70-216 Set 11
Terms
undefined, object
copy deck
- Why is RIP considered simple to use?
- there is very little configuration possible
- In terms of subnet masks, what two features does RIPv.2 support that RIPv.1 does not?
- VLSM and CIDR
- What two methods can RIPv.2 routers use to exchange information?
- broadcast and multicast
- How many primary DNS servers are allowed per zone?
- one
- What makes Active Directory-integrated zone transfers more secure?
- zone data is encrypted during transfer
- Why must Active Directory-integrated DNS servers be DC's?
- member servers do not hold the AD database
- What happens when a caching-only DNS server restarts?
- the cache is emptied
- How is a caching-only DNS server configured?
- a DNS server is created without a forward lookup zone
- What sort of situation are caching-only DNS servers best for?
- remote offices connected by slow WAN links
- Why do caching-only DNS servers need a lot of RAM?
- cached information is stored in RAM
- What ping switch resolves addresses to host names?
- ping -a
- What DNS troubleshooting tool depends on the presence of reverse lookup zones?
- nslookup
- What are the two options when renewing a root CA's certificate?
- the CA can bind its existing keys to a new certificate, or generate a new key pair and bind them to a new certificate
- How are root CA's certificates usually renewed?
- by binding existing keys to a new certificate
- What is the drawback to renewing a root CA's certificate multiple times by binding its existing keys to a new certificate?
- the CRL gets extremely long, slowing PKI operations
- Where are CRL's stored by default?
- %systemroot%\system32\certserv\certenroll
- What tool is used to set permissions on certificate templates?
- Active Directory Sites and Services
- Where is automatic enrollment for computer certificates configured?
- in a GPO: Computer Configuration | Windows Settings | Security Settings | Public Key Policies
- Where is a Certificate Trust List (CTL) stored?
- in Active Directory
- How can certificates be unrevoked?
- they can't- revocation is permanent
- What is the default publication interval for CRL's?
- one week
- What is an Autonomous System?
- a network or group of networks controlled by a common administrator
- What is an OSPF area?
- a group of contiguous networks and attached hosts
- What is a router that participates in multiple OSPF areas called?
- an Area Border Router
- When manually configuring routes, what happens if a subnet mask is not specified?
- a subnet mask of 255.255.255.255 is used
- What is route summarization?
- a situation where OSPF routers know only routes within their area and a default route to a backbone
- What is a stub area?
- an OSPF area connected to a backbone by an Area Boundary Router
- What is a hello interval?
- the interval at which an OSPF router announces its presence to a network
- What does Windows 2000 call its database of certificates?
- a certificate store
- When using web-based certificate enrollment, where can the web enrollment page be found?
- http://ca_name/certserv
- What three formates can certificates be imported in?
- PKCS#12, PKCS#10, and Microsoft SST
- What is a PKCS#12 file used for?
- storing certificates with their associated private keys
- What is a PKCS#7 file used for?
- storing certificates without keys
- What are the four possible formats when exporting a certificate?
- binary X.509, base-64 X.509, PKCS#7, and PKCS#12 (the only choice when exporting a private key)
- What is base-64 X.509 normally used for?
- What two file extensions are associated with PKCS#12 files?
- PFX and P12
- What three file extensions are associated with PKCS#7 files?
- P7B, P7C, and CRT
- When is EFS considered "off"?
- when no recovery agents are defined
- How would EFS be turned off in a given scope?
- by deleting all EFS recovery keys
- What does automatic enrollment do?
- automatically issues certificates to computers as they join an AD domain
- What tool is used to manage EFS?
- the Group Policy snap-in