Certifiable Q&A for April 12, 2002

Welcome to Certifiable, your exam prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams.

Questions (April 12, 2002)
Answers (April 12, 2002)

This week's questions cover topics for Exam 70-270: Installing, Configuring, and Administering Microsoft Windows XP Professional..

Questions (April 12, 2002)

Question 1
Which of the following presents the various encryption technologies in the order of increasing key lengths? (Choose the best answer.)

  1. IPSec DES, MPPE Std, IPSec 3DES, MPPE Strong
  2. IPSec DES, IPSec 3DES, MPPE Std, MPPE Strong
  3. MPPE Std, MPPE Strong, IPSec DES, IPSEC 3DES
  4. MPPE Std, IPSec DES, IPSEC 3DES, MPPE Strong
  5. MPPE Std, IPSec DES, MPPE Strong, IPSec 3DES

Question 2
You're using a Windows XP Professional Edition machine to connect to a VPN on a Windows 2000 Server machine that uses the default settings for determining which VPN encryption type to use. Which encryption type will the server attempt to negotiate first with your XP Pro system as it connects? (Choose the best answer.)

  1. L2TP and IPSEC
  2. PPTP and IPSEC
  3. L2TP and MPPE
  4. PPTP and MPPE
  5. L2TP and PPTP
  6. MPPE and IPSEC

Question 3
You're using your Windows XP Professional Edition laptop on a remote assignment to help your company install undersea cabling to an international office. You want to connect to your Windows 2000 dial-up server, Laundry.org, which is located in Oakland, California. You want to make sure that your password is encrypted and that the connection is encrypted, and you want the connection to close if the datastream isn't encrypted. Which of the following authentication methods can you configure for your XP Pro system's dial-up properties, given that you'll require a secure password and that you require encryption when you set up the dial-up account to call from your hotel room to the Oakland server? (Select all that apply.)

  1. PAP
  2. CHAP
  3. ORDO
  4. SPAP
  6. MSCHAPv2

Answers (April 12, 2002)

Answer to Question 1
The correct answer is E—MPPE Std, IPSec DES, MPPE Strong, IPSec 3DES. These network encryption technologies have the following key lengths:

  • Microsoft Point-to-Point Encryption (MPPE) Std: 40 or 56 bits

  • IP Security (IPSec) Data Encryption Standard (DES): 56 bits

  • MPPE Strong: 128 bits

  • IPSec Triple DES (3DES): 168 bits

    Answer to Question 2
    The correct answer is A—L2TP and IPSEC. Win2K Server defaults to Automatic encryption, and the system then attempts to use Layer Two Tunneling Protocol (L2TP) and IP Security (IPSEC) before turning to PPTP and Microsoft Point-to-Point Encryption (MPPE). L2TP/IPSEC is more secure, so the system tries to use it first.

    Answer to Question 3
    The correct answers are E—MS-CHAP; and F—MS-CHAPv2. If you've configured your Windows XP dial-up client to require a secure password and encryption when connecting, you can use only the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) or MS-CHAPv2 authentication methods. You can use EAP/ if you have smart-card authentication capabilities, but the question makes no reference to such capabilities. CHAP has a one-way hashed algorithm for Challenge/Response, but it doesn't allow an encrypted session to be established for Windows XP dialup connections. Shiva PAP is similar, yes it does do some encrypted hashing—but it is not a supported authentication protocol for encrypted XP dialup connections.

  • Hide comments


    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.