Random 70-210 Question

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

In Windows 2000 Professional, which of the following security features are supported. Answer True or False for each statement:

1. Kerberos 5: Single logins are supported, allowing for faster authentication and network response. True or False.

2. Encrypting File Systems (EFS): Files can be encrypted on the HDD so that they cannot be read unless they are accessed by someone with the proper password. True or False.

3. Internet Protocol Security (IPSec): Used to encrypt TCP/IP traffic for secure communication on the Internet or Intranet, providing security for VPN traffic. True or False.

4. Smart Card Support: Allows portability of credentials between computers in the office, at home, or elsewhere, eliminating the need for authentication tickets and private keys over a network. True or False.

Answer tomorrow.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hmm, I'd say

True
False
True
True

But what do I know.

 

I would say:

1) True, as Kerberos authentication method is used for logging into a 2k DC and many other things too!
2) True, EFS is a new feature of NTFS (XP/2000 only)
3) True, can be set through group policy or local policy. Also 2k supports L2TP which use IPsec for data encryption.
4) True, EAP TLS what more can I say!

Cheers

Sacha

 

4 true's for me too.

 

In regards to Q2, what do you define as the proper password to make it true? Only the person whose files are encrypted or also the admin that doesn't have the proper password but has recovery agent rights?

 

In this case, the intent of the question is pretty simple so we are talking about the person who created the file. Just asking if this capacity if True or False for Windows 2000 Pro.

 

Then I'll change my answer to True (if that's ok).

 

1 is true: Kerboros ver 5 is the fundimental encryption/authentication technology used in W2K

2 is true: Well sort of, the files can only be read by the user that created them. This is a PKI encryption process using a private key (certificate not password). The only other person that could unencrypt EFS files created by someone else is the recovery agent. By default the recovery agent is the administrator but the users private key/certificate can be exported and stored on floppy etc. As recommended if using EFS!

3 is true: IPSec can be used internally to encrypt packets on the LAN. You control this feature in Group Policy by enabling one of the three security options of Client respond only - Server request security - Secure Server require security

L2TP with IPSec is the most secure method to set up a VPN using a public network (Internet) as opposed to PPTP which uses MPPE

4 is true: Smartcards can be used because W2K support EAP TLS

Pete

 

Obviously, this was far too easy for the lot of you, especially Pete who is the Windows 2000 grand master. Yes, 1-4 are all true.

Source: Microsoft Windows 2000 Professional, Exam 70-210 by Microsoft Press.