Question 1) Microsoft Internet Acceleration

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Objective: Configuring Firewall Policy
SubObjective: Create policy elements, access rules, and connection limits. Policy elements include schedule, protocols, user groups, and network objects

Single Answer Multiple Choice

You are the network administrator of your company. The network consists of a single Active Directory domain. The network contains Windows 2000 Professional and Windows XP Professional client computers. All the client computers on your network are members of the Active Directory domain. To ensure security, you deploy and configure an ISA Server 2004 computer named ISA1 in the domain.

The network contains an FTP server. To enable users to access the FTP server from the Internet, you create an access rule to allow FTP access for all users on the default FTP ports. You will be traveling to various customer locations during next month. Therefore, you decide to configure ISA1 and the FTP server for remote management so that you can manage them from the customer locations.

You are required to remotely manage ISA1 and the FTP server. What should you do?

A. Configure two external IP addresses on ISA1. Create two server publishing rules to enable RDP access.
B. Configure one RDP server publishing rule on ISA1 to remotely manage ISA1. From ISA1, remotely connect to the FTP server using Microsoft Management Console(MMC).
C. Configure one RDP server publishing rule on ISA1 to remotely manage the FTP server. From FTP Server, remotely connect to the ISA server using MMC.
D. Configure one RDP server publishing rule on ISA1 to remotely manage ISA1. Configure a second RDP server publishing rule on port 21 to remotely manage the FTP server.

Answer:
A. Configure two external IP addresses on ISA1. Create two server publishing rules to enable RDP access.

Tutorial:
You should configure two external IP addresses on ISA1, and create two server publishing rules to enable RDP access. Server publishing rules are configured to grant access to Internal resources using protocols other than HTTP and HTTPS. When you create a server publishing rule, you configure ISA Server to listen for client requests using a particular port number. When ISA Server receives a request for that port on its external interface, it checks the server publishing rule to determine the Internal server providing the requested service and forwards the request to the server it has located. The Internal server responds to the client request by forwarding the response to ISA Server. ISA Server then forwards the response to the client. You can use Terminal Services to remotely manage ISA Server 2004. Terminal Services uses Remote Desktop Protocol (RDP), and RDP uses port 3389 to communicate between the client and the server. You can use Terminal Services to remotely manage ISA Server by configuring a server publishing rule that enables RDP access to the ISA Server computer, and by configuring only one external IP address on ISA Server computer. But if you want to remotely manage an additional server along with the ISA Server, then you require two IP addresses on the ISA Server or use two different port numbers on the server that are accessible from the Internet to link up with 2 publishing rules. Then, you will require two different server publishing rules, one to allow RDP access to the ISA Server computer, and one to allow RDP access to the FTP server.

You should not configure one RDP server publishing rule on ISA1 to remotely manage ISA1, and from ISA1, remotely connect to the FTP server using Microsoft Management Console(MMC).Using the MMC is not as secure because the communications are not protected. You must also configure an IP address on ISA1 that is accessible from the Internet to be able to connect to ISA1 from a remote location. You will not be able to connect to ISA1 just by configuring one RDP server publishing rule. To remotely manage ISA1 and the FTP server, you should configure two IP addresses or 2 port numbers on the ISA Server computer that are accessible from the Internet. Also, you will require two different server publishing rules, one to allow RDP access to the ISA Server computer, and one to allow RDP access to the FTP server. Moreover, the functionality of the MMC is limited as compared to using terminal services.

You should not configure one RDP server publishing rule on ISA1 to remotely manage the FTP server and from FTP Server, remotely connect to the ISA server using MMC. Using an MMC from one computer to another is not as secure as using 2 publishing rules and 2 listeners. You must configure two external IP addresses on ISA1 or use 2 port numbers to be able to connect to ISA1 or the FTP server. When you want to remotely manage an additional server along with ISA Server, you require two IP addresses ort port numbers on the ISA Server computer that are accessible from the Internet. Also, you require two different server publishing rules, one to allow RDP access to the ISA Server computer, and one to allow RDP access to other Internal server. Again, the limited functionality of the MMC as compared to terminal services also makes this less than desirable.

You should not configure one RDP server publishing rule on ISA1 to remotely manage ISA1 and configure a second RDP server publishing rule on port 21 to remotely manage the FTP server. You must configure two external IP addresses on ISA1 to be able to connect to ISA1 or the FTP server. You cannot use port 21 to remotely manage the FTP server. Instead, you should use Terminal Services to remotely manage ISA Server 2004. Terminal Services uses Remote Desktop Protocol (RDP), and RDP uses port 3389 to communicate between the client and the server. Configuring one RDP server publishing rule on ISA1 to remotely manage ISA1 and second RDP server publishing rule on port 21 to remotely manage the FTP server will not enable you to remotely manage ISA1 and the FTP server.

Reference:
Self-Paced Training Kit, Implementing Microsoft Internet Security and Acceleration Server 2004, Chapter 8, What Are Server Publishing Rules?, p. 8-5.

Self-Paced Training Kit, Implementing Microsoft Internet Security and Acceleration Server 2004, Chapter 8, How to Publish a Terminal Services Server, p. 8-56.

These questions are derived from the Self Test Software Practice Test for

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment:

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>