Apply Your Knowledge


In this chapter, you have learned how remote access is configured and managed. In the following exercises, you will practice some of the concepts and methods discussed in this chapter.

Exercises

6.1. Creating a Remote Access Policy

In this exercise, you will use the Routing and Remote Access console to create a remote access policy. In this exercise, you will create a policy for users connecting by using PPP.

Estimated Time: 10 minutes

  1. Open the Routing and Remote Access console.

  2. Expand the application tree in the left pane by double-clicking the server. Right-click Remote Access Policy and select New Remote Access Policy.

  3. Enter the name Exercise 1 and click Next to continue.

  4. Click Add to add a condition. Select the Framed Protocol attribute from the list of attributes and click Add.

  5. Select PPP from the list of protocols. Click Add.

  6. Click OK to add the condition. Click Next.

  7. Select the Grant Remote Access Permission option. Click Next.

  8. Click Finish to complete the creation of the profile.

6.2. Configuring an Idle Timeout for an RRAS Server

This exercise walks you through modifying a profile to add an idle timeout for a remote access policy.

Estimated Time: 15 minutes

  1. Open the Routing and Remote Access console.

  2. Right-click the Exercise 1 remote access policy that you created in Exercise 6.1. Select Properties from the context menu.

  3. Click the Edit Profile button.

  4. Go to the Dial-Constraints tab. Select the Disconnect If Idle option and set the timeout value to 30 minutes.

  5. Click OK to commit the changes. Click OK to return to the Routing and Remote Access console.

6.3. Monitoring Routing and Remote Access by Using the Performance Console

This exercise walks you through adding a counter to the Performance console so that you can see how many errors the RRAS ports are experiencing.

Estimated Time: 15 minutes

  1. Open the Performance console.

  2. Under Performance, select System Monitor.

  3. Click the + icon to add the counter.

  4. Select the RAS Total performance object.

  5. Select the Total Errors counter and click Add.

  6. Click Close to complete the exercise.

Exam Questions

1.

What feature of RRAS can be used to aggregate bandwidth across multiple modem connections?

A.

Multinet

B.

Multilink

C.

X.25

D.

VPN


2.

You are the systems administrator for Phil's Phill-up Stations, a chain of gas stations. As part of the network, you maintain a Windows Server 2003 RRAS server to provide remote access services as part of a VPN. What VPN protocols will the server support? (Choose three.)

A.

PPTP

B.

IPSec

C.

PPP

D.

EAP

E.

L2TP


3.

You are the systems administrator for Little Faith Enterprises Meat Packing. As part of the troubleshooting of a support problem, you need to check to see whether a user is connected to the RRAS server. How can you do this?

A.

Open Performance Manager, click the Add Counter icon, select the RAS object, choose the Connected Users counter, click OK, and check the resulting statistic.

B.

Open the Performance console, click the Add Counter icon, select the RAS object, choose the Connected Users counter, click OK, and check the resulting statistic.

C.

Open the Routing and Remote Access console, right-click the RAS server, choose Connected Users, and check for the user in the Connected Users dialog box.

D.

Open the Routing and Remote Access console, and under the server in the tree view, select Remote Access Clients. Check for the user in the Remote Access Clients list.


4.

You need to configure strong authentication for a Windows Server 2003 RRAS server. Which protocols should you use? (Choose three.)

A.

IPSec

B.

PAP

C.

EAP

D.

CHAP

E.

MS-CHAP


5.

You manage a Windows Server 2003 RRAS server that is used for remote dial-in access. You have an end user who is trying to connect to the RRAS server but keeps getting the message that he is not an authorized user. He is able to connect to the network and log in from his office across the LAN. What might be causing the problem?

A.

The user is not using the correct password.

B.

The user is not using an ID that is authorized to use the dial-in server.

C.

The user is trying to use his LAN account instead of his dial-in account.

D.

One of the modems on the server is probably down.


6.

You manage a Windows Server 2003 RRAS server that is used for remote dial-in access. You have an end user who is trying to connect to the RRAS server but keeps getting the message that he is not an authorized user. He is able to connect to the network and log in from his office across the LAN. After doing some research, you find that the user ID was not authorized for remote access. How would you fix this situation?

A.

Using the Routing and Remote Access console, open the user's ID and under the Remote Access tab, grant him access.

B.

Using the Routing and Remote Access console, create a remote access policy. Then use the Windows-Groups criteria and add the user to an authorized group.

C.

Using the Routing and Remote Access console, create a remote access profile. Then use the Windows-Groups criteria and add the user to an authorized group.

A.

Using the Routing and Remote Access console, create a remote access profile. Then configure that profile to grant remote access permission.


7.

You are the systems administrator for Runaway Travel, and you have just installed a new Windows Server 2003 RRAS server to replace a hardware RAS server. Your users are using a third-party PPP dialer that was used for the old system. What is the most secure authentication protocol that can be used for this connection?

A.

PAP

B.

EAP

C.

CHAP

D.

IPSec


8.

You are the systems administrator for Runaway Travel, and you have just installed a new Windows Server 2003 RRAS server to replace a hardware RAS server. Your users are using the Windows 2000 Professional dialer. What is the most secure authentication protocol available for this situation?

A.

CHAP

B.

MS-CHAP

C.

PPP

D.

IPSec


9.

You are the systems administrator for Runaway Travel, and you have just installed a new Windows Server 2003 RRAS server to replace a hardware RAS server. Your users are using a variety of client computer operating systems and PPP dialers. What is the most secure way to ensure that all the users have access?

A.

In the dial-in profile for the users, select MS-CHAP and MS-CHAPv2.

B.

In the dial-in profile for the users, select Encrypted Authentication (CHAP).

C.

Use IPSec in conjunction with RAS.

D.

Allow remote PPP client computers, and computers using all the other protocols, to connect without negotiating any authentication method.


10.

You are the systems administrator for the Go to Philly Bus Company, and you have a requirement for a Windows Server 2003 RRAS server to replace a hardware solution. How do you install and configure the service?

A.

Using the Networking and Dial-up Connections Wizard, install RRAS.

B.

Using the Networking and Dial-up Connections Wizard, install Remote Access Service.

C.

Use RRAS to configure the service. Configure it with Windows Server 2003 Administration.

D.

Use Add or Remove Programs to add RRAS to the server. Configure the application by using RRAS.


11.

You are the security administrator for Barb's House of Pancakes. You have been asked to implement smart cards for remote access authentication, using the Windows Server 2003 RRAS. What protocol do you need?

A.

IPSec

B.

PPTP

C.

MS-CHAPv2

D.

EAP


12.

You are the Internet administrator for the Go to Philly Bus Company, and you are using a Windows Server 2003 server as a VPN server. You need to configure additional IPSec VPN ports. How do you accomplish this?

A.

Run the VPN Wizard and configure the additional ports.

B.

Go to the Network Connections window and double-click Create a New Connection. When the New Connection Wizard starts, select New Inbound VPN and follow the prompts.

C.

In the Routing and Remote Access console, edit the properties of the L2TP ports and add the additional connections.

D.

In the Routing and Remote Access console, edit the properties of the IPSec ports and add the additional connections.


13.

What is the strongest encryption protocol supported by Windows Server 2003?

A.

DES

B.

IPSec

C.

MS-CHAPv2

D.

3DES


14.

You are the security administrator for Jolly Snowmen Ice Cream. Your manager has asked you to explain the use of encryption on your Windows Server 2003 server. You know you are running 3DES. What service does 3DES provide to your installation?

A.

3DES encrypts dial-in traffic over the phone lines.

B.

3DES encrypts L2TP VPN traffic.

C.

3DES provides encrypted authentication.

D.

3DES provides encrypted address information in conjunction with PPTP.


Answers to Exam Questions

1.

B. The correct term for this feature is Multilink. Multilink allows for the use of multiple connections to a single server, which are then aggregated to provide additional bandwidth. Multinet does not relate to RRAS; thus Answer A is incorrect. X.25 is a type of WAN connection; thus Answer C is incorrect. A VPN is used to provide secure remote access over an insecure network; thus Answer D is incorrect. For more information, see the section "The IP Tab."

2.

A, E. Windows Server 2003 RRAS supports the following VPN protocols: PPTP and L2TP. IPSec is an encryption protocol; thus Answer B is incorrect. PPP is a remote access protocol; thus Answer C is incorrect. EAP is an authentication protocol; thus Answer D is incorrect. For more information, see the section "Supported VPN Protocols."

3.

D. You can see this information in the right pane of the Routing and Remote Access console by clicking the Remote Access Clients entry. The Routing and Remote Access console will show any connected users in this folder; thus Answer C is incorrect. Double-clicking the connection will provide additional information. The Performance Manager was used in Windows NT 3.51 and 4.0; thus Answer A is incorrect. The Performance console will not provide the required information you need; thus Answer B is incorrect. For more information, see the section "Managing RRAS Clients."

4.

C, D, E. IPSec is not an authentication protocol; thus Answer A is incorrect. PAP sends the authentication information as clear text; thus Answer B is incorrect. EAP, CHAP, and MS-CHAP are all secure authentication protocols. For more information, see the section "Configuring Remote Access Authentication Protocols."

5.

B. The user is not using an ID that is authorized to use the dial-in server. You must be authorized in a remote access policy before you can connect via dial-in. Since the user can connect via the LAN, using the wrong password or user ID is not likely the problem; thus Answers A and D are incorrect. Remote access uses the same credentials as normal LAN access; thus Answer C is incorrect. For more information, see the section "Troubleshooting User Access to Remote Access Services."

6.

B. Using the Routing and Remote Access console, you create a remote access policy. Then you use the Windows-Groups criteria and add the user to an authorized group. Remote access is not configured for users directly through the RRAS console; thus Answer A is incorrect. You want to create a policy, which contains a profile; thus Answers C and D are incorrect. For more information, see the section "Configuring RRAS Policies to Permit or Deny Access."

7.

C. With a third-party dialer, the best you will be able to manage for authentication is CHAP. CHAP is an industry-standard protocol that is supported by virtually all PPP dialers. PAP would also work, but it offers no security whatsoever; thus Answer A is incorrect. IPSec is not an authentication protocol; thus Answer D is incorrect. EAP is a protocol that is used for devices such as smart cards; thus Answer B is incorrect. For more information, see the section "Configuring Remote Access Authentication Protocols."

8.

B. For communication between Windows PPP client computers, MS-CHAP is the most secure protocol of those listed because it integrates encryption and hashing algorithms. CHAP is an industry-standard protocol that is supported by virtually all PPP dialers, but is less secure than MS-CHAP; thus Answer A is incorrect. PPP is a remote access protocol, not an authentication protocol; thus Answer C is incorrect. IPSec is not an authentication protocol; thus Answer D is incorrect. For more information, see the section "Configuring Remote Access Authentication Protocols."

9.

D. The trick here is to understand that the "connect without negotiating any authentication method" configuration is the lowest common denominator for connections. Using this configuration is the only way to ensure that all the users can get to the network by using your RAS solution. Users can still connect by using greater security; thus Answers A, B, and C are incorrect. For more information, see the section "Diagnosing and Resolving Problems Related to Establishing a Remote Access Connection."

10.

C. RRAS is installed with the operating system. You need to use the Routing and Remote Access console to make sure everything is configured correctly; thus Answers A, B, and D are incorrect. For more information, see the section "Configuring RRAS Policies to Permit or Deny Access."

11.

D. EAP is the protocol needed to support smart cards. IPSec is not an authentication protocol; thus Answer A is incorrect. PPTP is a VPN protocol; thus Answer B is incorrect. MS-CHAPv2 is an authentication protocol, but does not support smart cards; thus Answer C is incorrect. For more information, see the section "Configuring Remote Access Authentication Protocols."

12.

C. You can just edit the properties of the L2TP ports, which are installed and configured when RRAS is installed; thus Answers A and B are incorrect. Because by default IPSec uses L2TP as a transport under Windows Server 2003, the ports are L2TP ports, not IPSec ports; thus Answer D is incorrect. For more information, see the section "Managing Devices and Ports."

13.

D. 3DES is the strongest encryption protocol used by Windows Server 2003; thus Answers A, B, and C are all incorrect. For more information, see the section "Windows Server 2003 VPNs."

14.

B. 3DES is used in conjunction with IPSec. Because IPSec is used with L2TP, Answers A, C, and D are all incorrect. For more information, see the section "Windows Server 2003 VPNs."




MCSA(s)MCSE 70-291(c) Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
MCSA/MCSE 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam Prep)
ISBN: 0789736497
EAN: 2147483647
Year: 2006
Pages: 196
Authors: Will Schmied

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net