificate Services (AD CS) role in Windows Server 2008 is a component within Microsoft’s larger what?
Correct Match E.
Selected Match E.
Identity Lifecycle Identity Lifecycle Management Management strategy strategy G. public key cryptography B. smart card reader
PKI consists of a number of elements that G. allow two parties to communicate securely without any previous communication public key through the use of a mathematical algorithm cryptography called what?
Users can use a smart card to authenticate to an Active Directory domain, access a Web site, or authenticate to other secured resources through the use of what type of physical device that attaches to a workstation?
What is the network protocol that allows network devices to enroll for PKI certificates?
B. smart card reader
F. Simple Certificate Enrollment
F. Simple Certificate Enrollment
Protocol
Certification Authority Web Enrollment C. allows users to manually request certificates using a Web interface, which is located https://<CA where by default on a CA that is running the Name>/certsrv Certification Authority Web Enrollment role service? An escrow copy of a private key can be restored by one or more of what item?
Protocol C. https://<CA Name>/certsrv
D. key recovery agents
D. key recovery agents A. health certificates
What solution controls access to corporate network resources based on the identity of the computer attempting to connect to the resource, as well as the connecting computer’s compliance with corporate policies and standards like patching levels and Windows Firewall configurations?
H.
NAP
What is the name of the specially configured A. PKI certificates used by the Internet Protocol Security (IPSec) enforcement method that health are issued to clients that meet defined certificates compliance standards?
H.
NAP
1 out of 1 points DHCP is the only NAP enforcement method that can be deployed in a non-Active Directory environment. Answer Selected Answer: Correct Answer: True True
Question 2
1 out of 1 points If a client cannot provide the necessary health certificate, they will still be able to participate in IPSec-secured traffic. Answer Selected Answer: Correct Answer: False False
Question 3
1 out of 1 points Windows Server 2008, Windows Vista, and Windows XP with Service Pack 3 all have a built-in NAP client, and third-party vendors can use the NAP API to write additional clients for additional operating systems, such as Macintosh and Linux computers. Answer Selected Answer: Correct Answer: True True
Question 4
1 out of 1 points DHCP enforcement is the least secure enforcement method because a user can simply configure their computer with a static IP configuration to bypass any DHCP enforcement method that is in place. Answer Selected Answer: Correct Answer: True True
Question 5
1 out of 1 points Depending on the configuration item that is being monitored for compliance, autoremediation may not be possible. Answer Selected Answer: Correct Answer: True True
Question 6
1 out of 1 points In a PKI, each user/computer possesses a piece of information that is known only to the individual user or computer that is called a __________. Answer Selected Answer: private key Correct Answer: private key
Question 7
1 out of 1 points Which digital document contains identifying information about a particular user, computer, service, and so on? Answer Selected Answer: digital certificate Correct Answer: digital certificate
Question 8
1 out of 1 points Which of the following provides a detailed explanation of how a particular Certification
Authority manages certificates and keys? Answer Selected Answer: Certificate Practice Statement Correct Answer: Certificate Practice Statement
Question 9
1 out of 1 points Which service responds to requests from clients concerning the revocation status of a particular certificate, sending back a digitally signed response indicating the certificate’s current status? Answer Selected Answer: Online Responder Correct Answer: Online Responder
Question 10
1 out of 1 points Which CA integrates with an Active Directory domain and can use certificate templates to allow autoenrollment of digital certificates, as well as store the certificates themselves within the Active Directory database? Answer Selected Answer: enterprise Correct Answer: enterprise
Question 11
1 out of 1 points Certificate templates can be used to automate the deployment of PKI certificates by controlling the __________. Answer
Selected Answer: security settings associated with each template Correct Answer: security settings associated with each template
Question 12
1 out of 1 points Which security role is tasked with issuing and managing certificates, including approving certificate enrollment and revocation requests? Answer Selected Answer: Certificate Manager Correct Answer: Certificate Manager
Question 13
1 out of 1 points Which of the following is not a privilege granted to certificate managers? Answer Selected Answer: modify Certificate Revocation List (CRL) publication schedules Correct Answer: modify Certificate Revocation List (CRL) publication schedules
Question 14
1 out of 1 points To indicate the health status of a particular SHA, each SHA creates what kind of statement that it transmits to the NAP Agent? Answer Selected Answer: Statement of Health Correct Answer: Statement of Health
Question 15
0 out of 1 points Who maintains information about the health of the NAP client computer and transmits information between the NAP Enforcement Clients and the System Health Agents? Answer Selected Answer: System Health Agent Correct Answer: NAP Agent
Question 16
1 out of 1 points A server that operates the NAP Enforcement Server components is referred to as a NAP __________. Answer Selected Answer: enforcement point Correct Answer: enforcement point
Question 17
1 out of 1 points Depending on the enforcement method in use, a NAP enforcement point can take a number of different forms, such as what? Answer Selected Answer: All of the above Correct Answer: All of the above
Question 18
1 out of 1 points
To distribute the load of issuing certificates in a geographically dispersed location, an organization can have one or more __________ CAs. Answer Selected Answer: intermediate Correct Answer: intermediate
Question 19
1 out of 1 points Which enforcement method allows authorized remote users to connect to resources on an internal corporate or private network from any Internet-connected device? Answer Selected Answer: Terminal Services Gateway (TS Gateway) enforcement Correct Answer: Terminal Services Gateway (TS Gateway) enforcement
Question 20
1 out of 1 points The IPSec NAP enforcement method relies on which type of PKI certificate to perform its enforcements? Answer Selected Answer: health certificate Correct Answer: health certificate
Question 21
0 out of 1 points The NPS service combines each Statement of Health Response into what? Answer Selected Answer: System Statement of Health Requirement
Correct Answer: System Statement of Health Response
Question 22
1 out of 1 points What is an optional component that can be deployed to allow non-compliant client computers to achieve network compliance and gain network access? Answer Selected Answer: remediation server Correct Answer: remediation server
Question 23
1 out of 1 points Which feature enables users to request their own PKI certificates, typically through a Web browser? Answer Selected Answer: self-enrollment Correct Answer: self-enrollment
Question 24
1 out of 1 points What feature allows users or computers to manually request a certificate based a template? Answer Selected Answer: Enroll ACL Correct Answer: Enroll ACL
Question 25
1 out of 1 points Which element of Active Directory Certificate Services utilizes the Online Certificate Status Protocol to act in response to client requests? Answer Selected Answer: Online Responder Correct Answer: Online Responder
Question 26
8 out of 10 points Match description to terminology. Answer Question
Group Policy can be used to establish __________ settings for an Active Directory domain. __________ is an extremely flexible commandline utility for administering Active Directory Certificate Services.
Correct Match Selected Match I.
autoenrollment
D.
autoremediation
E.
Certutil
E.
Certutil
NAP can perform __________ if it detects that the D. I. client is out of compliance. autoremediation autoenrollment
H. The top-level CA in any PKI hierarchy is the root __________ CA.
A(n) __________ CA integrates with an Active Directory domain, and it can use certificate templates to allow autoenrollment of digital certificates, as well as store the certificates themselves within the Active Directory database. Simple Certificate Enrollment __________ allows network devices to enroll for PKI certificates.
H.
root
J.
enterprise
J.
enterprise
G.
Protocol
G.
Protocol
The __________ service combines each Statement of Health Response into a System Statement of Health Response (SSOHR). Windows Server 2008, Windows Vista, and Windows XP with Service Pack 3 all have a built-in NAP client, and third-party vendors
B.
NPS
B.
NPS
A.
API
A.
API
can use the NAP __________ to write additional clients for additional operating systems, such as Macintosh and Linux computers.
Enforcement __________ receive information from the Enforcement Clients on each client, which is then consumed by other components of the NAP server-side architecture. To deploy the DHCP enforcement mechanism within Network Access Protection, you must first deploy a(n) __________ server running Windows Server 2008
F.
Servers
F.
Servers
C.
DHCP
C.
DHCP
Question 27
6 out of 8 points Match the description to terminology. Answer Question
The new Active Directory Certificate Services (AD CS) role in Windows Server 2008 is a component within Microsoft’s larger what?
Correct Match E.
Selected Match E.
Identity Lifecycle Identity Lifecycle Management Management strategy strategy G. public key cryptography B. smart card reader
PKI consists of a number of elements that G. allow two parties to communicate securely without any previous communication public key through the use of a mathematical algorithm cryptography called what?
Users can use a smart card to authenticate to an Active Directory domain, access a Web site, or authenticate to other secured resources through the use of what type of physical device that attaches to a workstation?
What is the network protocol that allows network devices to enroll for PKI certificates?
B. smart card reader
F. Simple Certificate Enrollment
F. Simple Certificate Enrollment
Protocol
Certification Authority Web Enrollment C. allows users to manually request certificates using a Web interface, which is located https://<CA where by default on a CA that is running the Name>/certsrv Certification Authority Web Enrollment role service? An escrow copy of a private key can be restored by one or more of what item?
Protocol C. https://<CA Name>/certsrv
D. key recovery agents
D. key recovery agents A. health certificates
What solution controls access to corporate network resources based on the identity of the computer attempting to connect to the resource, as well as the connecting computer’s compliance with corporate policies and standards like patching levels and Windows Firewall configurations?
H.
NAP
What is the name of the specially configured A. PKI certificates used by the Internet Protocol Security (IPSec) enforcement method that health are issued to clients that meet defined certificates compliance standards?
H.
NAP
