| < Day Day Up > |
|
1. | You must design an authentication method for the R&D personnel in Albuquerque and Paris to access the applications and file servers they use. What should you do?
|
| ||||||||||||||||
2. | You need to allow users in Albuquerque, Beijing, and Rio de Janeiro to access the wireless network. What should you do?
|
| ||||||||||||||||
3. | You need to make sure that data sent over the wireless connection is encrypted. The wireless solution needs to meet the concerns of the Chief Security Officer. What should you do?
|
| ||||||||||||||||
4. | You need to design an IPSec policy so employees connecting to terminal servers and web servers in the Albuquerque office can work with confidential data from work or home. You need to decide what policy settings are necessary for IPSec. What should you do? Drag the appropriate policy setting from the Policy Setting section to the correct location(s) in the Work Area section.
|
| ||||||||||||||||
5. | You need to design a secure connection strategy between the R&D and design departments’ resources. Your solution must minimize the impact on client, server, and network performance. What should you do?
|
|
Answers
1. | D. The security policy requires that R&D data and applications are protected by the highest level of protection. Using smart cards with EAP-TLS for authentication and encryption and using Terminal Services to prevent downloading of data is the strongest protection. | ||||||||||||
2. | D. You will need to authenticate the users on the network. Because security is a concern and the effort has been made to install PKI, you can use it in your wireless solution. You would avoid the WEP solution because managing the preshared keys would be too much work for the IT staff. You would need to add a RADIUS server to the network to use 802.1x authentication so B is not as complete as D. IPSec will encrypt the network traffic, but there is no authentication mechanism built into it, so C is not a solution to the company’s wireless requirements. | ||||||||||||
3. | A. You would use the Active Directory to push out a GPO that sets up the wireless network settings. This would require the least amount of work for the network administrators but still provide for setting up encryption. | ||||||||||||
4. |
You would not apply an IPSec policy to the HTTP/HTTPS traffic because you would use HTTPS to provide encryption and authentication for the application and would not need IPSec. You would want to encrypt the RDP traffic with IPSec for the RDP protocol to the terminal services for protection. All other traffic would be denied for IPSec to the servers from the Internet. | ||||||||||||
5. | A. To minimize the performance impact on the networks and the client and server CPUs, you should establish an IPSec tunnel between Albuquerque and Paris. This will encrypt only the network traffic that will travel over the link, limiting the network overhead, and will not use the client or server CPUs for encryption. Options B, C, and D would require each computer to perform encryption, which will degrade performance. |
| < Day Day Up > |
|