Question 3) Test Yourself on Maintaining

Posted on
Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Objective: Implementing, Managing, and Maintaining Network Security
SubObjective : Implement secure network administration procedures

Item Number: 70-291.3.1.2
Multiple Answer Multiple Choice

 

You administer your company’s network. Your company has offices in Atlanta and Tokyo. Only Windows Server 2003 and Windows XP Professional computers exist in the Atlanta office. Windows Server 2003, Windows XP Professional, and Windows NT 4.0 Workstation computers exist in the Tokyo office.

 

Atlanta has a Windows 2003 server named AtlSrvr, and Tokyo has a Windows 2003 server named TokSrvr. Both of these servers are remote access servers. These computers are connected by a virtual private network (VPN) over the Internet.

 

You want to protect the highly sensitive data on AtlSrvr and TokSrvr using encryption. The tunnel between the two networks must be secure. You want both servers to implement the strongest level of encryption possible.

 

What should you do? (Choose four. Each correct answer presents part of the solution.)

 

A. Enable PPTP on both AtlSrvr and TokSrvr.
B. Enable L2TP over IPSec on both AtlSrvr and TokSrvr.
C. Enable L2TP over IPSec on AtlSrvr and PPTP on TokSrvr.
D. On AtlSrvr, disable the Client (Respond Only) option.
E. On TokSrvr, enable the Client (Respond Only) option.
F. On TokSrvr, enable the Server (Request Security) option.
G. On AtlSrvr, enable the Secure Server (Require Security) option.
H. On both servers, enable all transmissions to use IPSec Data Encryption Standard (DES).
I. On both servers, enable all transmissions to use IPSec Triple Data Encryption Standard (TripleDES).

 

Answer:
B. Enable L2TP over IPSec on both AtlSrvr and TokSrvr.
F. On TokSrvr, enable the Server (Request Security) option.
G. On AtlSrvr, enable the Secure Server (Require Security) option.
I. On both servers, enable all transmissions to use IPSec Triple Data Encryption Standard (TripleDES).

 

Tutorial:
To secure the tunnel between the two offices, you should implement L2TP over IPSec. AtlSrvr should have the Secure Server (Require Security) option enabled. This will require all connections to AtlSrvr to use L2TP over IPSec. TokSrvr should have the Server (Request Security) option enabled. This will request that each connection uses L2TP over IPSec. If a client, such as the Windows NT 4.0 Workstation computers, cannot communicate using L2TP over IPSec, then those clients can communicate using PPTP. To implement the strongest form of encryption, you must implement Triple Data Encryption Standard (TripleDES) on both servers.

 

You should not enable PPTP on both AtlSrvr and TokSrvr. PPTP does not provide any form of encryption. For this same reason, you should not enable L2TP over IPSec on AtlSrvr and PPTP on TokSrvr.

 

You should not disable the Client (Respond Only) policy option on AtlSrvr. Simply disabling a policy does not force encryption. You need to enable the proper policy.

 

You should not implement the Client (Respond Only) group policy setting on TokSrvr. The Client (Respond Only) group policy setting is for computers that do not secure communication for the majority of the time. If you only implement this policy on TokSrvr, none of the connections to it would force encryption, and data would be compromised.

 

You should not enable all transmissions to use IPSec Data Encryption Standard (DES) on both servers. This is not the strongest level of encryption that can be implemented. IPSec is a cryptography-based protection service that is responsible for protecting all of the protocols in the TCP/IP protocol suite.

 

You can only have one policy enabled at a time. Windows 2003 will not allow more than one policy to be enabled.

 

Data Encryption Standard (DES) and TripleDES are encryption implementation methods. TripleDES offers the strongest encryption. At one time, it was available only to North American environments. TripleDES is now available internationally.

 

Reference:
1. Windows Server 2003 Help and Support Center – Search
– Security information for IPSec
2. Windows Server 2003 Help and Support Center – Search
– Predefined security templates

 

These questions are derived from the Self Test Software Practice Test for Microsoft Exam #70-291: Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure.

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: