Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
26 Cards in this Set
- Front
- Back
|
DirectAccess Connection Methods
|
Public IPv6 address
6to4 Teredo IP-HTTPS |
|
|
What's clients can configure DirectAccess?
|
Only domain-joined clients running Windows 7 Enterprise and Ultimate editions support
DirectAccess. You must add the client’s domain computer account to a special security group needs to deploy Active Directory Certificate Services |
|
|
GPO applies the following policies (DirectAccess)
|
6to4 Relay Name
IP-HTTPS State Teredo Default Qualified Teredo Server Name Name Resolution |
|
|
configure DirectAccess-related settings using the Netsh
|
Netsh interface ipv6 set teredo enterpriseclient IPv4_address
Netsh interface 6to4 set relay IPv4_address Netsh interface httpstunnel add interface client https://fqdn/IPHTTPS |
|
|
How can you determine if a client has made a successful DirecAccess?
|
When the status message displays “Internet and Corporate Access,”
|
|
|
DirectAccess clients use
|
DirectAccess clients use digital certificates to authenticate with the DirectAccess server
|
|
|
To verify the DirectAccess client’s settings for 6to4, issue the command
|
Netsh interface 6to4 show relay
|
|
|
You can verify the Teredo configuration
|
Netsh interface ipv6 show teredo
|
|
|
IP-HTTPS configuration by issuing the command
|
Netsh interface httpstunnel show interfaces
|
|
|
Which IPv6 transition technology does DirectAccess use if you are in a remote location and your computer has been assigned a public IPv4 address, but not a public IPv6 address?
|
DirectAccess uses the 6to4 IPv6 transition technology if the client is assigned a public IPv4 address but not a public IPv6 address
|
|
|
You should ensure that the DirectAccess server meets the following requirements:
|
The computer needs to have Windows Server 2008 R2 installed and be a member of
a domain. This server must have two network adapters. One of these network adapters needs to a direct connection to the Internet. You must assign this adapter two consecutive public IPv4 addresses. The second network adapter needs a direct connection to the corporate intranet. The computer needs digital certificates to support server authentication. |
|
|
The following ports on an organization’s external firewall must be open to support
DirectAccess: |
UDP port 3544 Enables Teredo traffic.
IPv4 protocol 41 Enables 6to4 traffic. TCP port 443 Allows IP-HTTPS traffic. ICMPv6 and IPv4 Protocol 50 Required when remote clients have IPv6 addresses |
|
|
The most secure protocols support:
|
Data confidentiality
Data integrity Replay protection Data origin authentication |
|
|
The VPN protocols supported by Windows 7,
|
PPTP
L2TP/IPSec SSTP IKEv2 |
|
|
SSTP
|
SSTP VPN tunnels use port 443
SSTP works by encapsulating PPP traffic over the SSL channel of the HTTPS protocol. You cannot use SSTP through a Web proxy that requires authentication. |
|
|
IKEv2
|
IKEv2 supports IPv6 and the new VPN Reconnect feature
IKEv2 uses UDP port 500 |
|
|
VPN Authentication Protocols
|
PAP
CHAP MS-CHAPv2 PEAP/PEAP-TLS EAP-MS-CHAPv2/PEAP-MS-CHAPv2 Smart Card or other Certificate |
|
|
VPN Reconnect
|
all editions of Windows 7 support VPN Reconnect
VPN Reconnect uses the IKEv2 tunneling protocol with the MOBIKE extension |
|
|
Which VPN protocol supports automatic reconnection?
|
IKEv2 supports automatic reconnection.
|
|
|
NAP
|
NAP is a technology in Windows Server 2008 that restricts network access based on an assessment of a client computer’s health.
NAP blocks noncompliant clients from accessing the network |
|
|
NAP can be used
|
for clients on the LAN, but also can be used for VPN, RD Gateway, and DirectAccess clients.
|
|
|
Administrators can configure NAP to restrict network access based on the following criteria:
|
Does a client have antivirus software installed and up to date?
Does a client have anti-spyware software installed and up to date? Does a client have Windows Firewall enabled? Are automatic update enabled? Have all software updates been installed on the client computer? |
|
|
Where to configure NAP
|
Security Health Validators (SHVs).
|
|
|
Noncompliant clients communications
|
Noncompliant clients can communicate with hosts on the remediation network but not other hosts on the internal corporate network. A remediation network
could include a Windows Server Update Services (WSUS) server |
|
|
Configuring Windows 7 to Accept Incoming Connections
|
VPNs that use the PPTP protocol and allows only one incoming connection at a time.
|
|
|
Auditing Remote Connections
|
You need to activate it using a policy
|
