| Question 1 | Dayton Distributing plans to use Routing and Remote Access to give users the capability to access resources from other locations while still maintaining a high level of security. Specifically , the company president needs to be able to access resources from her home office and other locations. Network administrators also use remote access when they are working from home. A Windows 2000 server is added to the network and configured as a remote access server. When configuring the dial-in properties of user accounts, what options should be selected for callback? -
A. Choose No Callback for the president's account and Set by Caller for the network administrators' accounts. -
B. Choose Set by Caller for the president's account and No Callback for the network administrators' accounts. -
C. Choose Always Callback to for the president's account and Set by Caller for the network administrators' accounts. -
D. Choose Set by caller for the president's account and Always Callback to for the network administrator's accounts. |
| A1: | Answer D is correct. Because the president needs remote access from various locations, the Set by Caller option should be selected. To limit where network administrators can dial in from, select Always Callback to. In this way, the remote access server will always call them back at the configured phone number, ensuring that is where they are attempting remote access from. Selecting No Callback disables this feature. Therefore, answers A, B, and C are incorrect. |
| Question 2 | Your junior network administrator installed and configured a remote access server. Certain users need to be able to dial directly into the server to access network resources. To test the configuration, you attempt to connect to the server but are unsuccessful . When you open the Routing and Remote Access snap-in, you notice the default remote access policy has been deleted. What should you do? -
A. Disable Routing and Remote Access and then enable the service. -
B. Create a remote access policy. -
C. Configure the dial-in properties of the user accounts. -
D. Configure the remote access profile settings. |
| A2: | Answer B is correct. If the default remote access policy is deleted and no other policy exists, users will not be permitted remote access. Therefore, a remote access policy must be created to solve the problem. Answer A is incorrect because disabling and then enabling Routing and Remote Access would re-create the default policy, but this is not the easiest solution. The remote access server would have to be reconfigured afterward. Answer C is incorrect because dial-in permission can be granted through the properties of a user account but a policy must still exist. Answer D is incorrect because profile settings cannot be configured until a policy is created. |
| Question 3 | Some of the users within your organization have home offices, which they work from during the weekdays. They require access to network resources, and all users can dial directly into the remote access server. For security purposes, you want to limit the dial-in hours from 8 A.M. to 6 P.M. How should you proceed? -
A. Configure the properties of each user account. -
B. Configure the properties of the remote access server. -
C. Configure the conditions of the remote access policy. -
D. Configure the port properties. |
| A3: | Answer C is correct. You can set day and time restrictions for remote users by configuring the conditions of the remote access policy. Answer A is incorrect because day and time restrictions are no longer configured through the properties of a user account as they were in Windows NT 4.0. You cannot configure day and time restrictions by configuring the properties of the remote access server or the ports; therefore, answers B and D are incorrect. |
| Question 4 | You are in the process of configuring profile settings for a remote access policy. You configure the settings as shown in the following figure. Which of the following statements are true? [Choose all that apply.]  -
A. Users will be disconnected after eight hours of inactivity. -
B. Users will be disconnected after 30 minutes of inactivity. -
C. Users can remain connected as long as necessary. -
D. Users can dial in only between 6 P.M. and 6 A.M. -
E. Users can dial in only between 6 A.M. and 6 P.M. -
F. Users can dial any number for remote access. |
| A4: | Answers B and E are correct. The profile settings configured will disconnect a session after 30 minutes of idle time, restrict the maximum session to 8 hours, allow users remote access during the hours of 6 A.M. and 6 P.M., and allow users to dial in to a specified number. Therefore, answers A, C, and D are incorrect. |
| Question 5 | You configured a Windows 2000 server as a remote access server. While enabling the service, you chose to use DHCP for IP address assignment. WINS is still used on the internal network, because you are still in the process of upgrading to Windows 2000. Clients report that they can successfully connect but are unable to access network resources using a UNC path . What must be done to resolve the problem? -
A. You must configure a range of IP addresses on the RAS server, as well as assign any optional IP parameters to the clients. -
B. You must manually configure the IP settings on the remote access clients. -
C. You must install the DHCP Relay Agent on the DHCP server. -
D. You must install the DHCP Relay Agent on the RAS server. |
| A5: | Answer D is correct. The clients need to be configured with the IP address of the WINS server. To do this, the DHCP Relay Agent must be installed on the RAS server so it can forward DHCPInform messages between the clients and the DHCP server. Answer A is incorrect because optional parameters cannot be configured on the RAS server. Clients can be configured with the IP address of the WINS server; however, it's easier from a management perspective to centralize IP address assignment and use a relay agent instead. Therefore, answer B is incorrect. Answer C is incorrect because the DHCP Relay Agent isn't installed on a DHCP server. |
| Question 6 | You are installing a RAS server on the network to provide business managers with remote access. The following requirements should be met: -
Only business managers should be permitted access. -
Users in this group should have access any time of the day except weekends. -
Remote clients should be automatically assigned an IP address. -
Remote clients should be assigned optional parameters needed to communicate on the internal network. You perform the following tasks : -
Enable Routing and Remote Access. -
Configure the RAS server with a range of IP addresses. -
Configure the user account properties to control access through a remote access policy. -
Delete the default remote access policy and create a new one. -
Create a new group called remoteusers and add the business managers to it. -
Edit the conditions of the profile to only allow access to the remote users group and allow use from Monday through Friday with no restrictions on time. -
Set the permissions of the policy to allow access. Which of the following requirements are met? [Choose all that apply.] -
A. Only business managers are permitted access. -
B. Users can dial in anytime between Monday and Friday. -
C. All remote users are assigned an IP address. -
D. All remote users are assigned any required optional parameters. |
| A6: | Answers A, B, and C are correct. By creating a new group for the business managers and configuring the conditions of the policy to allow access only to this group, the first requirement is met. Configuring the day and time restrictions gives users access anytime during the weekdays. Configuring a range of IP addresses on the RAS server ensures that remote access clients will receive an IP address. Answer D is incorrect because the RAS server needs to be configured to use DHCP and have the DHCP Relay Agent installed for clients to be dynamically assigned optional components . |
| Question 7 | Some of your remote access users require more bandwidth than others. You have created a new remote access policy specifically for these clients. You want to allow the use of Multilink for these users. How should you proceed? -
A. In the Properties dialog box for the remote access server, select the Multilink tab. -
B. In the Properties dialog box for the user accounts, select the Dial-in tab and select the Allow Multilink option. -
C. Through the Properties window for the policy, use the Multilink tab from the Edit Dial-in Profile dialog box. -
D. From the Properties window for the policy, click the Add button to configure Multilink as a policy condition. |
| A7: | Answer C is correct. To enable Multilink in a remote access policy, you must use the Multilink tab found in the Edit Dial-in Profile dialog box within the properties of the remote access policy. Therefore, answers A, B, and D are incorrect. |
| Question 8 | You have multiple RAS servers on your network. You want to centralize the authentication of remote access clients and accounting information. Which of the following services should you install? -
A. IAS -
B. IIS -
C. RADIUS -
D. RRAS |
| A8: | Answer A is correct. To centralize the authentication of remote access clients and accounting information, the Internet Authentication Service (IAS) should be installed. Answer B is incorrect because IIS is for Web hosting. Answer C is incorrect because RADIUS is the protocol used by IAS to provide authentication and accounting services. Answer D is incorrect because Routing and Remote Access Service is used to provide a variety of services, including remote access, VPN, and routing. |
| Question 9 | What is the main purpose of IPSec? -
A. Ensure data integrity through encryption. -
B. Establish a VPN tunnel over a PPP connection. -
C. It's an authentication protocol. -
D. It's used by Multilink to dynamically add and drop lines. |
| A9: | Answer A is correct. IPSec is used in conjunction with L2TP to encrypt data. Answer B is incorrect because PPTP and L2TP are used to establish VPN tunnels. Answer C is incorrect because it is not a protocol used to authenticate users. Answer D is incorrect because BAP is the protocol used by Multilink. |
| Question 10 | For security purposes, SmartCards are being implemented for all remote access users. Which of the following protocols is required to support SmartCard authentication? -
A. PAP -
B. EAP -
C. MS-CHAP -
D. SPAS |
| A10: | Answer B is correct. The Extensible Authentication Protocol is required to support SmartCard authentication. Answers A, C, and D are incorrect because they do not support SmartCard authentication. |
