| < Day Day Up > |
|
Page
12-15
1. | Which of the following authentication protocols can be used by fully updated Windows 98 VPN clients? (Choose all that apply.)
|
|
2. | Your organization’s security policy has a requirement that passwords not be stored with reversible encryption. Which of the following authentication protocols can you use? (Choose all that apply.)
|
|
3. | Your organization still has clients running Windows 95. Which of the following protocols can you use to authenticate dial-up clients? (Choose all that apply.)
|
|
Answers
1. | b, c, d, e, and f. After appropriate updates have been applied, Windows 98 supports all authentication protocols except EAP. |
2. | a, b, e, and f. Only MS-CHAP v1 and CHAP require passwords to be stored with reversible encryption. |
3. | c, d, e, and f. Windows 95 does not support EAP. It does support MS-CHAP v2 for VPN connections but not for dial-up connections. |
Page
12-28
1. | Your organization has multiple dial-up servers configured to authenticate to an IAS RADIUS server. Which tool should you use to restrict the hours during which users can dial up?
|
|
2. | Your organization uses Windows authentication to verify the credentials of remote VPN clients. Which tool should you use to restrict the groups that can connect to the VPN server?
|
|
3. | In an Active Directory domain environment, which of the following conditions must be met in order to use RAPs to control which remote access users are allowed to connect?
|
|
Answers
1. | d. You should create a RAP on the IAS server by using the Internet Authentication Service console. |
2. | c. You should create a RAP on the remote access server by using the Routing And Remote Access console. |
3. | b. The only requirement is that the domain functional level must be Windows Server 2003. |
Page
12-41
1. | Which tools can you use to configure authentication and encryption methods for remote access connections on clients? (Choose all that apply.)
|
|
Answers
1. | b and c. Use the CMAK Wizard to create an executable file that you can distribute to clients to create the preconfigured connections, and use the network connections properties dialog box to manually configure authentication and encryption for remote access connections. |
Page
12-42
1. | Which of the following solutions will you recommend?
|
|
2. | Will you recommend using a PPTP or L2TP/IPSec VPN? |
|
3. | How will you configure the network connections on the client computers? |
|
4. | Should you recommend using a RADIUS server? |
|
Answers
1. | d. Though any of these solutions would work, using a VPN is more cost-effective than configuring dial-up servers because it does not require the purchase of additional hardware or software. You should recommend EAP authentication with public key certificates because you already have a PKI deployed and all clients are running Windows XP, Windows 2000, or Windows Server 2003. If you did not already have a PKI in place, MS-CHAP v2 authentication would be preferable. |
2. | Either PPTP or L2TP/IPSec will allow the consultants to access the internal network by using both authentication and encryption. However, you are already using IPSec on the internal network, so L2TP/IPSec would be the logical choice. |
3. | You could configure them manually or provide instructions to the consultants to configure the connections. However, the most efficient way to configure the connections is to use the CMAK Wizard to create an executable file and then distribute this executable file to the consultants. |
4. | There is no need for the addition of a RADIUS server because there will only be a single VPN server, and that server is already running Windows Server 2003. You can use Windows authentication and remote access policies on the remote access server itself. |
Page
12-44
1. | What is the source of the problem? |
|
2. | How will you resolve the problem? |
|
Answers
1. | The user has the Verify Caller-ID check box selected. This is an excellent way to improve security; however, the value specified is a phone number that was left over from when the user connected by using a dial-up connection. |
2. | When a user connects to a VPN, the Verify Caller-ID value is used to validate the user’s source IP address, not the user’s phone number. You should either clear the Verify Caller-ID check box or change the value to the user’s IP address. |
| < Day Day Up > |
|