| 1. | C. You can set day and time restrictions for remote users by configuring the conditions of the remote access policy. Answer A is incorrect because day and time restrictions are no longer configured through the properties of a user account as they were in Windows NT 4.0. You cannot configure day and time restrictions by configuring the properties of the remote access server or the ports; therefore, answers B and D are incorrect. |
| 2. | D. The clients need to be configured with the IP address of the WINS server. To do this, the DHCP Relay Agent must be installed on the RAS server so that it can forward DHCPInform messages between the clients and the DHCP server. Answer A is incorrect because optional parameters cannot be configured on the RAS server. Clients can be configured with the IP address of the WINS server; however, it's easier from a management perspective to centralize IP address assignment and use a relay agent instead. Therefore, answer B is incorrect. Answer C is incorrect. The DHCP server is already assigning the IP address of the WINS server to DHCP clients because the scenario indicates this problem is not affecting clients connected to the LAN. |
| 3. | A. To centralize the authentication of remote access clients and accounting information, the Internet Authentication Service (IAS) should be installed. RAS servers can then be configured as RADIUS clients. By doing so, they will forward authentication requests and accounting information to the IAS server. Answer B is incorrect because ISA, also known as Internet Security and Acceleration service, is an application layer firewall. Answers C and D are incorrect because RADIUS is the protocol used by IAS to provide authentication and accounting services. |
| 4. | B. The Extensible Authentication Protocol is required to support smart card authentication. Answers A, C, and D are incorrect because they do not support smart card authentication. |
| 5. | C. When creating demand-dial connections, the name of the user account created on the answering router must match the demand-dial interface name on the calling router. Therefore, answers A, B, and D are incorrect. |
| 6. | D. To have changes propagated throughout the network when changes occur and to reduce the administrative overhead associated with updating the routing tables, a routing protocol is required. Because OSPF cannot be used with nonpersistent connections, RIPv2 must be used (or RIPv1). Therefore, answers A and C are incorrect. Answer B is incorrect because ICMP is not a routing protocol. |
| 7. | B. The correct syntax when adding new static routes using the route command is route add mask metric. Answers A, C, and D are incorrect because they do not use the proper syntax. |
| |
| 8. | D. By assigning the Server (Request Security) policy, the server will always attempt secure communications. Unsecured communications will still be allowed if the client is not IPSec-aware. Answer A is incorrect because communications will not be allowed if the client is not IPSec-aware. Answer B is incorrect because assigning Client (Respond Only) means that the server will respond only to requests for secure communications but will not attempt to secure all communications. Answer C is incorrect because it would require less administrative effort to assign an existing policy than to create a new one. |
| 9. | A. If both servers are configured with the Client (Respond Only) policy, they will respond only to requests for secure communications. One of the servers must be configured with Server (Request Security). Answer B is incorrect because IPSec can be configured through Active Directory or on the local computer. Answer C is incorrect because computers are not configured as IPSec clients. Answer D is incorrect because the workgroup membership has no impact on how servers respond to security. |
| 10. | B. To refresh policy settings, you can use the gpupdate command. Because the IPSec policy is configured under the computer policy, you must refresh the computer policy settings. This is done by using the /target:machine option. Answers A and C are incorrect because this was the command used in Windows 2000. Answer D is incorrect because you need to refresh the computer policy settings, not the user policy settings. |
| 11. | A. The correct answer is enable split-horizon processing. You must select this option to ensure that any routes learned from a network are not sent as RIP announcements on the network. With this option enabled, a router cannot advertise a route on the same connection from which it was learned. |
