Question 2) Microsoft Internet Security/ Acceleration

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Single Answer Multiple Choice

You are the network administrator of your company. The network consists of a single Active Directory domain. The network contains client computers that run either Windows 2000 Professional or Windows XP Professional. All the client computers on the network are members of the Active Directory domain. To ensure security, you deploy and configure an ISA Server 2004 computer named ISA1 in the domain.

To protect the company network from intrusions, the company management has decided to allow only Web based traffic and prevent messaging protocols. The new company policy also mandates that requests for files whose extensions are indeterminable must be blocked. To meet these requirements, you delete the existing rules and create a new access rule that allows only HTTP and HTTPS protocols. You also configure HTTP filtering and add signatures for the messaging applications.

You test the new access rules and observe that files with indeterminate extensions are being processed for the All Users group. You are required to prevent Web requests for files with unknown extensions. What should you do?

A. Create a new content type for the indeterminate files. Configure the existing access rule to deny access for the new content type.
B. Select the Block responses containing Windows executable content option on the General tab of the Configure HTTP policy for rule dialog box.
C. Select the Block requests containing ambiguous extensions option on the Extensions tab of the Configure HTTP policy for rule dialog box.
D. Create a new content type for the indeterminate files. Create a new access rule that denies access for the new content type. Reorder the rules so that the new access rule is processed first.

Answer:
C. Select the Block requests containing ambiguous extensions option on the Extensions tab of the Configure HTTP policy for rule dialog box.

Tutorial:
You should select the Block requests containing ambiguous extensions option on the Extensions tab of the Configure HTTP policy for rule dialog box. An HTTP filter screens all HTTP traffic that passes through the ISA Server computer, and allows only the requests that meet the filtering criteria to pass through. HTTP filtering also enables you to control what type of content can be accessed on the Internet by the client computers. You can also block certain applications such as instant messaging applications based on HTTP signatures. An HTTP signature can be any string of characters in the HTTP header or body. You can use signatures to block an application by identifying the specific patterns the application uses and then modify the HTTP policy to block packets based on that string. You can configure signatures on the Signatures tab of the Configure HTTP policy for rule dialog box. To protect your network from intrusion, you can also configure extension blocking to block executable files such as .exe, .bat, or .cmd files. You can configure ISA Server 2004 to block content when ISA Server is unable to determine the file extensions. For HTTP requests, incoming content is identified by Multipurpose Internet Mail Extensions (MIME) type. When MIME information is missing or when FTP is used, ISA Server uses file extension to identify the content. You should select the Block requests containing ambiguous extensions option on the Extensions tab of the Configure HTTP policy for rule dialog box to block the content when ISA Server is unable to determine the file extensions.

You should not create a new content type for the indeterminate files and configure the existing access rule to deny access for the new content type. The content types rule element provides common content types to which you want to apply a rule. A content type rule element is used to block content downloads that include the extension that are specified in the content type rule element. For HTTP requests, incoming content is identified by MIME type. A content type rule element cannot be used in the given situation because ISA Server uses file extensions to identify the content only when MIME information is missing. Therefore, creating a new content type for unknown files and configuring the existing rule to deny access for the new content type will not ensure that Web requests for files with unknown extensions are blocked.

You should not select the Block responses containing Windows executable content option on the General tab of the Configure HTTP policy for rule dialog box. The Block responses containing Windows executable content option blocks all Windows executable content. Selecting this option will not block Web requests for files with unknown extensions.

You should not create a new content type for the indeterminate files, create a new access rule that denies access for the new content type, and reorder the rules so that the new access rule is processed first. The content types rule element provides common content types to which you want to apply a rule. A content type rule element is used to block content downloads that include the extension that are specified in the content type rule element. For HTTP requests, incoming content is identified by MIME type. A content type rule element cannot be used in the given situation because ISA Server uses file extensions to identify the content only when MIME information is missing. Therefore, creating a new content type for unknown files and configuring a new access rule to deny access for the new content type will not ensure that Web requests for files with unknown extensions are blocked.

Reference:
TechNet, Search, “HTTP Filtering in ISA Server 2004″

Self-Paced Training Kit, Implementing Microsoft Internet Security and Acceleration Server 2004, Chapter 7, How to Configure a HTTP Web Filter, p. 7-51.

These questions are derived from the Self Test Software Practice Test for Microsoft exam 70-350 – Implementing Microsoft Internet Security and Acceleration (ISA) Server 2004

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment:

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>