MCSE 70-293 Exam Quiz Test 3
Hello Friend
This practice test helps you prepare for Microsoft certification exam 70-293, which counts toward MCSE certification. This practice test contains 23 questions, provided by Saurabh Singh.
- 1.
Which of the following procedures would enable you to request the certificate you need?
- A.
Log on to the workstation as Administrator and try requesting the certificate again.
- B.
Use the Web Enrollment Support pages for your CA instead of the Certificates snap-in.
- C.
Call the network help desk and have someone give you the permissions you need to request the certificate.
- D.
Activate the Secure Server (Require Security) policy in your workstation’s Local Security Settings console.
Correct Answer
B. Use the Web Enrollment Support pages for your CA instead of the Certificates snap-in.Explanation
The correct answer is to use the Web Enrollment Support pages for your CA instead of the Certificates snap-in. This is because the Certificates snap-in does not provide the option to request a certificate, whereas the Web Enrollment Support pages allow users to request certificates from the Certificate Authority (CA).Rate this question:
-
- 2.
Which of the following packet filtering criteria enable you to prevent a denial-ofservice attack using ICMP messages?
- A.
Port numbers
- B.
Hardware addresses
- C.
Protocol identifiers
- D.
IP addresses
Correct Answer
C. Protocol identifiersExplanation
Protocol identifiers allow you to filter and block specific types of network protocols, such as ICMP (Internet Control Message Protocol). By blocking ICMP messages, you can prevent certain types of denial-of-service attacks that rely on flooding a target with ICMP packets. Port numbers and hardware addresses are not directly related to preventing ICMP-based denial-of-service attacks. IP addresses can be used for filtering, but they do not specifically target ICMP messages.Rate this question:
-
- 3.
Which of the following ESP header fields provides the protocol’s anti-replay capability?
- A.
Sequence Number
- B.
Security Parameters Index
- C.
Pad Length
- D.
Next Header
Correct Answer
A. Sequence NumberExplanation
The Sequence Number field in the ESP (Encapsulating Security Payload) header provides the protocol's anti-replay capability. This field is used to prevent attackers from intercepting and replaying previously captured packets, ensuring the integrity and security of the communication. By assigning a unique sequence number to each packet, the receiver can detect and discard any duplicate or out-of-order packets, protecting against replay attacks.Rate this question:
-
- 4.
Which of the following IPSec characteristics is different when a connection is operating in tunnel mode instead of transport mode? (Choose all that apply.)
- A.
The order of the fields in the ESP header
- B.
The location of the ESP header in the datagram
- C.
The location of the ESP trailer in the datagram
- D.
The value of the Next Header field in the ESP header
Correct Answer(s)
B. The location of the ESP header in the datagram
D. The value of the Next Header field in the ESP headerExplanation
In tunnel mode, the ESP header is inserted between the original IP header and the rest of the original datagram, thereby changing the location of the ESP header in the datagram. Additionally, the value of the Next Header field in the ESP header is changed to reflect the protocol of the original IP header. The order of the fields in the ESP header and the location of the ESP trailer in the datagram remain the same in both tunnel and transport modes.Rate this question:
-
- 5.
Which IPSec policy can you use to encrypt all traffic to and from a particular database application on a server running Windows Server 2003?
- A.
Client (Respond Only).
- B.
Secure Server (Require Security).
- C.
Server (Request Security).
- D.
You must create a new custom policy.
Correct Answer
D. You must create a new custom policy.Explanation
A new custom policy needs to be created in order to encrypt all traffic to and from a particular database application on a server running Windows Server 2003. This is because none of the available IPSec policies mentioned in the options (Client (Respond Only), Secure Server (Require Security), Server (Request Security)) specifically address the requirement to encrypt all traffic for a specific application. Therefore, a custom policy needs to be created to meet this specific encryption requirement.Rate this question:
-
- 6.
Which of the following pieces of information must you supply when creating a policy that configures IPSec to use tunnel mode?
- A.
The IP address of the router’s WAN interface
- B.
The port number associated with the WAN technology used for the tunnel
- C.
The IP address of the router at the far end of the tunnel
- D.
The network layer protocol used for the WAN connection
Correct Answer
A. The IP address of the router’s WAN interfaceExplanation
When creating a policy that configures IPSec to use tunnel mode, you must supply the IP address of the router's WAN interface. This is necessary because the router's WAN interface is the entry point for the tunnel and serves as the endpoint for the IPSec communication. By providing the IP address of the router's WAN interface, the IPSec policy can establish the tunnel and ensure secure communication between the local and remote networks.Rate this question:
-
- 7.
Which IPSec component is responsible for actually encrypting the information in IP datagrams?
- A.
Internet Key Exchange
- B.
IPSEC Services
- C.
IPSec driver
- D.
The IP Security Policies snap-in
Correct Answer
C. IPSec driverExplanation
The IPSec driver is responsible for actually encrypting the information in IP datagrams. It is a software component that operates at the network layer and handles the encryption and decryption of IP packets. It works in conjunction with other IPSec components to ensure secure communication by applying encryption algorithms to the data being transmitted.Rate this question:
-
- 8.
Which of the following Windows Server 2003 tools enables you to tell which Group Policy Object assigned the effective IPSec policy to a particular computer?
- A.
Resultant Set of Policy
- B.
IP Security Monitor
- C.
Network Monitor
- D.
IP Security Policies
Correct Answer
A. Resultant Set of PolicyExplanation
The Resultant Set of Policy tool in Windows Server 2003 enables you to determine which Group Policy Object assigned the effective IPSec policy to a specific computer. This tool allows you to analyze and evaluate the combined effect of multiple Group Policy settings on a particular computer or user. By using the Resultant Set of Policy tool, you can identify the specific Group Policy Object that is responsible for applying the IPSec policy to the computer in question.Rate this question:
-
- 9.
You have just finished making changes to the IPSec policy assigned to a particular Active Directory Group Policy Object, but the changes have not yet taken effect on the network’s computers. Which of the following procedures will enable the computers to receive the new policy settings?
- A.
In the IP Security Policies snap-in, remove the assignment of the IPSec policy, and then assign it again.
- B.
Restart each network computer.
- C.
Use the Resultant Set of Policy snap-in to refresh the policy assignment.
- D.
Delete the computer objects from Active Directory and recreate them.
Correct Answer
B. Restart each network computer.Explanation
Restarting each network computer will force them to refresh their Group Policy settings, including the updated IPSec policy. This will ensure that the computers receive the new policy settings and apply them on the network.Rate this question:
-
- 10.
Which of the following IPSec policies should you assign to the organizational unit object containing the R&D users’ workstations?
- A.
The default Secure Server (Require Security) policy
- B.
The default Client (Respond Only) policy
- C.
A policy that secures all TCP traffic, using both the AH and ESP protocols
- D.
A policy that secures all traffic to the port number of the database application, using the AH protocol
Correct Answer
B. The default Client (Respond Only) policyExplanation
The default Client (Respond Only) policy is the most suitable choice for the organizational unit object containing the R&D users' workstations. This policy allows the workstations to respond to requests for security negotiations initiated by other computers. This means that the workstations will only establish secure connections when requested by other devices, ensuring that their security is maintained while still allowing them to communicate with other systems as needed.Rate this question:
-
- 11.
Which of the following procedures should you use to secure the WAN traffic between the users in the company headquarters and the R&D database servers? Choose all that apply.)
- A.
Configure the routers at both ends of the WAN connection to use IPSec in tunnel mode
- B.
Configure the database servers with the Secure Server (Require Security) policy
- C.
Configure the workstations of the users at the headquarters with the Client (Respond Only) policy
- D.
Configure the database servers and the workstations at the headquarters to use IPSec in tunnel mode
Correct Answer(s)
B. Configure the database servers with the Secure Server (Require Security) policy
C. Configure the workstations of the users at the headquarters with the Client (Respond Only) policyExplanation
To secure the WAN traffic between the users in the company headquarters and the R&D database servers, the correct procedures to use are configuring the database servers with the Secure Server (Require Security) policy and configuring the workstations of the users at the headquarters with the Client (Respond Only) policy. These policies ensure that the database servers and workstations are configured to enforce security measures and respond to security requests, respectively. This helps in protecting the data and communication between the users and the servers. Configuring the routers with IPSec in tunnel mode is not necessary in this scenario as the question specifically asks for procedures to secure the traffic between the users and the servers, not the routers.Rate this question:
-
- 12.
Which of the following tools can tell you when a computer is missing an important security update? (Choose all that apply.)
- A.
Security Configuration and Analysis
- B.
Hfnetchk.exe
- C.
Microsoft Software Update Services
- D.
Microsoft Baseline Security Analyzer
Correct Answer(s)
B. Hfnetchk.exe
D. Microsoft Baseline Security AnalyzerExplanation
Hfnetchk.exe and Microsoft Baseline Security Analyzer are both tools that can be used to determine if a computer is missing an important security update. Hfnetchk.exe is a command-line tool that scans a computer and compares the installed patches against a list of available patches from Microsoft. It then generates a report of missing patches. Microsoft Baseline Security Analyzer is a more comprehensive tool that scans a computer for missing security updates, as well as other security vulnerabilities and misconfigurations. It provides a detailed report of any issues found, including missing updates.Rate this question:
-
- 13.
You have just implemented a Microsoft Software Update Services server on your network, and you want workstations running Windows 2000 and Windows XP operating systems to automatically download all the software updates from the SUS server and install them. Which of the following procedures can you use to configure all the workstations at once?
- A.
Configure the SUS server to push the updates to specified computers.
- B.
Use group policies to configure Automatic Updates on the workstations.
- C.
Use Microsoft Baseline Security Analyzer to configure Automatic Updates on the workstations.
- D.
Create a login script for the workstations that downloads the update files and installs them.
Correct Answer
B. Use group policies to configure Automatic Updates on the workstations.Explanation
Using group policies to configure Automatic Updates on the workstations is the correct procedure to configure all the workstations at once. Group policies allow administrators to centrally manage and configure settings for multiple computers in a domain. By configuring Automatic Updates through group policies, the administrator can ensure that all workstations receive and install software updates from the SUS server automatically. This eliminates the need to manually configure each workstation individually, saving time and effort.Rate this question:
-
- 14.
Which of the following are valid reasons for using Microsoft Software Update Services instead of Windows Update to update your network workstations? (Choose all that apply.)
- A.
To automate the update deployment process
- B.
To conserve Internet bandwidth
- C.
To enable administrators to test updates before deploying them
- D.
To determine which updates must be deployed on each workstation
Correct Answer(s)
B. To conserve Internet bandwidth
C. To enable administrators to test updates before deploying themExplanation
Using Microsoft Software Update Services instead of Windows Update can help conserve Internet bandwidth because the updates can be downloaded once and then distributed across the network, rather than each workstation downloading the updates individually. It also enables administrators to test updates before deploying them, ensuring that any potential issues or conflicts can be identified and resolved before affecting the entire network.Rate this question:
-
- 15.
Which of the following authentication mechanisms enables clients to connect to a wireless network using smart cards?
- A.
Open System authentication
- B.
Shared Key authentication
- C.
IEEE 802.1X authentication using EAP-TLS
- D.
IEEE 802.1X authentication using PEAP-MS-CHAP v2
Correct Answer
C. IEEE 802.1X authentication using EAP-TLSExplanation
IEEE 802.1X authentication using EAP-TLS enables clients to connect to a wireless network using smart cards. EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) is a secure authentication protocol that uses digital certificates on smart cards to authenticate clients. By using this mechanism, clients can securely connect to the wireless network by presenting their smart card, which contains the necessary credentials and certificates for authentication. This ensures that only authorized clients with valid smart cards can access the network, providing an extra layer of security.Rate this question:
-
- 16.
You are installing an IEEE 802.11b wireless network in a private home using computers running Windows XP, and you decide that data encryption is not necessary, but you want to use Shared Key authentication. However, when you try to configure the network interface adapter on the clients to use Shared Key authentication, the option is not available. Which of the following explanations could be the cause of the problem?
- A.
WEP is not enabled.
- B.
Windows XP SP1 is not installed on the computers.
- C.
Windows XP does not support Shared Key authentication.
- D.
A PKI is required for Shared Key authentications.
Correct Answer
A. WEP is not enabled.Explanation
The reason for the problem could be that WEP (Wired Equivalent Privacy) is not enabled. WEP is a security protocol that provides encryption for wireless networks. In order to use Shared Key authentication, WEP needs to be enabled on the network. Without WEP enabled, the option for Shared Key authentication will not be available.Rate this question:
-
- 17.
Which of the following terms describe a wireless network that consists of two laptop computers with wireless network interface adapters communicating directly with each other? (Choose all that apply.)
- A.
Basic service set
- B.
Infrastructure network
- C.
Ad hoc network
- D.
Access point
Correct Answer(s)
A. Basic service set
C. Ad hoc networkExplanation
A basic service set refers to a wireless network that consists of two or more devices communicating directly with each other, without the need for an access point or infrastructure network. An ad hoc network also describes a similar scenario, where devices connect directly to each other without the need for a centralized infrastructure. Therefore, both basic service set and ad hoc network are appropriate terms to describe a wireless network consisting of two laptops communicating directly with each other.Rate this question:
-
- 18.
Your company is installing a computer running Windows Server 2003 in a utility closet that is only accessible to building maintenance personnel. Therefore, you will have to depend on Remote Desktop for maintenance access to the server. You do not have Administrator privileges to the server and your workstation is running Windows 2000 Professional. Which of the following tasks must you perform before you can connect to the server from your workstation using Remote Desktop? (Choose all that apply.)
- A.
Install the Remote Desktop Connection client on the workstation.
- B.
Activate Remote Desktop on the server using the System Control Panel.
- C.
Enable the Solicited Remote Assistance group policy for the domain.
- D.
Add your account name to the Remote Desktop users list.
Correct Answer(s)
A. Install the Remote Desktop Connection client on the workstation.
B. Activate Remote Desktop on the server using the System Control Panel.
D. Add your account name to the Remote Desktop users list.Explanation
Before you can connect to the server from your workstation using Remote Desktop, you must perform the following tasks:
1. Install the Remote Desktop Connection client on the workstation.
2. Activate Remote Desktop on the server using the System Control Panel.
3. Add your account name to the Remote Desktop users list.
These steps are necessary to ensure that the Remote Desktop connection can be established between your workstation and the server, allowing you to access and maintain the server remotely.Rate this question:
-
- 19.
You have just created a Remote Access invitation that you intended to send to a person at the network help desk, but you sent it to someone else instead. Which of the following measures would prevent the unintended recipient from connecting to your computer?
- A.
Display the Remote Assistance Settings dialog box and reduce the duration of the invitations created by your computer.
- B.
Press Esc.
- C.
Refuse the incoming connection when it arrives.
- D.
Change your user account password.
Correct Answer
C. Refuse the incoming connection when it arrives.Explanation
Refusing the incoming connection when it arrives would prevent the unintended recipient from connecting to your computer. This means that when the person you mistakenly sent the invitation to tries to connect to your computer, you can simply reject or refuse the connection. This action will prevent them from establishing a remote access connection to your computer.Rate this question:
-
- 20.
Which of the following operating systems includes the Remote Desktop Connection client program? (Choose all that apply.)
- A.
Windows 2000 Server
- B.
Windows XP
- C.
Windows Server 2003
- D.
Windows 98
Correct Answer(s)
B. Windows XP
C. Windows Server 2003Explanation
Windows XP and Windows Server 2003 include the Remote Desktop Connection client program. This program allows users to connect to and control a remote computer over a network connection. It provides a graphical interface and allows for remote access and management of the computer. Windows 2000 Server and Windows 98 do not include this program.Rate this question:
-
- 21.
Which of the following tasks would wireless users not be able to do if you decided to use Shared Key authentication?
- A.
Use WEP encryption for all wireless transmissions
- B.
Roam from one access point to another
- C.
Access resources on other wireless computers
- D.
Participate in an infrastructure network
Correct Answer
B. Roam from one access point to anotherExplanation
If you decide to use Shared Key authentication, wireless users would not be able to roam from one access point to another. Shared Key authentication requires users to have a pre-shared key or password in order to connect to the network. This means that users would need to manually enter the key or password each time they want to connect to a different access point. Without the ability to seamlessly roam between access points, users would experience interruptions in their wireless connection as they move from one area to another.Rate this question:
-
- 22.
Which of the following tasks would you need to perform to use IEEE 802.1X and WEP to secure the WLAN? (Choose all that apply.)
- A.
Install IAS on a computer running Windows Server 2003.
- B.
Deploy a public key infrastructure on the network by installing Certificate Services.
- C.
Install smart card readers in all the laptop computers.
- D.
Install SP1 on all the laptops running Windows XP.
Correct Answer(s)
A. Install IAS on a computer running Windows Server 2003.
D. Install SP1 on all the laptops running Windows XP.Explanation
To use IEEE 802.1X and WEP to secure the WLAN, you would need to install IAS on a computer running Windows Server 2003. This is because IAS (Internet Authentication Service) is a Windows Server role that provides RADIUS (Remote Authentication Dial-In User Service) authentication and authorization for network access. Additionally, you would need to install SP1 (Service Pack 1) on all the laptops running Windows XP. Service packs often include security updates and bug fixes, which are essential for ensuring the security of the WLAN.Rate this question:
-
- 23.
If you elect to use Open System authentication with WEP encryption, to which of the following vulnerabilities would the WLAN be subject?
- A.
Unauthorized users connecting to the network
- B.
Passwords from unencrypted WLAN authentication messages
- C.
Interception of transmitted data by someone using a wireless protocol analyzer
- D.
Inability of wireless computers to access resources on the cabled network
Correct Answer
A. Unauthorized users connecting to the networkExplanation
The use of Open System authentication with WEP encryption makes the WLAN vulnerable to unauthorized users connecting to the network. Open System authentication does not require any credentials or passwords, which means that anyone can connect to the network without authorization. This can lead to security breaches and unauthorized access to sensitive information.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2023Quiz Edited by
ProProfs Editorial Team -
Apr 30, 2010Quiz Created by
Saurabhsingh878
Back to top