Question 4) Internet Security and Acceleration

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

SubObjective: Configure ISA Server 2004 as a remote access VPN server

Single Answer Multiple Choice

You are the network administrator of your company. The network consists of a single Active Directory domain. The security policy of your company mandates that all firewalls should be outside the Active Directory domain.

You install and configure an ISA Server 2004 computer named ISA1 as an Edge Firewall. All the computers on the network except ISA1 are members of the Active Directory domain.

You are required to enable ISA1 as a remote access VPN server to allow remote VPN clients to access resources after getting authenticated. What should you do?

A. Configure ISA1 to use Remote Authentication Dial-In User Service (RADIUS) authentication. Enable the Allow access to directory services for authentication purposes System Policy rule.
B. Configure ISA1 to use Basic authentication. Enable the Allow RADIUS authentication from ISA Server to trusted RADIUS servers System Policy rule.
C. Configure ISA1 to use Basic authentication. Enable the Allow access to directory services for authentication purposes System Policy rule.
D. Configure ISA1 to use RADIUS authentication. Enable the Allow RADIUS authentication from ISA Server to trusted RADIUS servers System Policy rule.

Answer:
D. Configure ISA1 to use RADIUS authentication. Enable the Allow RADIUS authentication from ISA Server to trusted RADIUS servers System Policy rule.

Tutorial:
You should configure ISA1 to use RADIUS authentication and enable the Allow RADIUS authentication from ISA Server to trusted RADIUS servers System Policy rule. ISA Server 2004 enables you to use RADIUS to authenticate users. To implement RADIUS authentication, you should configure a RADIUS server and a RADIUS client. A RADIUS server passes authentication requests to an authentication server such as a domain controller. A RADIUS server can also be used to apply policies to user connections. The RADIUS client is the server to which the users connect when they want to access a network. A RADIUS client is typically a dial-up server, VPN server, or wireless access point. The RADIUS client collects user credentials and forwards them to a RADIUS server in the form of a RADIUS message. The RADIUS server authenticates the RADIUS client request, and sends back a RADIUS message response. An ISA Server can also be configured as a RADIUS client. If you want the ISA Server computer to authenticate Active Directory users, the computer running ISA Server 2004 must be a member of the Active Directory domain. When the ISA Server computer is not a member of an Active Directory domain, you can configure ISA1 to use a RADIUS server for authenticating users. You should also enable the Allow RADIUS authentication from ISA Server to trusted RADIUS servers system policy rule on the ISA Server computer. The Allow RADIUS authentication from ISA Server to trusted RADIUS servers system policy allows the ISA Server computer to access the Internal network using RADIUS protocols. You should also configure the rule’s computer element to include the Fully Qualified Domain Name (FQDN) of the RADIUS server. This will enable the ISA Server computer to forward the incoming requests to the RADIUS server specified in the Allow RADIUS authentication from ISA Server to trusted RADIUS servers System Policy rule.

You should not configure ISA1 to useRemote Authentication Dial-In User Service (RADIUS) authentication and enable the Allow access to directory services for authentication purposes System Policy rule. The Allow access to directory services for authentication purposes System Policy rule allows the ISA Server computer to access the Internal network by using the Active Directory directory service which uses Light-weight Directory Access Protocol (LDAP). When you configure an ISA Server to use RADIUS authentication, you should enable the Allow RADIUS authentication from ISA Server to trusted RADIUS servers System Policy rule. Enabling the Allow access to directory services for authentication purposes System Policy rule is not possible because the ISA server is not a member of Active directory.

You should not configure ISA1 to use Basic authentication and enable the Allow RADIUS authentication from ISA Server to trusted RADIUS servers System Policy rule. Basic authentication sends and receives user information as plain text without using encryption. Basic authentication prompts the user to provide a valid username and a password to log on. In this scenario, ISA1 is not a member of the Active Directory domain. Therefore, ISA1 will not be able to validate the user credentials from Active Directory. The RADIUS server could do this authentication on behalf of the ISA server but that would require the additional step of making the ISA server a RADIUS client which is not mentioned in this option. Configuring ISA1 to use Basic authentication and enabling the Allow RADIUS authentication from ISA Server to trusted RADIUS servers System Policy rule will not allow remote VPN clients to access the resources after getting authenticated.

You should not configure ISA1 to use Basic authentication and enable the Allow access to directory services for authentication purposes System Policy rule. Basic authentication sends and receives user information as plain text without using encryption. Basic authentication prompts the user to provide a valid username and a password to log on. The Allow access to directory services for authentication purposes System Policy rule allows the ISA Server computer to access the Internal network by using the Active Directory directory service that uses Light-weight Directory Access Protocol (LDAP). In this scenario, ISA1 is not a member of the Active Directory domain. Therefore, ISA1 will not be able to validate the user credentials from the Active Directory. Configuring ISA1 to use Basic authentication and enabling the Allow access to directory services for authentication purposes System Policy rule will not allow remote VPN clients to access the resources after getting authenticated.

Reference:
Self-Paced Training Kit, Implementing Microsoft Internet Security an

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment:

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>