Exam Prep Questions

Question 1

Some of the users within your organization have home offices, which they work from during the weekdays. They require access to network resources, and all users can dial directly into the remote access server. For security purposes, you want to limit the dial-in hours from 8 a.m. to 6 p.m. How should you proceed?

  • A. Configure the properties of each user account.

  • B. Configure the properties of the remote access server.

  • C. Configure the conditions of the remote access policy.

  • D. Configure the port properties.

A1:

Answer C is correct. You can set day and time restrictions for remote users by configuring the conditions of the remote access policy. Answer A is incorrect because day and time restrictions are no longer configured through the properties of a user account as they were in Windows NT 4.0. You cannot configure day and time restrictions by configuring the properties of the remote access server or the ports; therefore, answers B and D are incorrect.

Question 2

You configured Windows Server 2003 as a remote access server. While enabling the service, you chose to use DHCP for IP address assignment. You are still using WINS on the internal network because you are still in the process of upgrading. Clients report that they can successfully connect but cannot access network resources using a UNC path . What must be done to resolve the problem?

  • A. You must configure a range of IP addresses on the RAS server, as well as assign any optional IP parameters to clients.

  • B. You must manually configure the IP settings on the remote access clients.

  • C. You must install the DHCP Relay Agent on the DHCP server.

  • D. You must install the DHCP Relay Agent on the RAS server.

A2:

Answer D is correct. The clients need to be configured with the IP address of the WINS server. To do this, the DHCP Relay Agent must be installed on the RAS server so that it can forward DHCPInform messages between the clients and the DHCP server. Answer A is incorrect because optional parameters cannot be configured on the RAS server. Clients can be configured with the IP address of the WINS server; however, it's easier from a management perspective to centralize IP address assignment and use a relay agent instead. Therefore, answer B is incorrect. Answer C is incorrect because the DHCP Relay Agent isn't installed on a DHCP server.

Question 3

You have multiple RAS servers on your network. You want to centralize the authentication of remote access clients and accounting information. Which of the following services should you install?

  • A. IAS

  • B. IIS

  • C. RADIUS

  • D. RRAS

A3:

Answer A is correct. To centralize the authentication of remote access clients and accounting information, the Internet Authentication Service (IAS) should be installed. Answer B is incorrect because IIS is for Web hosting. Answer C is incorrect because RADIUS is the protocol used by IAS to provide authentication and accounting services. Answer D is incorrect because Routing and Remote Access Service is used to provide a variety of services, including remote access, VPN, and routing.

Question 4

For security purposes, smart cards are being implemented for all remote access users. Which of the following protocols is required to support smart card authentication?

  • A. PAP

  • B. EAP

  • C. MS-CHAP

  • D. SPAP

A4:

Answer B is correct. The Extensible Authentication Protocol is required to support smart card authentication. Answers A, C, and D are incorrect because they do not support smart card authentication.

Question 5

You are creating a two-way demand-dial connection between two Windows Server 2003 RRAS servers. When creating the user account on the answering router, what must you remember?

  • A. Any user account name can be used.

  • B. The user account name should match the demand-dial interface name of the answering router.

  • C. The user account name should match the demand-dial interface name of the calling router.

  • D. The user account name must match the computer name of the answering router.

A5:

Answer C is correct. When creating demand-dial connections, the user account name created on the answering router must match the demand-dial interface name on the calling router. Therefore, answers A, B, and D are incorrect.

Question 6

Your internetwork consists of seven subnets. All subnets are connected using Windows Server 2000 RRAS servers. Nonpersistent demand-dial connections have been configured. You do not want to be burdened with updating the routing tables, and you want any changes to the network topology to be propagated immediately. Which of the following routing options should you implement?

  • A. Static routes

  • B. ICMP

  • C. OSPF

  • D. RIPv2

A6:

Answer D is correct. To have changes propagated throughout the network when changes occur and to reduce the administrative overhead associated with updating the routing tables, a routing protocol is required. Because OSPF cannot be used with nonpersistent connections, RIPv2 must be used (or RIPv1). Therefore, answers A and C are incorrect. Answer B is incorrect because ICMP is not a routing protocol.

Question 7

Which of the following commands would add a static route to a routing table?

  • A. route -p 192.168.126.0 mask 255.255.255.0 192.168.125.1 metric 2

  • B. route add 192.168.126.0 mask 255.255.255.0 192.168.125.1 metric 2

  • C. route add 192.168.126.0 255.255.255.0 192.168.125.1 metric 2

  • D. route add 192.168.126.0 mask 255.255.255.0 gateway 192.168.125.1 metric 2

A7:

Answer B is correct. The correct syntax when adding new static routes using the route command is route add <network> mask <subnetmask> <gateway> metric . Answers A, C, and D are incorrect because they do not use the proper syntax.

Question 8

You are configuring IP security for your network. You want all data to be encrypted, but you still want clients that do not support IPSec to be capable of authenticating with the server. Which of the following policies should you use?

  • A. Secure Server (Require Security)

  • B. Client (Respond Only)

  • C. Client (Require Security)

  • D. Server (Request Security)

A8:

Answer D is correct. By assigning the Server (Request Security) policy, the server will always attempt secure communications. Unsecured communications will still be allowed if the client is not IPSec-aware. Answer A is incorrect because communications will not be allowed if the client is not IPSec-aware. Answer B is incorrect because assigning Client (Respond Only) means that the server will respond only to requests for secure communications but will not attempt to secure all communications. Answer C is incorrect because there is no such default IP security policy.

Question 9

You are configuring IPSec between two servers in a workgroup. You assign Client (Respond Only) to each of the servers, but you notice that IP packets being sent between the two servers are not being secured. What is causing the problem?

  • A. Both are configured with the Client (Respond Only) policy.

  • B. IPSec can be used only with Active Directory.

  • C. One of the servers must be configured as an IPSec client.

  • D. The servers cannot be members of the same workgroup.

A9:

Answer A is correct. If both servers are configured with the Client (Respond Only) policy, they will respond only to requests for secure communications. One of the servers must be configured with Server (Request Security). Answer B is incorrect because IPSec can be configured through Active Directory or on the local computer. Answer C is incorrect because computers are not configured as IPSec clients. Answer D is incorrect because the workgroup membership has no impact on how servers respond to security.

Question 10

You have just updated the policy settings and want to apply changes immediately. Which of the following commands can be used?

  • A. secedit

  • B. gpupdate

  • C. dcgpofix

  • D. gpresult

A10:

Answer B is correct. To refresh policy settings, you can use the gpupdate command. Answer A is incorrect because this was the command used in Windows 2000. Answer C is incorrect because this command restores default Group Policy Objects to their original state. Answer D is incorrect because the command displays Group Policy settings for a computer.




Windows Server 2003 Network Infrastructure Exam Cram 2 (Exam 70-291)
MCSA/MCSE 70-291 Exam Cram: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (2nd Edition)
ISBN: 0789736187
EAN: 2147483647
Year: 2002
Pages: 118
Authors: Diana Huggins

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net