Exam Objectives Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also gain access to thousands of other FAQs at ITFAQnet.com.

1.	Are dedicated WAN links completely unneeded now that VPN access is common?
2.	Is it better to manage remote access by user or by policy?
3.	How many IAS servers should be used for authentication?
4.	Can I use L2TP without IPSec?
5.	Do I need to choose a single wireless standard?
6.	Why is it so difficult to secure a wireless network? WPA is already considered insecure, and it’s not even a standard yet.

Answers

1.	No, in fact WAN links such as T-1 are now available at lower prices than ever. When you need high bandwidth and don’t want to use a public network, these can still be the best option.
2.	Either method works. In a small network, managing by user is the simplest approach. For larger networks, this becomes cumbersome and policies are much more convenient.
3.	Although one IAS server provides centralized authentication, it can go down and prevent large numbers of users from accessing the network. For this reason, you may wish to configure a backup server. IAS supports replication between servers.
4.	Yes, L2TP does not require IPSec. However, an L2TP connection without IPSec is unencrypted, so it no longer qualifies as a virtual private network.
5.	Not necessarily; many products are available that support multiple standards. Most 802.11g equipment supports the 802.11b standard, and many devices add 802.11a support as well. Using WAPs that support multiple standards is the best way to support all clients.
6.	Security by encryption is simply a complex issue and is usually a race between security vendors and hackers. Wired networks have the same issues, but the fact that wireless signals often extend outside your buildings makes exploits much more common.