1

LAB 9
SECURING DATA
TRANSMISSION AND
AUTHENTICATION
Question
1
What are the available options for Source address?
My IP Address
Any IP Address
A Specific DNS Name
A Specific IP Address or Subnet
DNS Servers <dynamic.
WINS Servers <dynamic>
DHCP Server <dynamic>
Default Gateway <dynamic>

Question
2
What is the default protocol type?
Any

Question
3
What action types are available to choose from?
Permit
Block
Negotiate security

Question
4
How often will the local computer check for policy updates?
180 minutes


Question
5
What are the network types to which this rule can be applied?
All network connections
LAN
Remote access

Question
6
Are you able to ping the IP address of the odd-numbered
computer?
Yes

Question
7
Are you now able to ping the IP address of the odd-numbered
computer?
No

Question
8
Are you now able to ping the IP address of the odd-numbered
computer?
Yes

Question
9
Are you able to ping the IP address of the odd-numbered
computer? Why or why not?
No. xx is set for secure traffic only, and while yy was
attempting to ping xx, yy had no authentication.

Question
10
What authentication method(s) is/are currently configured?
Kerberos

Question
11
Are you able to ping the IP address of the odd-numbered
computer? Why or why not?
Yes. The IPSec policy on yy is configured to secure traffic

and authenicated with a pre-shared key to xx.

Question
12
Are you able to ping the IP address of the even-numbered
computer? Why or why not?
Yes. The same pre-shared key authenticates traffic both
ways .

Question
13
Are you able to ping the remote computer? That is, if you are
logged on to the odd-numbered computer, are you able to
ping the even-numbered computer and vice versa?
No

Question
14
Are you able to browse to the c$ share on the remote
computer?
No

Question
15
Are you able to ping your partner's computer? Why or why
not?
Yes, the default firewall settings are allowing network traffic,
the network is set to public (not private).

Question
16
Are you able to browse to the Lab9 share?
Yes, by using the 192.168.3.z addressing scheme

Question
17
Are you able to ping the remote computer? Why or why not?
Yes, the default firewall settings are allowing network traffic,
the network is set to public (not private).

Question
18
Are you able to browse to the Lab9 share?

Yes, by using the 192.168.3.z addressing scheme

Question
19
Are you able to browse to the Lab9 share?
Yes, the exception in this part of the lab, place a checkmark
next to File and Printer Sharing was already selected.

Question
20
What are the available authentication methods from which to
choose?
Default
Computer and user (Kerberos V5)
Computer (Kerberos V5)
Computer certificate
Advanced


Question
21
Are you able to ping your partner's computer?
Yes

Question
22
Are you able to ping the odd-numbered W2K8xx computer?
Why or why not?
No. The pre-shared key BadAuthentication does not match
up with Lab9

Question
23
Are you able to ping the odd-numbered W2K8xx computer?
Why or why not?
Yes. The pre-shared keys are identical.


Question
24
What Main
Mode
Associatio
n(s) are
present?


LAB REVIEW QUESTIONS
Completion time 15 minutes
1. In your own words, describe what you learned by completing this lab.

Lab 9 was by far the most difficult of the labs for me thus far. I think that the most
challenging parts of the lab are knowing when to be logged in as local admin and domain
admin, and knowing which machines to do what parts on. I finally completed this lab after
receiving some instructor help. IPSec, Wirewall Settings, Security Rules, and Pre-Shared
Keys were all hands-on learned material from this lab.

2. Why did you not need to configure a separate Windows Firewall exception to allow ping
traffic when you enabled the file and printer sharing exception?
During this lab, the file and printer sharing exception was active the entire time.
However while researching this question online, Ive found that enabling the File and
Print Sharing exception will automatically open the necessary firewall exceptions to
allow ping traffic.
3. What filter actions are available to you when you are creating an IPSec policy?
Allow traffic, Block traffic, and Secure Traffic
4. In a non-Active Directory environment, what options are available to secure IPSec traffic
between computers?
PKI certificates and pre-shared keys



LAB 10

CONFIGURING
NETWORK HEALTH
Question
1
What is the default lease duration of a Wired subnet type?
6 days

Question
2
What Security Health Validator is selected by default?
Windows Security Health Validator
LAB REVIEW QUESTIONS
Completion time 15 minutes
1. In your own words, describe what you learned by completing this lab.
I found Lab 10 to be interesting, however maybe not as useful as some of the
previous labs. This lab was based on configuring Network Health, and included
the installation of AD Certificate Services, configuring certificate revocation,
templates, and enrollment.
2. Will the configuration that you established in this lab allow you to take your root
CA offline for added security? Why or why not?
No, this configuration will not allow me to take my root CA offline for added
security because my config is used as an enterprise CA. Only a standalone CA
config can use this offline root functionality.
3. What other enforcement mechanisms are available with Network Access
Protection?
DHCP enforcement, IPSec enforcement, VPN enforcement, 802.1x enforcement,
TS Gateway enforcement
4. By default, what does the Windows Security Health Validator check for on a
Windows Vista client?

Windows Security Health Validator by default checks Vista clients for a firewall, virus
protection, spyware protection, and automatic updating.