• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/26

Click to flip

26 Cards in this Set

  • Front
  • Back
DirectAccess Connection Methods
Public IPv6 address
6to4
Teredo
IP-HTTPS
What's clients can configure DirectAccess?
Only domain-joined clients running Windows 7 Enterprise and Ultimate editions support
DirectAccess.

You must add the client’s domain computer account to a special security group

needs to deploy Active
Directory Certificate Services
GPO applies the following policies (DirectAccess)
6to4 Relay Name
IP-HTTPS State
Teredo Default Qualified
Teredo Server Name
Name Resolution
configure DirectAccess-related settings using the Netsh
Netsh interface ipv6 set teredo enterpriseclient IPv4_address
Netsh interface 6to4 set relay IPv4_address
Netsh interface httpstunnel add interface client https://fqdn/IPHTTPS
How can you determine if a client has made a successful DirecAccess?
When the status message displays “Internet and Corporate Access,”
DirectAccess clients use
DirectAccess clients use digital certificates to authenticate with the DirectAccess server
To verify the DirectAccess client’s settings for 6to4, issue the command
Netsh interface 6to4 show relay
You can verify the Teredo configuration
Netsh interface ipv6 show teredo
IP-HTTPS configuration by issuing the command
Netsh interface httpstunnel show interfaces
Which IPv6 transition technology does DirectAccess use if you are in a remote location and your computer has been assigned a public IPv4 address, but not a public IPv6 address?
DirectAccess uses the 6to4 IPv6 transition technology if the client is assigned a public IPv4 address but not a public IPv6 address
You should ensure that the DirectAccess server meets the following requirements:
The computer needs to have Windows Server 2008 R2 installed and be a member of
a domain.
This server must have two network adapters.
One of these network adapters needs to a direct connection to the Internet. You must assign this adapter two consecutive public IPv4 addresses.
The second network adapter needs a direct connection to the corporate intranet.
The computer needs digital certificates to support server authentication.
The following ports on an organization’s external firewall must be open to support
DirectAccess:
UDP port 3544 Enables Teredo traffic.
IPv4 protocol 41 Enables 6to4 traffic.
TCP port 443 Allows IP-HTTPS traffic.
ICMPv6 and IPv4 Protocol 50 Required when remote clients have IPv6 addresses
The most secure protocols support:
Data confidentiality
Data integrity
Replay protection
Data origin authentication
The VPN protocols supported by Windows 7,
PPTP
L2TP/IPSec
SSTP
IKEv2
SSTP
SSTP VPN tunnels use port 443

SSTP works by encapsulating PPP traffic over the SSL channel of the HTTPS protocol.

You cannot use SSTP through
a Web proxy that requires authentication.
IKEv2
IKEv2 supports IPv6 and the new VPN Reconnect feature

IKEv2 uses UDP port 500
VPN Authentication Protocols
PAP
CHAP
MS-CHAPv2
PEAP/PEAP-TLS
EAP-MS-CHAPv2/PEAP-MS-CHAPv2
Smart Card or other Certificate
VPN Reconnect
all editions of Windows 7 support VPN Reconnect

VPN Reconnect uses the IKEv2 tunneling protocol with the MOBIKE extension
Which VPN protocol supports automatic reconnection?
IKEv2 supports automatic reconnection.
NAP
NAP is a technology in Windows Server 2008 that restricts network access based on an assessment of a client computer’s health.

NAP blocks noncompliant clients from accessing the network
NAP can be used
for clients on the LAN, but also can be used for VPN, RD Gateway, and DirectAccess clients.
Administrators can configure NAP to restrict network access based on the following criteria:
Does a client have antivirus software installed and up to date?
Does a client have anti-spyware software installed and up to date?
Does a client have Windows Firewall enabled?
Are automatic update enabled?
Have all software updates been installed on the client computer?
Where to configure NAP
Security Health Validators (SHVs).
Noncompliant clients communications
Noncompliant clients can communicate with hosts on the remediation network but not other hosts on the internal corporate network. A remediation network
could include a Windows Server Update Services (WSUS) server
Configuring Windows 7 to Accept Incoming Connections
VPNs that use the PPTP protocol and allows only one incoming connection at a time.
Auditing Remote Connections
You need to activate it using a policy