Objective 3.5: Questions

 < Day Day Up > 



1. 

Rooslan is in the process of planning security for a wireless network. His company will be installing the wireless network in a converted aircraft hanger. There are 10 access points located throughout the hanger to ensure that there is an unbroken field of coverage. Workers who are using Tablet PCs with wireless network adapters must be able to communicate securely. Workers will frequently be changing location and must be able to retain network connectivity when they do so. Which of the following things should Rooslan take into account during the design of the wireless network policy? (Select all that apply.)

  1. Plan the preferred networks list to include all access points in the converted aircraft hanger.

  2. Plan the preferred networks list to specify only the native access point.

  3. Plan to use shared key authentication on the network.

  4. Plan to use IEEE 802.1X authentication on the network.

 correct answers: a and d a. correct this will allow users to roam between access points without losing their connection to the network. b. incorrect if rooslan only specifies the native access point, when workers with tablet pcs move beyond these points they will be unable to access the network without restarting their tablet pcs. c. incorrect shared keys are generated between the native access point and the client. if the client moves beyond the initial access point, a new shared key would need to be generated. this could cause problems for users roaming between access points with tablet pcs. d. correct if you use ieee 802.1x authentication on the network, new keys will not be required when users with tablet pcs roam between access points. new keys would be required for these roaming users if you were to use shared key authentication.

2. 

You are the systems administrator at a private school that provides students with laptop computers that they use for school work. These laptop computers are equipped with wireless Ethernet cards that are used to connect to access points located in classrooms, in the library, and in special study areas. When in class, the library, or the study areas, students log on to the PVTSCHOOL domain. Recently, the administration has become aware that students are playing networked games with each other over peer-to-peer wireless networks. The administration has asked you to ensure that students can only connect to a network by means of an access point, and that they cannot create peer- to-peer networks with the wireless network cards. All student laptop computers are members of the LAPTOP OU, which is a child OU of the STUDENT OU. All computers and users at the school are members of the PVTSCHOOL domain. Which of the following sets of steps will enable you to implement the administration’s goals?

  1. Create a new GPO and assign it to the PVTSCHOOL domain. In this GPO, create a wireless network policy, and configure the policy so that the Networks To Access setting is set to Any Available Network.

  2. Create a new GPO and assign it to the LAPTOP OU. In this GPO, create a wireless network policy, and configure the policy to allow infrastructure networking only.

  3. Create a new GPO and assign it to the LAPTOP OU. In this GPO, create a wireless network policy, and configure the policy to allow ad hoc networking only.

  4. Create a new GPO and assign it to the LAPTOP OU. In this GPO, create a wireless network policy, configure that policy to use IEEE 802.1X, and set the Extensible Authentication Protocol (EAP) type to Protected EAP.

 correct answers: b a. incorrect this will allow students to join peer-to-peer networks. b. correct the allow infrastructure networking only setting forces wireless connections to go through access points. c. incorrect this gpo will allow only ad hoc networks to be used; this is the type of network type that you re trying to restrict. d. incorrect this will do nothing to curb the problem of having students use ad hoc networks.

3. 

Rooslan is the security administrator of an organization. Employees of the organization have been issued laptop computers with wireless network cards. This allows them to access the company network from any conference room or from their offices. Logon to all computers is done by means of smart cards, and the laptop computers come equipped with built-in smart card readers. Because company communication is often of a sensitive nature, wireless transmissions are to be secured by means of Wireless Encryption Protocol (WEP) in addition to 802.1X. Rooslan is currently configuring the authentication protocols that will be used with the company’s wireless network. Which authentication protocols can he use in his solution?

  1. Extensible Authentication Protocol-Transport Level Security (EAP-TLS)

  2. Protected EAP-Microsoft Encrypted Authentication Version 2 (PEAP-MS-CHAP v2)

  3. Password Authentication Protocol (PAP)

  4. Shared Key

 correct answers: a a. correct eap-tls is the only windows server 2003 authentication protocol that supports smart cards. b. incorrect peap-ms-chap v2 does not support smart cards, and hence cannot be used as the authentication protocol in this particular solution. c. incorrect pap does not support smart cards, and hence cannot be used as the authentication protocol in this particular solution. d. incorrect shared key authentication does not support smart cards, and hence cannot be used as the authentication protocol in this particular solution.

4. 

You are the systems administrator at a private school that provides students with laptop computers that they use for school work. These laptop computers are equipped with wireless network cards that are used to connect to access points located in classrooms, in the library, and in special study areas. When in class, the library, or the study areas, students log on to the PVTSCHOOL domain. Students log in by using a user name and password combination. The wireless network has been configured with WEP in addition to 802.1x. Which of the following extensible authentication protocol types will provide the best level of security for the kind of authentication used at the private school?

  1. EAP-TLS

  2. MD5

  3. PEAP

  4. PAP

 correct answers: c a. incorrect this protocol is used for authentication with certificates, generally smart cards. this protocol is not suited for password-based authentication. b. incorrect although md5 can be used for password authentication, it is not as strong as peap, which provides the strongest password-based authentication for wep with 802.1x. c. correct peap provides the strongest password-based authentication for a wep solution with 802.1x. d. incorrect pap cannot be used for authentication with a wep solution with 802.1x.

Answers

1. 

Correct Answers: A and D

  1. Correct This will allow users to roam between access points without losing their connection to the network.

  2. Incorrect If Rooslan only specifies the native access point, when workers with Tablet PCs move beyond these points they will be unable to access the network without restarting their Tablet PCs.

  3. Incorrect Shared keys are generated between the native access point and the client. If the client moves beyond the initial access point, a new shared key would need to be generated. This could cause problems for users roaming between access points with Tablet PCs.

  4. Correct If you use IEEE 802.1X authentication on the network, new keys will not be required when users with Tablet PCs roam between access points. New keys would be required for these roaming users if you were to use shared key authentication.

2. 

Correct Answers: B

  1. Incorrect This will allow students to join peer-to-peer networks.

  2. Correct The Allow Infrastructure Networking Only setting forces wireless connections to go through access points.

  3. Incorrect This GPO will allow only ad hoc networks to be used; this is the type of network type that you’re trying to restrict.

  4. Incorrect This will do nothing to curb the problem of having students use ad hoc networks.

3. 

Correct Answers: A

  1. Correct EAP-TLS is the only Windows Server 2003 authentication protocol that supports smart cards.

  2. Incorrect PEAP-MS-CHAP v2 does not support smart cards, and hence cannot be used as the authentication protocol in this particular solution.

  3. Incorrect PAP does not support smart cards, and hence cannot be used as the authentication protocol in this particular solution.

  4. Incorrect Shared Key authentication does not support smart cards, and hence cannot be used as the authentication protocol in this particular solution.

4. 

Correct Answers: C

  1. Incorrect This protocol is used for authentication with certificates, generally smart cards. This protocol is not suited for password-based authentication.

  2. Incorrect Although MD5 can be used for password authentication, it is not as strong as PEAP, which provides the strongest password-based authentication for WEP with 802.1X.

  3. Correct PEAP provides the strongest password-based authentication for a WEP solution with 802.1X.

  4. Incorrect PAP cannot be used for authentication with a WEP solution with 802.1X.



 < Day Day Up > 



MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net