MCSE 70-293 Exam Quiz Test 3

Refusing the incoming connection when it arrives would prevent the unintended recipient from connecting to your computer. This means that when the person you mistakenly sent the invitation to tries to connect to your computer, you can simply reject or refuse the connection. This action will prevent them from establishing a remote access connection to your computer.

IEEE 802.1X authentication using EAP-TLS enables clients to connect to a wireless network using smart cards. EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) is a secure authentication protocol that uses digital certificates on smart cards to authenticate clients. By using this mechanism, clients can securely connect to the wireless network by presenting their smart card, which contains the necessary credentials and certificates for authentication. This ensures that only authorized clients with valid smart cards can access the network, providing an extra layer of security.

The correct answer is to use the Web Enrollment Support pages for your CA instead of the Certificates snap-in. This is because the Certificates snap-in does not provide the option to request a certificate, whereas the Web Enrollment Support pages allow users to request certificates from the Certificate Authority (CA).

Restarting each network computer will force them to refresh their Group Policy settings, including the updated IPSec policy. This will ensure that the computers receive the new policy settings and apply them on the network.

The Resultant Set of Policy tool in Windows Server 2003 enables you to determine which Group Policy Object assigned the effective IPSec policy to a specific computer. This tool allows you to analyze and evaluate the combined effect of multiple Group Policy settings on a particular computer or user. By using the Resultant Set of Policy tool, you can identify the specific Group Policy Object that is responsible for applying the IPSec policy to the computer in question.

Protocol identifiers allow you to filter and block specific types of network protocols, such as ICMP (Internet Control Message Protocol). By blocking ICMP messages, you can prevent certain types of denial-of-service attacks that rely on flooding a target with ICMP packets. Port numbers and hardware addresses are not directly related to preventing ICMP-based denial-of-service attacks. IP addresses can be used for filtering, but they do not specifically target ICMP messages.

Using group policies to configure Automatic Updates on the workstations is the correct procedure to configure all the workstations at once. Group policies allow administrators to centrally manage and configure settings for multiple computers in a domain. By configuring Automatic Updates through group policies, the administrator can ensure that all workstations receive and install software updates from the SUS server automatically. This eliminates the need to manually configure each workstation individually, saving time and effort.

The Sequence Number field in the ESP (Encapsulating Security Payload) header provides the protocol's anti-replay capability. This field is used to prevent attackers from intercepting and replaying previously captured packets, ensuring the integrity and security of the communication. By assigning a unique sequence number to each packet, the receiver can detect and discard any duplicate or out-of-order packets, protecting against replay attacks.

The IPSec driver is responsible for actually encrypting the information in IP datagrams. It is a software component that operates at the network layer and handles the encryption and decryption of IP packets. It works in conjunction with other IPSec components to ensure secure communication by applying encryption algorithms to the data being transmitted.

Windows XP and Windows Server 2003 include the Remote Desktop Connection client program. This program allows users to connect to and control a remote computer over a network connection. It provides a graphical interface and allows for remote access and management of the computer. Windows 2000 Server and Windows 98 do not include this program.

The use of Open System authentication with WEP encryption makes the WLAN vulnerable to unauthorized users connecting to the network. Open System authentication does not require any credentials or passwords, which means that anyone can connect to the network without authorization. This can lead to security breaches and unauthorized access to sensitive information.

The default Client (Respond Only) policy is the most suitable choice for the organizational unit object containing the R&D users' workstations. This policy allows the workstations to respond to requests for security negotiations initiated by other computers. This means that the workstations will only establish secure connections when requested by other devices, ensuring that their security is maintained while still allowing them to communicate with other systems as needed.

The reason for the problem could be that WEP (Wired Equivalent Privacy) is not enabled. WEP is a security protocol that provides encryption for wireless networks. In order to use Shared Key authentication, WEP needs to be enabled on the network. Without WEP enabled, the option for Shared Key authentication will not be available.

If you decide to use Shared Key authentication, wireless users would not be able to roam from one access point to another. Shared Key authentication requires users to have a pre-shared key or password in order to connect to the network. This means that users would need to manually enter the key or password each time they want to connect to a different access point. Without the ability to seamlessly roam between access points, users would experience interruptions in their wireless connection as they move from one area to another.

When creating a policy that configures IPSec to use tunnel mode, you must supply the IP address of the router's WAN interface. This is necessary because the router's WAN interface is the entry point for the tunnel and serves as the endpoint for the IPSec communication. By providing the IP address of the router's WAN interface, the IPSec policy can establish the tunnel and ensure secure communication between the local and remote networks.

Before you can connect to the server from your workstation using Remote Desktop, you must perform the following tasks:
1. Install the Remote Desktop Connection client on the workstation.
2. Activate Remote Desktop on the server using the System Control Panel.
3. Add your account name to the Remote Desktop users list.

These steps are necessary to ensure that the Remote Desktop connection can be established between your workstation and the server, allowing you to access and maintain the server remotely.

A basic service set refers to a wireless network that consists of two or more devices communicating directly with each other, without the need for an access point or infrastructure network. An ad hoc network also describes a similar scenario, where devices connect directly to each other without the need for a centralized infrastructure. Therefore, both basic service set and ad hoc network are appropriate terms to describe a wireless network consisting of two laptops communicating directly with each other.

A new custom policy needs to be created in order to encrypt all traffic to and from a particular database application on a server running Windows Server 2003. This is because none of the available IPSec policies mentioned in the options (Client (Respond Only), Secure Server (Require Security), Server (Request Security)) specifically address the requirement to encrypt all traffic for a specific application. Therefore, a custom policy needs to be created to meet this specific encryption requirement.

Hfnetchk.exe and Microsoft Baseline Security Analyzer are both tools that can be used to determine if a computer is missing an important security update. Hfnetchk.exe is a command-line tool that scans a computer and compares the installed patches against a list of available patches from Microsoft. It then generates a report of missing patches. Microsoft Baseline Security Analyzer is a more comprehensive tool that scans a computer for missing security updates, as well as other security vulnerabilities and misconfigurations. It provides a detailed report of any issues found, including missing updates.

To use IEEE 802.1X and WEP to secure the WLAN, you would need to install IAS on a computer running Windows Server 2003. This is because IAS (Internet Authentication Service) is a Windows Server role that provides RADIUS (Remote Authentication Dial-In User Service) authentication and authorization for network access. Additionally, you would need to install SP1 (Service Pack 1) on all the laptops running Windows XP. Service packs often include security updates and bug fixes, which are essential for ensuring the security of the WLAN.

Using Microsoft Software Update Services instead of Windows Update can help conserve Internet bandwidth because the updates can be downloaded once and then distributed across the network, rather than each workstation downloading the updates individually. It also enables administrators to test updates before deploying them, ensuring that any potential issues or conflicts can be identified and resolved before affecting the entire network.

To secure the WAN traffic between the users in the company headquarters and the R&D database servers, the correct procedures to use are configuring the database servers with the Secure Server (Require Security) policy and configuring the workstations of the users at the headquarters with the Client (Respond Only) policy. These policies ensure that the database servers and workstations are configured to enforce security measures and respond to security requests, respectively. This helps in protecting the data and communication between the users and the servers. Configuring the routers with IPSec in tunnel mode is not necessary in this scenario as the question specifically asks for procedures to secure the traffic between the users and the servers, not the routers.

In tunnel mode, the ESP header is inserted between the original IP header and the rest of the original datagram, thereby changing the location of the ESP header in the datagram. Additionally, the value of the Next Header field in the ESP header is changed to reflect the protocol of the original IP header. The order of the fields in the ESP header and the location of the ESP trailer in the datagram remain the same in both tunnel and transport modes.