| Author |
NetChild's Mon 70-216 QOD
|
|
| NetChild1985 2003-03-24, 2:34 am |
| I'm continuing wbafrank and Pavlov's QOD as long as I'm preparing for this exam. Here's the first question for this week...
You are the administrator of your company's network. Your network consists of Windows 2000 server computer and Windows 2000 Professional computers. You create an IPSec policy named accountingsec for use by employees in your accounting department.
Your company is concerned that the keys used for encryption could be compromised and used to decrypt future communications. You want to prevent the re-use of previous-session keys. You also want to limit performance degradation. What should you do?
A. Decrease the frequency of policy checks for updates
B. On the Generate a new key every property, modify the time allocations
C. Select the Master key perfect forward secrecy check box
D. Select the Session key perfect forward secrecy check box
Good luck! We'll see you tomorrow with the correct answer!  | |
|
|
| NetChild1985 2003-03-24, 5:14 am |
| That's a tricky question... | |
| cramersaunders 2003-03-24, 6:03 am |
| C | |
| NetChild1985 2003-03-25, 3:58 am |
| quote:
Originally posted by NetChild1985
I'm continuing wbafrank and Pavlov's QOD as long as I'm preparing for this exam. Here's the first question for this week...
You are the administrator of your company's network. Your network consists of Windows 2000 server computer and Windows 2000 Professional computers. You create an IPSec policy named accountingsec for use by employees in your accounting department.
Your company is concerned that the keys used for encryption could be compromised and used to decrypt future communications. You want to prevent the re-use of previous-session keys. You also want to limit performance degradation. What should you do?
A. Decrease the frequency of policy checks for updates
B. On the Generate a new key every property, modify the time allocations
C. Select the Master key perfect forward secrecy check box
D. Select the Session key perfect forward secrecy check box
Good luck! We'll see you tomorrow with the correct answer!
As I said the questions is tricky and the correct answer is: D
There are two types of keys that can be configured with Perfect Forward Secrecy, the Master and Sessions keys. Forcing Perfect Forward Secrecy for the Master key is the most secure option, however it can place an additional load on the networks domain controllers 'cause it requires re-authentication. Sessions keys are generated from the Master key. Although regeneration of these is not as secure, it is still highly secure and it meets the question's requirements for both security and limiting performance reductions. |
|
|
|