Question 4) Test Yourself on Managing

Posted on
Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

SubObjective: Troubleshoot network protocol security
Item Number: 70-291.3.3.5
Single Answer Multiple Choice

You are the network administrator for a large electronics company. The network contains only Windows Server 2003 and Windows XP Professional computers in a single Active Directory domain named trustelec.com. Several companies purchase your products for resale. These companies connect to your network over a VPN using Windows XP Professional computers that are not members of your domain and need access to a Windows Server 2003 file server named FS1.

 

To protect confidential data, you have implemented the Secure Server IPSec policy on all servers and the Client IPSec policy on all client computers. The computers owned by the purchasers have had the Client IPSec policy applied. However, you have noticed that the purchaser connections are not encrypted. You must ensure that the purchaser connections are encrypted without compromising your domain security.
What should you do?

 

A. Change the IPSec policy on FS1 to Server.
B. Add the purchaser computers to the trustelec.com domain.
C. Configure FS1 and the purchaser computers to use Kerberos authentication.
D. Create a trust between the trustelec.com domain and the purchaser domains.
E. Implement a certificate authority (CA) and configure FS1 and the purchaser computers to use certificates.

 

Answer:
E. Implement a certificate authority (CA) and configure FS1 and the purchaser computers to use certificates.

 

Tutorial:
You should implement a certificate authority (CA) and configure FS1 and the purchaser computers to use certificates. This option has the least possibility of causing security risks. With the current configuration, Kerberos authentication is used, which only works if all computers involved are part of the same Active Directory forest.

 

You should not change the IPSec policy on FS1 to Server. Doing so could possibly permit unencrypted traffic to FS1.

 

You should not add the purchaser computers to the trustelec.com domain. This option can possibly cause security risks because the purchaser computers would have direct access to your network.

 

You should not configure FS1 and the purchaser computers to use Kerberos authentication. Kerberos authentication only works if the computers involved are part of the same Active Directory forest.

 

You should not create a trust between the trustelec.com domain and the purchaser domains. This option can possibly cause security risks because the purchaser computers could have direct access to your network.

 

Reference:
1. Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services – Securing Network Traffic by Using IPSec and Certificates
– Implementing IPSec

 

These questions are derived from the Self Test Software Practice Test for Microsoft Exam #70-291: Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure.

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: