Question 4) Planning Network Infrastructure

Posted on
Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Objective: Planning and Maintaining Network Security
SubObjective: Plan Security for Wireless Networks
Multiple Answer Multiple Choice

 

You are the network administrator for Roberts Enterprises, Inc. The network consists of a single Active Directory domain. All servers on the network run the Windows Server 2003 operating system. The network consists of 500 Windows XP Professional computers.

 

The network contains 25 clients that need Wireless Networking configured on their Windows XP Professional laptops. The company has recently changed all of their Security Policies. This new policy states that all wireless computers must use 802.1x certificate-based authentication with Protected EAP (PEAP). You have an Enterprise CA server currently installed.

 

You must configure these 25 computers to meet the new Security Policy.

 

What should you do? (Choose three. Each correct answer presents part of the solution.)

 

A. Apply the default domain GPO to the Wireless_comps group.
B. Apply the default domain GPO to the Wireless_clients group.
C. Create a certificate template for IEEE 802.1x authentication.
D. Configure the default domain GPO with the new security settings.
E. For the Wireless_comps group, configure autoenrollment for the certificates.
F. For the Wireless_clients group, configure autoenrollment for the certificates.
G. Create a global group named Wireless_clients that contains the 25 user accounts.
H. Create a global group named Wireless_comps that contains the 25 computer accounts.

 

Answer:
C. Create a certificate template for IEEE 802.1x authentication.
E. For the Wireless_comps group, configure autoenrollment for the certificates.
H. Create a global group named Wireless_comps that contains the 25 computer accounts.

 


Tutorial:
To configure Wireless Networking to meet the stated goals for only the 25 clients, you should take these actions:

 

Create a global group named Wireless_comps that contains the 25 computer accounts.
Create a certificate template for IEEE 802.1x authentication.
For the Wireless_comps group, configure autoenrollment for the certificates.

 

You should create a global group named Wireless_comps that contains the 25 computer accounts. The certificates should be installed on each laptop computer. Certificates are required for both the servers and the laptop computers when Protected EAP (PEAP) is used. PEAP further protects the authentication process by encrypting the negotiation packets. Autoenrollment will be used to automatically enroll for certificates, retrieve issued certificates, and renew expiring certificates without requiring subject interaction. This action requires no knowledge by the subject of any certificate operations unless the certificate template is configured to interact with the subject. Autoenrollment simplifies the experience of the client with certificates, and minimizes administrative tasks.

 

You should not create a global group named Wireless_clients that contains the 25 user accounts. The certificate should be configured for the computer accounts, not the user accounts.

 

You should not configure the Wireless_clients group with autoenrollment. The certificate should be configured for the computer accounts, not the user accounts.

 

You should not configure the default domain GPO with the new security settings, and apply the default domain GPO to the Wireless_clients group or the Wireless_comps group. You should configure the default domain GPO when you want to make changes for the entire domain.

 

Reference:
1. Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services – Configuring Network Access
– Configuring A Wireless Connection – Authentication Access for Wireless Networks

 

These questions are derived from the Self Test Software Practice Test for Microsoft Exam #70-293: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure.

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: