| Author |
QoD - November 2 - Saturday
|
|
| frazang 2002-11-02, 11:01 am |
| Hey, I just realized I was a day behind in yesterday's QoD subject line. That's what happens when I buy a watch without the day & date on it  . Now...on to the Q...
You are the administrator for your Windows 2000 domain. You currently use Internet Protocol Security (IPSec) to secure traffic and to prevent attacks on your data.
You are concerned that a computer on your network is compromising security and want to know whether it is using a local policy or a policy from the Active Directory.
Which tool should you use?
A. IPSec Monitor
B. Network Monitor
C. Event Viewer
D. Active Directory Sites and Services
Good luck and check back later this afternoon for the answer!  | |
| ruscorp 2002-11-02, 1:03 pm |
| I'm going to take the first stab at this guess. I would guess "B". [or "D"???]  | |
| Lucidity 2002-11-02, 1:11 pm |
| A. | |
| ruscorp 2002-11-02, 1:18 pm |
| Oh crap, I knew it. I was wrong again. | |
|
| Answer should be "A". You can view IPSec policies with IPSec Monitor.
Start | Run | ipsecmon | |
| frazang 2002-11-02, 8:30 pm |
| C - Event Viewer
My source for this question didn't give an explanation and after seeing all your different answers I feared posting a wrong answer so I went to TechNet, struck out and then sought out the definitive source for in-depth info - Pavlov. She was able to find this info and link - muchas gracias to you Pav!
To troubleshoot IPSec when it does not behave the way that you expect it to, first check the results of the Phase One and Phase Two exchanges by enabling Audit Policy, which causes security events to be logged in the security log of the Event Viewer.
Here's the link to the technet article:
http://support.microsoft.com/defaul...b;en-us;Q257225
Better luck next time everyone - see you tomorrow! | |
| Pavlov 2002-11-02, 9:01 pm |
| Just trying to help 
Keep posting those questions everyone. They are quite a helpful tool for those still preparing for this test.  | |
| ruscorp 2002-11-02, 9:39 pm |
| Who would have guessed that? Tough one. | |
| sanjbatra 2002-11-03, 2:42 am |
| I had no idea.
I agree with Pavlov, these questions are very helpful to me.
| |
|
| Oh poop. I always miss one here and there
Your right. States it right here in the Windows 2000 Server Resource Kit. Chapter 8 - Internet Protocol Security.
Event Viewer
"The IPSec Policy Agent makes entries to the System Log to indicate the source of its policy. It also indicates the polling interval as specified by the active policy for checking for policy changes in the Active Directory. Administrators who edit the active IPSec policy on the local computer cause the changes to take effect immediately.
You can also see whether the computer is using local policy or policy from the Active Directory by viewing the Event Log. Specifically, examine the System Log informational entry by the IPSec Policy Agent."
Looks like you could tell if it's a local policy or one from AD through TCP/IP properties as well.
"By displaying the properties for Internet Protocol (TCP/IP), you can see the active IPSec policy. If the computer is running local IPSec policy, the name is displayed in an editable form. If the computer is running policy assigned through the Active Directory Group Policy, the name and dialog is displayed as grayed out, and is not editable."
Nice little question. |
|
|
|